almenscorner / intunecd Goto Github PK
View Code? Open in Web Editor NEWTool to backup, update and document configurations in Intune
License: MIT License
Tool to backup, update and document configurations in Intune
License: MIT License
Include VPP in backup for the purpose of documentation and history of changes
Describe the bug
Backup reports the follow in the log below. Requests to the Graph API appear to be being throttled.
Backing up Conditional Access policy: CA008: Require password change for high-risk users
Backing up Conditional Access policy: CA002: Securing security info registration
Traceback (most recent call last):
File "/home/runner/.local/bin/IntuneCD-startbackup", line 8, in <module>
sys.exit(start())
File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 246, in start
run_backup(args.path, args.output, exclude, token)
File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 210, in run_backup
config_count += savebackup(path, output, token)
File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/backup_conditionalAccess.py", line 35, in savebackup
policy = makeapirequest(f"{ENDPOINT}/{policy['id']}", token)
File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/graph_request.py", line 55, in makeapirequest
raise Exception('Request failed with ', response.status_code, ' - ',
Exception: ('Request failed with ', 429, ' - ', '{"error":{"code":"TooManyRequests","message":"Too many requests.","innerError":{"date":"2022-11-24T01:31:47","request-id":"7011ef39-854e-4236-b355-0c0a9d303bc2","client-request-id":"7011ef39-854e-4236-b355-0c0a9d303bc2"}}}')
Error: Process completed with exit code 1.
To Reproduce
Not 100% sure, but I have 30+ CA policies in my lab tenant and it's reporting the error on CA policies.
Expected behavior
The backup should complete.
Run type (please complete the following information):
Include Enrollment restrictions in backup
Hi Almen,
I think IntuneCD backup feature are having some problem now and I can't sow why.
It's both if I run it from Azure Devops or Local pc. It's backing up some components and in the middle of backup it's just stops. This was working like charm 2 days ago. Can you check please?
Error is in pic below:
Describe the bug
Can't backup and it seems a powershell query issue
To Reproduce
========================== Starting Command Output ===========================
/usr/bin/bash /home/vsts/work/_temp/5d0345b5-1bbb-4453-a4e0-79bad8c341ae.sh
Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 313, in start
count = run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 273, in run_backup
config_count += savebackup(path, output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/backup_powershellScripts.py", line 68, in savebackup
decoded = base64.b64decode(script_data["scriptContent"]).decode("utf-8")
File "/usr/lib/python3.10/base64.py", line 80, in b64decode
s = _bytes_from_decode_data(s)
File "/usr/lib/python3.10/base64.py", line 45, in _bytes_from_decode_data
raise TypeError("argument should be a bytes-like object or ASCII "
TypeError: argument should be a bytes-like object or ASCII string, not 'NoneType'
##[error]Bash exited with code '1'.
Backing up/updating large amounts of configurations can take a long time since the assignments and details are requested for each configuration individually.
This features intent is to increase speed and performance by batching requests instead of getting them individually.
Would love to see exports available for windows device configurations with ADMX templates.
Describe the bug
I configured Intune-CD in November 2022. My azure app-registration has only "read-only" rights. But I only want to run a backup. I never want to give the permission to change something in Intune.
App-Permissions:
now it does not work anymore.
Error:
Traceback (most recent call last): File "/home/.local/bin/IntuneCD-startbackup", line 8, in <module> sys.exit(start()) File "/home/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 275, in start run_backup(args.path, args.output, exclude, token) File "/home/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 166, in run_backup config_count += savebackup(path, output, exclude, token) File "/home/.local/lib/python3.10/site-packages/IntuneCD/backup_profiles.py", line 78, in savebackup oma_value = makeapirequest( File "/home/.local/lib/python3.10/site-packages/IntuneCD/graph_request.py", line 65, in makeapirequest raise Exception("Request failed with ", response.status_code, " - ", response.text) Exception: ('Request failed with ', 403, ' - ', '{"error":{"code":"Forbidden","message":"{\\r\\n \\"_version\\": 3,\\r\\n \\"Message\\": \\"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementConfiguration.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 582c977c-d5a6-4e44-9662-d71207210082 - Url: https://fef.msub07.manage.microsoft.com/DeviceConfiguration_2303/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations(\'3e5ea113-c420-468c-9484-1af5b8f05ce5\')/microsoft.management.services.api.getOmaSettingPlainTextValue(secretReferenceValueId=\'d9e8c134-50f1-4c93-9046-c96ab05dccbe_3e5ea113-c420-468c-9484-1af5b8f05ce5_d598bf61-aa91-4d6c-95b7-e50254d7ba0a\')?api-version=5022-09-24\\",\\r\\n \\"CustomApiErrorPhrase\\": \\"\\",\\r\\n \\"RetryAfter\\": null,\\r\\n \\"ErrorSourceService\\": \\"\\",\\r\\n \\"HttpHeaders\\": \\"{}\\"\\r\\n}","innerError":{"date":"2023-03-22T14:09:53","
To Reproduce
I run IntuneCD-startbackup -m 1 -o yaml -p /home/intune-cd/backups/ -a /home/intune-cd/auth.json
My App-Registrations has the following permissions:
Expected behavior
Backup working without issues with read-only permissions
Run type (please complete the following information):
Is your feature request related to a problem? Please describe.
