Accidently deleted a Intune compliance policy group

Doboman 86 Reputation points
2022-04-19T04:26:07.457+00:00

Hi All,

After searching the web , its clear you cannot restore Intune policy if you delete one.

I was wondering to recreate it , Is there some sort of a log where I can find what this group contained and who it was was assigned to ?

any help is appreciated.

Kind regards

Doboman

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,768 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lu Dai-MSFT 28,366 Reputation points
    2022-04-20T02:45:23.907+00:00

    @HarshaRatnayaka-8891 Thanks for your update. From your description, did you mean that the group is deleted, not the compliance policy is deleted? And you want to find the specific devices included in the deleted group?

    If yes, we can find the ID of the target group under Audit Log Details > Target(s).
    194419-image.png

    Then we can select the possible time that we created the group, click on "Add filters" > Target > Apply and enter the ID we found.
    194503-image.png

    After that, we will find the devices included in this group.
    194458-image.png

    Hope it will help.


1 additional answer

Sort by: Most helpful
  1. Lu Dai-MSFT 28,366 Reputation points
    2022-04-19T08:00:43.06+00:00

    @HarshaRatnayaka-8891 Thanks for posting in our Q&A.

    Based on my experience, audit logs may record some information.
    https://learn.microsoft.com/en-us/mem/intune/fundamentals/monitor-audit-logs

    We can refer to the following link to track. I think track device compliance policy is same as the device configuration policy.
    https://www.anoopcnair.com/intune-audit-logs-track-who-created-deleted-device-configuration-policy/
    Note: Non-Microsoft link, just for the reference.

    I have done the test in my lab. I tried to delete a compliance policy in intune portal and I can find a record "Delete DeviceCompliancePolicy" in Tenant admin > Audit logs. When I checked more details, I can get the deleted compliance policy's name.
    194184-image.png

    194211-image.png

    Then we can try to filter to narrow the scope. Based on my test, we can find the target compliance policy's assignment group name in "Update Assignment DeviceCompliancePolicy".
    194202-image.png

    Hope it will give you some ideas.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.