To copy, export, import, delete, document and compare policies and profiles in Intune you can use a very great tool.
It’s called IntuneManagement with PowerShell and WPF UI and can be found here https://github.com/Micke-K/IntuneManagement
The tool uses PowerShell scripts via Microsoft Authentication Library (MSAL), Microsoft Graph APIs and Azure Management APIs to manage objects in Intune and Azure. It has a simple WPF UI and it supports operations like Export, Import, Copy, Download and Compare.
Another option is to Import ADMX files and registry settings with ADMX ingestion and view and edit PowerShell script.
- .Net 4.7
- PowerShell 5.1
- Microsoft.Identity.Client.dll version 18.104.22.168 is included in this version
- License and permissions in Azure to manage objects in Intune and Azure
Before you can use the app you need to deploy an enterprise application or give consent in Azure AD.
The app will use the Intune PowerShell Azure Enterprise Application by default and only use the permissions granted to that appliction. Disable Use Default Permissions in Settings to request additional permissions. The will cause a consent prompt if one or more permissions are missing for the app. Note: If the app has not been approved for the organization, a consent prompt will be displayed.
I manually deployed an app registrations in Azure AD with these permissions.
Enable Get Tenant List in Settings if accessing multiple environments with the same account e.g. a guest account in other tenants. This might cause a Consent prompt
Starting the App
The CMD files needs to be unblocked before the app can be started. (Right-Click and check unblock) followed bij OK.)
The app can be started without it but Windows will prompt with a security warning.
The script will unblock all other files
Start the script by running Start.cmd, Start-WithJson.cmd, Start-WithConsole.cmd or Start-IntuneManagement.ps1. Start-WithConsole.cmd will leave the command prompt window open so you can see the log while running the app.
Check the log file for errors. The UI might not show errors why login failed etc. The log uses the Endpoint Configuration Manager (SCCM) format and it is best viewed with CMTrace or OneTrace. An old version of CMTrace can be downloaded here.