When generating the Production MD file image attributes create duplicate strings for the table print out for the column headers. This causes the production combined MD file to grow exponentially in size. Ideally some of these values in the output would be truncated or flagged to be ignored.
Describe the solution you'd like
Provide a method to blacklist specific fields for the production build; or consolidate the output in the tables to simply fill in some pre-defined "field-to-large" or other replacement.
Additional context
Fields that are subject to bloating the final production output include but are limited to:
Describe the bug
When restoring compliance policies, it fails if the policy does not already exist and contains the properties for "scheduledActionConfigurations"
For testing attempted to create a policy with the same name I was trying to restore in the target environment and then it worked.
I noticed that there are some calls to "remove_keys" in the code path that is executed when the policy already exists, but this does not seem to be the case for the code path that has to create the policy when missing.
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
For the policy to be created successfully
Screenshots
If applicable, add screenshots to help explain your problem.
Run type (please complete the following information):
Additional context
Add any other context about the problem here.
Describe the bug
Not necessarily a bug, but an execption was rasied when the Graph API was unavailable. graph_request.py
doesn't appear to handle HTTP 503 errors.
To Reproduce
Difficult to reproduce because you'll need the Graph API to be unavailable. I wouldn't expect this to be an issue very often.
Expected behavior
Not 100% sure, but graph_request.py
could perhaps wait/retry or exit with an erorr.
Run type (please complete the following information):
Log
Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in <module>
sys.exit(start())
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 136, in start
run_backup(opts.path,opts.output,exclude,token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 68, in run_backup
savebackup(path,output,exclude,token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_appConfiguration.py", line 49, in savebackup
app_data = makeapirequest(app_endpoint + "/" + app_id, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/graph_request.py", line 38, in makeapirequest
raise Exception('Request failed with ',response.status_code,' - ',
Exception: ('Request failed with ', 503, ' - ', '{"error":{"code":"UnknownError","message":"<!DOCTYPE HTML PUBLIC \\"-//W3C//DTD HTML 4.01//EN\\"\\"[http://www.w3.org/TR/html4/strict.dtd\\">\\r\\n<HTML><HEAD><TITLE>Service](http://www.w3.org/TR/html4/strict.dtd//%22%3E//r//n%3CHTML%3E%3CHEAD%3E%3CTITLE%3EService) Unavailable</TITLE>\\r\\n<META HTTP-EQUIV=\\"Content-Type\\" Content=\\"text/html; charset=us-ascii\\"></HEAD>\\r\\n<BODY><h2>Service Unavailable</h2>\\r\\n<hr><p>HTTP Error 503. The service is unavailable.</p>\\r\\n</BODY></HTML>\\r\\n","innerError":{"date":"2022-05-26T01:01:13","request-id":"c416c99b-a292-40bf-aed9-ab321f75ffc4","client-request-id":"c416c99b-a292-40bf-aed9-ab321f75ffc4"}}}')
##[error]Bash exited with code '1'.
##[error]Bash wrote one or more lines to the standard error stream.
##[error]Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in <module>
sys.exit(start())
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 136, in start
run_backup(opts.path,opts.output,exclude,token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 68, in run_backup
savebackup(path,output,exclude,token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_appConfiguration.py", line 49, in savebackup
app_data = makeapirequest(app_endpoint + "/" + app_id, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/graph_request.py", line 38, in makeapirequest
raise Exception('Request failed with ',response.status_code,' - ',
Exception: ('Request failed with ', 503, ' - ', '{"error":{"code":"UnknownError","message":"<!DOCTYPE HTML PUBLIC \\"-//W3C//DTD HTML 4.01//EN\\"\\"[http://www.w3.org/TR/html4/strict.dtd\\">\\r\\n<HTML><HEAD><TITLE>Service](http://www.w3.org/TR/html4/strict.dtd//%22%3E//r//n%3CHTML%3E%3CHEAD%3E%3CTITLE%3EService) Unavailable</TITLE>\\r\\n<META HTTP-EQUIV=\\"Content-Type\\" Content=\\"text/html; charset=us-ascii\\"></HEAD>\\r\\n<BODY><h2>Service Unavailable</h2>\\r\\n<hr><p>HTTP Error 503. The service is unavailable.</p>\\r\\n</BODY></HTML>\\r\\n","innerError":{"date":"2022-05-26T01:01:13","request-id":"c416c99b-a292-40bf-aed9-ab321f75ffc4","client-request-id":"c416c99b-a292-40bf-aed9-ab321f75ffc4"}}}')
Describe the bug
When trying to update management intent settings, the following error might occur:
KeyError: 'value'
Expected behavior
The tool should be able to correctly identify the type and successfully update the value.
Run type (please complete the following information):
Thanks for the amazing work!
Would it be possible to export the definitions of Applications (package IDs and such), even if they can't be imported?
Thanks
Here's additional payloads that are in base64 format. Apologies, I should have checked for more - this is what's in my current as-built, so there could be more properties.
microsoft.graph.win32LobAppPowerShellScriptDetection
microsoft.graph.win32LobAppPowerShellScriptRule
microsoft.graph.win32LobAppPowerShellScriptRequirement
Each of these has a property of scriptContent
in base64 format.
Describe the bug
It's our initial setup of IntuneCD in with Pipelines.
To Reproduce
Steps to reproduce the behavior:
Run the Pipeline
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
As we only want to start with a backup and a documentation we choosed these AzureAD App rights:
Run type (please complete the following information):
Additional context
.yml file:
trigger: none
pool:
vmImage: ubuntu-latest
variables:
REPO_DIR: $(Build.SourcesDirectory)
TENANT_NAME: xxx.onmicrosoft.com
CLIENT_ID: xxx
steps:
- checkout: self
persistCredentials: true
- script: pip3 install IntuneCD
displayName: Install IntuneCD
- script: |
git config --global user.name "xxx"
git config --global user.email "xxx"
displayName: Configure Git
- script: IntuneCD-startbackup -m 1 -o yaml
env:
REPO_DIR: $(REPO_DIR)
TENANT_NAME: $(TENANT_NAME)
CLIENT_ID: $(CLIENT_ID)
CLIENT_SECRET: $(CLIENT_SECRET)
displayName: Run IntuneCD backup
- script: |
export branch_name=configs-`date +'%Y-%m-%d-%H-%M'`
cd $(REPO_DIR)
git checkout -b $branch_name
git add --all
git commit -m "Updated configurations"
git push --set-upstream origin $branch_name
displayName: Commit changes
- script: IntuneCD-startdocumentation -t $(TENANT_NAME) -i 'This is a demo introduction'
env:
REPO_DIR: $(REPO_DIR)
displayName: Run IntuneCD documentation
Output:
Starting: Run IntuneCD backup
Task : Command line
Description : Run a command line script using Bash on Linux and macOS and cmd.exe on Windows
Version : 2.212.0
Author : Microsoft Corporation
Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/command-line
Generating script.
