IntuneManagement
IntuneManagement copied to clipboard
Micke-K
Import App Configuration (Device) policy fails
When trying to import an App Configuration (Device) policy it will fail with the following error message.
Android - Defender for Endpoint app config
Running version: 3.9.7
WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceAppManagement/mobileAppConfigurations (Request ID: 68262225-ef94-424d-9d78-396ad05dc060). Status code: BadRequest. Response message: . Response message: An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 12395d9e-ecd3-4cfd-bc16-fbc508645554 - Url: https://fef.amsub0202.manage.microsoft.com/AppLifecycle_2406/StatelessAppMetadataFEService/deviceAppManagement/mobileAppConfigurations?api-version=5024-05-15 Exception: The remote server returned an error: (400) Bad Request.
Hello,
What folder did you import the policy from?
It must be imported from the same folder name as it was exported. This is how the script knows which API to use. Wrong folder normally generates 400 error.
Cheers!
This is my exact steps.
- Tenant 1, export the policy to c:\tempPolicies\AppConfigurationManagedDevice
- Tenant 2, import the policy, select the policy from the location in step 1 and click import.
Can add that all other policies except the app config one is getting imported without any issues
Hello,
App Configuration (Device) policies has Apps as dependency.
Does the target app exist in the destination tenant?
Cheers!
Yes the target app is in the tenant from Managed google play store. I can also confirm that for iOS policies the import is working but not for Android.
The Microsoft Defender app is added in both tenants for Android. One tenant dont have the app assigned yet.
Exporting from the same tenant and importing to the same tenant works. But as soon as i try to import to another tenant then Android App configs fails.
- Created the app config in Tenant 2 for Defender for Endpoint Android.
- Exported it and deleted it from the tenant.
- Imported it back,. no issue.
- Export from Tenant 1.
- Import to Tenant 2.
- Fails with the error message only for Android app configs
Thank you for the troubleshooting!
Could be that the App has different IDs in different tenants.
Can you upload a policy from each tenant or can you check the exported policies if that is the case?
Cheers! No
Think you are correct the app id is different.
Tenant 1: "targetedMobileApps": ["e22b3aef-5b07-46dc-ab2e-5647885cf4b6"]
Tenant 2: "targetedMobileApps": ["1d3a9069-ae65-4173-b7f0-95b276a5e99d"]
I can import and export in the same tenants no issue, but moving the export to another tenant fails.
Does it work if you change the Id to the target tenant App Id?
This is not good. This means it's not supported as is. Might be possible to fix but will require additional development. And it's going to be a challenge since I don't have access to test.
Cheers!
Yes it works if i change the app id manually, then I can import it to the new tenant. Thank you for a super great tool
Hello,
I had to spend some time on a bus, so I thought I'd try to fix this. I got it to work for iOS by faking new IDs after export etc. I changed it so it will only use this for Android policies now.
Note that you have to re-export and import with the attached file to make it work. This will add an additional property to the export file, "#CustomRefTargetedApps. This will be used during import to identify the app in the target tenant.
Let me know how it goes if you test it. Would be good if you could test both import in same tenant and a different tenant.
Cheers!
Thank you, but when i replace this file and try to run the application again, I'm unable to see tenants and in the menu i get the text Object Array on top and then all the settings, Im also unable to see what accounts logged in etc no menu on top right corner for switching accounts
Hmmmm that is weird. I'll have a look at this later. Might not be able to do it this weekend.
Cheers!
When ever you have time, have great weekend and day
From: Mikael Karlsson @.> Sent: Thursday, July 18, 2024 5:22:45 PM To: Micke-K/IntuneManagement @.> Cc: Jimmy Winberg @.>; Author @.> Subject: Re: [Micke-K/IntuneManagement] Import App Configuration (Device) policy fails (Issue #255)
Hmmmm that is weird. I'll have a look at this later. Might not be able to do it this weekend.
Cheers!
— Reply to this email directly, view it on GitHubhttps://github.com/Micke-K/IntuneManagement/issues/255#issuecomment-2236851208, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHHIZO5DQK6HAK2KM3XUPKLZM7MULAVCNFSM6AAAAABLA7OTLCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZWHA2TCMRQHA. You are receiving this because you authored the thread.Message ID: @.***>
Hello,
I cannot replicate this. Did you replace completely, or did you rename the original file?
Can you attach the full log?
Cheers!
I renamed the original file, sorry my bad.
- Unpacked fresh version of your app.
- Ovewrote the file you packaged here seperatly.
- Exported the files again and imported.
But the outcome is the same. Just tested export from tenant 1 import to tenant 2, same error. I dont see a CustomRefTargetedApps in the exported file however.
WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceAppManagement/mobileAppConfigurations (Request ID: 1dafc0cc-a616-48d7-b6ae-e7176addedb9). Status code: BadRequest. Response message: . Response message: An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 68be0173-dc12-476c-a562-a387c4fda131 - Url: https://fef.amsub0202.manage.microsoft.com/AppLifecycle_2407/StatelessAppMetadataFEService/deviceAppManagement/mobileAppConfigurations?api-version=5024-05-15 Exception: The remote server returned an error: (400) Bad Request. Loading App Configuration (Device) objects
Hello,
Sounds like it doesn't detect the type. Can you attach the json or at least the top 5 rows of it?
Cheers!
Let's try this. Updated after midnight with laptop in bed so no clue if it will work :)
Cheers!
I just went to bed so I have to test it tomorrow, u need to sleep to haha, have a great day tomorrow i update you once i tested, again thank you so much for this awesome tool
From: Mikael Karlsson @.> Sent: Saturday, July 20, 2024 12:10:28 AM To: Micke-K/IntuneManagement @.> Cc: Jimmy Winberg @.>; Author @.> Subject: Re: [Micke-K/IntuneManagement] Import App Configuration (Device) policy fails (Issue #255)
Let's try this. Updated after midnight with laptop in bed so no clue if it will work :)
EndpointManager.ziphttps://github.com/user-attachments/files/16317396/EndpointManager.zip
Cheers!
— Reply to this email directly, view it on GitHubhttps://github.com/Micke-K/IntuneManagement/issues/255#issuecomment-2240341677, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHHIZOYLLVW6RJ3DYV423CDZNGFFJAVCNFSM6AAAAABLA7OTLCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBQGM2DCNRXG4. You are receiving this because you authored the thread.Message ID: @.***>
Tested same error. I do see the targetMobileApps int the exported file now, however import to new tenant same error as before.
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceAppManagement/mobileAppConfigurations(assignments())/$entity", "@odata.type": "#microsoft.graph.androidManagedStoreAppConfiguration", "@odata.id": "deviceAppManagement/mobileAppConfigurations(\u0027504a5603-8e77-4a4a-a7f2-41fe2999c8e3\u0027)", "@odata.editLink": "deviceAppManagement/mobileAppConfigurations(\u0027504a5603-8e77-4a4a-a7f2-41fe2999c8e3\u0027)/microsoft.graph.androidManagedStoreAppConfiguration", "id": "504a5603-8e77-4a4a-a7f2-41fe2999c8e3", "[email protected]": "#Collection(String)", "targetedMobileApps": [ "1d3a9069-ae65-4173-b7f0-95b276a5e99d" ], "[email protected]": "#Collection(String)", "roleScopeTagIds": [ "0" ],
WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceAppManagement/mobileAppConfigurations (Request ID: f76f08a1-7ae1-4e34-a585-5d9b217f0240). Status code: BadRequest. Response message: . Response message: An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 6f6758bd-147f-4dd5-b01d-cad244eaf926 - Url: https://fef.amsub0202.manage.microsoft.com/AppLifecycle_2407/StatelessAppMetadataFEService/deviceAppManagement/mobileAppConfigurations?api-version=5024-05-15 Exception: The remote server returned an error: (400) Bad Request.
Hello,
No #CustomRefTargetedApps property in the json file. It will not work as long as that property is not there.
I'll gave to add some additional logging to see what is happening.
Out on a boat trip now but will try to add that tonight.
Cheers!
Hello,
Another version to try. I added some additional logging to this so attach the log if it fails. I hope you will have the #CustomRefTargetedApps property in the json this time. Skip import if you don't. It won't work without it.
Cheers!
TEST - Microsoft Defender for Endpoint_504a5603-8e77-4a4a-a7f2-41fe2999c8e3.json logfilecleaned.txt
Same error attached newly exported file and log file.
That looks better!
The #CustomRefTargetedApps property is there. I'm on another boat trip in the Stockholm archipelago. I'll check the import when I get back tonight. I only focused on the export yesterday. We are finally on the right track.
Thank you for the troubleshooting!
Cheers!
My bad...it used the id from the source tenant.
New version to try.
Cheers!
All good working now, awesome work, next time enjoy your boat trips the tool can wait :) Importing and exporting between tenants is now working in the latest version you sent.
Thank you for allt the work you put in and have a great night
From: Mikael Karlsson @.> Sent: Sunday, July 21, 2024 9:51:27 PM To: Micke-K/IntuneManagement @.> Cc: Jimmy Winberg @.>; Author @.> Subject: Re: [Micke-K/IntuneManagement] Import App Configuration (Device) policy fails (Issue #255)
Great news!
Thank you for the update and all the testing.
Cheers!
— Reply to this email directly, view it on GitHubhttps://github.com/Micke-K/IntuneManagement/issues/255#issuecomment-2241755164, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHHIZO643DH53PZOX7NEHF3ZNQGL7AVCNFSM6AAAAABLA7OTLCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBRG42TKMJWGQ. You are receiving this because you authored the thread.Message ID: @.***>