almenscorner / intunecd Goto Github PK

Include VPP in backup for the purpose of documentation and history of changes

• Configuration type: Backup only

Is your feature request related to a problem? Please describe.
The current documentation markdown file can get heavy for the browser to view making it difficult to read without the browser crashing.

Describe the solution you'd like
Splitting the documentation into separate markdown files in the existing great folder structure. Ideally with a combined markdown file that has an index with references to the individual files.

There appears to be an issue with backing up Proactive Remediations (and possibly other items) when a "/" character exists in the title as this is passed through to the file path for JSON/YAML backup (which is interpreted as a folder).

Backing up Proactive Remediation: Custom Device Inventory - App/Device Inventory
Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 241, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 193, in run_backup
config_count += savebackup(path, output, exclude, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_proactiveRemediation.py", line 72, in savebackup
f = open(
FileNotFoundError: [Errno 2] No such file or directory: '/home/vsts/work/1/s/Proactive Remediations//Script Data/Custom Device Inventory - App/Device Inventory_DetectionScript.ps1'
##[error]Bash exited with code '1'.

Include Managed Google Play in backup for the purpose of documentation and history of changes

• Configuration type: Backup only

There are new profile types for endpoint security policies that require a different API to backup/import: https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#new-profile-templates-and-settings-structure-for-endpoint-security-policies

Add a function to create documentation based on the backup files created. The function should be able to run in either a pipeline to automatically create the document and update the document on runtime and locally to support the "standalone" mode.

Hi there,

Once I run tool locally with command: IntuneCD-startbackup -m 1 -o yaml -p /path/to/save/in -a /path/to/auth.json/
everything starts backing up from our Intune, but once it comes to script part of backup, we are getting this message:

Can you please help?

The payloadJson property exported from microsoft.graph.androidManagedStoreAppConfiguration is encoded and therefore not human readable. Here's a sample from a generated document:

Describe the solution you'd like
Decode the JSON from the base64 string returned from the Graph API.

Hi Almen,

I think IntuneCD backup feature are having some problem now and I can't sow why.

It's both if I run it from Azure Devops or Local pc. It's backing up some components and in the middle of backup it's just stops. This was working like charm 2 days ago. Can you check please?

Error is in pic below:

Hi I've successfully used pipelines for my dev tenant with the help from here: https://stealthpuppy.com/automate-intune-documentation-azure/
But I can't seem to get it working for my prd tenant, it's stuck on generating the markdown document.

• task: Bash@3
  displayName: Generate markdown document
  inputs:
  targetType: 'inline'
  script: |
  INTRO="Endpoint Manager"
  IntuneCD-startdocumentation
  --path="$(Build.SourcesDirectory)/prod-backup"
  --outpath="$(Build.SourcesDirectory)/prod-as-built.md"
  --tenantname=$TENANT_NAME
  --intro="$INTRO"
  #--split=Y
  workingDirectory: '$(Build.SourcesDirectory)'
  failOnStderr: true
  env:
  TENANT_NAME: $(TENANT_NAME)

Output:
Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startdocumentation", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_documentation.py", line 193, in start
run_documentation(args.path, args.outpath, args.tenantname, args.jsondata, args.maxlength, args.split)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_documentation.py", line 78, in run_documentation
document_configs(f'{configpath}/Apple VPP Tokens', outpath, 'Apple VPP Tokens', maxlength, split)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/documentation_functions.py", line 215, in document_configs
md.write('## ' + repo_data['displayName'] + '\n')
TypeError: can only concatenate str (not "NoneType") to str
##[error]Bash exited with code '1'.
##[error]Bash wrote one or more lines to the standard error stream.
##[error]Traceback (most recent call last):

• Mode: [1]
• Client [Pipeline]

Include APNs configuration in backup for the purpose of documentation and history of changes

• Configuration type: Backup only

Here's additional payloads that are in base64 format. Apologies, I should have checked for more - this is what's in my current as-built, so there could be more properties.

• microsoft.graph.win32LobAppPowerShellScriptDetection
• microsoft.graph.win32LobAppPowerShellScriptRule
• microsoft.graph.win32LobAppPowerShellScriptRequirement

Each of these has a property of scriptContent in base64 format.

Backing up/updating large amounts of configurations can take a long time since the assignments and details are requested for each configuration individually.

This features intent is to increase speed and performance by batching requests instead of getting them individually.

Describe the bug
Running IntuneCD-startdocumentation results in 'TypeError: can only concatenate str (not "dict") to str'.