Script contents:
IntuneCD-startbackup -m 1 -o yaml
/usr/bin/bash --noprofile --norc /home/vsts/work/_temp/737016a5-23e4-41c5-a4a2-bbc354224046.sh
Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in <module>
sys.exit(start())
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 370, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 165, in run_backup
results.append(savebackup(path, output, exclude, token))
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/backup_appConfiguration.py", line 34, in savebackup
data = makeapirequest(ENDPOINT, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/graph_request.py", line 84, in makeapirequest
raise Exception(
Exception: ('Request failed with ', 401, ' - ', '{"error":{"code":"UnknownError","message":"{\\"ErrorCode\\":\\"Forbidden\\",\\"Message\\":\\"{\\\\r\\\\n \\\\\\"_version\\\\\\": 3,\\\\r\\\\n \\\\\\"Message\\\\\\": \\\\\\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: e80ad478-e080-4167-ab5d-6615f7ce881e - Url: [https://fef.msub03.manage.microsoft.com/AppLifecycle_2306/StatelessAppMetadataFEService/deviceAppManagement/mobileAppConfigurations?api-version=5023-05-30\\\\\\",\\\\r\\\\n](https://fef.msub03.manage.microsoft.com/AppLifecycle_2306/StatelessAppMetadataFEService/deviceAppManagement/mobileAppConfigurations?api-version=5023-05-30\\\\\\%22,\\\\r\\\\n) \\\\\\"CustomApiErrorPhrase\\\\\\": \\\\\\"\\\\\\",\\\\r\\\\n \\\\\\"RetryAfter\\\\\\": null,\\\\r\\\\n \\\\\\"ErrorSourceService\\\\\\": \\\\\\"\\\\\\",\\\\r\\\\n \\\\\\"HttpHeaders\\\\\\": \\\\\\"{\\\\\\\\\\\\\\"WWW-Authenticate\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"Bearer realm=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"urn:intune:service,9225b241-44e1-44a8-8bfe-c10e39177505,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7,3e9c57b9-808d-4aa0-9500-4b2d369279e7\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"\\\\\\\\\\\\\\"}\\\\\\"\\\\r\\\\n}\\",\\"Target\\":null,\\"Details\\":null,\\"InnerError\\":null,\\"InstanceAnnotations\\":[]}","innerError":{"date":"2023-07-07T11:06:12","request-id":"e80ad478-e080-4167-ab5d-6615f7ce881e","client-request-id":"e80ad478-e080-4167-ab5d-6615f7ce881e"}}}')
##[error]Bash exited with code '1'.
Finishing: Run IntuneCD backup
Include Proactive remediation scripts in backup
Hi Almen,
Coupe days ago, I told you there was problem with backup pipeline and now I am facing it for update pipeline. But now configuration is always failing on same policy and it's working If I run it locally. (This pipeline was working in past...)
Error code:
Any suggestion? Will it start working like backup pipeline on it's own in couple of days?
Would be nice to include "Assignments" in the exported profiles. That way the exports can be used as documentation and overview to see where things are connected and what not.
And if possible also to include it as DEV -> PROD that way it can be used to update assignments along side with configuration changes (scenario tenant to tenant migration).
The following policies are not backed up:
Is your feature request related to a problem? Please describe.
Add backup/export of device categories.
Describe the solution you'd like
Ensure device categories are exported (and perhaps imported), so they can be added to import/export or as-built reports.
Describe alternatives you've considered
None
Additional context
Add any other context or screenshots about the feature request here.
Device categories requires the beta API, so it would be unsupported by MS. https://learn.microsoft.com/en-us/graph/api/resources/intune-shared-devicecategory?view=graph-rest-beta&viewFallbackFrom=graph-rest-1.0
Currently, when configurations are documented long strings (over 200 chars) are stripped to the first 75 chars. This will be change to include the whole string and be collapsed by default to give an option of viewing the entire configuration. Especially useful for script/custom profile configurations.
Example:
When backing up my Intune settings I am seeing an error about Unicode encode errors
Traceback (most recent call last):
File "c:\python39\lib\runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "c:\python39\lib\runpy.py", line 87, in run_code
exec(code, run_globals)
File "C:\Python39\Scripts\IntuneCD-startbackup.exe_main.py", line 7, in
File "c:\python39\lib\site-packages\IntuneCD\run_backup.py", line 228, in start
run_backup(args.path, args.output, exclude, token)
File "c:\python39\lib\site-packages\IntuneCD\run_backup.py", line 184, in run_backup
config_count += savebackup(path, output, exclude, token)
File "c:\python39\lib\site-packages\IntuneCD\backup_powershellScripts.py", line 68, in savebackup
f.write(decoded)
File "c:\python39\lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
UnicodeEncodeError: 'charmap' codec can't encode character '\ufeff' in position 0: character maps to
Include Managed Google Play in backup for the purpose of documentation and history of changes
Include APNs configuration in backup for the purpose of documentation and history of changes
Describe the bug
Some policy types from feature request #32 overwrite settings catalogs with the same name. I have not tested all policy types from the request, but it happens at least with the Windows Defender Antivirus
type.
To Reproduce
Create a Windows Defender Antivirus
policy and a settings catalog (device configuration profile) with the same name. Once done, run IntuneCD-startbackup
.
Expected behavior
A JSON/YAML file for the settings catalog (device configuration profile) and the Windows Defender Antivirus
policy with the same name should both be stored in the Settings Catalog
directory, suffixed with the type (as done for files stored in the Device Configurations
directory).
