Public/Invoke-IntuneRestoreGroupPolicyConfigurationSP.ps1
|
function Invoke-IntuneRestoreGroupPolicyConfigurationSP { <# .SYNOPSIS Restore Intune Group Policy Configurations .DESCRIPTION Restore Intune Group Policy Configurations from JSON files per Group Policy Configuration Policy from the specified Path. .PARAMETER Path Root path where backup files are located, created with the Invoke-IntuneBackupGroupPolicyConfigurations function .EXAMPLE Invoke-IntuneRestoreGroupPolicyConfiguration -Path "C:\temp" -RestoreById $true #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Path, [Parameter(Mandatory = $false)] [ValidateSet("v1.0", "Beta")] [string]$ApiVersion = "Beta" ) # Ensure the Microsoft Graph module is installed and imported if (-not (Get-Module -Name Microsoft.Graph -ListAvailable)) { Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force } Import-Module Microsoft.Graph.DeviceManagement # Connect to Microsoft Graph if not already connected if (-not (Get-MgUser -UserId me -ErrorAction SilentlyContinue)) { Connect-MgGraph -Scopes "DeviceManagementApps.Read.All","DeviceManagementApps.ReadWrite.All","DeviceManagementConfiguration.Read.All","DeviceManagementConfiguration.ReadWrite.All","DeviceManagementServiceConfig.Read.All","DeviceManagementServiceConfig.ReadWrite.All" } # Function to get all pages of results function Get-AllPages { param ( [Parameter(Mandatory = $true)] [string]$Uri ) $results = @() $response = Invoke-MgGraphRequest -Method GET -Uri $Uri $results += $response.value while ($null -ne $response.'@odata.nextLink') { $response = Invoke-MgGraphRequest -Method GET -Uri $response.'@odata.nextLink' $results += $response.value } return $results } # Get all Group Policy Configurations $groupPolicyConfigurations = Get-ChildItem -Path "$Path\Administrative Templates" -File foreach ($groupPolicyConfiguration in $groupPolicyConfigurations) { $groupPolicyConfigurationContent = Get-Content -LiteralPath $groupPolicyConfiguration.FullName -Raw | ConvertFrom-Json # Restore the Group Policy Configuration try { $groupPolicyConfigurationRequestBody = @{ displayName = $groupPolicyConfiguration.BaseName } $groupPolicyConfigurationObject = Invoke-MGGraphRequest -Method POST -Uri "$apiVersion/deviceManagement/groupPolicyConfigurations" -Body ($groupPolicyConfigurationRequestBody | ConvertTo-Json).toString() -ErrorAction Stop [PSCustomObject]@{ "Action" = "Restore" "Type" = "Administrative Template" "Name" = $groupPolicyConfigurationObject.displayName "Path" = "Administrative Templates\$($groupPolicyConfiguration.Name)" } foreach ($groupPolicyConfigurationSetting in $groupPolicyConfigurationContent) { $groupPolicyDefinitionValue = Invoke-MGGraphRequest -Method POST -Uri "$apiVersion/deviceManagement/groupPolicyConfigurations/$($groupPolicyConfigurationObject.id)/definitionValues" -Body ($groupPolicyConfigurationSetting | ConvertTo-Json -Depth 100).toString() -ErrorAction Stop $groupPolicyDefinition = Invoke-MGGraphRequest -Method GET -Uri "$apiVersion/deviceManagement/groupPolicyConfigurations/$($groupPolicyConfigurationObject.id)/definitionValues/$($groupPolicyDefinitionValue.id)/definition" [PSCustomObject]@{ "Action" = "Restore" "Type" = "Administrative Template Setting" "Name" = $groupPolicyDefinition.displayName "Path" = "Administrative Templates\$($groupPolicyConfiguration.Name)" } } } catch { Write-Verbose "$($groupPolicyConfiguration.BaseName) - Failed to restore Group Policy Configuration and/or (one or more) Settings" -Verbose Write-Error $_ -ErrorAction Continue } } } |