Run INTRO="Microsoft Intune backup and documentation generated at $GITHUB_REPOSITORY <img align=\"right\" width=\"96\" height=\"96\" src=\"./logo.png\">"
  INTRO="Microsoft Intune backup and documentation generated at $GITHUB_REPOSITORY <img align=\"right\" width=\"96\" height=\"96\" src=\"./logo.png\">"
  IntuneCD-startdocumentation \
      --path="$GITHUB_WORKSPACE/prod-backup" \
      --outpath="$GITHUB_WORKSPACE/prod-as-built.md" \
      --tenantname=$TENANT_NAME \
      --intro="$INTRO"
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    TENANT_NAME: ***
    CLIENT_ID: ***
    CLIENT_SECRET: ***
Traceback (most recent call last):
  File "/home/runner/.local/bin/IntuneCD-startdocumentation", line 8, in <module>
    sys.exit(start())
  File "/home/runner/.local/lib/python3.10/site-packages/IntuneCD/run_documentation.py", line [2](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:2)18, in start
    run_documentation(args.path, args.outpath, args.tenantname, args.jsondata, args.maxlength, args.split, args.cleanup)
  File "/home/runner/.local/lib/python[3](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:3).10/site-packages/IntuneCD/run_documentation.py", line 129, in run_documentation
    document_configs(f'{configpath}/Device Configurations', outpath, 'Configuration Profiles', maxlength, split, cleanup)
  File "/home/runner/.local/lib/python3.10/site-packages/IntuneCD/documentation_functions.py", line 2[4](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:4)4, in document_configs
    for key, value in zip(repo_data.keys(), clean_list(repo_data.values())):
  File "/home/runner/.local/lib/python3.10/site-packages/IntuneCD/documentation_functions.py", line 18[5](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:5), in clean_list
    values.append(dict_string(item))
  File "/home/runner/.local/lib/python3.10/site-packages/IntuneCD/documentation_functions.py", line 14[7](https://github.com/aaronparker/intune-backup/actions/runs/3644379916/jobs/6153567987#step:10:7), in dict_string
    first = '<br />&nbsp;&nbsp;&nbsp;&nbsp; - &nbsp;' + v[0]
TypeError: can only concatenate str (not "dict") to str
Error: Process completed with exit code 1.

To Reproduce
See commands used in the log extract above.

Expected behavior
Markdown documentation should complete.

Run type (please complete the following information):

• Mode: 1
• Client: GitHub Actions
• Version: 1.2.7

Describe the bug
It's our initial setup of IntuneCD in with Pipelines.

To Reproduce
Steps to reproduce the behavior:
Run the Pipeline

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.
As we only want to start with a backup and a documentation we choosed these AzureAD App rights:

Run type (please complete the following information):

• Mode: 1
• Client Pipeline
• Version 1.4.9

Additional context

.yml file:

trigger: none

pool:
  vmImage: ubuntu-latest

variables:
  REPO_DIR: $(Build.SourcesDirectory)
  TENANT_NAME: xxx.onmicrosoft.com
  CLIENT_ID: xxx

steps:

- checkout: self
  persistCredentials: true

- script: pip3 install IntuneCD
  displayName: Install IntuneCD

- script: |
      git config --global user.name "xxx"
      git config --global user.email "xxx"
  displayName: Configure Git

- script: IntuneCD-startbackup -m 1 -o yaml
  env:
    REPO_DIR: $(REPO_DIR)
    TENANT_NAME: $(TENANT_NAME)
    CLIENT_ID: $(CLIENT_ID)
    CLIENT_SECRET: $(CLIENT_SECRET)
  displayName: Run IntuneCD backup

- script: |
    export branch_name=configs-`date +'%Y-%m-%d-%H-%M'`
    cd $(REPO_DIR)
    git checkout -b $branch_name
    git add --all
    git commit -m "Updated configurations"
    git push --set-upstream origin $branch_name
  displayName: Commit changes

- script: IntuneCD-startdocumentation -t $(TENANT_NAME) -i 'This is a demo introduction'
  env:
    REPO_DIR: $(REPO_DIR)
  displayName: Run IntuneCD documentation

Output:

Starting: Run IntuneCD backup

Task         : Command line
Description  : Run a command line script using Bash on Linux and macOS and cmd.exe on Windows
Version      : 2.212.0
Author       : Microsoft Corporation
Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/command-line

Generating script.
Script contents:
IntuneCD-startbackup -m 1 -o yaml

/usr/bin/bash --noprofile --norc /home/vsts/work/_temp/737016a5-23e4-41c5-a4a2-bbc354224046.sh
Traceback (most recent call last):
  File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in <module>
    sys.exit(start())
  File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 370, in start
    run_backup(args.path, args.output, exclude, token)
  File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 165, in run_backup
    results.append(savebackup(path, output, exclude, token))
  File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/backup_appConfiguration.py", line 34, in savebackup
    data = makeapirequest(ENDPOINT, token)
  File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/graph_request.py", line 84, in makeapirequest
    raise Exception(
Exception: ('Request failed with ', 401, ' - ', '{"error":{"code":"UnknownError","message":"{\\"ErrorCode\\":\\"Forbidden\\",\\"Message\\":\\"{\\\\r\\\\n  \\\\\\"_version\\\\\\": 3,\\\\r\\\\n  \\\\\\"Message\\\\\\": \\\\\\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: e80ad478-e080-4167-ab5d-6615f7ce881e - Url: [https://fef.msub03.manage.microsoft.com/AppLifecycle_2306/StatelessAppMetadataFEService/deviceAppManagement/mobileAppConfigurations?api-version=5023-05-30\\\\\\",\\\\r\\\\n](https://fef.msub03.manage.microsoft.com/AppLifecycle_2306/StatelessAppMetadataFEService/deviceAppManagement/mobileAppConfigurations?api-version=5023-05-30\\\\\\%22,\\\\r\\\\n)  \\\\\\"CustomApiErrorPhrase\\\\\\": \\\\\\"\\\\\\",\\\\r\\\\n  \\\\\\"RetryAfter\\\\\\": null,\\\\r\\\\n  \\\\\\"ErrorSourceService\\\\\\": \\\\\\"\\\\\\",\\\\r\\\\n  \\\\\\"HttpHeaders\\\\\\": \\\\\\"{\\\\\\\\\\\\\\"WWW-Authenticate\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"Bearer realm=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"urn:intune:service,9225b241-44e1-44a8-8bfe-c10e39177505,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7,3e9c57b9-808d-4aa0-9500-4b2d369279e7\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"\\\\\\\\\\\\\\"}\\\\\\"\\\\r\\\\n}\\",\\"Target\\":null,\\"Details\\":null,\\"InnerError\\":null,\\"InstanceAnnotations\\":[]}","innerError":{"date":"2023-07-07T11:06:12","request-id":"e80ad478-e080-4167-ab5d-6615f7ce881e","client-request-id":"e80ad478-e080-4167-ab5d-6615f7ce881e"}}}')
##[error]Bash exited with code '1'.
Finishing: Run IntuneCD backup

