IntuneBackupAndRestoreSP

4.0

Public/Invoke-IntuneRestoreAppProtectionPolicySP.ps1

                                function Invoke-IntuneRestoreAppProtectionPolicySP {

    <#

    .SYNOPSIS

    Restore Intune App Protection Policy

    .DESCRIPTION

    Restore Intune App Protection Policies from JSON files per App Protection Policy from the specified Path.

    .PARAMETER Path

    Root path where backup files are located, created with the Invoke-IntuneBackupAppProtectionPolicy function

    .EXAMPLE

    Invoke-IntuneRestoreAppProtectionPolicySP -Path "C:\temp"

    #>

    [CmdletBinding()]

    param(

        [Parameter(Mandatory = $true)]

        [string]$Path,

        [Parameter(Mandatory = $false)]

        [ValidateSet("v1.0", "Beta")]

        [string]$ApiVersion = "Beta"

    )

    # Ensure the Microsoft Graph module is installed and imported

    if (-not (Get-Module -Name Microsoft.Graph -ListAvailable)) {

        Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force

    }

    Import-Module Microsoft.Graph.DeviceManagement

    # Connect to Microsoft Graph if not already connected

    if (-not (Get-MgUser -UserId me -ErrorAction SilentlyContinue)) {

        Connect-MgGraph -Scopes "DeviceManagementApps.Read.All","DeviceManagementApps.ReadWrite.All","DeviceManagementConfiguration.Read.All","DeviceManagementConfiguration.ReadWrite.All","DeviceManagementServiceConfig.Read.All","DeviceManagementServiceConfig.ReadWrite.All"

    }

    # Get all App Protection Policies from the specified path

    $appProtectionPolicies = Get-ChildItem -Path "$Path\App Protection Policies" -File

    foreach ($appProtectionPolicy in $appProtectionPolicies) {

        $appProtectionPolicyContent = Get-Content -LiteralPath $appProtectionPolicy.FullName -Raw

        $appProtectionPolicyDisplayName = ($appProtectionPolicyContent | ConvertFrom-Json).displayName

        # Remove properties that are not available for creating a new configuration

        $requestBodyObject = $appProtectionPolicyContent | ConvertFrom-Json

        # Set SupportsScopeTags to $false, because $true currently returns an HTTP Status 400 Bad Request error.

        if ($requestBodyObject.supportsScopeTags) {

            $requestBodyObject.supportsScopeTags = $false

        }

        $requestBodyObject.PSObject.Properties | ForEach-Object {

            if ($null -ne $_.Value) {

                if ($_.Value.GetType().Name -eq "DateTime") {

                    $_.Value = (Get-Date -Date $_.Value -Format s) + "Z"

                }

            }

        }

        $requestBody = $requestBodyObject | Select-Object -Property * -ExcludeProperty id, createdDateTime, lastModifiedDateTime | ConvertTo-Json -Depth 100

        # Determine the correct URL based on policy type

        $uri = "$ApiVersion/deviceAppManagement/managedAppPolicies"

        # Restore the App Protection Policy

        try {

            $null = Invoke-MgGraphRequest -Method POST -Uri $uri -Body $requestBody.toString() -ErrorAction Stop

            [PSCustomObject]@{

                "Action" = "Restore"

                "Type"   = "App Protection Policy"

                "Name"   = $appProtectionPolicyDisplayName

                "Path"   = "App Protection Policies\$($appProtectionPolicy.Name)"

            }

        }

        catch {

            Write-Verbose "$appProtectionPolicyDisplayName - Failed to restore App Protection Policy" -Verbose

            Write-Error $_ -ErrorAction Continue

        }

    }

}