Public/Invoke-IntuneBackupDeviceManagementIntentSP.ps1
|
function Invoke-IntuneBackupDeviceManagementIntentSP { <# .SYNOPSIS Backup Intune Device Management Intents .DESCRIPTION Backup Intune Device Management Intents as JSON files per Device Management Intent to the specified Path. .PARAMETER Path Path to store backup files .EXAMPLE Invoke-IntuneBackupDeviceManagementIntent -Path "C:\temp" #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Path, [Parameter(Mandatory = $false)] [ValidateSet("v1.0", "Beta")] [string]$ApiVersion = "Beta" ) # Ensure the Microsoft Graph module is installed and imported if (-not (Get-Module -Name Microsoft.Graph -ListAvailable)) { Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force } Import-Module Microsoft.Graph.DeviceManagement # Connect to Microsoft Graph if not already connected if (-not (Get-MgUser -UserId me -ErrorAction SilentlyContinue)) { Connect-MgGraph -Scopes "DeviceManagementApps.Read.All","DeviceManagementApps.ReadWrite.All","DeviceManagementConfiguration.Read.All","DeviceManagementConfiguration.ReadWrite.All","DeviceManagementServiceConfig.Read.All","DeviceManagementServiceConfig.ReadWrite.All" } # Function to get all pages of results function Get-AllPages { param ( [Parameter(Mandatory = $true)] [string]$Uri ) $results = @() $response = Invoke-MgGraphRequest -Method GET -Uri $Uri $results += $response.value while ($null -ne $response.'@odata.nextLink') { $response = Invoke-MgGraphRequest -Method GET -Uri $response.'@odata.nextLink' $results += $response.value } return $results } # Create folder if not exists if (-not (Test-Path "$Path\Device Management Intents")) { $null = New-Item -Path "$Path\Device Management Intents" -ItemType Directory } Write-Verbose "Requesting Intents" $intents =@() $intents = Get-allpages -uri "https://graph.microsoft.com/$ApiVersion/deviceManagement/intents" foreach ($intent in $intents) { # Get the corresponding Device Management Template Write-Verbose "Requesting Template" $template = Invoke-MgGraphRequest -Method GET -Uri "$apiVersion/deviceManagement/templates/$($intent.templateId)" $templateDisplayName = ($template.displayName).Split([IO.Path]::GetInvalidFileNameChars()) -join '_' if (-not (Test-Path "$Path\Device Management Intents\$templateDisplayName")) { $null = New-Item -Path "$Path\Device Management Intents\$templateDisplayName" -ItemType Directory } # Get all setting categories in the Device Management Template Write-Verbose "Requesting Template Categories" $templateCategories = Invoke-MGGraphRequest -Method GET -Uri "$apiVersion/deviceManagement/templates/$($intent.templateId)/categories" $intentSettingsDelta = @() foreach ($templateCategory in $templateCategories) { # Get all configured values for the template categories Write-Verbose "Requesting Intent Setting Values" $intentSettingsDelta += (Invoke-MGGraphRequest -Method GET -Uri "$apiVersion/deviceManagement/intents/$($intent.id)/categories/$($templateCategory.values.id)/settings").value } $intentBackupValue = @{ "displayName" = $intent.displayName "description" = $intent.description "settingsDelta" = $intentSettingsDelta "roleScopeTagIds" = $intent.roleScopeTagIds } $fileName = ("$($template.id)_$($intent.displayName)").Split([IO.Path]::GetInvalidFileNameChars()) -join '_' $intentBackupValue | ConvertTo-Json | Out-File -LiteralPath "$path\Device Management Intents\$templateDisplayName\$fileName.json" [PSCustomObject]@{ "Action" = "Backup" "Type" = "Device Management Intent" "Name" = $intent.displayName "Path" = "Device Management Intents\$templateDisplayName\$fileName.json" } } } |