SOLVED
Home

Get available policies through Graph API

%3CLINGO-SUB%20id%3D%22lingo-sub-162450%22%20slang%3D%22en-US%22%3EGet%20available%20policies%20through%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-162450%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20everyone%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20would%20like%20to%20know%20if%20anyone%20has%20found%20a%20way%20to%20get%20all%20available%20policies%20(Compliance%2C%20Configuration)%20in%20JSON%20or%20any%20other%20format.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20know%20we%20can%20get%20all%20policies%20that%20were%20previously%20created%2C%20but%20we'd%20love%20to%20find%20a%20way%20to%20get%20all%26nbsp%3B%3CSTRONG%3Eavailable%3C%2FSTRONG%3E%26nbsp%3Bpolicies.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESince%20Intune%20(and%20all%20other%20Microsoft%20SaaS%20products%20nowadays)%20keeps%20changing%2C%20it's%20hard%20for%20us%20to%20establish%20a%20static%20list%20of%20policies%20without%20constantly%20updating%20it.%20Being%20able%20to%20get%20the%20policies%20dynamically%20would%20be%20great.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20in%20advance%2C%3C%2FP%3E%0A%3CP%3EMiguel%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-162450%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EGraph%20API%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-163817%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20available%20policies%20through%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-163817%22%20slang%3D%22en-US%22%3EThanks%20a%20lot!%3CBR%20%2F%3E%3CBR%20%2F%3EI%20guess%20I%20supposed%20if%20a%20setting%20wasn't%20configured%20it%20wouldn't%20show%20up%20on%20the%20list.%20This%20should%20work.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-163803%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20available%20policies%20through%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-163803%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Miguel%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Etry%20to%20implement%20empty%20policies%20and%20get%20them%20via%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fdevicemanagement%2FdeviceConfigurations%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fdevicemanagement%2FdeviceConfigurations%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eor%20you%20can%20even%20address%20them%20directly%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fdevicemanagement%2FdeviceConfigurations%2F%7Bid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fdevicemanagement%2FdeviceConfigurations%2F%7Bid%3C%2FA%3E%7D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20empty%20policies%20will%20have%20all%20options%20listed.%20So%20in%20the%20end%20you%20will%20have%20an%20query%20for%20every%20empty%20configuration%20which%20gives%20you%20all%20available%20settings.%20You%20can%20archive%20them%20and%20compare%20them%20later.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eyou%20will%20get%20an%20output%20like%20this%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22%40odata.context%22%3A%20%22%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2F%24metadata%23deviceManagement%2FdeviceConfigurations%2F%24entity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2F%24metadata%23deviceManagement%2FdeviceConfigurations%2F%24entity%3C%2FA%3E%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22%40odata.type%22%3A%20%22%23microsoft.graph.windows10GeneralConfiguration%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22id%22%3A%20%22d15e5d52-b5fc-40ff-8434-ed63f8ed3ab3%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22lastModifiedDateTime%22%3A%20%222018-01-19T16%3A44%3A01.0523964Z%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22createdDateTime%22%3A%20%222017-11-20T19%3A58%3A24.2758957Z%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22description%22%3A%20%22%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22displayName%22%3A%20%22Device%20Restrictions%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22version%22%3A%2012%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22enableAutomaticRedeployment%22%3A%20true%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22assignedAccessSingleModeUserName%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22assignedAccessSingleModeAppUserModelId%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22microsoftAccountSignInAssistantSettings%22%3A%20%22notConfigured%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22authenticationAllowSecondaryDevice%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22authenticationAllowFIDODevice%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22cryptographyAllowFipsAlgorithmPolicy%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22displayAppListWithGdiDPIScalingTurnedOn%22%3A%20%5B%5D%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22displayAppListWithGdiDPIScalingTurnedOff%22%3A%20%5B%5D%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22enterpriseCloudPrintDiscoveryEndPoint%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22enterpriseCloudPrintOAuthAuthority%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22enterpriseCloudPrintOAuthClientIdentifier%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22enterpriseCloudPrintResourceIdentifier%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22enterpriseCloudPrintDiscoveryMaxLimit%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22enterpriseCloudPrintMopriaDiscoveryResourceIdentifier%22%3A%20null%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22messagingBlockSync%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22messagingBlockMMS%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22messagingBlockRichCommunicationServices%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22searchBlockDiacritics%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22searchDisableAutoLanguageDetection%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22searchDisableIndexingEncryptedItems%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22searchEnableRemoteQueries%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22searchDisableUseLocation%22%3A%20false%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22searchDisableIndexerBackoff%22%3A%20false%2C%3C%2FP%3E%0A%3CP%3E%5B...%5D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ebest%2C%3C%2FP%3E%0A%3CP%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-163740%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20available%20policies%20through%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-163740%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Oliver%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFirst%20of%20all%20thank%20you%20for%20your%20answer.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'd%20already%20seen%20those%20examples%2C%20but%20from%20what%20I%20can%20understand%2C%20those%20commands%20retrieve%26nbsp%3B%3CSTRONG%3Econfigured%26nbsp%3B%3C%2FSTRONG%3Epolicies.%20That%20is%2C%20it%20gets%20all%20the%20policies%20that%20we've%20created%2C%20not%20the%20available%20options%20in%20all%20those%20policies.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhat%20I'm%20looking%20for%20is%20getting%20all%20the%20available%20options%20dynamically%2C%20since%20they%20seem%20to%20change%20too%20frequently.%20It's%20hard%20to%20keep%20a%20file%20updated%20with%20all%20available%20options%20for%20each%20policy.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%2C%3C%2FP%3E%0A%3CP%3EMiguel%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-162717%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20available%20policies%20through%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-162717%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Miguel%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Edid%20you%20try%20the%20Intune%20samples%3F%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fpowershell-intune-samples%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fpowershell-intune-samples%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20seems%20they%20are%20fulfilling%20your%20needs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20we%20have%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EDeviceConfiguration_Get.ps1%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThis%20script%20gets%20%3CU%3Eall%3C%2FU%3E%20the%20device%20configuration%20policies%20from%20the%20Intune%20Service%20that%20you%20have%20authenticated%20with.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fpowershell-intune-samples%2Ftree%2Fmaster%2FDeviceConfiguration%234-deviceconfiguration_getps1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fpowershell-intune-samples%2Ftree%2Fmaster%2FDeviceConfiguration%234-deviceconfiguration_getps1%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3Eand%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ECompliancePolicy_Export.ps1%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThis%20script%20gets%20%3CU%3Eall%3C%2FU%3E%20the%20compliance%20policies%20from%20the%20Intune%20Service%20that%20you%20have%20authenticated%20with.%20The%20script%20will%20then%20export%20the%20policy%20to%20.json%20format%20in%20the%20directory%20of%20your%20choice.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fpowershell-intune-samples%2Ftree%2Fmaster%2FCompliancePolicy%233-compliancepolicy_exportps1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fpowershell-intune-samples%2Ftree%2Fmaster%2FCompliancePolicy%233-compliancepolicy_exportps1%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3Ebest%2C%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOliver%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Miguel Filipe Duarte
New Contributor

