Skip to content
PowerShell Module that queries Microsoft Graph, and allows for cross-tenant Backup & Restore actions of your Intune Configuration.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
IntuneBackupAndRestore Release v1.2.1 (#3) Apr 12, 2019
CHANGELOG.md
LICENSE
README.md

README.md

Intune Backup & Restore

PowerShell Gallery PowerShell Gallery

This PowerShell Module queries Microsoft Graph, and allows for cross-tenant Backup & Restore actions of your Intune Configuration.

Intune Configuration is backed up as (json) files in a given directory.

Installing IntuneBackupAndRestore

# Install IntuneBackupAndRestore from the PowerShell Gallery
Install-Module -Name IntuneBackupAndRestore

Prerequisites

  • Requires AzureAD PowerShell Module (Install-Module -Name AzureAD)
  • Requires MSGraphFunctions PowerShell Module (Install-Module -Name MSGraphFunctions)
  • Connect to Microsoft Graph using the Connect-Graph PSCmdlet first.

Features

Backup actions

  • Administrative Templates (Device Configurations)
  • Administrative Template Assignments
  • Client App Assignments
  • Device Compliance Policies
  • Device Compliance Policy Assignments
  • Device Configurations
  • Device Configuration Assignments
  • Device Management Scripts (Device Configuration -> PowerShell Scripts)
  • Device Management Script Assignments
  • Software Update Rings
  • Software Update Ring Assignments

Restore actions

  • Administrative Templates (Device Configurations)
  • Administrative Template Assignments
  • Client App Assignments
  • Device Compliance Policies
  • Device Compliance Policy Assignments
  • Device Configurations
  • Device Configuration Assignments
  • Device Management Scripts (Device Configuration -> PowerShell Scripts)
  • Device Management Script Assignments
  • Software Update Rings
  • Software Update Ring Assignments

Examples

Example 01 - Full Intune Backup

Start-IntuneBackup -Path C:\temp\IntuneBackup

Example 02 - Full Intune Restore

Start-IntuneRestoreConfig -Path C:\temp\IntuneBackup
Start-IntuneRestoreAssignments -Path C:\temp\IntuneBackup

Example 03 - Restore Intune Assignments

If configurations have been restored:

Start-IntuneRestoreAssignments -Path C:\temp\IntuneBackup

If reassigning assignments to existing (non-restored) configurations. In this case the assignments match the configuration id to restore to.
This allows for restoring if display names have changed.

Start-IntuneRestoreAssignments -Path C:\temp\IntuneBackup -RestoreById $true

Example 04 - Restore only Intune Compliance Policies

Invoke-IntuneRestoreDeviceCompliancePolicy -Path C:\temp\IntuneBackup
Invoke-IntuneRestoreDeviceCompliancePolicyAssignments -Path C:\temp\IntuneBackup

Example 05 - Restore Only Intune Device Configurations

Invoke-IntuneRestoreDeviceConfiguration -Path C:\temp\IntuneBackup
Invoke-IntuneRestoreDeviceConfigurationAssignments -Path C:\temp\IntuneBackup

Example 06 - Compare two Backup Files for changes

# The DifferenceFilePath should point to the latest Intune Backup file, as it might contain new properties.
Compare-IntuneBackupFile -ReferenceFilePath 'C:\temp\IntuneBackup\Device Configurations\Windows - Endpoint Protection.json' -DifferenceFilePath 'C:\temp\IntuneBackupLatest\Device Configurations\Windows - Endpoint Protection.json'

Known Issues

  • Does not support backing up Intune configuration items with duplicate Display Names. Files may be overwritten.
  • Unable to restore Client App Assignments for Windows Line-of-Business Apps (MSI)
  • Intune Configurations that contain Display Names that include any of the following characters: \/:*?"<>| may generate errors during back-up.
You can’t perform that action at this time.