Forum Discussion

Miguel Filipe Duarte's avatar
Miguel Filipe Duarte
Copper Contributor
Feb 21, 2018
Solved

Get available policies through Graph API

Hey everyone,   I would like to know if anyone has found a way to get all available policies (Compliance, Configuration) in JSON or any other format.   I know we can get all policies that wer...
Graph API
Intune
  • Oliver Kieselbach's avatar
    Oliver Kieselbach
    Feb 23, 2018

    Hi Miguel

     

    try to implement empty policies and get them via

    https://graph.microsoft.com/beta/devicemanagement/deviceConfigurations

     

    or you can even address them directly:

    https://graph.microsoft.com/beta/devicemanagement/deviceConfigurations/{id}

     

    The empty policies will have all options listed. So in the end you will have an query for every empty configuration which gives you all available settings. You can archive them and compare them later.

     

    you will get an output like this:

     

    {
        "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/deviceConfigurations/$entity",
        "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
        "id": "d15e5d52-b5fc-40ff-8434-ed63f8ed3ab3",
        "lastModifiedDateTime": "2018-01-19T16:44:01.0523964Z",
        "createdDateTime": "2017-11-20T19:58:24.2758957Z",
        "description": "",
        "displayName": "Device Restrictions",
        "version": 12,
        "enableAutomaticRedeployment": true,
        "assignedAccessSingleModeUserName": null,
        "assignedAccessSingleModeAppUserModelId": null,
        "microsoftAccountSignInAssistantSettings": "notConfigured",
        "authenticationAllowSecondaryDevice": false,
        "authenticationAllowFIDODevice": false,
        "cryptographyAllowFipsAlgorithmPolicy": false,
        "displayAppListWithGdiDPIScalingTurnedOn": [],
        "displayAppListWithGdiDPIScalingTurnedOff": [],
        "enterpriseCloudPrintDiscoveryEndPoint": null,
        "enterpriseCloudPrintOAuthAuthority": null,
        "enterpriseCloudPrintOAuthClientIdentifier": null,
        "enterpriseCloudPrintResourceIdentifier": null,
        "enterpriseCloudPrintDiscoveryMaxLimit": null,
        "enterpriseCloudPrintMopriaDiscoveryResourceIdentifier": null,
        "messagingBlockSync": false,
        "messagingBlockMMS": false,
        "messagingBlockRichCommunicationServices": false,
        "searchBlockDiacritics": false,
        "searchDisableAutoLanguageDetection": false,
        "searchDisableIndexingEncryptedItems": false,
        "searchEnableRemoteQueries": false,
        "searchDisableUseLocation": false,
        "searchDisableIndexerBackoff": false,

    [...]

     

    best,

    Oliver

Oliver Kieselbach's avatar
Oliver Kieselbach
MVP
Feb 22, 2018

Hi Miguel,

 

did you try the Intune samples?

https://github.com/microsoftgraph/powershell-intune-samples

 

It seems they are fulfilling your needs.

 

There we have:

 

DeviceConfiguration_Get.ps1

This script gets all the device configuration policies from the Intune Service that you have authenticated with.

https://github.com/microsoftgraph/powershell-intune-samples/tree/master/DeviceConfiguration#4-deviceconfiguration_getps1

 

and

 

CompliancePolicy_Export.ps1

This script gets all the compliance policies from the Intune Service that you have authenticated with. The script will then export the policy to .json format in the directory of your choice.

https://github.com/microsoftgraph/powershell-intune-samples/tree/master/CompliancePolicy#3-compliancepolicy_exportps1

 

best,

Oliver