(101) Microsoft Intune - Backup and Restore
- Mr B SOE way
- Feb 27, 2024
- 2 min read
Awhile back I posted about backing up 'Microsoft Intune Infrastructure' which was covered in this post: https://soeintunedevice.wixsite.com/home/post/63-backup-microsoft-intune-infrastructure
With the modules, it does use https://www.powershellgallery.com/packages/IntuneBackupAndRestore/2.0.0 which does the require the following:
Requires Microsoft.Graph.Intune PowerShell Module (Install-Module -Name Microsoft.Graph.Intune)
Connect to Microsoft Graph using the Connect-MSGraph PSCmdlet first.
Make sure to import the IntuneBackupAndRestore PowerShell module before using it with the Import-Module IntuneBackupAndRestore cmdlet.
What does it backup and restore?
Administrative Templates (Device Configurations)
Administrative Template Assignments
App Protection Policies
App Protection Policy Assignments
Client Apps
Client App Assignments
Device Compliance Policies
Device Compliance Policy Assignments
Device Configurations
Device Configuration Assignments
Device Management Scripts (Device Configuration -> PowerShell Scripts)
Device Management Script Assignments
Proactive Remediations
Proactive Remediation Assignments
Settings Catalog Policies
Settings Catalog Policy Assignments
Software Update Rings
Software Update Ring Assignments
Endpoint Security Configurations
Security Baselines
Windows 10 Security Baselines
Microsoft Defender ATP Baselines
Microsoft Edge Baseline
Antivirus
Disk encryption
Firewall
Endpoint detection and response
Attack surface reduction
Account protection
Device compliance
For 'Backup' procedures - from an existing tenant
Instructions:
Run PowerShell as Administrator
Run the following:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Install-Module -Name Microsoft.Graph.Intune -Verbose -Force -AllowClobber
Install-Module -Name MSGraphFunctions -Verbose -Force -AllowClobber
Import-Module -Name MSGraphFunctions
Install-Module -Name AzureAD -Verbose -Force -AllowClobber
Install-Module -Name IntuneBackupAndRestore -Verbose -Force -AllowClobber
Update-Module -Name IntuneBackupAndRestore -Verbose
Import-Module IntuneBackupAndRestore
Connect-MSGraph New-Item -ItemType Directory -Path C:\Backup\IntuneBackup-ACSC
Set-Location C:\Backup\IntuneBackup-ACSC
Start-IntuneBackup -Path 'C:\Backup\IntuneBackup-ACSC'
For 'Restore' procedures - to a new tenant:
For this example, I created a new demo tenant which had pretty much nothing in there.
Instructions:
Run PowerShell as Administrator
Run the following:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Install-Module -Name Microsoft.Graph.Intune -Verbose -Force -AllowClobber
Install-Module -Name MSGraphFunctions -Verbose -Force -AllowClobber
Import-Module -Name MSGraphFunctions
Install-Module -Name AzureAD -Verbose -Force -AllowClobber
Install-Module -Name IntuneBackupAndRestore -Verbose -Force -AllowClobber
Update-Module -Name IntuneBackupAndRestore -Verbose
Import-Module IntuneBackupAndRestore
Connect-MSGraph
[Note: When prompted, login with the demo tenant/new tenant credentials] like below
Next you run the following: Start-IntuneRestoreConfig -Path <Locationofyourbackup>, in this case for me it was Start-IntuneRestoreConfig -Path C:\Backup\IntuneBackup-ACSC And at the bottom you can see the process of it restoring the profiles back to the new profile.
And as part of the restore, you can see the device configuration profiles
Comentários