MDAV, Intune, and Graph API: Managing Antivirus Policies Migration

By /

Listen to this Post

The article discusses the migration of legacy Antivirus policies created using `deviceManagement/intents` with the template ID `”2209e067-9c8c-462e-9981-5a8c79165dcc”` to the new Setting Catalog/Configuration Policies in Microsoft Intune. These legacy policies are no longer visible in the Intune portal but can still be managed via the Graph API.

Key Points:

  • Legacy policies (intents) are deprecated as of March 2025 and must be migrated to Configuration Policies.
  • Existing policies may still apply to enrolled devices but could leave new devices unprotected if not migrated.
  • The Graph API can still create and assign these policies, but portal visibility is limited.

You Should Know:

1. Checking Existing Intent Policies via Graph API

 List all device management intents 
$intents = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/deviceManagement/intents" -Method GET 
$intents.value | Where-Object { $_.templateId -eq "2209e067-9c8c-462e-9981-5a8c79165dcc" } | Select-Object id, displayName
  1. Assigning an Intent Policy via Graph API 
    $assignments = @{
assignments = @(
@{
target = @{
"@odata.type" = "microsoft.graph.allLicensedUsersAssignmentTarget" 
} 
} 
) 
} | ConvertTo-Json </li>
</ol>

Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/deviceManagement/intents/{intentId}/assign" -Method POST -Body $assignments

    3. Verifying Assignments

     Check assignments for a specific intent 
Get-MgBetaDeviceManagementIntentAssignment -DeviceManagementIntentId "{intentId}" | ConvertTo-Json

    4. Migrating to Setting Catalog Policies

    Manually recreate policies in:

    • Endpoint Security > Antivirus (Intune Portal)
    • Use Configuration Profiles for granular control.

    5. Checking Microsoft’s MC955748 Update

    The referenced article (now unavailable) indicated the deprecation of intent-based policies. To check Microsoft’s Message Center: 

     Requires appropriate permissions 
Get-MgServiceUpdateMessage -MessageId "MC955748"

    What Undercode Say

    The transition from Intents to Configuration Policies reflects Microsoft’s shift toward a more structured policy management approach in Intune. Key takeaways:
    – Legacy policies may still work but lack visibility.
    – Graph API remains a powerful tool for automation.
    – Migrate ASAP to avoid security gaps.

    For further reading:

    Expected Output:

    A structured migration plan with Graph API commands to verify, assign, and transition policies seamlessly.

    References:

    Reported By: William Francillette – Hackers Feeds
    Extra Hub: Undercode MoN
    Basic Verification: Pass ✅

    Join Our Cyber World:

    💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: