search

Micke-K / IntuneManagement

Copy, export, import, delete, document and compare policies and profiles in Intune and Azure with PowerShell script and WPF UI. Import ADMX files and registry settings with ADMX ingestion. View and edit PowerShell script.
MIT License
1.18k stars 210 forks source link

Export W365 settings: Unsupported migration object #261

Closed MarcoJanse closed 1 month ago

MarcoJanse commented 3 months ago

First of all, thank you so much for providing this excellent tool. It's the best Intune management/configuration-as-code tool for Intune I have experienced so far. πŸ‘ πŸ‘ πŸ‘

When doing either a bulk export or just the W365 Provisioning Policies and W365 User settings, I see the following errors in the log:

Export W365 Provisioning Policies: <provisioningPolicy1>
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget
Export W365 Provisioning Policies: <provisioningPolicy2>
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget
Export W365 Provisioning Policies: <provisioningPolicy3>
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget
----------------------------------------------------------------
Export W365 User Settings objects
----------------------------------------------------------------
Export W365 User Settings: <userSettings1>
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget
Export W365 User Settings: <userSettings2>
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget
Export W365 User Settings: <userSettings3>
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget

I have 3 provisioning policies in my tenant and 3 W365 userSettings in my tenant. The export does export all 3 policies and userSettings and I see something like this in the assignments part

"assignments":  [
                        {
                            "@odata.type":  "#microsoft.graph.cloudPcProvisioningPolicyAssignment",
                            "@odata.id":  "deviceManagement/virtualEndpoint/provisioningPolicies(\<omittedPolicyID>/assignments(\<omittedAssignmentID>\u0027)",
                            "@odata.editLink":  "deviceManagement/virtualEndpoint/provisioningPolicies(\<omittedPolicyId>\u0027)/assignments(\<omittedAssignmentID>\u0027)",
                            "id":  "<ID>",
                            "target":  {
                                           "@odata.type":  "#microsoft.graph.cloudPcManagementGroupAssignmentTarget",
                                           "groupId":  "<omittedGroupID",
                                           "servicePlanId":  null,
                                           "allotmentDisplayName":  null,
                                           "allotmentLicensesCount":  null
                                       },
                            "assignedUsers@odata.associationLink":  "https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/provisioningPolicies(\<omittedPolicyID>/assignments(\<assignmentID>\u0027)/omittedAssignedUsers/$ref",
                            "assignedUsers@odata.navigationLink":  "https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/provisioningPolicies(\<omittedPolicyID>\u0027)/assignments(\<omittedAssignmentID>\u0027)/assignedUsers"
                        }
                    ],

please note I have removed the ID numbers from the above JSON-snippet and replaced this with a <omitted>-string

It looks to me that the groupID is not added to the migrationtable.json, as I can't find the groupIDs specified in these policies in that file.

Micke-K commented 3 months ago

Hello,

Thank you for the kind words!

I don't have this in my tenant so I can't see what it looks like.

Are these groups standard Entra groups or some W365 special? Must be something special about them since they have their own type.

Cheers!

MarcoJanse commented 3 months ago

Hi @Micke-K.

Good question. I have checked the groups in Entra and - as far as I can see - there's nothing special about these groups:

There is no group nesting within the group. All users are direct members. So, I don't see anything special about them.

Micke-K commented 2 months ago

Hello,

I finally had time to have a look at this.

Can you try the attached file? This should export the targeted groups in W365 policies.

Cheers!

MSGraph.zip

MarcoJanse commented 2 months ago

Thank you for that and no problem. I also won't be able to try this until this Monday myself. I noticed that it's quite a large PowerShell module with loads of functions. It's not directly clear to me which function I should run. Could you please clarify?

Micke-K commented 2 months ago

Hello,

I didn't mean you should run the function manually.

The Bulk and Single (manual) import uses the same function and API. If one works then the other should work as well. It should post the same payload to the API.

Do you get the same result every time when you do the manual import?

Cheers!

MarcoJanse commented 2 months ago

I'm sorry but I still don't quite understand what you want me to try exactly using the provided MSGraph module. There is not a module with the same name in the IntuneManagement repo and I can't figure out which function and API you want me to run then.

And I'm running into the issue with exporting. not importing. The same error message is received both with bulk export or just selecting W365 provisioning policies or W365 user settings manually and I get them every time I run them.

Here are the messages I see in the console log:

Loading W365 Provisioning Policies objects
Trigger function Invoke-GraphObjectsChanged
Trigger Invoke-GraphObjectsChanged in Documentation
Trigger Invoke-GraphObjectsChanged in EndpointManager
Loading W365 User Settings objects
Trigger function Invoke-GraphObjectsChanged
Trigger Invoke-GraphObjectsChanged in Documentation
Trigger Invoke-GraphObjectsChanged in EndpointManager
Trigger function Invoke-EMSelectedItemsChanged
Trigger Invoke-EMSelectedItemsChanged in Compare
Trigger Invoke-EMSelectedItemsChanged in Documentation
Trigger Invoke-EMSelectedItemsChanged in EndpointManager
Trigger function Invoke-EMSelectedItemsChanged
Trigger Invoke-EMSelectedItemsChanged in Compare
Trigger Invoke-EMSelectedItemsChanged in Documentation
Trigger Invoke-EMSelectedItemsChanged in EndpointManager
Loading W365 Provisioning Policies objects
Trigger function Invoke-GraphObjectsChanged
Trigger Invoke-GraphObjectsChanged in Documentation
Trigger Invoke-GraphObjectsChanged in EndpointManager
Trigger function Invoke-EMSelectedItemsChanged
Trigger Invoke-EMSelectedItemsChanged in Compare
Trigger Invoke-EMSelectedItemsChanged in Documentation
Trigger Invoke-EMSelectedItemsChanged in EndpointManager
Export W365 Provisioning Policies
Export CloudPC-IT Workstation priviliged users
Loading CloudPC-IT Workstation priviliged users
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget
Export CloudPC-SMMS-administrators
Loading CloudPC-SMMS-administrators
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget
Export CloudPC-Standard users
Loading CloudPC-Standard users
Unsupported migration object: #microsoft.graph.cloudPcManagementGroupAssignmentTarget
Micke-K commented 2 months ago

Sorry, that was me mixing up issues.

Can you try this: Extract the zip. Copy the MSGraph.ps1 to the Extensions folder. Start the tool. Try export again.

Cheers!

MarcoJanse commented 2 months ago

Thank you for clarifying.

It works with the updated MSGraph.ps1 file. The groups have now been exported and the MigrationTable.json has been updated as well.

I've checked the console log and I don't see any error logs anymore, so this updated module seems to fix the Cloud PC issues πŸ˜ƒ

MarcoJanse commented 1 month ago

Closing, as this was fixed in release 3.9.8