Open nto5435 opened 1 year ago
Migration table is only created when it needs to eg when a group is used. The CA policy will have groups or uses and therefore generate it. The other policies won't have a group unless you have an assignment and include them in the export.
What would you expect to be in the Migration Table for the Defender policy?
I haven't tried export/import them so not sure exactly what they expect but it looks more like something needs to be added or fixed to support them.
You should be able to export/import any policies without migration table. If not, then I need to fix it unless it requires it to translate groups/users. There are other dependency policies eg Scope Tags and Filters. They must be exported before you can import and keep the "link"
Cheers!
Thanks, I do have a problem where I cant import Endpoint Security and Configurations Policy's to another tenant without it asking for an MigrationTable. If its the same tenant no problem.
And then I export an Settings Catalog policy with Assignments it doesnt create an MigrationTable.
The MigTable is not required. Do you have an example of a policy that fails?
I just tried this. If I export without the option "Export Assignments", it won't create a MigTable. If I export with "Export Assignments" and the policy has one assignment, it creates the MigTable.
I've had some issues in the past that it behaves a bit weird if I swap between tenants and export from multiple tenants. File name is cached so it didn't change the name eg updated the wrong MigTable file. However, I hope all these issues are fixed.
Do you import with Assignments? It will fail to import without a MigTable and import a file with existing assignments. Does it import without assignments checked?
The log above is a bit weird to me:
Get-Item : Could not find item C:\M365 - Defender Endpoint Protection\JSON\Endpoint Security Section\Conecto Ba
seline Security Windows - Defender ASR.json.
At C:\VSCode\IntuneManagement\Extensions\MSGraph.psm1:2108 char:23
+ foreach($file in (Get-Item -path "$path\*.json" @params))
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Users\***\On...le content.json:String) [Get-Item], IOException
+ FullyQualifiedErrorId : ItemNotFound,Microsoft.PowerShell.Commands.GetItemCommand
C:\M365 - Defender Endpoint Protection\JSON\Endpoint Security Section\Conecto Ba seline Security Windows - Defender ASR.json - The foreach line in 2108 is expecting a folder and not a json file. And the ObjectNotFound: says C:\Users***...
Are you importing individual files, Bulk or Batch?
I also noticed based on the paths above that you did not keep the original folder structure. The script will find dependencies based on the folder structure and object type names. I actually have no clue how it will react when the folder structure is changed. I would expect it to be ok since the folders won't exist and it then just ignores dependency import.
Cheers!
Sorry I can see the MigrationTable actually is only a Warning, and after removing the Import Scope Tag and Import Assignments it seems to be working.
And again sorry about the log, it was me trying to remove my username and changed it for stars. I have restored the original structure, but still some of the Endpoint Security policys fail.
Here is the log:
WARNING: Could not find migration table WARNING: Could not find migration table WARNING: Could not find migration table Import objects WARNING: Export folder for dependency ScopeTags not found WARNING: Export folder for dependency AssignmentFilters not found Import Endpoint Security object GY Baseline Security: MacOS - Defender Antivirus WARNING: Could not find migration table Endpoint Security object imported successfully with id: b9e7a3c4-9897-4cac-960a-1ad1eeb459cb Import Endpoint Security object GY Baseline Security: macOS - FileVault WARNING: Could not find migration table Endpoint Security object imported successfully with id: e5862965-ad03-4ce0-bfcf-8f5a1cb48c38 Import Endpoint Security object GY Baseline Security: MacOS - Firewall WARNING: Could not find migration table Endpoint Security object imported successfully with id: d496647a-3cb2-4b5e-9f37-b2f82e50b27a Import Endpoint Security object GY Baseline Security: Windows - BitLocker WARNING: Could not find migration table Endpoint Security object imported successfully with id: 24cf2f9c-24e5-4143-88f9-571188a80b3c Import Endpoint Security object GY Baseline Security: Windows - Defender Account Protection WARNING: Could not find migration table Endpoint Security object imported successfully with id: 37777528-ff82-4f6f-b93b-ecbe2be4a6c6 Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 9c34f0c8-71e0-446d-9951-11917e7c81e2). Status code: BadRequest Import Endpoint Security object GY Baseline Security: Windows - Defender ASR Device Control WARNING: Could not find migration table Endpoint Security object imported successfully with id: ffb1ca9a-673e-49e2-835c-9e71965756bf Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: f5f7ca68-c8b5-4375-8b2d-d5c8cb061a0a). Status code: BadRequest Import Endpoint Security object GY Baseline Security: Windows - Defender ASR SmartScreen [EDGE legacy] WARNING: Could not find migration table Endpoint Security object imported successfully with id: 645e1f0e-3db8-4555-9f07-2edeb9a0a8ea Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 0c777d35-82c4-45cd-83b2-4879443e924c). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: a44a979f-90e9-4917-a368-c4cfefb20e0a). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: fd8bf314-144c-4309-9c90-dfe5d7bf2b4d). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 0e8a4ce5-9255-4db0-87c4-c7f4c76f2fd4). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: b4ba07f7-a146-48b7-b905-15fae3a3afb5). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 266a58b8-357b-422b-bde5-53a490cefbfd). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 32341dab-a0ee-4702-90aa-dc52d66ed5a2). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: ed73c72c-0bf2-47cd-abf4-fb9ba407ee4c). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 38d9b158-e99c-40d7-8f10-3d5a0a4063ae). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: de59b8ad-2490-4e48-965f-f340273aed3d). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 59ea0666-ddfa-4865-b2bc-45abadeefe22). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 4add2b73-52c0-481f-9036-f0296d7b9274). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: d71239de-b15b-4386-8793-a5acf355d574). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 68d2b998-b93d-4342-8daa-57756ea285f6). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 595504b0-49f6-497e-a2d6-257031404f39). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 827b638a-e2c5-447a-b808-7001fbddb369). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 6f7eeec0-cf52-489b-91ba-e8138b92ffb7). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 918edb5a-8821-4bad-8b5d-92e8832e238c). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: d1851156-b255-4108-ba79-9b475325a268). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 5aa190e5-5c3b-493f-9e65-384601b04aae). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 519d76fc-3060-4ab2-a153-f09140247393). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: f58593c0-3f2f-4ec8-b3f3-492b700168cd). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 1c84d341-3164-4bad-9ca7-e8a00ff8b837). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: b2b0000e-c4bf-40c0-a8b5-83d360de7e89). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 5dd5e9ef-eebc-4785-ac33-431f74b5dbce). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 0e0360c8-6e59-44cc-82bb-5ffad1577f49). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: eea21e0f-d1d3-4418-af6a-3c30c708550b). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 5edc1541-9aad-47a7-adca-33cff7b34165). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: c1fdd590-04ca-467e-83cb-6ce59403678b). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 0c900435-0bf0-4396-ab34-abe26d1a20bc). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: d32958ba-b07d-4856-86d1-b25b2b947be9). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: ebf336bf-9886-4d07-a0ed-24532e0574de). Status code: BadRequest Import Endpoint Security object WARNING: Could not find migration table Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: 6b63d249-4ef4-45fe-af7e-b2aae03d7874). Status code: BadRequest
Hello,
https://graph.microsoft.com/beta/deviceManagement/templates//createInstance
The the code is:
@{
"API"="deviceManagement/templates/$($obj.templateId)/createInstance"
}
So for some reason the $obj.templateId is empty when you do this. Based on the names, they look like actual Endpoint Security json files. I could see this happen if you copied all Endpoint Security policy files to the EndpointSecurity folder. Some of them are actually Settings Catalog and they would get this error if they are moved to the EndpointSecurity folder and imported from there or imported manually into Endpoint Security.
There are also lots of rows that says: Import Endpoint Security object
The policy name should be in there eg "...object
What happens when you import with Scope Tags enabled and Assignments disabled (and vice versa)
I'll try to have a look at this more tonight.
Cheers!
Hello!
How are you going with this? Did you get it work?
Cheers!
Unfortunately no, the export works perfectly. But still cant seem to get it to import some of the Endpoint Security policies. This is even though if we keep the exported folder structure. It might be an user error from my part, but tried another tool which worked.
Can you zip the policies and attach them here so I can have a look?
Would be great to see why it fails for you.
Can you download this zip and replace existing files? It should not make a difference in functionality but the log should give you the real error from Graph.
Cheers!
As I want to have an template of policys from a demo tenant I apply to loads of different tenants I use the import export feature a lot.
Then I export Conditional Access rules, it always create an MigrationTable. But then I export Settings Catalog or Endpoint Security policys it doesnt create an MigrationTable. I have tried manually creating a MigrationTable which matches the one from the Conditional Access export. Which does make it import some of the rules, but not all of them. The rest fails with:
Failed to invoke MS Graph with URL https://graph.microsoft.com/beta/deviceManagement/templates//createInstance (Request ID: XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX). Status code: BadRequest