IntuneBackupAndRestoreSP

4.0

Public/Invoke-IntuneBackupAppProtectionPolicySP.ps1

                                function Invoke-IntuneBackupAppProtectionPolicySP {

    <#

    .SYNOPSIS

    Backup Intune App Protection Policy

    .DESCRIPTION

    Backup Intune App Protection Policies as JSON files per App Protection Policy to the specified Path.

    .PARAMETER Path

    Path to store backup files

    .EXAMPLE

    Invoke-IntuneBackupAppProtectionPolicySP -Path "C:\temp"

    #>

    [CmdletBinding()]

    param(

        [Parameter(Mandatory = $true)]

        [string]$Path,

        [Parameter(Mandatory = $false)]

        [ValidateSet("v1.0", "Beta")]

        [string]$ApiVersion = "Beta"

    )

    # Ensure the Microsoft Graph module is installed and imported

    if (-not (Get-Module -Name Microsoft.Graph -ListAvailable)) {

        Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force

    }

    Import-Module Microsoft.Graph.DeviceManagement

    # Connect to Microsoft Graph if not already connected

    if (-not (Get-MgUser -UserId me -ErrorAction SilentlyContinue)) {

        Connect-MgGraph -Scopes "DeviceManagementApps.Read.All","DeviceManagementApps.ReadWrite.All","DeviceManagementConfiguration.Read.All","DeviceManagementConfiguration.ReadWrite.All","DeviceManagementServiceConfig.Read.All","DeviceManagementServiceConfig.ReadWrite.All"

    }

    # Function to get all pages of results

    function Get-AllPages {

        param (

            [Parameter(Mandatory = $true)]

            [string]$Uri

        )

        $results = @()

        $response = Invoke-MgGraphRequest -Method GET -Uri $Uri

        $results += $response.value

        while ($null -ne $response.'@odata.nextLink') {

            $response = Invoke-MgGraphRequest -Method GET -Uri $response.'@odata.nextLink'

            $results += $response.value

        }

        return $results

    }

    # Create folder if not exists

    if (-not (Test-Path "$Path\App Protection Policies")) {

        $null = New-Item -Path "$Path\App Protection Policies" -ItemType Directory

    }

    # Get all App Protection Policies

    $appProtectionPolicies = @()

    $appProtectionPolicies += Get-AllPages -Uri "https://graph.microsoft.com/$ApiVersion/deviceAppManagement/managedAppPolicies"

    foreach ($appProtectionPolicy in $appProtectionPolicies) {

        # Ensure @odata.type is included in the JSON output

        #$policyWithOdataType = $appProtectionPolicy | Select-Object -Property *, @{Name = '@odata.type'; Expression = {$appProtectionPolicy.'@odata.type'}}

        $fileName = ($appProtectionPolicy.displayName).Split([IO.Path]::GetInvalidFileNameChars()) -join '_'

        $appProtectionPolicy | ConvertTo-Json -Depth 100 | Out-File -LiteralPath "$Path\App Protection Policies\$fileName.json"

        [PSCustomObject]@{

            "Action" = "Backup"

            "Type"   = "App Protection Policy"

            "Name"   = $appProtectionPolicy.displayName

            "Path"   = "App Protection Policies\$fileName.json"

        }

    }

}