In this article, we will discuss how to efficiently Backup and Restore Microsoft Intune configurations using PowerShell and Microsoft Graph. We will back up all configurations created in your Microsoft Intune tenant and store them in a shared location. Additionally, we will explore how to restore the backed-up configurations to Intune.
Microsoft Graph is an API (Application programming interface) that provides a single endpoint for accessing data, intelligence, and insights from Microsoft 365 and other Microsoft Cloud services. It provides a single endpoint, https://graph.microsoft.com, that enables access to various data and insights in the Microsoft cloud, including Microsoft 365, Windows, and Enterprise Mobility + Security.
In view of my enthusiasm towards automation, I have always found it intriguing to explore the Microsoft Graph API and PowerShell. The Graph API for Intune offers a programmatic means of accessing Intune-related information for your tenant. This Microsoft Graph API is designed to perform the same range of Intune operations as those available through the Azure Portal.
You can use the Microsoft Graph PowerShell SDK, available in the PowerShell Gallery, to automate the backup and restoration of Microsoft Intune configurations. The SDK includes two modules: Microsoft. Graph and Microsoft.Graph.Beta, which correspond to the Microsoft Graph REST API v1.0 and the Microsoft Graph REST API beta, respectively. Cmdlets are available for the installed modules.
Table of Contents
The Importance of Backing Up Microsoft Intune Configuration
Have you ever considered the importance of backing up your Microsoft Intune configurations? You dedicate hours to fine-tuning your Intune settings to deliver a better service to your customers. Losing any of these carefully configured settings from your environment unexpectedly can be frustrating and disruptive.
Having a proper backup of all your Microsoft Intune configurations can be a lifesaver. A daily backup of your Intune configurations will streamline your processes and enhance your environment. Backing up and restoring your Intune configurations is simple with PowerShell and Microsoft Graph.
This article will cover the easiest method to install the MS Graph PowerShell module, back up Intune configurations, and restore Intune configurations. Make sure you have enough access to back up Intune configurations, and restore Intune configurations. Let’s start.
- New MS Entra PowerShell Module
- Free Entra Training Videos | Start Learning Entra ID Azure AD
- Best Guide to Install Microsoft Graph PowerShell Modules
Install the MSGraphFunctions and IntuneBackupAndRestore Modules
You would need to install the necessary PowerShell modules before you automate the tasks. Let’s install the MSGraphFunctions and IntuneBackupAndRestore Modules.
- Launch PowerShell as an Administrator.
- Run the below command
Install-Module -Name MSGraphFunctionsWhen prompted, confirm with “Yes to All” to proceed. You can use -Force parameter ignore the prompt message. It may take some time to download and install the MSGraphFunctions Module.
You need to Install the IntuneBackupAndRestore module as well to proceed further. Run the following command to Install the Module. When prompted, confirm with “Yes to All” to proceed.
Install-Module -Name IntuneBackupAndRestore
Once the above modules are installed, you can Import both modules with below commands. Remember, you launch PowerShell as an Administrator. The modules will get imported quickly. You’re good to backing Up the Microsoft Intune Configurations.
- Best Guide to Restart Intune Devices Remotely using Microsoft Graph API and PowerShell
- Intune Policy Assignment Classification Easy Secrets of using Graph API with PowerShell
Import-Module -Name MSGraphFunctions
Import-Module -Name IntuneBackupAndRestoreAuthenticate with the Microsoft Graph
You must establish connection with the Microsoft Graph by running below command. Make sure you have enough access to authenticate. Open the PowerShell session as an Administrator and run the Connect-MgGraph command. New Microsoft Login page will popup, you must enter your credential to login.
Connect-MgGraph -ContextScope Process
NOTE! The -ContextScope Process parameter in the Connect-MgGraph cmdlet ensures that the authentication context is scoped to the current PowerShell process. This means that the authentication session remains active only within the running PowerShell instance and does not persist beyond it- Manage Intune Tasks with PowerShell Part 1
- Managing Windows Bitlocker Compliance Policy Using Intune | MS Graph | Grace Period
Back Up the Microsoft Intune Configuration
Let’s start backing up your Microsoft Intune configurations. Running the command below will initiate the backup process. Specify the correct path where you want the backup files to be saved. I recommend storing them in a shared location. In this example, I am backing up the Intune configurations to E:\Backup_Intune.
Start-IntuneBackup -Path E:\Backup_Intune| Action | Type | Name | Path |
|---|---|---|---|
| Backup | Intune Backup and Restore Action | IntuneBackupAndRestore – Start Intune Backup Config and Assignments | E:\Backup_Intune |
The backup process may take a few minutes to complete. Verify the backed-up Microsoft Intune configurations in the path you specified in the command. My backed-up files are in E:\Backup_Intune folder.
- Intune Proactive Remediation Scripts Vs PowerShell Scripts
- How to Trigger SCCM Client Agent Actions Using PowerShell Script
Restore Microsoft Intune Configuration
We have successfully created a backup of all Microsoft Intune configurations. Now, let’s learn how to restore them in case any of these configured settings are unexpectedly lost from your environment. This step restores the configuration settings but does not include policy or app assignments.
- Best way to Deploy Shell Scripts using Intune
- Run Remediation Script on-demand for Windows Devices using Intune
- PowerShell Script to Create a Local Admin Account using Intune
For testing purposes, I have deleted all my configuration policies. Currently, there are no configuration policies in my lab. Let’s restore them.
You can use the below command to Restore the configration from backup folder. You must open the PowerShell session as an Administrator and run the Connect-MgGraph command to sign in again.
Start-IntuneRestoreConfig E:\Backup_Intune
The configuration policies have been restored. Let’s verify this by navigating to Devices > Windows > Configuration in the Microsoft Intune Admin Portal.
This step restored the configuration settings but does not include policy or app assignments. You could restore the Assignments run the following command.
Start-IntuneRestoreAssignments E:\Backup_Intune
I trust that this article will significantly benefit you and your organization. I appreciate your patience in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
About the Author: Sujin Nelladath, a Microsoft Graph MVP with over 11 years of experience in SCCM device management and Automation solutions, writes and shares his experiences with Microsoft device management technologies, Azure, DevOps and PowerShell automation.