diff --git a/CHANGELOG.md b/CHANGELOG.md index ebaea9e..15352c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [4.0.6] - 2026-02-09 +- Updated manifest file to add Required Microsoft.Graph.Authentication module and ProjectUri. +- Added 2 new functions: "Assert-GraphConnection" and "Connect-IntuneBackupAndRestore". +- Added functionality to connect with Application flow using either certificate or secret. + ## [4.0.1] - 2025-12-16 - Updated Microsoft.Graph Required Scopes. Special thanks to @Felix4567 #93 - Fixed an issue where the Microsoft Graph $apiVersion was missing in a command. Special thanks to @magfrank #82 diff --git a/IntuneBackupAndRestore/IntuneBackupAndRestore.psd1 b/IntuneBackupAndRestore/IntuneBackupAndRestore.psd1 index 1998afe..0d480ff 100644 --- a/IntuneBackupAndRestore/IntuneBackupAndRestore.psd1 +++ b/IntuneBackupAndRestore/IntuneBackupAndRestore.psd1 @@ -12,7 +12,7 @@ RootModule = 'IntuneBackupAndRestore.psm1' # Version number of this module. -ModuleVersion = '4.0.1' +ModuleVersion = '4.0.2' # Supported PSEditions # CompatiblePSEditions = @() @@ -51,7 +51,7 @@ Description = 'PowerShell Module that queries Microsoft Graph, and allows for cr # ProcessorArchitecture = '' # Modules that must be imported into the global environment prior to importing this module -# RequiredModules = @(@{ModuleName="MSGraphFunctions", ModuleVersion="2.2.0", Guid="0a3f3df4-64a0-430a-937d-a9b1901349ce"}) +RequiredModules = @(@{ModuleName="Microsoft.Graph.Authentication"}) # Assemblies that must be loaded prior to importing this module # RequiredAssemblies = @() @@ -101,7 +101,7 @@ PrivateData = @{ LicenseUri = 'https://github.com/jseerden/IntuneBackupAndRestore/blob/master/LICENSE' # A URL to the main website for this project. - # ProjectUri = '' + ProjectUri = 'https://github.com/jseerden/IntuneBackupAndRestore' # A URL to an icon representing this module. # IconUri = '' diff --git a/IntuneBackupAndRestore/Private/Assert-GraphConnection.ps1 b/IntuneBackupAndRestore/Private/Assert-GraphConnection.ps1 new file mode 100644 index 0000000..88aa1ae --- /dev/null +++ b/IntuneBackupAndRestore/Private/Assert-GraphConnection.ps1 @@ -0,0 +1,54 @@ +function Assert-GraphConnection { + <# + .SYNOPSIS + Asserts a valid Graph connection has been established. + + .DESCRIPTION + Asserts a valid Graph connection has been established. + + .PARAMETER Cmdlet + The $PSCmdlet variable of the calling command. + + .EXAMPLE + PS C:\> Assert-GraphConnection -Cmdlet $PSCmdlet + + Asserts a valid Graph connection has been established. +#> + [CmdletBinding()] + param ( + [Parameter(Mandatory = $true)] + $Cmdlet + ) + + process { + if ($null -ne (Get-MgContext)) { + Write-Verbose "MS-Graph already connected, checking scopes" + $requiredScopes = @( + "DeviceManagementApps.ReadWrite.All", + "DeviceManagementConfiguration.ReadWrite.All", + "DeviceManagementServiceConfig.ReadWrite.All", + "DeviceManagementManagedDevices.ReadWrite.All", + "DeviceManagementScripts.ReadWrite.All" + ) + $connectionScopes = Get-MgContext | Select-Object -ExpandProperty Scopes + $IncorrectScopes = $false + foreach($scope in $requiredScopes){ + if($scope -notin $connectionScopes){ + Write-Verbose "'$scope' is not found as a valid scope for current MS-Graph connection" + $IncorrectScopes = $true + break + } + } + + if (-not $IncorrectScopes) { + Write-Host "MS-Graph connected and scopes are correct." + return + } + } + + $exception = [System.InvalidOperationException]::new('Not yet connected to Graph API or scopes are incorrect. Use Connect-IntuneBackupAndRestore to establish a connection!') + $errorRecord = [System.Management.Automation.ErrorRecord]::new($exception, "NotConnected", 'InvalidOperation', $null) + + $Cmdlet.ThrowTerminatingError($errorRecord) + } +} \ No newline at end of file diff --git a/IntuneBackupAndRestore/Public/Connect-IntuneBackupAndRestore.ps1 b/IntuneBackupAndRestore/Public/Connect-IntuneBackupAndRestore.ps1 new file mode 100644 index 0000000..e35fcda --- /dev/null +++ b/IntuneBackupAndRestore/Public/Connect-IntuneBackupAndRestore.ps1 @@ -0,0 +1,67 @@ +function Connect-IntuneBackupAndRestore { + <# + .SYNOPSIS + Function to connect to MS Graph with required scopes and obtain a token. + + .DESCRIPTION + Function to connect to MS Graph with required scopes and obtain a token. + The function can connect using with "User" delegated