Run type (please complete the following information):
Is it possible if all the contents of everything (App Configuration, App Protection, Apple Push Notification etc.) were sorted alphabetically in the .md file like they are when you back up everything to the folders in json or yaml?
Is your feature request related to a problem? Please describe.
It would be great to be able to exclude assignments in a back up or a restore/import, so that configurations can be imported into a tenant and assigned separately (e.g. manually)
Describe the solution you'd like
Add an option in IntuneCD-startbackup
to exclude assignments in a backup or in IntuneCD-startupdate
to not import assignments.
Describe alternatives you've considered
Manually editing the backup files, but that's not a lot of fun.
Is your feature request related to a problem? Please describe.
InutneCD only supports the client credential method (the client secret authentication).
However, for local execution or for more secure secret management, another method is commonly used.
Describe the solution you'd like
I would like to see support for methods other than the client credential method (the client secret authentication).
Describe alternatives you've considered
N/A
Additional context
The Graph API client used by azuread provider, which manages Azure AD with terraform, supports several auth methods.
https://github.com/manicminer/hamilton/blob/main/auth/auth.go#L23-L43
Is it possible to add an example of the generated documentation added to the repo, just so that we can see it without going through all of the setup steps?
Describe the bug
Running IntuneCD-startdocumentation results in 'TypeError: can only concatenate str (not "dict") to str'.
Run INTRO="Microsoft Intune backup and documentation generated at $GITHUB_REPOSITORY <img align=\"right\" width=\"96\" height=\"96\" src=\"./logo.png\">"
INTRO="Microsoft Intune backup and documentation generated at $GITHUB_REPOSITORY <img align=\"right\" width=\"96\" height=\"96\" src=\"./logo.png\">"
IntuneCD-startdocumentation \
--path="$GITHUB_WORKSPACE/prod-backup" \
--outpath="$GITHUB_WORKSPACE/prod-as-built.md" \
--tenantname=$TENANT_NAME \
--intro="$INTRO"
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
TENANT_NAME: ***
CLIENT_ID: ***
CLIENT_SECRET: ***
Traceback (most recent call last):
File "/home/runner/.local/bin/IntuneCD-startdocumentation", line 8, in <module>
sys.exit(start())
File "/home/runner/.local/lib/python3.10/site-packages/IntuneCD/run_documentation.py", line [2](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:2)18, in start
run_documentation(args.path, args.outpath, args.tenantname, args.jsondata, args.maxlength, args.split, args.cleanup)
File "/home/runner/.local/lib/python[3](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:3).10/site-packages/IntuneCD/run_documentation.py", line 129, in run_documentation
document_configs(f'{configpath}/Device Configurations', outpath, 'Configuration Profiles', maxlength, split, cleanup)
File "/home/runner/.local/lib/python3.10/site-packages/IntuneCD/documentation_functions.py", line 2[4](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:4)4, in document_configs
for key, value in zip(repo_data.keys(), clean_list(repo_data.values())):
File "/home/runner/.local/lib/python3.10/site-packages/IntuneCD/documentation_functions.py", line 18[5](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:5), in clean_list
values.append(dict_string(item))
File "/home/runner/.local/lib/python3.10/site-packages/IntuneCD/documentation_functions.py", line 14[7](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:7), in dict_string
first = '<br /> - ' + v[0]
TypeError: can only concatenate str (not "dict") to str
Error: Process completed with exit code 1.
To Reproduce
See commands used in the log extract above.
Expected behavior
Markdown documentation should complete.
Run type (please complete the following information):
Describe the bug
While inspecting a settings catalog backup, I noticed that a large amount of configured settings were not present. The settingCount
key in the file has the value 153
, but only 25 settings are present in the backup. This issue is not limited to that one settings catalog. All backups of settings catalogs with more than 25 configured settings only contain the first 25 configured settings.
To Reproduce
Create a settings catalog that has more than 25 configured settings. Once done, run IntuneCD-startbackup
.
Expected behavior
All configured settings in a settings catalog are backed up, instead of just the first 25.
Run type (please complete the following information):
Hi I've successfully used pipelines for my dev tenant with the help from here: https://stealthpuppy.com/automate-intune-documentation-azure/
But I can't seem to get it working for my prd tenant, it's stuck on generating the markdown document.
