Nov 21 2021 06:22 AM - edited Nov 23 2021 04:12 AM
Dear Microsoft Intune Friends,
Imagine the following situation. You have invested several hours to build your Microsoft Endpoint Manager (Intune) infrastructure. After the final tests, everything is now working exactly as you imagined. Now the question arises how can I backup all these settings and configurations? I will answer this question in this article.
Note: I will describe how to compare and restore the backup in a next article.
What we can do in the Microsoft Endpoint Manager portal is export configuration settings to a CSV file. However, this is not exactly what I wanted.
To create a complete backup of our tenant we need the power of PowerShell (power of PowerShell - funny )
I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments):
#The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE
Set-Location
Clear-Host
#Customize the ExecutionPolicy (absolutely OK for this demo)
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
#Install the Module
Install-Module -Name Microsoft.Graph.Intune -Verbose -Force -AllowClobber
#Install the Module
Install-Module -Name MSGraphFunctions -Verbose -Force -AllowClobber
#Import the Module
Import-Module -Name MSGraphFunctions
#Install the Module
Install-Module -Name AzureAD -Verbose -Force -AllowClobber
#Install IntuneBackupAndRestore from the PowerShell Gallery
Install-Module -Name IntuneBackupAndRestore -Verbose -Force -AllowClobber
#Update the Module
Update-Module -Name IntuneBackupAndRestore -Verbose
#Import the Module
Import-Module IntuneBackupAndRestore
#Connect to Microsoft Graph
Connect-MSGraph
Here you must agree to the extended permissions.
#Create a folder
New-Item -ItemType Directory -Path C:\Backup\IntuneBackup
#Switch to the folder
Set-Location C:\Backup\IntuneBackup
#Create the Full-Backup
Start-IntuneBackup -Path 'C:\Backup\IntuneBackup'
It starts with the creation of the backup.
#Let's look at the content
Get-ChildItem -Path 'C:\Backup\IntuneBackup'
Let's start Windows Explorer and navigate to our backup folder, Bingo....we have a complete backup!
I know that was nothing spectacular, but I still wanted to share my experience with you.
Thank you for taking the time to read this article.
Kind regards, Tom Wechsler
P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
Nov 24 2021 12:30 AM
How we can automate this process via Azure Automation? I would like to schedule Intune Backup.
Best Regards
Rashad Bakirov
Jun 16 2022 10:31 PM
@rashadbakirov maybe use storage account and file share and schedule the script to run.
Jun 18 2022 05:01 PM
Here's a method (using a different module though) for backup and documentation of your tenant using Azure DevOps or GitHub:
https://stealthpuppy.com/automate-intune-documentation-azure/
https://stealthpuppy.com/automate-intune-documentation-github/
Nov 11 2022 05:46 AM
Nov 14 2022 06:47 AM
Apr 05 2023 01:47 AM
Hi! This is great article for not only me but also every modern windows management engineer!
I would ask one going wrong thing. With this script, it seems that I can get full-backup from my Intune.
But more looking, There are not Backup of "Setting Catalog" which is Profile type of Device Configuration Profile.
With this script, Is "Setting Catalog" type not available to get backup from Device Configuration Profile ?
Apr 06 2023 06:17 PM
Sep 06 2023 08:46 AM
Is there a way to copy the data, user profile, security profile and applications off a customer's asset prior to imaging the new replacement asset to ensure that the new refreshed asset can be quickly swapped out to allow the customer to return back to work quickly with no interruptions beyond swapping out the old asset with the new and booting up?
Sep 06 2023 08:47 AM
Nov 30 2023 07:49 AM - edited Nov 30 2023 07:52 AM
Hi Tom
Thanks for the backup script. I tried it out today and the full Intune configuration and catalogs got backed up. A little tinkering was required on the permissions part and it did work 100%!!
I will be trying out the steps you have mentioned for backup restoration.
Thanks a ton !!!
Best regards
Manoj
Nov 30 2023 08:57 AM
May 07 2024 06:41 AM
@TomWechsler
The script no longer works.
Microsoft deleted Intune PowerShell application ID (d1ddf0e4-d672-4dae-b554-9d5bdfd93547) which by default is used in Connect-MsGraph.
Resolution
Create Azure AD application in tenant with permission the same as Enterprise Application Microsoft Intune PowerShell then before cmdlet Connect-MsGraph
Use Update-MSGraphEnvironment -AppId yournewappid -AuthUrl "https://login.microsoftonline.com/yourTenantID"
May 13 2024 07:12 AM - edited May 13 2024 07:13 AM
This worked for me:
Created new APP reg with same permissions as "Microsoft Intune PowerShell" application. Added Authentication platform of type Mobile and desktop application with Reply URL of urn:ietf:wg:oauth:2.0:oob.
Run:
Update-MSGraphEnvironment -AppId <new app ID> -AuthUrl https://login.microsoftonline.com/<tenantID>
Then connect-MSGraph -ForceInteractive and use you intune admin account.