IntuneManagement icon indicating copy to clipboard operation
IntuneManagement copied to clipboard

Published 20 hours ago verified publisher icon Micke-K

Defender baseline policy not importing.

Open l4m3us3r opened this issue 1 year ago • 6 comments

I have exported one of the new defender baseline policies using IntuneManagement, but the import is failing:

Import Settings Catalog object [MWP Template] Prod_Win_Endpoint Security - Security Baseline_Defender_Device WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/configurationPolicies (Request ID: a015b564-e738-4f4c-a64e-0074edc27015). Status code: BadRequest. Response message: . Response message: Info Invalid Reference id found in Policy created from Template 49b8320f-e179-472e-8e2c-2fde00289ca2_1 PolicyId

TemplateId 49b8320f-e179-472e-8e2c-2fde00289ca2_1 InvalidReferenceId f00bbe6f-591a-470d-b640-c707a10f32df - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 81e338e0-f958-4b73-8a65-101383b90e37 - Url: https://fef.msuc03.manage.microsoft.com/DeviceConfigV2/DCV2GraphService/de147310-ffff-8461-0512-062013234579/deviceManagement/configurationPolicies?api-version=5024-04-01 Exception: The remote server returned an error: (400) Bad Request. Trigger function Invoke-EMSelectedItemsChanged Trigger Invoke-EMSelectedItemsChanged in Compare Trigger Invoke-EMSelectedItemsChanged in Documentation Trigger Invoke-EMSelectedItemsChanged in EndpointManager Loading Settings Catalog objects

I have attached the json [MWP Template] Prod_Win_Endpoint Security - Security Baseline_Defender_Device.json please assist,

l4m3us3r avatar Jun 24 '24 02:06 l4m3us3r

Hello,

Thank you! I'll try to have a look at this.

Cheers!

Micke-K avatar Jun 24 '24 11:06 Micke-K

Hello,

Sorry for a very late answer. I completely forgot about this after the holiday.

I had a look at this, and it looks like Microsoft are doing some weird things here. The id for each setting is unique in each environment which makes it "impossible" to migrate between environments. I have to see if I can come up with something to fix this, but it will take a while. I need a solution for like for the ADMX files which has the same problem.

Cheers!

Micke-K avatar Sep 08 '24 04:09 Micke-K

Thanks Micke

l4m3us3r avatar Sep 08 '24 19:09 l4m3us3r

Hi Have you been able to fix this? I get the same error when trying to import Windows11-v24H2 securitybaselines. I attached my json

cfg_w11-SecurityBaselineWindows_v24H2.json

i have to mention that the policy has been exported from one tenant and then try'd to import it into another.

Any help appreciated!

hnthbi avatar Apr 14 '25 11:04 hnthbi

Hello,

So sorry. I worked on this way back but couldn't figure it out. I spent some time on it the last couple of days to dig deeper into it and I finally found what caused it. It turns out that the guid IDs in the Setting Catalog settings are case sensitive and there is ONE setting in 24H2, Machine Identity Isolation, that has uppercase in settingValueTemplateId and settingInstanceTemplateId. The API returns it with lowercase during export. It took me some time to figure that one out.

I could import the json you attached with the latest updates.

You can download the updates in the development branch and let me know how it goes.

Cheers!

Micke-K avatar Apr 19 '25 05:04 Micke-K

Hi Micke Yes i just testet it and it works! Thanks so much for fixing it and putting time into this. Regards!

hnthbi avatar Apr 22 '25 08:04 hnthbi