Output:
Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startdocumentation", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_documentation.py", line 193, in start
run_documentation(args.path, args.outpath, args.tenantname, args.jsondata, args.maxlength, args.split)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_documentation.py", line 78, in run_documentation
document_configs(f'{configpath}/Apple VPP Tokens', outpath, 'Apple VPP Tokens', maxlength, split)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/documentation_functions.py", line 215, in document_configs
md.write('## ' + repo_data['displayName'] + '\n')
TypeError: can only concatenate str (not "NoneType") to str
##[error]Bash exited with code '1'.
##[error]Bash wrote one or more lines to the standard error stream.
##[error]Traceback (most recent call last):
Add a function to create documentation based on the backup files created. The function should be able to run in either a pipeline to automatically create the document and update the document on runtime and locally to support the "standalone" mode.
Describe the bug
I had originally configured IntuneCD back in March 2023, I had recently noticed the ADO pipeline was failing due to a permission I had not added (DeviceManagementManagedDevices.ReadWrite.All). I added the permission to the app registration but now I am coming up with a new error that seems to be a permission issue but not too sure.
Error:
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 370, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 270, in run_backup
results.append(savebackup(path, output, token))
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/backup_remoteAssistancePartner.py", line 28, in savebackup
data = makeapirequest(ENDPOINT, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/graph_request.py", line 84, in makeapirequest
raise Exception(
Exception: ('Request failed with ', 403, ' - ', '{"error":{"code":"Forbidden","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e - Url: https://fef.msua05.manage.microsoft.com/RemoteAssistService/StatelessRemoteAssistService/deviceManagement/remoteAssistancePartners?api-version=5022-08-15 - CustomApiErrorPhrase: Forbidden\",\r\n \"CustomApiErrorPhrase\": \"Forbidden\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"date":"2023-06-21T17:29:40","request-id":"cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e","client-request-id":"cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e"}}}')
##[error]Bash exited with code '1'.
Current App Registration Permissions:
To Reproduce
Within the Pipeline:
Currently ran with a client secret and app registration
Current App Registration Permissions:
Expected behavior
Backup works accordingly without issues/errors
Run type (please complete the following information):
Describe the bug
charmap (I'm using pip 22.3 from C:\Program Files\Python311\Lib\site-packages\pip (python 3.11)) not working as expected when running IntuneCD-startdocumentation on specific characters
To Reproduce
Use unicode characters (e.g. U+1F310) in publisher field
Expected behavior
Im having Android publishers using certain unicode characters (e.g. U+1F310)
Screenshots
Traceback (most recent call last):
File "", line 198, in _run_module_as_main
File "", line 88, in run_code
File "C:\Program Files\Python311\Scripts\IntuneCD-startdocumentation.exe_main.py", line 7, in
File "C:\Program Files\Python311\Lib\site-packages\IntuneCD\run_documentation.py", line 218, in start
run_documentation(args.path, args.outpath, args.tenantname, args.jsondata, args.maxlength, args.split, args.cleanup)
File "C:\Program Files\Python311\Lib\site-packages\IntuneCD\run_documentation.py", line 106, in run_documentation
document_configs(f'{configpath}/Applications/Android', outpath, 'Android Applications', maxlength, split, cleanup)
File "C:\Program Files\Python311\Lib\site-packages\IntuneCD\documentation_functions.py", line 290, in document_configs
md.write(str(config_table) + '\n')
File "C:\Program Files\Python311\Lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeEncodeError: 'charmap' codec can't encode character '\U0001f310' in position 525: character maps to
Run type (please complete the following information):
Describe the bug
The process errors out whenever we try to run an update with Management Intents present in the backup.
The error given is simply "TypeError: can only concatenate str (not "NoneType") to str":
Traceback (most recent call last):
File "C:\Python\lib\runpy.py", line 196, in _run_module_as_main
return _run_code(code, main_globals, None,
File "C:\Python\lib\runpy.py", line 86, in run_code
exec(code, run_globals)
File "C:\Python\Scripts\IntuneCD-startupdate.exe_main.py", line 7, in
File "C:\Python\lib\site-packages\IntuneCD\run_update.py", line 207, in start
run_update(args.path, token, args.u, exclude)
File "C:\Python\lib\site-packages\IntuneCD\run_update.py", line 152, in run_update
diff_count += update(path, token, assignment)
File "C:\Python\lib\site-packages\IntuneCD\update_managementIntents.py", line 39, in update
intent_responses = batch_intents(intents, token)
File "C:\Python\lib\site-packages\IntuneCD\graph_batch.py", line 154, in batch_intents
categories_responses = batch_request(
File "C:\Python\lib\site-packages\IntuneCD\graph_batch.py", line 39, in batch_request
'url': url + id + extra_url
TypeError: can only concatenate str (not "NoneType") to str
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Screenshots
If applicable, add screenshots to help explain your problem.
