Introduction:
We can use app configuration policies in Microsoft Intune to provide configuration settings for an iOS or Android app. These configuration settings allow an app to be customized by using an industry standard approach to app configuration and management. The configuration policy settings are used when the app checks for them, typically the first time it is run.
App configuration policies can be applied to managed devices (intune enrolled iOS and Android ) or managed apps (MAM-WE) .
To know more about App configuration policies in Intune ,please read https://docs.microsoft.com/en-us/intune/app-configuration-policies-overview
With the recent changes that Microsoft introduced to Edge browser for iOS and Andriod ,the existing app configuration policies have a refreshing change in view for configuring new values.
The above screenshot shows ,the new app configuration for Edge browser settings. There are no changes to the managed browser configuration settings view.
In the earlier version, you only have General tab to make any configuration changes, however, now you have Edge tab added. All the configurations that you did in the General tab at the time of policy configuration they will be moved to Edge tab once the policy is created.
When you create new App configuration policy for Edge browser (adding bookmark or allowing URL or blocking URL) ,you will see the following screen:
This has only General tab and configurations that you do is one liner for each type .For example ,adding book marks ,you can do many in one-liner syntax.
Once the policy is created, the one liner syntax is converted to Edge tab as shown below.
This is good and now we can easily add more bookmarks without any syntax errors and also it is easy to track allowed URL’s and BLOCKED URL’s.
Problem:
A customer reached out to me as they had configured App configuration policy with list of allowed sites in work context and rest of the sites which are not allowed will be opened in personal context to prevent any DLP issues. The app configuration policy had 200+ allowed sites in their configuration.
If you want to duplicate this policy to create new with same set of settings one or export this policy and import to other tenant for testing etc ,it is not easy job as you need to copy one by one URL for all 200+ sites.
Until edge tab introduced ,all these allowed URL’s are put into one-line but not now.
So ,how do we duplicate or copy or export and import the app protection policies (it can be of device managed or app managed) ?
Solution:
Microsoft (DaveFalkus & mbaile) recently uploaded 2 scripts for Intune App Configuration Policy at GitHub https://github.com/microsoftgraph/powershell-intune-samples/tree/master/AppConfigurationPolicy
There are 2 PowerShell scripts 1)AppConfigurationPolicy_Export.ps1 and 2)AppConfigurationPolicy_ImportFromJSON.ps1 . These scripts works by making HTTPS RESTful API requests to the Microsoft Graph API from PowerShell.
Script 1) gets all App Configuration Policies in an Intune tenant and exports each policy to .json format in the directory of your choice and 2) imports an App Configuration Policy from a JSON file into the Intune Service you have authenticated with. When you run the script it will prompt for a path to a .json file.
Output of script 1 (exported policies) like below:
with the help of AppConfigurationPolicy_ImportFromJSON.ps1 , we can now import these app configuration policies into same tenant or new tenant that you want to test.
Thanks to Dave for updating/uploading the powershell scripts for intune to make our job easier.