Event details
Hi, my question relates to change management of Intune Device Configuration Policies, especially as it pertains to backups, testing, and version control.
We have a bunch of policies in production that require changes as opportunities for improvement are identified in the area of security. However, unlike Group Policy objects in Active Directory, the overall majority of policies in Intune are not able to be duplicated or backed up.
What is Microsoft's response/recommendation?
Jason_Sandys
Microsoft
MicrosoftHi stdcsb.
There are really two paths that can be taken here -- both somewhat related and take advantage of the Graph API:
- Use a DevOps/ConfigAsCode approach for all configuration. This allows you to use all standard source code control methods and methodologies to provide configuration control. Combined with a test tenant, this also allows you to validate all changes before they go live and ensure that the exact changes tested are also implemented in production. A comprehensive set of examples for Graph usage with Intune is at https://github.com/microsoftgraph/powershell-intune-samples.
- Use Graph API to directly copy or backup policies that already exist in a tenant. There are a variety of community contributions/examples/samples that do this already and a quick web search should help you find them.
Ultimately, there are no built-in, UI based facilities for any of this so use of the Graph API is your best (only really) option.