IntuneManagement icon indicating copy to clipboard operation
IntuneManagement copied to clipboard
verified publisher icon Micke-K

Exported JSON files show unnecessary Git changes due to inconsistent property order

Open MarcoJanse opened this issue 1 month ago • 5 comments

Description

When exporting Intune configuration with IntuneManagement v3.10.1, many JSON files change between exports even though no actual configuration changes occurred. I have not noticed this behavior in the previous release. I'm using Git to track changes in my Intune configuration by storing the exports from Intune management in a git repository. The changes reported by Git are often only due to a different property order in the exported JSON.

Example

Here’s an example diff reported by Git between two exports, even though the content is functionally identical:

Before

{
  "enabled": true,
  "[email protected]": "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('b7165b6d-6642-4f75-88e9-9551e30b580b')"
},

After

{
  "[email protected]": "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('b7165b6d-6642-4f75-88e9-9551e30b580b')",
  "enabled": true
},

The only difference is the property order, but Git still flags this as a change.

Impact

  • Creates unnecessary Git diffs and commit noise
  • Makes it difficult to identify real configuration changes
  • Causes merge conflicts when collaborating on configuration backups

Suggested solution

It would be helpful if the export process could produce deterministic JSON output, for example by:

  • Sorting properties alphabetically before writing to file, or
  • Providing a flag or configuration option like -SortProperties or -StableJsonOutput to enforce a consistent key order.

Environment

Tool version: 3.10.1 PowerShell version: 7.5.4 OS: Windows 11 25H2 (OS Build 26200.6899) Intune Service Release version: 2510

MarcoJanse avatar Nov 11 '25 11:11 MarcoJanse

Hello,

Sorry for late reply. I completely forgot to reply to this.

This makes sense. I'll have a look if I can implement this somehow and how much work it is.

Cheers!

Micke-K avatar Nov 23 '25 00:11 Micke-K

Hello,

I uploaded a fix for this in the Development branch.

You have to enable this in Settings / Sort Json Properties:

Image

Note: This will not sort them on a complete alphabetical order, there are there different sections and all of them are sorted alphabetically:

  • Odata properties eg. starts with @ - These are always first.
  • All properties
  • Remarked properties e.g. #microsoft.graph.retrieveLatestUpgradeDefaultBaselinePolicy - These are always last.

This is to keep the existing flow of the json files.

Let me know how it goes.

Cheers!

Micke-K avatar Nov 23 '25 06:11 Micke-K

Hi @Micke-K.

Thank you so much for looking into this and providing a fix. Much appreciated!

I've ran the tool with the fix implemented and after setting the Sort Json properties, I've tried a bulk export. The first time that I tried this, my PowerShell 7 process crashed after a certain amount for time during the export with this error message:

Application: pwsh.exe
CoreCLR Version: 9.0.1025.47515
.NET Version: 9.0.10
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception (1816): Not enough quota is available to process this command.
   at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget, Nullable`1 channelSet)
   at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr lParam)
   at System.Windows.Interop.HwndTarget.HandleMessage(WindowMessage msg, IntPtr wparam, IntPtr lparam)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Int32 numArgs, Delegate catchHandler)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(DispatcherPriority priority, TimeSpan timeout, Delegate method, Object args, Int32 numArgs)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam)

Faulting application name: pwsh.exe, version: 7.5.4.500, time stamp: 0x68d50000
Faulting module name: KERNELBASE.dll, version: 10.0.26100.7171, time stamp: 0xb1a43a46
Exception code: 0xe0434352
Fault offset: 0x00000000000c80da
Faulting process id: 0x37FC
Faulting application start time: 0x1DC5D2D96A5E98E
Faulting application path: C:\Program Files\PowerShell\7\pwsh.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 98566180-7d86-47cd-a541-2de95ee4e605
Faulting package full name: 
Faulting package-relative application ID:

I closed all my running programs and tried it a second time and this time the bulk export finished without errors.

As expected, most config files were now detected by git as changed because of the sorting, but I will do some additional bulk exports in the coming days to compare and let you know if the sorting of the JSON-properties has resolved the false/positive git changes of Intune configuration.

Also I will keep an eye out if that error message pops up again.

MarcoJanse avatar Nov 24 '25 12:11 MarcoJanse

I've just did a new bulk export today and now I only see actual changed configuration. I will do some more tests this week, but it looks promising! 😃

MarcoJanse avatar Nov 25 '25 08:11 MarcoJanse

Today I did another export to my git repository and I can confirm I only see actual changed configuration now and no false positive changes anymore due to sorting. I'm very happy with this 😊

Is there anything else you want me to test for this? I'm not sure if documentation export is also affected by this sorting change?

If not, should we keep this issue open until it's merged into the main/master branch?

MarcoJanse avatar Nov 28 '25 11:11 MarcoJanse