6/25/20: BREAKING Update: IntuneBackupAndRestore v2.0.0 released, which relies on the Microsoft.Graph.Intune PowerShell module instead of MSGraphFunctions
Thanks to community feedback and with the version 2.0.0 release of the IntuneBackupAndRestore PowerShell Module, the MSGraphFunctions PowerShell Module is now deprecated and will no longer be maintained by me.
As of version 2.0.0, the IntuneBackupAndRestore PowerShell Module has migrated from the MSGraphFunctions PowerShell module to the Microsoft.Graph.Intune PowerShell module. This allows you to use what’s already there instead of having to maintaining a seperate custom dependency. If you update to the latest version, please make sure you meet the new prerequisites below.
- Requires Microsoft.Graph.Intune PowerShell Module
Install-Module -Name Microsoft.Graph.Intune
- Connect to Microsoft Graph using the
Do note that the cmdlet to connect with Microsoft Graph is
Connect-MSGraphin the Microsoft.Graph.Intune module and not the
Check out IntuneBackupAndRestore on GitHub for more information.
Even more, in this blog post, I will walk you through on how to get started backing up and restoring your Microsoft Intune configuration.
First of all, new features will be added to the IntuneBackupAndRestore module on a regular basis. Be sure to check out what Intune configurations are supported for backup and restore actions on GitHub!
Start by installing the required PowerShell Modules.
Install-Module -Name MSGraphFunctions Install-Module -Name IntuneBackupAndRestore
Now import the modules and you are good to go!
Import-Module -Name MSGraphFunctions Import-Module -Name IntuneBackupAndRestore
Connect to Microsoft Graph
First of all, the MSGraphFunctions PowerShell Module contains two functions to Connect to Microsoft Graph. One using Delegated permissions (Connect-Graph) and one using Application permissions (Connect-GraphApplication).
Because application permissions are insufficient for the Intune backup & restore actions, we will be using delegated permissions.
Connect-Graph leverages the application ID of the default “Microsoft Intune PowerShell” application in AzureAD by default, so you don’t need to create your own application.
Now, let’s get authenticated with Microsoft Graph!
# Enter the credentials for an Intune Administrator. $Credential = Get-Credential # Connect to Microsoft Graph Connect-Graph -Credential $Credential
If all went well, you will now be successfully connected to Microsoft Graph using delegated permissions!
Backing up Intune configuration
Now that you have connected to Microsoft Graph, it’s time to backup that Intune configuration!
Start-IntuneBackup -Path C:\temp\IntuneBackup
As a result, your Intune configuration will be backed up to json files in the specified path. Looking for the PowerShell Script Content of uploaded scripts? It’s there as well!
Comparing backup files
Before heading on to restoring your Intune configuration from backup, I would like to show you a helper function that identifies changes between backup files.
In this scenario, I have backed up my Intune configuration before making any changes. I then changed a Device Configuration profile, setting some values for the Xbox Service, as shown in the screenshots below.
Now, If I take another backup, I am able to compare the differences between the files using the Compare-IntuneBackupFile cmdlet.
Compare-IntuneBackupFile -ReferenceFilePath $ReferenceFilePath -DifferenceFilePath $DifferenceFilePath
As you can see in the image above, the previous and current values of the settings are displayed. Also the lastModifiedDateTime and version number of the Device Configuration profile are displayed.
Restoring Intune configuration
For restoring the Intune configuration, there’s a few options you can take.
- Restore the full Intune configuration with or without assignments;
- For a partial restore, move the json files that you don’t wish to restore to another directory then the given path.
- Restore a subset of the Intune configuration using the individual cmdlets.
# Restore Intune configuration Start-IntuneRestoreConfig -Path C:\temp\IntuneBackup
# If you wish to restore the assignments for Intune configurations Start-IntuneRestoreAssignments -Path C:\temp\IntuneBackup
Note: Restoring configurations will not overwrite existing configurations, but creates new ones. Restoring assignments may overwrite existing assignments.
You can use this PowerShell module to backup an Intune configuration in one tenant and restore it in another tenant. Yet, assignments cannot be restored in another tenant out-of-the-box, as references to Object IDs from Azure AD Groups cannot be translated one to one across tenants.
Finally, if you experience any bugs or have any features requests, feel free to create an issue on the corresponding GitHub projects. I’d be happy to answer any questions on my blog too!