Dear Microsoft Intune Friends,

Before we start preparing, it is important for you to know that you have read the following article. In this article I explain how an Intune backup works. These preparations are important because this article builds on them.

Note: How to create a backup of your Microsoft Endpoint Manager (Intune) infrastructure!
https://techcommunity.microsoft.com/t5/microsoft-intune/how-to-create-a-backup-of-your-microsoft-end...

I use an existing management system (Windows) as the platform for the following configuration example. I want to emphasize it again here, it is important that you have made the preparations (which are in the article above). For example, the Consent for the Intune management account is executed and also the PowerShell modules are installed. If all this is in place...Let us now start together.

I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments):

We need login information in the script. But we don't want to store this login information in plain text in the script. For this reason I create a file and put it in the directory C:\.

# Let's create the credential file
$credential = Get-Credential
$credential.Password | ConvertFrom-SecureString | Set-Content c:\encrypted_password.txt

Please create a PowerShell script file (for example: IntuneBackup.ps1) with the following content (between the equal signs). Save it on the C:\ drive. For the variable, replace the username with your Intune management account (which made the Consent).

=========================================================
$User = "yourname@yourdomain.com"

$encrypted = Get-Content c:\encrypted_password.txt | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PsCredential($User, $encrypted)

#Populate Variables
$FilePath = "C:\Backup"

#Create New Folder According to date
$BackupFolder = New-Item -ItemType Directory -Path "C:\Backup\$((Get-Date).ToString('yyyy-MM-dd'))"

#Connect to Graph API to Backup Intune
Connect-MSGraph -credential $Credential

#Start Intune Backup
Start-IntuneBackup -Path $BackupFolder

#Clean Up Old Intune Backups
Get-ChildItem -Path $FilePath | where-object {$_.LastWriteTime -lt (get-date).AddDays(-90)} |Remove-Item -Force
=========================================================

Now we create a basic task in the task scheduler, select daily execution and include our script.

The result will be (after a few days) that the backups will be listed in your specified path.

After 90 days, the oldest backups are deleted by the script. You can customize the days for your needs.

If you ever need to compare or restore from a backup, please check out this article:
https://techcommunity.microsoft.com/t5/microsoft-intune/compare-and-restore-a-microsoft-endpoint-man...

Of course, the whole thing can be extended, for example, with an automated notification. But this step I leave to you ;-).

I hope this article has given you a good foundation on how to automate your Intune Backup. Thank you for taking the time to read this article.

Kind regards, Tom Wechsler

P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler