IntuneBackupAndRestoreSP

4.0

Public/Invoke-IntuneBackupGroupPolicyConfigurationSP.ps1

                                function Invoke-IntuneBackupGroupPolicyConfigurationSP {

    <#

    .SYNOPSIS

    Backup Intune Group Policy Configurations

    .DESCRIPTION

    Backup Intune Group Policy Configurations as JSON files per Group Policy Configuration Policy to the specified Path.

    .PARAMETER Path

    Path to store backup files

    .EXAMPLE

    Invoke-IntuneBackupGroupPolicyConfiguration -Path "C:\temp"

    #>

    [CmdletBinding()]

    param(

        [Parameter(Mandatory = $true)]

        [string]$Path,

        [Parameter(Mandatory = $false)]

        [ValidateSet("v1.0", "Beta")]

        [string]$ApiVersion = "Beta"

    )

    # Ensure the Microsoft Graph module is installed and imported

    if (-not (Get-Module -Name Microsoft.Graph -ListAvailable)) {

        Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force

    }

    Import-Module Microsoft.Graph.DeviceManagement

    # Connect to Microsoft Graph if not already connected

    if (-not (Get-MgUser -UserId me -ErrorAction SilentlyContinue)) {

        Connect-MgGraph -Scopes "DeviceManagementApps.Read.All","DeviceManagementApps.ReadWrite.All","DeviceManagementConfiguration.Read.All","DeviceManagementConfiguration.ReadWrite.All","DeviceManagementServiceConfig.Read.All","DeviceManagementServiceConfig.ReadWrite.All"

    }

    # Function to get all pages of results

    function Get-AllPages {

        param (

            [Parameter(Mandatory = $true)]

            [string]$Uri

        )

        $results = @()

        $response = Invoke-MgGraphRequest -Method GET -Uri $Uri

        $results += $response.value

        while ($null -ne $response.'@odata.nextLink') {

            $response = Invoke-MgGraphRequest -Method GET -Uri $response.'@odata.nextLink'

            $results += $response.value

        }

        return $results

    }

    # Create folder if not exists

    if (-not (Test-Path "$Path\Administrative Templates")) {

        $null = New-Item -Path "$Path\Administrative Templates" -ItemType Directory

    }

    # Get all Group Policy Configurations

    $groupPolicyConfigurations = Get-allpages -Uri "https://graph.microsoft.com/$ApiVersion/deviceManagement/groupPolicyConfigurations"

    foreach ($groupPolicyConfiguration in $groupPolicyConfigurations) {

        $groupPolicyDefinitionValues = Get-allpages -Uri "https://graph.microsoft.com/$ApiVersion/deviceManagement/groupPolicyConfigurations/$($groupPolicyConfiguration.id)/definitionValues"

        $groupPolicyBackupValues = @()

        foreach ($groupPolicyDefinitionValue in $groupPolicyDefinitionValues) {

            $groupPolicyDefinition = Invoke-MGGraphRequest -Method GET -Uri "$apiVersion/deviceManagement/groupPolicyConfigurations/$($groupPolicyConfiguration.id)/definitionValues/$($groupPolicyDefinitionValue.id)/definition"

            $groupPolicyPresentationValues = (Invoke-MGGraphRequest -Method GET -Uri "$apiVersion/deviceManagement/groupPolicyConfigurations/$($groupPolicyConfiguration.id)/definitionValues/$($groupPolicyDefinitionValue.id)/presentationValues?`$expand=presentation").Value | Select-Object -Property * -ExcludeProperty lastModifiedDateTime, createdDateTime

            $groupPolicyBackupValue = @{

                "enabled" = $groupPolicyDefinitionValue.enabled

                "definition@odata.bind" = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($groupPolicyDefinition.id)')"

            }

            if ($groupPolicyPresentationValues.value) {

                $groupPolicyBackupValue."presentationValues" = @()

                foreach ($groupPolicyPresentationValue in $groupPolicyPresentationValues) {

                    $groupPolicyBackupValue."presentationValues" +=

                        @{

                            "@odata.type" = $groupPolicyPresentationValue.'@odata.type'

                            "value" = $groupPolicyPresentationValue.value

                            "presentation@odata.bind" = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($groupPolicyDefinition.id)')/presentations('$($groupPolicyPresentationValue.presentation.id)')"

                        }

                }

            } elseif ($groupPolicyPresentationValues.values) {

                $groupPolicyBackupValue."presentationValues" = @(

                    @{

                        "@odata.type" = $groupPolicyPresentationValues.'@odata.type'

                        "values" = @(

                            foreach ($groupPolicyPresentationValue in $groupPolicyPresentationValues.values) {

                                @{

                                    "name" = $groupPolicyPresentationValue.name

                                    "value" = $groupPolicyPresentationValue.value

                                }

                            }

                        )

                        "presentation@odata.bind" = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($groupPolicyDefinition.id)')/presentations('$($groupPolicyPresentationValues.presentation.id)')"

                    }

                )

            }

            $groupPolicyBackupValues += $groupPolicyBackupValue

        }

        $fileName = ($groupPolicyConfiguration.displayName).Split([IO.Path]::GetInvalidFileNameChars()) -join '_'

        $groupPolicyBackupValues | ConvertTo-Json -Depth 100 | Out-File -LiteralPath "$path\Administrative Templates\$fileName.json"

        [PSCustomObject]@{

            "Action" = "Backup"

            "Type"   = "Administrative Template"

            "Name"   = $groupPolicyConfiguration.displayName

            "Path"   = "Administrative Templates\$fileName.json"

        }

    }

}