Describe the bug
When running:
IntuneCD-startbackup --mode=1 --output=json --path="$PWD\prod-backup" --localauth="$PWD\auth.json"

Backup fails with error:

Backing up Proactive Remediation: BIOS_UEFI_Boot_Path
Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Scripts\IntuneCD-startbackup.exe\__main__.py", line 7, in <module>
  File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Lib\site-packages\IntuneCD\run_backup.py", line 370, in start
    run_backup(args.path, args.output, exclude, token)
  File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Lib\site-packages\IntuneCD\run_backup.py", line 275, in run_backup
    results.append(savebackup(path, output, exclude, token))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Lib\site-packages\IntuneCD\backup_proactiveRemediation.py", line 78, in savebackup
    f.write(decoded)
  File "C:\Users\WDAGUtilityAccount\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1250.py", line 19, in encode
    return codecs.charmap_encode(input,self.errors,encoding_table)[0]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeEncodeError: 'charmap' codec can't encode character '\ufeff' in position 0: character maps to <undefined>

To Reproduce
Upload "UTF8 with BOM" encoded remediation or detection script to Intune and run backup action.

Expected behavior
Backup "UTF8 with BOM" encoded scripts successfully.

Screenshots
If applicable, add screenshots to help explain your problem.

Run type (please complete the following information):

• Mode: 1
• Client: local machine
• Version latest

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
It would be great to be able to exclude assignments in a back up or a restore/import, so that configurations can be imported into a tenant and assigned separately (e.g. manually)

Describe the solution you'd like
Add an option in IntuneCD-startbackup to exclude assignments in a backup or in IntuneCD-startupdate to not import assignments.

Describe alternatives you've considered
Manually editing the backup files, but that's not a lot of fun.

Describe the bug
When moving to intunecd 1.1.3 and above the export of Enrollment Status Page configuration fails with error message - Resource not found in Microsoft Graph: https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/497f49b4-890c-4935-9ed1-93b513717d60. Rolling back the version to 1.1.2 successfully exports and completes job run.

To Reproduce
Azure devops pipeline yaml task

• task: Bash@3
  displayName: IntuneCD backup
  inputs:
  targetType: 'inline'
  script: |
  mkdir -p "$(Build.SourcesDirectory)/prod-backup"
  IntuneCD-startbackup
  --mode=1
  --output=json
  --path="$(Build.SourcesDirectory)/prod-backup"
  #--localauth=./auth.json
  #--exclude=assignments
  workingDirectory: '$(Build.SourcesDirectory)'
  failOnStderr: true
  env:
  TENANT_NAME: $(TENANT_NAME)
  CLIENT_ID: $(CLIENT_ID)
  CLIENT_SECRET: $(CLIENT_SECRET)

Errorlogs from console
2022-11-02T08:41:19.2899674Z Backing up Autopilot enrollment profile: Windows Autopilot Deployment Profile | User driven enrollment with AADJ
2022-11-02T08:41:19.2900394Z Backing up Autopilot enrollment profile: Windows Autopilot Deployment Profile | User driven enrollment with HAADJ
2022-11-02T08:41:20.9111684Z Backing up Enrollment Status Page: All users and all devices
2022-11-02T08:41:20.9112761Z Backing up Enrollment Status Page: [Global] Autopilot Profile | Production Device | Standard_AAD Join ver2.0
2022-11-02T08:41:20.9114604Z Resource not found in Microsoft Graph: https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/497f49b4-890c-4935-9ed1-93b513717d60
2022-11-02T08:41:20.9867024Z Traceback (most recent call last):
2022-11-02T08:41:20.9868444Z File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
2022-11-02T08:41:20.9868942Z sys.exit(start())
2022-11-02T08:41:20.9869690Z File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 241, in start
2022-11-02T08:41:20.9870261Z run_backup(args.path, args.output, exclude, token)
2022-11-02T08:41:20.9871222Z File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 161, in run_backup
2022-11-02T08:41:20.9871828Z config_count += savebackup(path, output, exclude, token)
2022-11-02T08:41:20.9872643Z File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_enrollmentStatusPage.py", line 56, in savebackup
2022-11-02T08:41:20.9873526Z app = {'name': app_data['displayName'], 'type': app_data['@odata.type']}
2022-11-02T08:41:20.9874227Z TypeError: 'NoneType' object is not subscriptable
2022-11-02T08:41:21.0193735Z ##[error]Bash exited with code '1'.
2022-11-02T08:41:21.0203596Z ##[error]Bash wrote one or more lines to the standard error stream.
2022-11-02T08:41:21.0207326Z ##[error]Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 241, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 161, in run_backup
config_count += savebackup(path, output, exclude, token)
File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_enrollmentStatusPage.py", line 56, in savebackup
app = {'name': app_data['displayName'], 'type': app_data['@odata.type']}
TypeError: 'NoneType' object is not subscriptable

