IntuneManagement
IntuneManagement copied to clipboard
Micke-K
Feature Request: Support for Import ADMX & Imported Admin Template functionality
Intune SR 2208 implemented new functionality to directly import ADMX & ADML templates: What's new in Microsoft Intune | Microsoft Docs
These are viewable in the current Administrative Templates section, but attempting to export and import one into a tenant fails due to the ADMX not existing within the destination tenant. Manually uploading these via the Intune GUI and trying an import also fails as the reference to the file won't be the same. There are also a few key differences to the policy, like the "policyConfigurationIngestionType" being "custom" rather than "builtIn".
I believe an import would be possible assuming you're able to upload and track/replace the dependency GUID of the ADMX/ADML files using the groupPolicyUploadedDefinitionFiles Beta API endpoint: groupPolicyUploadedDefinitionFile resource type - Microsoft Graph beta | Microsoft Docs, and would obviously rely on having a copy of the ADMX/ADML files available similar to the App Packages. There's also tracking of the uploaded file status via groupPolicyUploadedDefinitionFileStatus to ensure the file is uploaded and available prior to uploading the policy json.
Let me know if I can help with any testing or further investigations.
Thanks
James
Hello James,
I actually started looking at this and hit the wall a bit. I added support for export/import but import doesn't work the easy way. I can't find a way for it to export the actual ADMX/ADML content. The documentation indicated that there is support for it since it has values in the content properties but no matter what I do they are empty for me. So the only solution for now would be to have access to the files during the import like you mentioned. That just makes it extra complicated. I have the exact same issue with the Terms of use profiles.
Another thing is that they need to be imported in the right order. Some admx files are split over multiple files. These must be imported in the right order so namespaces exists when "sub" admx files are imported.
I think a dependency in the tool, eg Device Configuration profiles are depending on ADMX profiles, would take care of the import of profiles based ADMX files.
I'll dig a bit more. Might have something for you to test next week. Let me know if you find a way to export the ADMX/ADML content.
Thank you!
Cheers!
Hello James,
I've looked into this a bit now and I ran into some challenges.
I can export/import the ADMX file but with a couple if minor and major issues.
- I cannot export the ADMX/ADML file content. I can't find an API for that. So the files must be added to either the App Packages folder or the Export folder.
- Import order is based on last updated. This is to make sure they are imported in the correct order. I hope this value won't change. Firefox is a good example, Mozilla must be imported before Firefox.
- The most annoying one, I can export/import/copy a policy based on the ADMX file as long as it is in the same environment AND same ADMX is used. The presentation values changes every time an ADMX file is imported so it can't be copied between environments or even the same environment with the same ADMX file re-imported.
I will dig into this a bit more but that will take time. I have a couple of ideas to try out.
Cheers!
Hello James,
Can you test this file? This will add the following:
- Support for Exporting/Importing ADMX files
- Export/Import policies based on the ADMX file (cross tenant should be supported)
Note: The ADMX and ADML files must be located in the App Packages folder or the Export folder.
Unzip the file and copy EndpointManager.psm1 to the Extensions folder.
Let me know how it goes...
Cheers!
Implemented in release 3.7.2. Let me know how it goes, if you have the time to test it.
See Release Notes for more info
Hello,
Closing issue since was implemented.
Please create new issue if there are any problems.
Cheers!