6/25/20: BREAKING Update: IntuneBackupAndRestore v2.0.0 released, which relies on the Microsoft.Graph.Intune PowerShell module instead of MSGraphFunctions

Thanks to community feedback and with the version 2.0.0 release of the IntuneBackupAndRestore PowerShell Module, the MSGraphFunctions PowerShell Module is now deprecated and will no longer be maintained by me.

As of version 2.0.0, the IntuneBackupAndRestore PowerShell Module has migrated from the MSGraphFunctions PowerShell module to the Microsoft.Graph.Intune PowerShell module. This allows you to use what’s already there instead of having to maintaining a seperate custom dependency. If you update to the latest version, please make sure you meet the new prerequisites below.

Requires Microsoft.Graph.Intune PowerShell Module Install-Module -Name Microsoft.Graph.Intune

Connect to Microsoft Graph using the Connect-MSGraph PSCmdlet first.

Do note that the cmdlet to connect with Microsoft Graph is Connect-MSGraph in the Microsoft.Graph.Intune module and not the Connect-Graph cmdlet.

Check out IntuneBackupAndRestore on GitHub for more information.

Original post

Today, I would like to share the release of my

MSGraphFunctions and IntuneBackupAndRestore PowerShell Modules on the PowerShell Gallery with you!

Even more, in this blog post, I will walk you through on how to get started backing up and restoring your Microsoft Intune configuration.

Features

First of all, new features will be added to the IntuneBackupAndRestore module on a regular basis. Be sure to check out what Intune configurations are supported for backup and restore actions on GitHub!

List of features on time of writing this post

Prerequisites

Start by installing the required PowerShell Modules.

Open up a PowerShell prompt (as Administrator) and install the MSGraphFunctions and IntuneBackupAndRestore PowerShell Modules, which I have released on the PowerShell Gallery.

Install-Module -Name MSGraphFunctions Install-Module -Name IntuneBackupAndRestore 1 2 Install-Module -Name MSGraphFunctions Install-Module -Name IntuneBackupAndRestore

Note: These modules require that you have either the AzureAD or AzureADPreview module installed. Furthermore, the IntuneBackupAndRestore module is dependent on the MSGraphFunctions module.

Now import the modules and you are good to go!

Import-Module -Name MSGraphFunctions Import-Module -Name IntuneBackupAndRestore 1 2 Import-Module -Name MSGraphFunctions Import-Module -Name IntuneBackupAndRestore

Connect to Microsoft Graph

First of all, the MSGraphFunctions PowerShell Module contains two functions to Connect to Microsoft Graph. One using Delegated permissions (Connect-Graph) and one using Application permissions (Connect-GraphApplication).

Because application permissions are insufficient for the Intune backup & restore actions, we will be using delegated permissions.

Connect-Graph leverages the application ID of the default “Microsoft Intune PowerShell” application in AzureAD by default, so you don’t need to create your own application.

Now, let’s get authenticated with Microsoft Graph!

# Enter the credentials for an Intune Administrator. $Credential = Get-Credential # Connect to Microsoft Graph Connect-Graph -Credential $Credential 1 2 3 4 5 # Enter the credentials for an Intune Administrator. $Credential = Get-Credential # Connect to Microsoft Graph Connect-Graph -Credential $Credential

If all went well, you will now be successfully connected to Microsoft Graph using delegated permissions!

Backing up Intune configuration

Now that you have connected to Microsoft Graph, it’s time to backup that Intune configuration!

Start-IntuneBackup -Path C:\temp\IntuneBackup 1 Start-IntuneBackup -Path C : \ temp \ IntuneBackup

As a result, your Intune configuration will be backed up to json files in the specified path. Looking for the PowerShell Script Content of uploaded scripts? It’s there as well!

Comparing backup files

Before heading on to restoring your Intune configuration from backup, I would like to show you a helper function that identifies changes between backup files.

In this scenario, I have backed up my Intune configuration before making any changes. I then changed a Device Configuration profile, setting some values for the Xbox Service, as shown in the screenshots below.

Old settings

New settings

Now, If I take another backup, I am able to compare the differences between the files using the Compare-IntuneBackupFile cmdlet.

Compare-IntuneBackupFile -ReferenceFilePath $ReferenceFilePath -DifferenceFilePath $DifferenceFilePath 1 Compare-IntuneBackupFile -ReferenceFilePath $ReferenceFilePath -DifferenceFilePath $DifferenceFilePath

Comparing Intune Backup Files

As you can see in the image above, the previous and current values of the settings are displayed. Also the lastModifiedDateTime and version number of the Device Configuration profile are displayed.

Restoring Intune configuration

For restoring the Intune configuration, there’s a few options you can take.

Restore the full Intune configuration with or without assignments; For a partial restore, move the json files that you don’t wish to restore to another directory then the given path. Restore a subset of the Intune configuration using the individual cmdlets.

# Restore Intune configuration Start-IntuneRestoreConfig -Path C:\temp\IntuneBackup 1 2 # Restore Intune configuration Start-IntuneRestoreConfig -Path C : \ temp \ IntuneBackup

# If you wish to restore the assignments for Intune configurations Start-IntuneRestoreAssignments -Path C:\temp\IntuneBackup 1 2 # If you wish to restore the assignments for Intune configurations Start-IntuneRestoreAssignments -Path C : \ temp \ IntuneBackup

Note: Restoring configurations will not overwrite existing configurations, but creates new ones. Restoring assignments may overwrite existing assignments.

Wrapping up!

You can use this PowerShell module to backup an Intune configuration in one tenant and restore it in another tenant. Yet, assignments cannot be restored in another tenant out-of-the-box, as references to Object IDs from Azure AD Groups cannot be translated one to one across tenants.

Finally, if you experience any bugs or have any features requests, feel free to create an issue on the corresponding GitHub projects. I’d be happy to answer any questions on my blog too!