2022-11-02T08:41:21.0273554Z ##[section]Finishing: IntuneCD backup

Run type (Azure DevOps with hosted agent):

• Mode: [ci + manual run]
• Client [ vmImage: ubuntu-latest]
• Version [intunecd 1.1.3 and 1.1.4]

Bug
When running an error was found :

Original code file

categories_responses should be initialized prior to usage ( depends on the if )

Include Proactive remediation scripts in backup

• Configuration type: Backup/update

Describe the bug
Backup reports the follow in the log below. Requests to the Graph API appear to be being throttled.

Backing up Conditional Access policy: CA008: Require password change for high-risk users
Backing up Conditional Access policy: CA002: Securing security info registration
Traceback (most recent call last):
  File "/home/runner/.local/bin/IntuneCD-startbackup", line 8, in <module>
    sys.exit(start())
  File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 246, in start
    run_backup(args.path, args.output, exclude, token)
  File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 210, in run_backup
    config_count += savebackup(path, output, token)
  File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/backup_conditionalAccess.py", line 35, in savebackup
    policy = makeapirequest(f"{ENDPOINT}/{policy['id']}", token)
  File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/graph_request.py", line 55, in makeapirequest
    raise Exception('Request failed with ', response.status_code, ' - ',
Exception: ('Request failed with ', 429, ' - ', '{"error":{"code":"TooManyRequests","message":"Too many requests.","innerError":{"date":"2022-11-24T01:31:47","request-id":"7011ef39-854e-4236-b355-0c0a9d303bc2","client-request-id":"7011ef39-854e-4236-b355-0c0a9d303bc2"}}}')
Error: Process completed with exit code 1.

To Reproduce
Not 100% sure, but I have 30+ CA policies in my lab tenant and it's reporting the error on CA policies.

Expected behavior
The backup should complete.

Run type (please complete the following information):

• Mode: 1
• Client: Pipeline (GitHub)
• Version: 1.2.2

Describe the bug
charmap (I'm using pip 22.3 from C:\Program Files\Python311\Lib\site-packages\pip (python 3.11)) not working as expected when running IntuneCD-startdocumentation on specific characters

To Reproduce
Use unicode characters (e.g. U+1F310) in publisher field

Expected behavior
Im having Android publishers using certain unicode characters (e.g. U+1F310)

Screenshots

Traceback (most recent call last):
File "", line 198, in _run_module_as_main
File "", line 88, in run_code
File "C:\Program Files\Python311\Scripts\IntuneCD-startdocumentation.exe_main.py", line 7, in
File "C:\Program Files\Python311\Lib\site-packages\IntuneCD\run_documentation.py", line 218, in start
run_documentation(args.path, args.outpath, args.tenantname, args.jsondata, args.maxlength, args.split, args.cleanup)
File "C:\Program Files\Python311\Lib\site-packages\IntuneCD\run_documentation.py", line 106, in run_documentation
document_configs(f'{configpath}/Applications/Android', outpath, 'Android Applications', maxlength, split, cleanup)
File "C:\Program Files\Python311\Lib\site-packages\IntuneCD\documentation_functions.py", line 290, in document_configs
md.write(str(config_table) + '\n')
File "C:\Program Files\Python311\Lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeEncodeError: 'charmap' codec can't encode character '\U0001f310' in position 525: character maps to

Run type (please complete the following information):

• Mode: 1
• Client Pipeline
• Version 1.2.6

Describe the bug
Not necessarily a bug, but an execption was rasied when the Graph API was unavailable. graph_request.py doesn't appear to handle HTTP 503 errors.

To Reproduce
Difficult to reproduce because you'll need the Graph API to be unavailable. I wouldn't expect this to be an issue very often.

Expected behavior
Not 100% sure, but graph_request.py could perhaps wait/retry or exit with an erorr.