Run type (please complete the following information):
Additional context
An example policy I tested with is attached
TEST-BITLOCKER-2.2022.12.json.zip
Is your feature request related to a problem? Please describe.
I want to enrich IntuneCD backup pipeline with information about who made such change. For this to happen I need to know resource (policy, app, etc) ID so I can look it up in the Intune audit logs easily.
Describe the solution you'd like
To each item IntuneCD back up add ResourceID property. To json file content (but that would probably break when I later try to import it?) or to its name as an optional suffix so it can be parsed. In general, it might be better to use ID instead of resource name in json file names, so GIT can easily track renames?
Describe the bug
When running the following command in a tenant:
IntuneCD-startbackup -m 1 -o yaml -p ./prod-backup -a ./auth.json
This output is shown:
aaron@einstein pansw % IntuneCD-startbackup -m 1 -o yaml -p ./prod-backup -a ./auth.json
Backing up App Configuration: PDF Expert XML
Backing up App Configuration: PA Endpoint Defender IOS
Backing up App Protection: OneDrive mobile policy
Traceback (most recent call last):
File "/opt/homebrew/bin/IntuneCD-startbackup", line 8, in <module>
sys.exit(start())
File "/opt/homebrew/lib/python3.9/site-packages/IntuneCD/run_backup.py", line 127, in start
run_backup(opts.path,opts.output,token)
File "/opt/homebrew/lib/python3.9/site-packages/IntuneCD/run_backup.py", line 66, in run_backup
savebackup(path,output,token)
File "/opt/homebrew/lib/python3.9/site-packages/IntuneCD/backup_AppProtection.py", line 59, in savebackup
if platform == "mdmWindowsInformationProtectionPolicies":
UnboundLocalError: local variable 'platform' referenced before assignment
To Reproduce
There are no WIP policies in the target tenant, so the mdmWindowsInformationProtectionPolicies
line may not be applicable. No App Protection policies are actually exported to disk. MAM policies in the tenant are:
Expected behavior
Backup should complete successfully
Is your feature request related to a problem? Please describe.
The current documentation markdown file can get heavy for the browser to view making it difficult to read without the browser crashing.
Describe the solution you'd like
Splitting the documentation into separate markdown files in the existing great folder structure. Ideally with a combined markdown file that has an index with references to the individual files.
There appears to be an issue with backing up Proactive Remediations (and possibly other items) when a "/" character exists in the title as this is passed through to the file path for JSON/YAML backup (which is interpreted as a folder).
Backing up Proactive Remediation: Custom Device Inventory - App/Device Inventory
Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 241, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 193, in run_backup
config_count += savebackup(path, output, exclude, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_proactiveRemediation.py", line 72, in savebackup
f = open(
FileNotFoundError: [Errno 2] No such file or directory: '/home/vsts/work/1/s/Proactive Remediations//Script Data/Custom Device Inventory - App/Device Inventory_DetectionScript.ps1'
##[error]Bash exited with code '1'.
Describe the bug
When running:
IntuneCD-startbackup --mode=1 --output=json --path="$PWD\prod-backup" --localauth="$PWD\auth.json"
Backup fails with error:
Backing up Proactive Remediation: BIOS_UEFI_Boot_Path
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Scripts\IntuneCD-startbackup.exe\__main__.py", line 7, in <module>
File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Lib\site-packages\IntuneCD\run_backup.py", line 370, in start
run_backup(args.path, args.output, exclude, token)
File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Lib\site-packages\IntuneCD\run_backup.py", line 275, in run_backup
results.append(savebackup(path, output, exclude, token))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Lib\site-packages\IntuneCD\backup_proactiveRemediation.py", line 78, in savebackup
f.write(decoded)
File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1250.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeEncodeError: 'charmap' codec can't encode character '\ufeff' in position 0: character maps to <undefined>
To Reproduce
Upload "UTF8 with BOM" encoded remediation or detection script to Intune and run backup action.
Expected behavior
Backup "UTF8 with BOM" encoded scripts successfully.
Screenshots
If applicable, add screenshots to help explain your problem.
Run type (please complete the following information):
Additional context
Add any other context about the problem here.
