Forum Discussion
How to create a backup of your Microsoft Endpoint Manager (Intune) infrastructure!
Dear Microsoft Intune Friends,
Imagine the following situation. You have invested several hours to build your Microsoft Endpoint Manager (Intune) infrastructure. After the final tests, everything is now working exactly as you imagined. Now the question arises how can I backup all these settings and configurations? I will answer this question in this article.
Note: I will describe how to compare and restore the backup in a next article.
What we can do in the Microsoft Endpoint Manager portal is export configuration settings to a CSV file. However, this is not exactly what I wanted.
To create a complete backup of our tenant we need the power of PowerShell (power of PowerShell - funny )
I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments):
#The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE
Set-Location
Clear-Host
#Customize the ExecutionPolicy (absolutely OK for this demo)
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
#Install the Module
Install-Module -Name Microsoft.Graph.Intune -Verbose -Force -AllowClobber
#Install the Module
Install-Module -Name MSGraphFunctions -Verbose -Force -AllowClobber
#Import the Module
Import-Module -Name MSGraphFunctions
#Install the Module
Install-Module -Name AzureAD -Verbose -Force -AllowClobber
#Install IntuneBackupAndRestore from the PowerShell Gallery
Install-Module -Name IntuneBackupAndRestore -Verbose -Force -AllowClobber
#Update the Module
Update-Module -Name IntuneBackupAndRestore -Verbose
#Import the Module
Import-Module IntuneBackupAndRestore
#Connect to Microsoft Graph
Connect-MSGraph
Here you must agree to the extended permissions.
#Create a folder
New-Item -ItemType Directory -Path C:\Backup\IntuneBackup
#Switch to the folder
Set-Location C:\Backup\IntuneBackup
#Create the Full-Backup
Start-IntuneBackup -Path 'C:\Backup\IntuneBackup'
It starts with the creation of the backup.
#Let's look at the content
Get-ChildItem -Path 'C:\Backup\IntuneBackup'
Let's start Windows Explorer and navigate to our backup folder, Bingo....we have a complete backup!
I know that was nothing spectacular, but I still wanted to share my experience with you.
Thank you for taking the time to read this article.
Kind regards, Tom Wechsler
P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
- rashadbakirovBrass Contributor
How we can automate this process via Azure Automation? I would like to schedule Intune Backup.
Best Regards
Rashad Bakirov
- Devraj_MukherjeeCopper Contributor
rashadbakirov maybe use storage account and file share and schedule the script to run.
- Aaron ParkerCopper Contributor
Here's a method (using a different module though) for backup and documentation of your tenant using Azure DevOps or GitHub:
https://stealthpuppy.com/automate-intune-documentation-azure/
https://stealthpuppy.com/automate-intune-documentation-github/
- Bryan5150Copper ContributorThis is great but it seems to overlook the Endpoint Security profiles. Like security baselines and any other security profiles. Is there a way to grab those configurations?
- Arrow-JrCopper ContributorThank you im going to try it
- Ytk_ODCopper Contributor
Hi! This is great article for not only me but also every modern windows management engineer!
I would ask one going wrong thing. With this script, it seems that I can get full-backup from my Intune.
But more looking, There are not Backup of "Setting Catalog" which is Profile type of Device Configuration Profile.
With this script, Is "Setting Catalog" type not available to get backup from Device Configuration Profile ?
- Ytk_ODCopper ContributorSorry for my misunderstand....
Setting Catalog is also available with this PS script
There is a different folder named "Setting Catalog". And it placed at there.- Beezer20Copper Contributor
Is there a way to copy the data, user profile, security profile and applications off a customer's asset prior to imaging the new replacement asset to ensure that the new refreshed asset can be quickly swapped out to allow the customer to return back to work quickly with no interruptions beyond swapping out the old asset with the new and booting up?
- csmknairCopper Contributor
Hi Tom
Thanks for the backup script. I tried it out today and the full Intune configuration and catalogs got backed up. A little tinkering was required on the permissions part and it did work 100%!!
I will be trying out the steps you have mentioned for backup restoration.
Thanks a ton !!!
Best regards
Manoj
- It's a pleasure!
- Radek1520Copper Contributor
TomWechsler
The script no longer works.
Microsoft deleted Intune PowerShell application ID (d1ddf0e4-d672-4dae-b554-9d5bdfd93547) which by default is used in Connect-MsGraph.
Resolution
Create Azure AD application in tenant with permission the same as Enterprise Application Microsoft Intune PowerShell then before cmdlet Connect-MsGraph
Use Update-MSGraphEnvironment -AppId yournewappid -AuthUrl "https://login.microsoftonline.com/yourTenantID"- jessesuteladxccomCopper Contributor
This worked for me:
Created new APP reg with same permissions as "Microsoft Intune PowerShell" application. Added Authentication platform of type Mobile and desktop application with Reply URL of urn:ietf:wg:oauth:2.0:oob.
Run:
Update-MSGraphEnvironment -AppId <new app ID> -AuthUrl https://login.microsoftonline.com/<tenantID>
Then connect-MSGraph -ForceInteractive and use you intune admin account.
- shamyogCopper Contributor
TomWechsler I am getting below error and can't figure it out what was the issue
Can you please help me to fix this.
Thank you.