Run type (please complete the following information):

• Mode: 1
• Client: Pipeline
• Version: 1.1.0

Log

Traceback (most recent call last):
  File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in <module>
    sys.exit(start())
  File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 136, in start
    run_backup(opts.path,opts.output,exclude,token)
  File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 68, in run_backup
    savebackup(path,output,exclude,token)
  File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_appConfiguration.py", line 49, in savebackup
    app_data = makeapirequest(app_endpoint + "/" + app_id, token)
  File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/graph_request.py", line 38, in makeapirequest
    raise Exception('Request failed with ',response.status_code,' - ',
Exception: ('Request failed with ', 503, ' - ', '{"error":{"code":"UnknownError","message":"<!DOCTYPE HTML PUBLIC \\"-//W3C//DTD HTML 4.01//EN\\"\\"[http://www.w3.org/TR/html4/strict.dtd\\">\\r\\n<HTML><HEAD><TITLE>Service](http://www.w3.org/TR/html4/strict.dtd//%22%3E//r//n%3CHTML%3E%3CHEAD%3E%3CTITLE%3EService) Unavailable</TITLE>\\r\\n<META HTTP-EQUIV=\\"Content-Type\\" Content=\\"text/html; charset=us-ascii\\"></HEAD>\\r\\n<BODY><h2>Service Unavailable</h2>\\r\\n<hr><p>HTTP Error 503. The service is unavailable.</p>\\r\\n</BODY></HTML>\\r\\n","innerError":{"date":"2022-05-26T01:01:13","request-id":"c416c99b-a292-40bf-aed9-ab321f75ffc4","client-request-id":"c416c99b-a292-40bf-aed9-ab321f75ffc4"}}}')
##[error]Bash exited with code '1'.
##[error]Bash wrote one or more lines to the standard error stream.
##[error]Traceback (most recent call last):
  File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in <module>
    sys.exit(start())
  File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 136, in start
    run_backup(opts.path,opts.output,exclude,token)
  File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 68, in run_backup
    savebackup(path,output,exclude,token)
  File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/backup_appConfiguration.py", line 49, in savebackup
    app_data = makeapirequest(app_endpoint + "/" + app_id, token)
  File "/home/vsts/.local/lib/python3.8/site-packages/IntuneCD/graph_request.py", line 38, in makeapirequest
    raise Exception('Request failed with ',response.status_code,' - ',
Exception: ('Request failed with ', 503, ' - ', '{"error":{"code":"UnknownError","message":"<!DOCTYPE HTML PUBLIC \\"-//W3C//DTD HTML 4.01//EN\\"\\"[http://www.w3.org/TR/html4/strict.dtd\\">\\r\\n<HTML><HEAD><TITLE>Service](http://www.w3.org/TR/html4/strict.dtd//%22%3E//r//n%3CHTML%3E%3CHEAD%3E%3CTITLE%3EService) Unavailable</TITLE>\\r\\n<META HTTP-EQUIV=\\"Content-Type\\" Content=\\"text/html; charset=us-ascii\\"></HEAD>\\r\\n<BODY><h2>Service Unavailable</h2>\\r\\n<hr><p>HTTP Error 503. The service is unavailable.</p>\\r\\n</BODY></HTML>\\r\\n","innerError":{"date":"2022-05-26T01:01:13","request-id":"c416c99b-a292-40bf-aed9-ab321f75ffc4","client-request-id":"c416c99b-a292-40bf-aed9-ab321f75ffc4"}}}')

Describe the bug
When restoring compliance policies, it fails if the policy does not already exist and contains the properties for "scheduledActionConfigurations"

For testing attempted to create a policy with the same name I was trying to restore in the target environment and then it worked.
I noticed that there are some calls to "remove_keys" in the code path that is executed when the policy already exists, but this does not seem to be the case for the code path that has to create the policy when missing.

To Reproduce
Steps to reproduce the behaviour:

• Create a policy that contains compliance notification settings and back it up
• Attempt to restore the policy to an environment that does not contain a policy with the same name

Expected behaviour
For the policy to be created successfully

Screenshots
If applicable, add screenshots to help explain your problem.

Run type (please complete the following information):

• Mode: 1
• Client: Local
• Version: 1.2.8

Additional context
Add any other context about the problem here.

Include Enrollment restrictions in backup

• Configuration type: Backup/update

Describe the bug
When running the following command in a tenant:

IntuneCD-startbackup -m 1 -o yaml -p ./prod-backup -a ./auth.json

This output is shown:

aaron@einstein pansw % IntuneCD-startbackup -m 1 -o yaml -p ./prod-backup -a ./auth.json
Backing up App Configuration: PDF Expert XML
Backing up App Configuration: PA Endpoint Defender IOS
Backing up App Protection: OneDrive mobile policy
Traceback (most recent call last):
  File "/opt/homebrew/bin/IntuneCD-startbackup", line 8, in <module>
    sys.exit(start())
  File "/opt/homebrew/lib/python3.9/site-packages/IntuneCD/run_backup.py", line 127, in start
    run_backup(opts.path,opts.output,token)
  File "/opt/homebrew/lib/python3.9/site-packages/IntuneCD/run_backup.py", line 66, in run_backup
    savebackup(path,output,token)
  File "/opt/homebrew/lib/python3.9/site-packages/IntuneCD/backup_AppProtection.py", line 59, in savebackup
    if platform == "mdmWindowsInformationProtectionPolicies":
UnboundLocalError: local variable 'platform' referenced before assignment

To Reproduce
There are no WIP policies in the target tenant, so the mdmWindowsInformationProtectionPolicies line may not be applicable. No App Protection policies are actually exported to disk. MAM policies in the tenant are:

Expected behavior
Backup should complete successfully

Describe the bug
While inspecting a settings catalog backup, I noticed that a large amount of configured settings were not present. The settingCount key in the file has the value 153, but only 25 settings are present in the backup. This issue is not limited to that one settings catalog. All backups of settings catalogs with more than 25 configured settings only contain the first 25 configured settings.