Hey everyone,

 

I would like to know if anyone has found a way to get all available policies (Compliance, Configuration) in JSON or any other format.

 

I know we can get all policies that were previously created, but we'd love to find a way to get all available policies.

 

Since Intune (and all other Microsoft SaaS products nowadays) keeps changing, it's hard for us to establish a static list of policies without constantly updating it. Being able to get the policies dynamically would be great.

 

Thanks in advance,

Miguel

4 Replies

Hi Miguel,

 

did you try the Intune samples?

https://github.com/microsoftgraph/powershell-intune-samples

 

It seems they are fulfilling your needs.

 

There we have:

 

DeviceConfiguration_Get.ps1

This script gets all the device configuration policies from the Intune Service that you have authenticated with.

https://github.com/microsoftgraph/powershell-intune-samples/tree/master/DeviceConfiguration#4-device...

 

and

 

CompliancePolicy_Export.ps1

This script gets all the compliance policies from the Intune Service that you have authenticated with. The script will then export the policy to .json format in the directory of your choice.

https://github.com/microsoftgraph/powershell-intune-samples/tree/master/CompliancePolicy#3-complianc...

 

best,

Oliver

Hi Oliver,

 

First of all thank you for your answer. 

 

I'd already seen those examples, but from what I can understand, those commands retrieve configured policies. That is, it gets all the policies that we've created, not the available options in all those policies.

 

What I'm looking for is getting all the available options dynamically, since they seem to change too frequently. It's hard to keep a file updated with all available options for each policy.

 

Thank you,

Miguel

Solution

Hi Miguel

 

try to implement empty policies and get them via

https://graph.microsoft.com/beta/devicemanagement/deviceConfigurations

 

or you can even address them directly:

https://graph.microsoft.com/beta/devicemanagement/deviceConfigurations/{id}

 

The empty policies will have all options listed. So in the end you will have an query for every empty configuration which gives you all available settings. You can archive them and compare them later.

 

you will get an output like this:

 

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/deviceConfigurations/$entity",
    "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
    "id": "d15e5d52-b5fc-40ff-8434-ed63f8ed3ab3",
    "lastModifiedDateTime": "2018-01-19T16:44:01.0523964Z",
    "createdDateTime": "2017-11-20T19:58:24.2758957Z",
    "description": "",
    "displayName": "Device Restrictions",
    "version": 12,
    "enableAutomaticRedeployment": true,
    "assignedAccessSingleModeUserName": null,
    "assignedAccessSingleModeAppUserModelId": null,
    "microsoftAccountSignInAssistantSettings": "notConfigured",
    "authenticationAllowSecondaryDevice": false,
    "authenticationAllowFIDODevice": false,
    "cryptographyAllowFipsAlgorithmPolicy": false,
    "displayAppListWithGdiDPIScalingTurnedOn": [],
    "displayAppListWithGdiDPIScalingTurnedOff": [],
    "enterpriseCloudPrintDiscoveryEndPoint": null,
    "enterpriseCloudPrintOAuthAuthority": null,
    "enterpriseCloudPrintOAuthClientIdentifier": null,
    "enterpriseCloudPrintResourceIdentifier": null,
    "enterpriseCloudPrintDiscoveryMaxLimit": null,
    "enterpriseCloudPrintMopriaDiscoveryResourceIdentifier": null,
    "messagingBlockSync": false,
    "messagingBlockMMS": false,
    "messagingBlockRichCommunicationServices": false,
    "searchBlockDiacritics": false,
    "searchDisableAutoLanguageDetection": false,
    "searchDisableIndexingEncryptedItems": false,
    "searchEnableRemoteQueries": false,
    "searchDisableUseLocation": false,
    "searchDisableIndexerBackoff": false,

[...]

 

best,

Oliver

Thanks a lot!

I guess I supposed if a setting wasn't configured it wouldn't show up on the list. This should work.
Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies