Intune Custom Compliance Scripts

[Edocsyl]

Is your feature request related to a problem? Please describe. The Custom Compliance Scripts, assigned to Compliance Polices are not getting migrated

Describe the solution you'd like Check if the Compliance Policy has a Compliance Script associated and create it.

Describe alternatives you've considered Notification in the log, to check that you have to manually add the custom compliance script.

[almenscorner]

This feature has been added in the latest beta, 2.2.0 Beta7, please test this version and check that custom compliance scripts is now created/updated.

pip3 install IntuneCD==2.2.0b7

[Edocsyl]

Hi, i could backup the compliance policies. The import of the policy on an other tenant did not work. I could import the custom compliance script. Also the entry of the compliance policy is getting created, but when i want to open the compliance policy the following error appears: "Something went wrong There was an error loading data."

In the export, the "Script Data" is also not ending with *.ps1 its a plain file and im not sure if this is needed because the script data is saved as base64 encoded data in the custom compliance script json file. And when i edit the file in the Script Data, the import does not detect the change.

[almenscorner]

Interesting, all my exports has ".ps1" in Script Data, the change is not compared on the Script Data export, that is just an export of the script for your referance, the change is detected on the base64 string on the actual policy.

I have left it like that because it is how you normally work with these policies, i.e., the change to the script is made in console whereas an update to a normal PowerShell script or shell script is done via file upload.

[almenscorner]

I've seen for custom PowerShell specifically it can take some time before the script actually is visible in the console and until that time the compliance policy will fail to load

[almenscorner]

ah, found the issue why you do not have ".ps1", it only adds it when using "--append-id", I will fix that!

[Edocsyl]

I've seen for custom PowerShell specifically it can take some time before the script actually is visible in the console and until that time the compliance policy will fail to load

I found the problem. I looked up the graph requests when i open the compliance policy. one of the requests failed with code 404. this request was referencing to the "deviceComplianceScripts" with the id from the source tenant. there is an referencing issue while creating the new compliance policy to the new created compliance script.

[almenscorner]

So it sounds like it failed to create the compliance script or it hadn't showed up yet so the old ID was used

[almenscorner]

Instead of that happening, the creation of the policy should then fail if the script does not exist

[Edocsyl]

So it sounds like it failed to create the compliance script or it hadn't showed up yet so the old ID was used

I tested couple of scenarios, but the deviceComplianceScripts ID newer gets associated correctly.

[Edocsyl]

Maybe you could add an log entry to

So it sounds like it failed to create the compliance script or it hadn't showed up yet so the old ID was used

I tested couple of scenarios, but the deviceComplianceScripts ID newer gets associated correctly.

I'v created the Compliance Scripts via IntuneCD and check the apperance of the scripts in the tenant. After they where visible and accessable via graph i'v created the compliance policies but the assigment wasn't right.

[almenscorner]

Found the issue with the custom Windows compliance, it was not setting the name upon backup and created with the old ID always, I have fixed this in my local branch and is now working as expected

[almenscorner]

what was not right with the assignments?

[Edocsyl]

what was not right with the assignments?

Sorry i think i use the wrong "word" i meant the accociation between the Windows Custom Compliance Policy and the Custom Compliance Script. There was no problem with the "Assigment"

[almenscorner]

Ah, got it, then all should be good now :)

Plan is to release later today!

[Edocsyl]

Thanks!