To Reproduce
Create a settings catalog that has more than 25 configured settings. Once done, run IntuneCD-startbackup.

Expected behavior
All configured settings in a settings catalog are backed up, instead of just the first 25.

Run type (please complete the following information):

• Mode: 1
• Client: local machine
• Version: 1.5.0

The following policies are not backed up:

• "Feature updates for Windows 10 and later"
• "Quality updates for Windows 10 and later"
• "Driver updates for Windows 10 and later"

When backing up my Intune settings I am seeing an error about Unicode encode errors

Traceback (most recent call last):
File "c:\python39\lib\runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "c:\python39\lib\runpy.py", line 87, in run_code
exec(code, run_globals)
File "C:\Python39\Scripts\IntuneCD-startbackup.exe_main.py", line 7, in
File "c:\python39\lib\site-packages\IntuneCD\run_backup.py", line 228, in start
run_backup(args.path, args.output, exclude, token)
File "c:\python39\lib\site-packages\IntuneCD\run_backup.py", line 184, in run_backup
config_count += savebackup(path, output, exclude, token)
File "c:\python39\lib\site-packages\IntuneCD\backup_powershellScripts.py", line 68, in savebackup
f.write(decoded)
File "c:\python39\lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
UnicodeEncodeError: 'charmap' codec can't encode character '\ufeff' in position 0: character maps to

Would be nice to include "Assignments" in the exported profiles. That way the exports can be used as documentation and overview to see where things are connected and what not.
And if possible also to include it as DEV -> PROD that way it can be used to update assignments along side with configuration changes (scenario tenant to tenant migration).

Describe the bug
I configured Intune-CD in November 2022. My azure app-registration has only "read-only" rights. But I only want to run a backup. I never want to give the permission to change something in Intune.

App-Permissions:

• DeviceManagementApps.Read.All
• DeviceManagementConfiguration.Read.All
• DeviceManagementServiceConfig.Read.All
• Group.Read.All
• Policy.Read.All
• Policy.Read.ConditionalAccess
  Backup was running good and without issues with the command:
  I run IntuneCD-startbackup -m 1 -o yaml -p /home/intune-cd/backups/ -a /home/intune-cd/auth.json

now it does not work anymore.

Error:
Traceback (most recent call last): File "/home/.local/bin/IntuneCD-startbackup", line 8, in <module> sys.exit(start()) File "/home/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 275, in start run_backup(args.path, args.output, exclude, token) File "/home/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 166, in run_backup config_count += savebackup(path, output, exclude, token) File "/home/.local/lib/python3.10/site-packages/IntuneCD/backup_profiles.py", line 78, in savebackup oma_value = makeapirequest( File "/home/.local/lib/python3.10/site-packages/IntuneCD/graph_request.py", line 65, in makeapirequest raise Exception("Request failed with ", response.status_code, " - ", response.text) Exception: ('Request failed with ', 403, ' - ', '{"error":{"code":"Forbidden","message":"{\\r\\n \\"_version\\": 3,\\r\\n \\"Message\\": \\"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementConfiguration.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 582c977c-d5a6-4e44-9662-d71207210082 - Url: https://fef.msub07.manage.microsoft.com/DeviceConfiguration_2303/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations(\'3e5ea113-c420-468c-9484-1af5b8f05ce5\')/microsoft.management.services.api.getOmaSettingPlainTextValue(secretReferenceValueId=\'d9e8c134-50f1-4c93-9046-c96ab05dccbe_3e5ea113-c420-468c-9484-1af5b8f05ce5_d598bf61-aa91-4d6c-95b7-e50254d7ba0a\')?api-version=5022-09-24\\",\\r\\n \\"CustomApiErrorPhrase\\": \\"\\",\\r\\n \\"RetryAfter\\": null,\\r\\n \\"ErrorSourceService\\": \\"\\",\\r\\n \\"HttpHeaders\\": \\"{}\\"\\r\\n}","innerError":{"date":"2023-03-22T14:09:53","

To Reproduce
I run IntuneCD-startbackup -m 1 -o yaml -p /home/intune-cd/backups/ -a /home/intune-cd/auth.json
My App-Registrations has the following permissions:

• DeviceManagementApps.Read.All
• DeviceManagementConfiguration.Read.All
• DeviceManagementServiceConfig.Read.All
• Group.Read.All
• Policy.Read.All
• Policy.Read.ConditionalAccess

Expected behavior
Backup working without issues with read-only permissions

Run type (please complete the following information):

• Client local ubuntu and gitlab pipline
• Version: 1.3.0

Describe the bug
Some policy types from feature request #32 overwrite settings catalogs with the same name. I have not tested all policy types from the request, but it happens at least with the Windows Defender Antivirus type.

To Reproduce
Create a Windows Defender Antivirus policy and a settings catalog (device configuration profile) with the same name. Once done, run IntuneCD-startbackup.

Expected behavior
A JSON/YAML file for the settings catalog (device configuration profile) and the Windows Defender Antivirus policy with the same name should both be stored in the Settings Catalog directory, suffixed with the type (as done for files stored in the Device Configurations directory).

Run type (please complete the following information):

• Mode: 1
• Client: local machine
• Version: 1.4.9

Is your feature request related to a problem? Please describe.
When generating the Production MD file image attributes create duplicate strings for the table print out for the column headers. This causes the production combined MD file to grow exponentially in size. Ideally some of these values in the output would be truncated or flagged to be ignored.

Describe the solution you'd like
Provide a method to blacklist specific fields for the production build; or consolidate the output in the tables to simply fill in some pre-defined "field-to-large" or other replacement.

Additional context
Fields that are subject to bloating the final production output include but are limited to:

• wallpaperImage
• payload
• scriptContent

Is your feature request related to a problem? Please describe.

InutneCD only supports the client credential method (the client secret authentication）.
However, for local execution or for more secure secret management, another method is commonly used.

Describe the solution you'd like

I would like to see support for methods other than the client credential method (the client secret authentication）.

• Azure CLI authentication
• Client certificate authentication
• MSI authentication
• GitHub OIDC authentication

Describe alternatives you've considered

N/A

Additional context

The Graph API client used by azuread provider, which manages Azure AD with terraform, supports several auth methods.
https://github.com/manicminer/hamilton/blob/main/auth/auth.go#L23-L43

Is your feature request related to a problem? Please describe.
I want to enrich IntuneCD backup pipeline with information about who made such change. For this to happen I need to know resource (policy, app, etc) ID so I can look it up in the Intune audit logs easily.

Describe the solution you'd like
To each item IntuneCD back up add ResourceID property. To json file content (but that would probably break when I later try to import it?) or to its name as an optional suffix so it can be parsed. In general, it might be better to use ID instead of resource name in json file names, so GIT can easily track renames?

Include Partner connections such as Jamf in backup for the purpose of documentation and history of changes

• Configuration type: Backup only

Describe the bug
Conditional Access backup produces AttributeError: 'NoneType' object has no attribute 'pop'. API permissions have been updated to include all required permissions.

To Reproduce
Backing up a policy with the name Office 365 - E5; Unmanaged platforms; Browser; Use Conditional Access App Control. My next test will be to re-name the policy to remove the ; character.

Expected behavior
Backup should complete.

Backing up Conditional Access policy: Office 365 - E5; Unmanaged platforms; Browser; Use Conditional Access App Control
Traceback (most recent call last):
  File "/home/runner/.local/bin/IntuneCD-startbackup", line 8, in <module>
    sys.exit(start())
  File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 246, in start
    run_backup(args.path, args.output, exclude, token)
  File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/run_backup.py", line 210, in run_backup
    config_count += savebackup(path, output, token)
  File "/home/runner/.local/lib/python3.8/site-packages/IntuneCD/backup_conditionalAccess.py", line 36, in savebackup
    policy['grantControls'].pop('[email protected]', None)
AttributeError: 'NoneType' object has no attribute 'pop'
Error: Process completed with exit code 1.

Run type (please complete the following information):

• Mode: 0
• Client: Pipeline
• Version 1.2

Hallo,
I have a problem with activate Documentation. I made a md file.

_

Is your feature request related to a problem? Please describe.
Add backup/export of device categories.

Describe the solution you'd like
Ensure device categories are exported (and perhaps imported), so they can be added to import/export or as-built reports.

Describe alternatives you've considered
None

Additional context
Add any other context or screenshots about the feature request here.
Device categories requires the beta API, so it would be unsupported by MS. https://learn.microsoft.com/en-us/graph/api/resources/intune-shared-devicecategory?view=graph-rest-beta&viewFallbackFrom=graph-rest-1.0

Describe the bug
When trying to update management intent settings, the following error might occur:

KeyError: 'value'

Expected behavior
The tool should be able to correctly identify the type and successfully update the value.

Run type (please complete the following information):

• Mode: 0
• Client Azure DevOps Pipeline
• Version 1.0.4

Thanks for the amazing work!
Would it be possible to export the definitions of Applications (package IDs and such), even if they can't be imported?
Thanks

Would love to see exports available for windows device configurations with ADMX templates.

Currently, when configurations are documented long strings (over 200 chars) are stripped to the first 75 chars. This will be change to include the whole string and be collapsed by default to give an option of viewing the entire configuration. Especially useful for script/custom profile configurations.

Example:

Is it possible to add an example of the generated documentation added to the repo, just so that we can see it without going through all of the setup steps?

Describe the bug
The process errors out whenever we try to run an update with Management Intents present in the backup.

The error given is simply "TypeError: can only concatenate str (not "NoneType") to str":

Traceback (most recent call last):
File "C:\Python\lib\runpy.py", line 196, in _run_module_as_main
return _run_code(code, main_globals, None,
File "C:\Python\lib\runpy.py", line 86, in run_code
exec(code, run_globals)
File "C:\Python\Scripts\IntuneCD-startupdate.exe_main.py", line 7, in
File "C:\Python\lib\site-packages\IntuneCD\run_update.py", line 207, in start
run_update(args.path, token, args.u, exclude)
File "C:\Python\lib\site-packages\IntuneCD\run_update.py", line 152, in run_update
diff_count += update(path, token, assignment)
File "C:\Python\lib\site-packages\IntuneCD\update_managementIntents.py", line 39, in update
intent_responses = batch_intents(intents, token)
File "C:\Python\lib\site-packages\IntuneCD\graph_batch.py", line 154, in batch_intents
categories_responses = batch_request(
File "C:\Python\lib\site-packages\IntuneCD\graph_batch.py", line 39, in batch_request
'url': url + id + extra_url
TypeError: can only concatenate str (not "NoneType") to str

To Reproduce
Steps to reproduce the behavior:

• Create some policies in one of the blades covered by intents, such as Bitlocker and the like.
• Backup the policy
• Try to import

Expected behavior

• For the policies to manage to update the target tenant

Screenshots
If applicable, add screenshots to help explain your problem.

Run type (please complete the following information):

• Mode: 1
• Client Local Machine
• Version 1.2.5

Additional context
An example policy I tested with is attached
TEST-BITLOCKER-2.2022.12.json.zip

Describe the bug
Can't backup and it seems a powershell query issue

To Reproduce
========================== Starting Command Output ===========================
/usr/bin/bash /home/vsts/work/_temp/5d0345b5-1bbb-4453-a4e0-79bad8c341ae.sh
Traceback (most recent call last):
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 313, in start
count = run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 273, in run_backup
config_count += savebackup(path, output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/backup_powershellScripts.py", line 68, in savebackup
decoded = base64.b64decode(script_data["scriptContent"]).decode("utf-8")
File "/usr/lib/python3.10/base64.py", line 80, in b64decode
s = _bytes_from_decode_data(s)
File "/usr/lib/python3.10/base64.py", line 45, in _bytes_from_decode_data
raise TypeError("argument should be a bytes-like object or ASCII "
TypeError: argument should be a bytes-like object or ASCII string, not 'NoneType'
##[error]Bash exited with code '1'.

Describe the bug
Got an errormessage while startbackup

To Reproduce
Intune-startbackup

Expected behavior
no error

Screenshots

Run type (please complete the following information):

• Mode: [ 1]
• Client local machine]

Hi Almen,

Coupe days ago, I told you there was problem with backup pipeline and now I am facing it for update pipeline. But now configuration is always failing on same policy and it's working If I run it locally. (This pipeline was working in past...)

Error code:

Any suggestion? Will it start working like backup pipeline on it's own in couple of days?

Is it possible if all the contents of everything (App Configuration, App Protection, Apple Push Notification etc.) were sorted alphabetically in the .md file like they are when you back up everything to the folders in json or yaml?

Describe the bug
I had originally configured IntuneCD back in March 2023, I had recently noticed the ADO pipeline was failing due to a permission I had not added (DeviceManagementManagedDevices.ReadWrite.All). I added the permission to the app registration but now I am coming up with a new error that seems to be a permission issue but not too sure.

Error:
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 370, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 270, in run_backup
results.append(savebackup(path, output, token))
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/backup_remoteAssistancePartner.py", line 28, in savebackup
data = makeapirequest(ENDPOINT, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/graph_request.py", line 84, in makeapirequest
raise Exception(
Exception: ('Request failed with ', 403, ' - ', '{"error":{"code":"Forbidden","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e - Url: https://fef.msua05.manage.microsoft.com/RemoteAssistService/StatelessRemoteAssistService/deviceManagement/remoteAssistancePartners?api-version=5022-08-15 - CustomApiErrorPhrase: Forbidden\",\r\n \"CustomApiErrorPhrase\": \"Forbidden\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"date":"2023-06-21T17:29:40","request-id":"cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e","client-request-id":"cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e"}}}')
##[error]Bash exited with code '1'.

Current App Registration Permissions:

• DeviceManagementConfiguration.ReadWrite.All
• DeviceManagementApps.ReadWrite.All
• DeviceManagementManagedDevices.ReadWrite.All
• DeviceManagementServiceConfig.ReadWrite.All
• Groups.Read.All
• Policy.Read.All
• Policy.ReadWrite.ConditionalAccess

To Reproduce
Within the Pipeline:

• script: IntuneCD-startbackup -m 1
  env:
  REPO_DIR: $(DEVREPO_DIR)
  TENANT_NAME: $(DEVTENANT_NAME)
  CLIENT_ID: $(DEVCLIENT_ID)
  CLIENT_SECRET: $(DEV_SECRET)
  displayName: Run IntuneCD backup Dev

Currently ran with a client secret and app registration

Current App Registration Permissions:

• DeviceManagementConfiguration.ReadWrite.All
• DeviceManagementApps.ReadWrite.All
• DeviceManagementManagedDevices.ReadWrite.All
• DeviceManagementServiceConfig.ReadWrite.All
• Groups.Read.All
• Policy.Read.All
• Policy.ReadWrite.ConditionalAccess

Expected behavior
Backup works accordingly without issues/errors

Screenshots

Run type (please complete the following information):

• Mode: 1
• Client Pipeline using Ubuntu-Latest
• Version 1.4.9