Import from File or by API Intune Policies

There may be scenarios where you don't have a dev tenant to import from but you want to import an Intune Policy to the MSP level so that you can deploy it to other accounts. At present, it appears there is no option to import into the MSP level except by GitHub integration (which has its own gaps) or from a tenant. Perhaps it should be added at least to modify Intune policies at the API level for this scenario or to add a button by which a shell of a policy can be created in the GUI and then someone can put the text JSON in the policy manually.

1

Comments (3 comments)

Avatar
Dave Stephenson

Great idea, Jacob Reinhardt!

I know originally, the Policy Management feature of NMM was designed to be used by importing policies/profiles from an NMM Account (either MSP or Customer).
You could use the existing functionality to add your Dev Tenant as an Account in NMM, but that obviously comes with additional costs.

When I asked the product team about the ability to add/import JSON files manually (back when the Policy Management feature was in Private Preview), they said that it was designed like I mentioned above.

That being said, once you have a policy/profile in NMM, there's nothing preventing you from replacing the entire JSON body with anything you want.
However, that comes with its own set of risks if even a single obscure/incorrect character/option is specified. You could possibly break your NMM environment, the customer's Intune Environment, and the end-user's device.
I'm not saying you could/would do that (misconfigure a JSON), but just wanted to point out the potential risk. 🙂

0
Avatar
Jacob Reinhardt

Yes, I am not surprised to learn of the "authorial intent" of the feature. The copy and paste scenario is one I am using already (because of missing GitHub features). But still, perhaps the API side of this feature request is where you can protect users -- favor using the import function like you described. But for people who need to, add the API endpoint to create, update, or delete at will. But anyway, thank you!

1
Avatar
Dave Stephenson

I appreciate your understanding, as always. 🙂
You make a very good point.
Perhaps we can do this through the API or offer some kind of error validation 🤔
Lots of ways to slice this feature.

 

0

Please sign in to leave a comment.