Include Partner connections such as Jamf in backup for the purpose of documentation and history of changes
There are new profile types for endpoint security policies that require a different API to backup/import: https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#new-profile-templates-and-settings-structure-for-endpoint-security-policies
Policy type | Platform | Profile (template) name |
---|---|---|
Antivirus | Windows 10, Windows 11, and Windows Server | Windows Security experience |
Antivirus | Windows 10, Windows 11, and Windows Server | Windows Defender Antivirus |
Antivirus | Windows 10, Windows 11, and Windows Server | Windows Defender Antivirus Exclusions |
Firewall | Windows 10, Windows 11, and Windows Server | Microsoft Defender Firewall |
Firewall | Windows 10, Windows 11, and Windows Server | Microsoft Defender Firewall Rules |
Endpoint detection and response | Windows 10, Windows 11, and Windows Server | Endpoint detection and response |
Attack surface reduction | Windows 10 and Later | Attack surface reduction rules |
Attack surface reduction | Windows 10 and Later | Exploit protection |
Describe the bug
When moving to intunecd 1.1.3 and above the export of Enrollment Status Page configuration fails with error message - Resource not found in Microsoft Graph: https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/497f49b4-890c-4935-9ed1-93b513717d60. Rolling back the version to 1.1.2 successfully exports and completes job run.
To Reproduce
Azure devops pipeline yaml task
Errorlogs from console
2022-11-02T08:41:19.2899674Z Backing up Autopilot enrollment profile: Windows Autopilot Deployment Profile | User driven enrollment with AADJ
2022-11-02T08:41:19.2900394Z Backing up Autopilot enrollment profile: Windows Autopilot Deployment Profile | User driven enrollment with HAADJ
2022-11-02T08:41:20.9111684Z Backing up Enrollment Status Page: All users and all devices
2022-11-02T08:41:20.9112761Z Backing up Enrollment Status Page: [Global] Autopilot Profile | Production Device | Standard_AAD Join ver2.0
2022-11-02T08:41:20.9114604Z Resource not found in Microsoft Graph: https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/497f49b4-890c-4935-9ed1-93b513717d60
2022-11-02T08:41:20.9867024Z Traceback (most recent call last):
2022-11-02T08:41:20.9868444Z File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
2022-11-02T08:41:20.9868942Z sys.exit(start())
2022-11-02T08:41:20.9869690Z File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 241, in start
2022-11-02T08:41:20.9870261Z run_backup(args.path, args.output, exclude, token)
2022-11-02T08:41:20.9871222Z File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 161, in run_backup
2022-11-02T08:41:20.9871828Z config_count += savebackup(path, output, exclude, token)
2022-11-02T08:41:20.9872643Z File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_enrollmentStatusPage.py", line 56, in savebackup
2022-11-02T08:41:20.9873526Z app = {'name': app_data['displayName'], 'type': app_data['@odata.type']}
2022-11-02T08:41:20.9874227Z TypeError: 'NoneType' object is not subscriptable
2022-11-02T08:41:21.0193735Z ##[error]Bash exited with code '1'.
2022-11-02T08:41:21.0203596Z ##[error]Bash wrote one or more lines to the standard error stream.
2022-11-02T08:41:21.0207326Z ##[error]Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 241, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 161, in run_backup
config_count += savebackup(path, output, exclude, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_enrollmentStatusPage.py", line 56, in savebackup
app = {'name': app_data['displayName'], 'type': app_data['@odata.type']}
TypeError: 'NoneType' object is not subscriptable
2022-11-02T08:41:21.0273554Z ##[section]Finishing: IntuneCD backup
Run type (Azure DevOps with hosted agent):
Describe the bug
Conditional Access backup produces AttributeError: 'NoneType' object has no attribute 'pop'
. API permissions have been updated to include all required permissions.
To Reproduce
Backing up a policy with the name Office 365 - E5; Unmanaged platforms; Browser; Use Conditional Access App Control
. My next test will be to re-name the policy to remove the ;
character.
Expected behavior
Backup should complete.
Backing up Conditional Access policy: Office 365 - E5; Unmanaged platforms; Browser; Use Conditional Access App Control
Traceback (most recent call last):
File "/home/runner/.local/bin/IntuneCD-startbackup", line 8, in <module>
sys.exit(start())
File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 246, in start
run_backup(args.path, args.output, exclude, token)
File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 210, in run_backup
config_count += savebackup(path, output, token)
File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/backup_conditionalAccess.py", line 36, in savebackup
policy['grantControls'].pop('[email protected]', None)
AttributeError: 'NoneType' object has no attribute 'pop'
Error: Process completed with exit code 1.
Run type (please complete the following information):
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.