Hi All,
After searching the web , its clear you cannot restore Intune policy if you delete one.
I was wondering to recreate it , Is there some sort of a log where I can find what this group contained and who it was was assigned to ?
any help is appreciated.
Kind regards
Doboman
@HarshaRatnayaka-8891 Thanks for your update. From your description, did you mean that the group is deleted, not the compliance policy is deleted? And you want to find the specific devices included in the deleted group?
If yes, we can find the ID of the target group under Audit Log Details > Target(s).
Then we can select the possible time that we created the group, click on "Add filters" > Target > Apply and enter the ID we found. 
After that, we will find the devices included in this group.
Hope it will help.
@LuDaiMSFT-0289 Yes you are spot on.
This group was created more than year ago and I cannot go that far.
Do you know how far the group audits keep ?
Many thanks
Doboman
@HarshaRatnayaka-8891 Based on my experience, the audit log only will keep a month records. Given this situation, it is suggested to create an online support ticket to check if it will keep the one year ago records in the backend database. Here is the support link:
https://docs.microsoft.com/en-us/mem/get-support
Thanks for your understanding and hope everything goes well with you.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
@HarshaRatnayaka-8891 Thanks for posting in our Q&A.
Based on my experience, audit logs may record some information.
https://docs.microsoft.com/en-us/mem/intune/fundamentals/monitor-audit-logs
We can refer to the following link to track. I think track device compliance policy is same as the device configuration policy.
https://www.anoopcnair.com/intune-audit-logs-track-who-created-deleted-device-configuration-policy/
Note: Non-Microsoft link, just for the reference.
I have done the test in my lab. I tried to delete a compliance policy in intune portal and I can find a record "Delete DeviceCompliancePolicy" in Tenant admin > Audit logs. When I checked more details, I can get the deleted compliance policy's name.
Then we can try to filter to narrow the scope. Based on my test, we can find the target compliance policy's assignment group name in "Update Assignment DeviceCompliancePolicy".
Hope it will give you some ideas.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
HI LuDaiMSFT-0289
Many thanks for quick response.
I may have jumped the gun here. Look like a group that is deleted but but not a policy.
Is there a similar method check who was in the group and what the group was attached to ?
As the below group was not a office 365 , it is not listed under the deleted groups.
P.S. the above is very useful as I was after that information.
Kind regards
Doboman
@HarshaRatnayaka-8891 You're welcome. I'm glad to discuss with you. If you have any problem in the future, please welcome to post in our Q&A.
Thanks for your kindness and have a nice day. : )
9 people are following this question.
