Closed EirikNess closed 1 month ago
I tried repro the issue by creating an Attack Surface Reduction policy for Exploit Protection, run the backup and then the update. If the policy exists it does not create it again in my case, if it does not exist it is created.
So far I have not been able to repro the duplication of the policy
Thanks for testing it out. Did you see where intunecd placed the exploit protection policy? If it was placed under the settings catalog or in the Management Intents-folder? I have a theory that this may cause issues on policies created before the change microsoft have implemented this summer where intunecd places the policy under management intents.
Here is the new policy that seems to have been migrated to the settings catalog:
While we get duplicates of the same setting with the old view:
It is placed under Settings Catalog as I did not have a policy created prior to the change by Microsoft, If you are able to provide me a copy of the policy I can try manually create it under management intents and then run the update
Had to consult with the security team to give me the thumbs up to share it :) Let me know if the format is wrong xxx_Mandatory - Windows Exploit Protection.json
Tried having the settings catalog profile and this one under the management intent folder, in my case it just says that no updates are found and then it is not doing anything else, i.e. it keeps both the Management Intent and Settings Catalog up-to-date but does not create additional replicas.
Is your Management Intent removed from the folder in the backup and only the settings catalog is left?
Please verify if v2.3.6 resolves this issue, there were some updates made regarding settings catalog policies
Hi, tested out v2.3.6 and it resolved the issue. Thanks! :)
Thanks for verifying!
Resolved in #215
Describe the bug I recently noticed that Attack surface reduction policies (specifically Exploit Protection settings) are being duplicated when running intunecd update.
I see an update from microsoft that will move endpoint security policies to the settings catalog: https://techcommunity.microsoft.com/t5/intune-customer-success/endpoint-security-policies-migrating-to-the-unified-settings/ba-p/3890989
This may explain the issue, and i see when i updated our master branch from our baseline-tenant, i see that it would move the windows exploit protection policy from management intents to the settings catalog.
For now it is just happening to this one policy, but i would assume it would hit other policies later on.
On one of our tenants the policy got duplicated 6 times when I came back from summer vacation.
To Reproduce Steps to reproduce the behavior: Backup baseline tenant with intunecd Run intunecd update on another tenant
Expected behavior Nothing should happen to the policy since we did not make any changes to it.
Screenshots If applicable, add screenshots to help explain your problem.
Run type (please complete the following information):
Additional context Add any other context about the problem here.