I had request from security asking for updated intune App protection (MAM) policies . When the request come, i was trying to look for document in SharePoint portal if there any created .As part of intune implementation policy ,there should be a document that refers app protection policies according to the security requirement. In this case ,i don't have any document to provide to them (it was not created earlier).
How to create document with all Intune app protection policy settings configured ? Well ,you can go the intune app protection policies ,click on the policy and start noting down the policy settings .
Follow the TechNet guide below for iOS and Andriod app protection policy settings :
https://docs.microsoft.com/en-us/intune/app-protection-policy-settings-ios
https://docs.microsoft.com/en-us/intune/app-protection-policy-settings-android
If you have only 2 policies created then it wouldn’t take long time to capture it manually but if you have more ,manually going through the policy and start noting down is not good practice.
So the only way (at the time of writing this blog post) is using powershell that can automate for us . I started searching for API /powershell.
There is also user voice created for this request https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/9802914-there-needs-to-be-a-way-to-export-all-policies-to
While searching online ,found the intune powershell sample scripts by davefalkus on https://github.com/microsoftgraph/powershell-intune-samples/tree/master/AppProtectionPolicy.
Script name ManagedAppPolicy_Export.ps1
this script will export all intune app protection policies and export to JSON file and then import to same tenant or different tenant.
Following are the settings ,script will export to .
Download the script .
run the powershell script ,it prompt for authentication (make sure your Global admin approve your request to run the scripts on the tenant).
It also ask for to create folder to store the settings.
After the script complete, it export al settings , which we will use get required information for us.
following are the app protection policies exported by script.
If you open the file using notepad,you will see all policy settings.
All the period /time mentioned in the file is seconds ( S ), minutes ( M ),Hours ( H ) and days ( D ) .
Description of each settings that is exported is available in github https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/api/intune_mam_androidmanagedappprotection_create.md
Copy the information to excel and do some formatting and you are good with it.
You can tweak the script to export the settings into CSV file to read more appropriate and less formatting compared to JSON file.