[GH-ISSUE #1047] Blank MEM policy templates when created from existing policies #555

New issue

Closed

opened 2026-03-02 12:43:13 +03:00 by kerem · 6 comments

kerem commented 2026-03-02 12:43:13 +03:00

Owner

Copy link

Originally created by @rthompson1624 on GitHub (Jul 29, 2022).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/1047

Description

We're creating new templates from existing policies but when checking the templates they're just empty policies, no settings are actually being defined in the template. Example:

{
"Displayname": "Endpoint Protection Defender Exploit Guard",
"Description": "Template Policy",
"RAWJson": "{"displayName":"Endpoint Protection Defender Exploit Guard","description":"FIT Template Policy","omaSettings":null,"@odata.type":"#microsoft.graph.windows10EndpointProtectionConfiguration"}",
"Type": "Device",
"GUID": "ee361448-47da-4a8f-841f-50d127c3bb31"
}

Environment data

Azure
Frontend version: 2.9.0
Backend version: 1.14.0

Originally created by @rthompson1624 on GitHub (Jul 29, 2022). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/1047 ### Description We're creating new templates from existing policies but when checking the templates they're just empty policies, no settings are actually being defined in the template. Example: { "Displayname": "Endpoint Protection Defender Exploit Guard", "Description": "Template Policy", "RAWJson": "{\"displayName\":\"Endpoint Protection Defender Exploit Guard\",\"description\":\"FIT Template Policy\",\"omaSettings\":null,\"@odata.type\":\"#microsoft.graph.windows10EndpointProtectionConfiguration\"}", "Type": "Device", "GUID": "ee361448-47da-4a8f-841f-50d127c3bb31" } ### Environment data ```PowerShell Azure Frontend version: 2.9.0 Backend version: 1.14.0 ```

kerem 2026-03-02 12:43:13 +03:00

• closed this issue
• added the
  bug
  unconfirmed-by-user
  labels

kerem commented 2026-03-02 12:43:14 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jul 29, 2022):

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://kelvintegelaar.github.io/CIPP
If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.".

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

<!-- gh-comment-id:1199766863 --> @github-actions[bot] commented on GitHub (Jul 29, 2022): Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://kelvintegelaar.github.io/CIPP If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.". Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

kerem commented 2026-03-02 12:43:14 +03:00

Author

Owner

Copy link

@xhoy commented on GitHub (Aug 1, 2022):

can comfirm.
We have a policy based on the "endpoint protection" profile type. It shows up in the "list policies". When i create a template form it. The "raw json" seems empty. When deployed to a different tenant is has no "configuration" values.

When creating a template from a "administrative template" (with some power settings like standby time etc) Its empty aswel! But this time the JSON seems "filled".

I am 99% sure the "power managemennt" policy worked on CIPP 2.8

Using CIPP 2.9.0 & 1.14.

<!-- gh-comment-id:1200951148 --> @xhoy commented on GitHub (Aug 1, 2022): can comfirm. We have a policy based on the "endpoint protection" profile type. It shows up in the "list policies". When i create a template form it. The "raw json" seems empty. When deployed to a different tenant is has no "configuration" values. When creating a template from a "administrative template" (with some power settings like standby time etc) Its empty aswel! But this time the JSON seems "filled". I am 99% sure the "power managemennt" policy worked on CIPP 2.8 Using CIPP 2.9.0 & 1.14.

kerem commented 2026-03-02 12:43:14 +03:00

Author

Owner

Copy link

@xhoy commented on GitHub (Aug 1, 2022):

I did some digging around for the powermanagement policy. Early i created the policy manualy (grep data from the browser). And the raw json looked like this:

{
   "added":[
      {
         "enabled":true,
         "presentationValues":[
            
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('45b899ba-8294-41ca-a942-bbf177fdc11d')"
      },
      {
         "enabled":true,
         "presentationValues":[
            
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('3f8d830b-df9a-499a-af2f-8d28cbbaef05')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":3600,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')/presentations('956185d8-08d2-4907-84a6-5db3671895b6')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":5400,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')/presentations('09d09d57-1a50-4690-9f65-ba6c944ce79a')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":1800,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')/presentations('9c3b164b-64d5-47d1-abd7-7455077b2a31')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":4000,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')/presentations('d5a5e7c0-46d8-44ee-9211-4797b3750342')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":900,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')/presentations('efe6ad09-952d-4b71-839e-b06b02d1db70')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')"
      },
      {
         "enabled":true,
         "presentationValues":[
            {
               "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal",
               "value":3600,
               "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')/presentations('9759eedf-7173-4c92-888d-61400ae6f6bc')"
            }
         ],
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')"
      }
   ],
   "updated":[
      
   ],
   "deletedIds":[
      
   ]
}

When looking at the "auto generated policy" it looks like this:

{
   "added":[
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('3f8d830b-df9a-499a-af2f-8d28cbbaef05')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')"
      },
      {
         "enabled":true,
         "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('45b899ba-8294-41ca-a942-bbf177fdc11d')"
      }
   ],
   "updated":[
      
