A few weeks ago, I created a script and blog post about bulk exporting Intune policies. You can find that blog here. Initially, my goal was to export/import settings catalog policies in large quantities, but I expanded the script to handle more types. This is especially beneficial for those who frequently manage disorganized tenants or are involved in new tenant provisioning. The import script significantly speeds up the tenant provisioning process. If you work as a consultant or engineer, you’ll likely have numerous policies to set up for each new tenant. Manually configuring these policies can be tedious and prone to mistakes. Bulk importing your standard policies will save you time, minimize errors, and enhance the onboarding experience for new clients.
I aimed to complete the import script sooner, but ran into challenges with particular policy types. Exporting policies as JSON was fairly straightforward. However, importing them presented challenges for certain types. For instance, some policies rely on dependencies, such as conditional access or custom compliance policies, that must be configured prior to the import. Take custom compliance policies, which reference a custom compliance script by its ID—this ID changes when you import it into a new tenant. The same goes for conditional access policies that include named locations. I’m continuing to refine this script to enhance its capabilities, but as of now, here’s what can be bulk-imported:
- Settings Catalog Policies (including endpoint security policies)
- App Protection Policies
- OMA URI and Custom Device Configuration Policies
- Remediations
- Tenant Filters
- Platform Scripts
- Compliance Policies & compliance scripts
- Named Locations
This encompasses nearly all the standard configurations I typically use for most of my new tenants, though I plan to include conditional access policies in the future.
You can find the script on my GitHub. The Import script is designed to complement the export script available here, but feel free to modify it as needed. The export script will generate JSON files that are saved in c:\temp, as shown in the image below.
You can adjust the file location, but the import script looks for all policy files in c:\temp. Once that’s set, the script automates the rest of the process. It imports policies into your destination tenant but does not assign them. The time it takes will depend on the number of policies you are importing, potentially requiring a minute or two.
In terms of compliance policies, a reference file is produced during the export process to map any custom compliance policies to the unique ID of their corresponding scripts. This reference is crucial during the import process to update the compliance policy with the new script ID once imported. I faced challenges with delays in the compliance script imports, making the IDs unavailable for a few seconds to a few minutes. To counter this, the script includes a pause to verify that all custom compliance scripts have been imported before proceeding. Additionally, please remember that if you delete the reference file, any custom compliance scripts will fail to import.
Here’s a demonstration of the script in action, importing policies into a new demo tenant:
