This PowerShell Module queries Microsoft Graph, and allows for cross-tenant Backup & Restore actions of your Intune Configuration.
Intune Configuration is backed up as (json) files in a given directory.
Thanks https://github.com/mhu4711 for updating this PowerShell module to the Microsoft.Graph PowerShell module.
# Install IntuneBackupAndRestore from the PowerShell Gallery
Install-Module -Name IntuneBackupAndRestore# Update IntuneBackupAndRestore from the PowerShell Gallery
Update-Module -Name IntuneBackupAndRestore- Requires Microsoft.Graph PowerShell Module (
Install-Module -Name Microsoft.Graph,Install-Module Microsoft.Graph.Beta -AllowClobber) - Make sure to import the IntuneBackupAndRestore PowerShell module before using it with the
Import-Module IntuneBackupAndRestorecmdlet.
- Administrative Templates (Device Configurations)
- Administrative Template Assignments
- App Protection Policies
- App Protection Policy Assignments
- Autopilot Deployment Profiles
- Autopilot Deployment Profile Assignments
- Client Apps
- Client App Assignments
- Device Compliance Policies
- Device Compliance Policy Assignments
- Device Configurations
- Device Configuration Assignments
- Device Management Scripts (Device Configuration -> PowerShell Scripts)
- Device Management Script Assignments
- Proactive Remediations
- Proactive Remediation Assignments
- Settings Catalog Policies
- Settings Catalog Policy Assignments
- Software Update Rings
- Software Update Ring Assignments
- Endpoint Security Configurations
- Security Baselines
- Windows 10 Security Baselines
- Microsoft Defender ATP Baselines
- Microsoft Edge Baseline
- Antivirus
- Disk encryption
- Firewall
- Endpoint detection and response
- Attack surface reduction
- Account protection
- Device compliance
- Security Baselines
- Administrative Templates (Device Configurations)
- Administrative Template Assignments
- App Protection Policies
- App Protection Policy Assignments
- Autopilot Deployment Profiles
- Autopilot Deployment Profile Assignments
- Client App Assignments
- Device Compliance Policies
- Device Compliance Policy Assignments
- Device Configurations
- Device Configuration Assignments
- Device Management Scripts (Device Configuration -> PowerShell Scripts)
- Device Management Script Assignments
- Proactive Remediations
- Proactive Remediation Assignments
- Settings Catalog Policies
- Settings Catalog Policy Assignments
- Software Update Rings
- Software Update Ring Assignments
- Endpoint Security Configurations
- Security Baselines
- Windows 10 Security Baselines
- Microsoft Defender ATP Baselines
- Microsoft Edge Baseline
- Antivirus
- Disk encryption
- Firewall
- Endpoint detection and response
- Attack surface reduction
- Account protection
- Device compliance
- Security Baselines
Please note that some Client App settings can be backed up, for instance the retrieval of Win32 (un)install cmdlets, requirements, etcetera. The Client App itself is not backed up and this module does not support restoring Client Apps at this time.
Start-IntuneBackup -Path C:\temp\IntuneBackupStart-IntuneRestoreConfig -Path C:\temp\IntuneBackup
Start-IntuneRestoreAssignments -Path C:\temp\IntuneBackupIf configurations have been restored:
Start-IntuneRestoreAssignments -Path C:\temp\IntuneBackupIf reassigning assignments to existing (non-restored) configurations. In this case the assignments match the configuration id to restore to.
This allows for restoring if display names have changed.
Start-IntuneRestoreAssignments -Path C:\temp\IntuneBackup -RestoreById $trueInvoke-IntuneRestoreDeviceCompliancePolicy -Path C:\temp\IntuneBackupInvoke-IntuneRestoreDeviceCompliancePolicyAssignment -Path C:\temp\IntuneBackupInvoke-IntuneRestoreDeviceConfiguration -Path C:\temp\IntuneBackupInvoke-IntuneRestoreDeviceConfigurationAssignment -Path C:\temp\IntuneBackupInvoke-IntuneBackupDeviceManagementIntent -Path C:\temp\IntuneBackupInvoke-IntuneRestoreDeviceManagementIntent -Path C:\temp\IntuneBackup# The DifferenceFilePath should point to the latest Intune Backup file, as it might contain new properties.
Compare-IntuneBackupFile -ReferenceFilePath 'C:\temp\IntuneBackup\Device Configurations\Windows - Endpoint Protection.json' -DifferenceFilePath 'C:\temp\IntuneBackupLatest\Device Configurations\Windows - Endpoint Protection.json'# The DifferenceFilePath should point to the latest Intune Backup file, as it might contain new properties.
Compare-IntuneBackupDirectories -ReferenceDirectory 'C:\temp\IntuneBackup' -DifferenceDirectory 'C:\temp\IntuneBackup2'- Does not support backing up Intune configuration items with duplicate Display Names. Files may be overwritten.
