When involved in new projects I often find a bunch of old profiles in the Microsoft Endpoint Management Console. Before going ahead with a new implementation it’s the best time to clean-up all the leftovers from past ramblings.
How to identify stale profiles
If one or multiple statements are met for a profile it is very likely to be a stale profile:
- No assignments, assignments to a group without members
- “Test” included within the profile name or description
- Last modified points back in time for more than a year
- No devices reported success/failure status for the given profile type
What to do with stale profiles
So let’s be brave and delete them. But Intune doesn’t offer any [CTRL] + [Z] or recycle bin possibilities so we might want to have some kind of archive, just in case?
Let’s agree that we:
- Check the points from the list above
- Ask our colleagues if they know something about the profiles and their usage
- Take a backup
deleting them afterward is a reasonable action which is probably beneficial for everyone.
Backup and delete the policies via Graph Explorer
Fetch the profile id from your web browser URL in the MEM portal:
Construct a request URL, for a regular device configuration this could look like:
GET https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/2541684d-a353-43b6-87c9-1e5f7e605d3eFetch the profile via Graph Explorer:
Copy the contents to a JSON file at a location of your choice to archive the configuration:
Delete the profile:
Caution: Entities like administrative templates and endpoint security profiles do not return all configured settings, you need to make multiple requests. Use Intune Graph API export and import Intune ADMX templates Export and import MEM Endpoint Security Profiles {: .notice–danger}
Of course, you can also use other tools and scripts to back up your configuration profiles, like the Modern Workplace Concierge.😉
Hope this helps you to keep your environment clean and tidy.