Forum Discussion
Export/import all EndPoint Manager configurations
Hi!
I´m working for a streamlined process to configure the basics in EndPoint Manager and thought to use Microsoft Graph API to import configurationprofiles when we get new customers for the basics.
I´ve started to have a basic and then I want to export all the configurations to JSON-files, however, not everything within EndPoint Security are exported.
Configurations that are missing:
- Attack Surface Reduction Rules
- Defender Antivirus
- Defender Firewall
EDR, application control and account protection are exported though.
I´m using the following string for EndPoint Security in my script:
#Endpoint Security policies
$endpointSecurityPoliciesRequest = (Invoke-RestMethod -Headers $HeaderParams -Uri "https://graph.microsoft.com/beta/deviceManagement/intents" -Method Get)
$endpointSecurityPolicies = $endpointSecurityPoliciesRequest.value
$endpointSecurityTemplatesRequest = (Invoke-RestMethod -Headers $HeaderParams -Uri "https://graph.microsoft.com/beta/deviceManagement/templates?`$filter=(isof(%27microsoft.graph.securityBaselineTemplate%27))" -Method Get)
$endpointSecurityTemplates = $endpointSecurityTemplatesRequest.value
#Endpoint Security policies
try{
foreach($policy in $endpointSecurityPolicies){
$filePath = "$($location)\EndPoint Security - $($policy.displayName).json"
# Creating object for JSON output
$JSON = New-Object -TypeName PSObject
Add-Member -InputObject $JSON -MemberType 'NoteProperty' -Name 'displayName' -Value $policy.displayName
Add-Member -InputObject $JSON -MemberType 'NoteProperty' -Name 'description' -Value $policy.description
Add-Member -InputObject $JSON -MemberType 'NoteProperty' -Name 'roleScopeTagIds' -Value $policy.roleScopeTagIds
$ES_Template = $endpointSecurityTemplates | ? { $_.id -eq $policy.templateId }
Add-Member -InputObject $JSON -MemberType 'NoteProperty' -Name 'TemplateDisplayName' -Value $ES_Template.displayName
Add-Member -InputObject $JSON -MemberType 'NoteProperty' -Name 'TemplateId' -Value $ES_Template.id
Add-Member -InputObject $JSON -MemberType 'NoteProperty' -Name 'versionInfo' -Value $ES_Template.versionInfo
# Getting all categories in specified Endpoint Security Template
$categoriesRequest = (Invoke-RestMethod -Headers $HeaderParams -Uri "https://graph.microsoft.com/beta/deviceManagement/templates/$($ES_Template.id)/categories" -Method Get)
$categories = $categoriesRequest.value
$settings = @()
foreach($category in $Categories){
$policyId = $policy.id
$categoryId = $category.id
$categorySettingsRequest = (Invoke-RestMethod -Headers $HeaderParams -Uri "https://graph.microsoft.com/beta/deviceManagement/intents/$policyId/categories/$categoryId/settings?`$expand=Microsoft.Graph.DeviceManagementComplexSettingInstance/Value" -Method Get)
$Settings += $categorySettingsRequest.value
}
# Adding All settings to settingsDelta ready for JSON export
Add-Member -InputObject $JSON -MemberType 'NoteProperty' -Name 'settingsDelta' -Value @($Settings)
$JSON | convertto-json -depth 5 | out-file $filePath
write-host "Exported policy: $($policy.displayName)" -ForegroundColor green
}
}
catch{
write-host "Error: $($_.Exception.Message)" -ForegroundColor red
}
Anyone has tried with the same and succeeded and can share the script for it?
Import part should be solved as soon as I can export all the configurations.
Thanks!
//Front
4 Replies
- We have scripted the whole import when configuring a new tenant and a bit of dsc... but as always mick has a nice source for everything you need
https://github.com/Micke-K/IntuneManagement
Why would you try to reinvent the wheel ?It´s the same with this one, antivirus, firewall and ASR rules are not visible and not able to manage:
So it wont work for me.
Martin Front The "Settings Catalog" has all of these you are looking for.
- Haven´t seen this one! Gonna take a look on it. Thanks!