   ],
   "deletedIds":[
      
   ]
}

<!-- gh-comment-id:1200955777 --> @xhoy commented on GitHub (Aug 1, 2022): I did some digging around for the powermanagement policy. Early i created the policy manualy (grep data from the browser). And the raw json looked like this: ```json { "added":[ { "enabled":true, "presentationValues":[ ], "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('45b899ba-8294-41ca-a942-bbf177fdc11d')" }, { "enabled":true, "presentationValues":[ ], "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('3f8d830b-df9a-499a-af2f-8d28cbbaef05')" }, { "enabled":true, "presentationValues":[ { "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal", "value":3600, "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')/presentations('956185d8-08d2-4907-84a6-5db3671895b6')" } ], "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')" }, { "enabled":true, "presentationValues":[ { "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal", "value":5400, "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')/presentations('09d09d57-1a50-4690-9f65-ba6c944ce79a')" } ], "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')" }, { "enabled":true, "presentationValues":[ { "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal", "value":1800, "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')/presentations('9c3b164b-64d5-47d1-abd7-7455077b2a31')" } ], "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')" }, { "enabled":true, "presentationValues":[ { "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal", "value":4000, "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')/presentations('d5a5e7c0-46d8-44ee-9211-4797b3750342')" } ], "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')" }, { "enabled":true, "presentationValues":[ { "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal", "value":900, "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')/presentations('efe6ad09-952d-4b71-839e-b06b02d1db70')" } ], "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')" }, { "enabled":true, "presentationValues":[ { "@odata.type":"#microsoft.graph.groupPolicyPresentationValueDecimal", "value":3600, "presentation@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')/presentations('9759eedf-7173-4c92-888d-61400ae6f6bc')" } ], "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')" } ], "updated":[ ], "deletedIds":[ ] } ``` When looking at the "auto generated policy" it looks like this: ```json { "added":[ { "enabled":true, "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('09d1c36f-18fc-4a8b-abe3-09af371d54d2')" }, { "enabled":true, "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('91608054-0bec-4491-ab30-2ee4e924c6c7')" }, { "enabled":true, "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('57c3e1fe-1f1b-44de-8ebd-6523e76b90d5')" }, { "enabled":true, "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('ccf13f5c-5162-4aff-8d60-87c2e4c13106')" }, { "enabled":true, "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('593434f9-0616-474a-b2ad-892c843c71d6')" }, { "enabled":true, "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('3f8d830b-df9a-499a-af2f-8d28cbbaef05')" }, { "enabled":true, "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('8359b933-4e06-49d3-9d0e-b88c710992fd')" }, { "enabled":true, "definition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('45b899ba-8294-41ca-a942-bbf177fdc11d')" } ], "updated":[ ], "deletedIds":[ ] } ```

kerem commented 2026-03-02 12:43:14 +03:00

Author

Owner

Copy link

@xhoy commented on GitHub (Aug 1, 2022):

Seems like issue #1041 is the same!

<!-- gh-comment-id:1200958607 --> @xhoy commented on GitHub (Aug 1, 2022): Seems like issue #1041 is the same!

kerem commented 2026-03-02 12:43:14 +03:00

Author

Owner

Copy link

@xhoy commented on GitHub (Aug 1, 2022):

so, no where near an expert, but it think here is the issue: github.com/KelvinTegelaar/CIPP-API@98e2b43b95/AddIntuneTemplate/run.ps1 (L53)

The url should be something like: https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations('f439a802-f275-43d8-acb1-8a7577d5d977')/definitionValues('0e4e8ba7-b05d-43c9-90ea-8de3941b2ebe')/presentationValues as per https://docs.microsoft.com/en-us/graph/api/intune-grouppolicy-grouppolicydefinitionvalue-get?view=graph-rest-beta
But I have no more time finding out the details!

<!-- gh-comment-id:1201015552 --> @xhoy commented on GitHub (Aug 1, 2022): so, no where near an expert, but it think here is the issue: https://github.com/KelvinTegelaar/CIPP-API/blob/98e2b43b9507120787d93c4bc3e9ca62513eadb1/AddIntuneTemplate/run.ps1#L53 The url should be something like: https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations('f439a802-f275-43d8-acb1-8a7577d5d977')/definitionValues('0e4e8ba7-b05d-43c9-90ea-8de3941b2ebe')/presentationValues as per https://docs.microsoft.com/en-us/graph/api/intune-grouppolicy-grouppolicydefinitionvalue-get?view=graph-rest-beta But I have no more time finding out the details!

kerem commented 2026-03-02 12:43:14 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Aug 1, 2022):

not exactly, but fixed in dev.

<!-- gh-comment-id:1201110737 --> @KelvinTegelaar commented on GitHub (Aug 1, 2022): not exactly, but fixed in dev.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#555

No description provided.