Housekeeping for stale MEM profiles

1 minute read

When involved in new projects I often find a bunch of old profiles in the Microsoft Endpoint Management Console. Before going ahead with a new implementation it’s the best time to clean-up all the leftovers from past ramblings.

How to identify stale profiles

If one or multiple statements are met for a profile it is very likely to be a stale profile:

  • No assignments, assignments to a group without members
  • “Test” included within the profile name or description
  • Last modified points back in time for more than a year
  • No devices reported success/failure status for the given profile type

What to do with stale profiles

So let’s be brave and delete them. But Intune doesn’t offer any [CTRL] + [Z] or recycle bin possibilities so we might want to have some kind of archive, just in case?

Let’s agree that we:

  • Check the points from the list above
  • Ask our colleagues if they know something about the profiles and their usage
  • Take a backup

deleting them afterward is a reasonable action which is probably beneficial for everyone.

Backup and delete the policies via Graph Explorer

  1. Fetch the profile id from your web browser URL in the MEM portal: Fetch request url

  2. Construct a request URL, for a regular device configuration this could look like: GET

  3. Fetch the profile via Graph Explorer: GET deviceConfiguration

  4. Copy the contents to a JSON file at a location of your choice to archive the configuration: Get deviceConfiguration body

  5. Delete the profile: DELETE deviceConfiguration

Caution: Entities like administrative templates and endpoint security profiles do not return all configured settings, you need to make multiple requests. Use Intune Graph API export and import Intune ADMX templates Export and import MEM Endpoint Security Profiles

Of course, you can also use other tools and scripts to back up your configuration profiles, like the Modern Workplace Concierge.😉

Hope this helps you to keep your environment clean and tidy.