Converting SCCM policies to Intune policies in bulk can be a complex task, especially if you have numerous policies to migrate. Structured approach
?
1. Export SCCM Policies
First, you need to export your existing SCCM policies. This can be done using PowerShell scripts that query SCCM for policy configurations and export them to a file.
?
2. Create a Mapping Template
Create a mapping template that aligns SCCM policy settings with their corresponding Intune settings. This involves identifying the equivalent OMA-URI for each SCCM policy.
?
3. Script for Bulk Conversion
Develop a PowerShell script to automate the conversion process. This script will read the exported SCCM policies, apply the mapping template, and generate the necessary JSON or XML files for Intune.
?
Detailed Steps
Step 1: Export SCCM Policies
Use the following PowerShell script to export SCCM policies:
?
powershell
Copy code
# Connect to SCCM site server
$SccmServer = "YourSccmServer"
$SiteCode = "YourSiteCode"
?
Import-Module "$($Env:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1"
cd "$SiteCode`:\"
?
# Export Antimalware Policies
$antimalwarePolicies = Get-CMAntimalwarePolicy
$antimalwarePolicies | Export-Clixml -Path "C:\SccmExports\AntimalwarePolicies.xml"
Step 2: Create a Mapping Template
Create a CSV or JSON file that maps SCCM policy settings to Intune OMA-URI settings. Here’s an example CSV format:
?
csv
Copy code
SCCMPolicyName,IntunePolicyName,OMA-URI,DataType,Value
DisableLocalAdminMerge,Disable Local Admin Merge,./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/DisableLocalAdminMerge,Integer,1
...
Step 3: Script for Bulk Conversion
Use the following PowerShell script to read the exported policies, apply the mapping template, and generate Intune configuration profiles:
?
powershell
Copy code
# Load SCCM exported policies
$sccmPolicies = Import-Clixml -Path "C:\SccmExports\AntimalwarePolicies.xml"
?
# Load mapping template
$mappingTemplate = Import-Csv -Path "C:\SccmExports\MappingTemplate.csv"
?
# Function to create JSON profile for Intune
function Create-IntuneProfile($policyName, $omaUri, $dataType, $value) {
??? $profile = @{
??????? "displayName" = $policyName
??????? "description" = "Converted from SCCM policy"
??????? "omaSettings" = @(
??????????? @{
??????????????? "omaUri" = $omaUri
??????????????? "dataType" = $dataType
??????????????? "value" = $value
??????????? }
??????? )
??? }
领英推荐
??? return $profile | ConvertTo-Json -Depth 10
}
?
# Loop through SCCM policies and create corresponding Intune profiles
foreach ($sccmPolicy in $sccmPolicies) {
??? foreach ($mapping in $mappingTemplate) {
??????? if ($sccmPolicy.Name -eq $mapping.SCCMPolicyName) {
??????????? $intuneProfile = Create-IntuneProfile $mapping.IntunePolicyName $mapping.OMA-URI $mapping.DataType $mapping.Value
??????????? $profilePath = "C:\IntuneProfiles\$($mapping.IntunePolicyName).json"
??????????? $intuneProfile | Out-File -Path $profilePath
??????? }
??? }
}
Step 4: Import Profiles into Intune
Manually import the generated JSON profiles into Intune:
?
Log into Intune:
?
Go to the Microsoft Endpoint Manager admin center.
Create Configuration Profile:
?
Navigate to Devices > Configuration profiles > Create profile.
Platform: Windows 10 and later.
Profile type: Templates > Custom.
Import the JSON:
?
Use the custom profile creation wizard to import the generated JSON profiles.
Automate Importing Profiles with PowerShell
To automate the import of these profiles into Intune, use the Microsoft Graph API:
?
powershell
Copy code
# Install the Microsoft.Graph.Intune module
Install-Module Microsoft.Graph.Intune
?
# Connect to Microsoft Graph
Connect-MSGraph
?
# Function to create Intune configuration profile
function New-IntuneProfile ($profileJson) {
??? $body = $profileJson | ConvertFrom-Json | ConvertTo-Json
??? Invoke-RestMethod -Uri $uri -Method Post -Body $body -ContentType "application/json"
}
?
# Import JSON profiles and create them in Intune
$profileFiles = Get-ChildItem -Path "C:\IntuneProfiles" -Filter *.json
foreach ($file in $profileFiles) {
??? $profileJson = Get-Content -Path $file.FullName -Raw
??? New-IntuneProfile -profileJson $profileJson
}
This script uses the Microsoft Graph API to import the JSON profiles directly into Intune.
?
Summary
Export SCCM policies using PowerShell.
Create a mapping template to align SCCM settings with Intune OMA-URI settings.
Develop a PowerShell script to automate the conversion and creation of Intune profiles.
Manually or automatically import the generated profiles into Intune using the Microsoft Graph API.
Network & Security Engineer | Security Monitoring | EDR | SIEM | DLP
6 个月Very informative