If you need to Duplicate Device Configuration Profiles in Microsoft Intune, you already know how easy these profiles are to create and almost as easy to lose track of. Anyone who has run a tenant for more than a year knows the result: a long list of profiles with similar names, slight setting variations between them, and no clear answer to “which one is actually deployed and which one is a copy from a test that nobody ever cleaned up”.
Being able to Duplicate Device Configuration Profiles cleanly — for staged rollouts, test rings, or template-based deployment — is one of the operations where the admin portal is genuinely awkward. In this post I show two reliable ways to clone configuration profiles: the built-in Duplicate button and a Microsoft Graph-based PowerShell function that gives you full control.
There is often the use case that you want to clone these policies to adjust them for a certain device group or use case, or just to have a separation of the name for different device classes. Instead of rebuilding every setting by hand, you copy a known-good baseline and only change what differs.
There has been a user voice with over 1200 votes since 2017, unfortunately this feature has not been added to the Intune admin center for every policy type yet.
Table of contents
How to Duplicate Device Configuration Profiles in the Intune admin center
The fastest path is the native Duplicate button in the Intune admin center. Open the policy, choose the Duplicate action, give the copy a new name, and save. It is simple — but, as you will see below, it only works for a subset of policy types, which is exactly why a script is still worth keeping in your toolbox.
Use a PowerShell script to Duplicate Device Configuration Profiles via Graph
To have a work around for the missing portal support I created a small script that helps you Duplicate Device Configuration Profiles end to end. It reads the source profile through Microsoft Graph, clones the settings payload, and writes a new policy back into your tenant. You can find this script on my GitHub repository: Copy-DeviceConfigurationProfile.ps1.
The Graph approach is the most flexible option because you are not limited by the portal UI. Authenticate with the Microsoft.Graph PowerShell SDK, request the DeviceManagementConfiguration.ReadWrite.All permission, then pull the profile JSON and re-post it under a new display name. If you are new to Graph permissions for Intune, the official Microsoft Learn documentation is the best starting point.
Stay healthy, Cheers
Jannik
Update 13.06.2022:
Since Service release 2111 (Nov 15 2021) there is an option to duplicate settings catalog policies directly. This made it far easier to clone profiles of that type, but all other policy types are still not supported in the portal — so the script above remains relevant.
Operational tips after you Duplicate Device Configuration Profiles
Once you clone profiles regularly, the real challenge shifts from cloning to keeping the tenant tidy. The clones are cheap to make, but cleanup discipline is what keeps your environment manageable over time:
- Naming conventions: encode purpose, environment, and version, e.g.
ProfileBase – Production – v3vsProfileBase – Test. Sortable and self-documenting. - Scope tags as metadata: use them not just for RBAC but also as lightweight tagging (owner team, pilot ring, lifecycle). Filtering by tag beats scrolling through hundreds of profiles.
- DevOps pipeline approach: beyond one-off clones, treat profiles as code. Export JSON from a dev tenant and promote it to production via a Graph-based pipeline (Azure DevOps or GitHub Actions).
- Audit & cleanup: schedule a monthly Graph query for profiles with no assignments, no recent modifications, or names containing “Copy of”. Orphaned duplicates are the largest source of tenant clutter.
If you want to go further with automation, have a look at my other Intune and Microsoft Graph posts where I cover deployment pipelines and reporting in more detail. Treating the ability to Duplicate Device Configuration Profiles as part of a repeatable workflow is what separates a tidy tenant from a sprawling one.