Describe the bug
When updating #microsoft.graph.macOSCustomConfiguration profiles, IntuneCD does not reliably push changes to the .mobileconfig payload stored in Intune.
Two related problems:
- Adding a new dictionary key to the repo mobileconfig (e.g. a new
env block) is not treated as a change, so update is skipped.
- Even when other mobileconfig differences are detected, the PATCH may not include the actual payload bytes from
mobileconfig/<payloadFileName>. In that case Intune metadata (e.g. last modified time) can update while the mobileconfig content in the admin center stays unchanged.
To Reproduce
Steps to reproduce the behavior:
- Back up an existing macOS custom configuration with
IntuneCD-startbackup.
- Stub JSON in
Device Configurations/
- Payload file in
Device Configurations/mobileconfig/<payloadFileName>
- Keep stub JSON metadata aligned with Intune.
- Add a new dict key to the repo mobileconfig only (e.g. an
env block). Do not change existing keys or arrays.
- Run
IntuneCD-startupdate --mode=1 --path=<repo> --verbose.
- Observe the log:
No changes found for Device Configuration: <<config_name>> (no Updating Mobileconfig entry).
- Check Intune admin center — payload content is unchanged.
Optional second scenario:
- Change existing plist values or arrays so IntuneCD logs mobileconfig updates.
- Keep stub JSON without a
payload field.
- Run update again.
- Observe last modified time changes, but mobileconfig content in Intune remains the old file.
Expected behavior
- New keys in the repo mobileconfig are detected as drift.
- Update sends the full mobileconfig content to Intune.
- Admin center shows the updated plist (e.g. the new
env block).
Screenshots
Not applicable (CLI / file diff issue).
Run type (please complete the following information):
- Mode: 1
- Client: GitHub Actions pipeline (also reproducible locally)
- Version: 2.6.0
Additional context
When comparing the repo mobileconfig with an Intune backup manually, the new key shows up in a file diff — but IntuneCD update still reports no changes (step 5 above).
Likely areas: mobileconfig comparison in the Device Configurations update module, and how the PATCH body is built for macOS/iOS custom configurations.
Related implementation:
_process_diffs ignores dictionary_item_added / dictionary_item_removed- Mobileconfig handler PATCHes stub JSON without payload bytes
- Stub diff excludes
root['payload']
Happy to submit a PR if useful.
Describe the bug
When updating
#microsoft.graph.macOSCustomConfigurationprofiles, IntuneCD does not reliably push changes to the.mobileconfigpayload stored in Intune.Two related problems:
envblock) is not treated as a change, so update is skipped.mobileconfig/<payloadFileName>. In that case Intune metadata (e.g. last modified time) can update while the mobileconfig content in the admin center stays unchanged.To Reproduce
Steps to reproduce the behavior:
IntuneCD-startbackup.Device Configurations/Device Configurations/mobileconfig/<payloadFileName>envblock). Do not change existing keys or arrays.IntuneCD-startupdate --mode=1 --path=<repo> --verbose.No changes found for Device Configuration: <<config_name>>(noUpdating Mobileconfigentry).Optional second scenario:
payloadfield.Expected behavior
envblock).Screenshots
Not applicable (CLI / file diff issue).
Run type (please complete the following information):
Additional context
When comparing the repo mobileconfig with an Intune backup manually, the new key shows up in a file diff — but IntuneCD update still reports no changes (step 5 above).
Likely areas: mobileconfig comparison in the Device Configurations update module, and how the PATCH body is built for macOS/iOS custom configurations.
Related implementation:
_process_diffsignoresdictionary_item_added/dictionary_item_removedroot['payload']Happy to submit a PR if useful.