search

KelvinTegelaar / CIPP

CIPP is a M365 multitenant management solution
https://cyberdrain.com / https://cipp.app
GNU Affero General Public License v3.0
804 stars 4.93k forks source link

Blank MEM policy templates when created from existing policies #1047

Closed rthompson1624 closed 2 years ago

rthompson1624 commented 2 years ago

Description

We're creating new templates from existing policies but when checking the templates they're just empty policies, no settings are actually being defined in the template. Example:

{ "Displayname": "Endpoint Protection Defender Exploit Guard", "Description": "Template Policy", "RAWJson": "{\"displayName\":\"Endpoint Protection Defender Exploit Guard\",\"description\":\"FIT Template Policy\",\"omaSettings\":null,\"@odata.type\":\"#microsoft.graph.windows10EndpointProtectionConfiguration\"}", "Type": "Device", "GUID": "ee361448-47da-4a8f-841f-50d127c3bb31" }

Environment data

Azure
Frontend version: 2.9.0
Backend version: 1.14.0
github-actions[bot] commented 2 years ago

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://kelvintegelaar.github.io/CIPP If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.".

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

xhoy commented 2 years ago

can comfirm. We have a policy based on the "endpoint protection" profile type. It shows up in the "list policies". When i create a template form it. The "raw json" seems empty. When deployed to a different tenant is has no "configuration" values.

When creating a template from a "administrative template" (with some power settings like standby time etc) Its empty aswel! But this time the JSON seems "filled".

I am 99% sure the "power managemennt" policy worked on CIPP 2.8

Using CIPP 2.9.0 & 1.14.

xhoy commented 2 years ago

I did some digging around for the powermanagement policy. Early i created the policy manualy (grep data from the browser). And the raw json looked like this:

{
   "added":[
      {
         "enabled":true,
         "presentationValues":[

         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('45b899ba-8294-41ca-a942-bbf177fdc11d')"
      },
      {
         "enabled":true,
         "presentationValues":[

         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('3f8d830b-df9a-499a-af2f-8d28cbbaef05')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":3600,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')/presentations('956185d8-08d2-4907-84a6-5db3671895b6')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":5400,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')/presentations('09d09d57-1a50-4690-9f65-ba6c944ce79a')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":1800,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')/presentations('9c3b164b-64d5-47d1-abd7-7455077b2a31')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":4000,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')/presentations('d5a5e7c0-46d8-44ee-9211-4797b3750342')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":900,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')/presentations('efe6ad09-952d-4b71-839e-b06b02d1db70')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":3600,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')/presentations('9759eedf-7173-4c92-888d-61400ae6f6bc')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')"
      }
   ],
   "updated":[

   ],
   "deletedIds":[

   ]
}

When looking at the "auto generated policy" it looks like this:

{
   "added":[
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('3f8d830b-df9a-499a-af2f-8d28cbbaef05')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('45b899ba-8294-41ca-a942-bbf177fdc11d')"
      }
   ],
   "updated":[

   ],
   "deletedIds":[

   ]
}
xhoy commented 2 years ago

Seems like issue #1041 is the same!

xhoy commented 2 years ago

so, no where near an expert, but it think here is the issue: https://github.com/KelvinTegelaar/CIPP-API/blob/98e2b43b9507120787d93c4bc3e9ca62513eadb1/AddIntuneTemplate/run.ps1#L53

The url should be something like: https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations('f439a802-f275-43d8-acb1-8a7577d5d977')/definitionValues('0e4e8ba7-b05d-43c9-90ea-8de3941b2ebe')/presentationValues as per https://docs.microsoft.com/en-us/graph/api/intune-grouppolicy-grouppolicydefinitionvalue-get?view=graph-rest-beta But I have no more time finding out the details!

KelvinTegelaar commented 2 years ago

not exactly, but fixed in dev.