flow, or "Application" Flow. + + .PARAMETER TenantID + TenantID of your AzureAD tenant. + + .PARAMETER ClientID + Application ID of your App Registration. + + .PARAMETER CertificateThumbprint + Certificate's thumbprint of a valid certificate associated with your App Registration. If parameter is used together with 'ClientSecret' parameter, this parameter will have precedence. + + .PARAMETER ClientSecret + Client secret of your App Registration. If parameter is used together with 'CertificateThumbprint' parameter, this parameter will be ommited. + + .EXAMPLE + Connect-MgGraph + + + #> + [CmdletBinding()] + param ( + [String]$TenantID, + [String]$ClientID, + [String]$CertificateThumbprint, + [String]$ClientSecret + ) + + begin { + } + + process { + try { + Write-Host "Authenticating to Graph..." + if ( $clientID -ne '' -and $TenantID -ne '' -and ($CertificateThumbprint -ne '' -or $ClientSecret -ne '')) { + # Connecting to graph using Azure App Application flow with passed parameters + Write-host "Connecting to graph with AppId: $ClientID with passed parameters" + if ($PSBoundParameters.ContainsKey('CertificateThumbprint') ) { + Connect-MgGraph -ClientId $ClientID -TenantId $TenantID -CertificateThumbprint $CertificateThumbprint + } + elseif ($PSBoundParameters.ContainsKey('ClientSecret') ) { + $securedClientSecret = ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force + $clientCredential = New-Object System.Net.NetworkCredential($ClientID, $securedClientSecret) + Connect-MgGraph -TenantId $TenantID -ClientSecretCredential $clientCredential + } + } + else { + # Connecting to graph with the user account + Write-host "Connecting to graph with the user context" + Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" + } + } + catch { + Write-Host "Failed to authenticate to MS Graph. Error message: $_" + return + } + } + + end { + } +} \ No newline at end of file diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAppProtectionPolicy.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAppProtectionPolicy.ps1 index f765cf1..9542bcf 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAppProtectionPolicy.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAppProtectionPolicy.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupAppProtectionPolicy { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all App Protection Policies $appProtectionPolicies = Invoke-MgGraphRequest -Uri "/$ApiVersion/deviceAppManagement/managedAppPolicies" | Get-MgGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAppProtectionPolicyAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAppProtectionPolicyAssignment.ps1 index 0e28c95..dbc5109 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAppProtectionPolicyAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAppProtectionPolicyAssignment.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupAppProtectionPolicyAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet $appProtectionPolicies = Invoke-MgGraphRequest -Uri "/$ApiVersion/deviceAppManagement/managedAppPolicies" | Get-MgGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAutopilotDeploymentProfile.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAutopilotDeploymentProfile.ps1 index 352e7bd..6ec42a5 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAutopilotDeploymentProfile.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAutopilotDeploymentProfile.ps1 @@ -23,10 +23,8 @@ [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Autopilot Deployment Profiles $winAutopilotDeploymentProfiles = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/$ApiVersion/deviceManagement/windowsAutopilotDeploymentProfiles" -OutputType PSObject | Select-Object -ExpandProperty Value diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAutopilotDeploymentProfileAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAutopilotDeploymentProfileAssignment.ps1 index 7f3d726..bbd18a6 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAutopilotDeploymentProfileAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupAutopilotDeploymentProfileAssignment.ps1 @@ -23,6 +23,9 @@ function Invoke-IntuneBackupAutopilotDeploymentProfileAssignment { [string]$ApiVersion = "Beta" ) + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet + # Get all assignments from all policies $winAutopilotDeploymentProfiles = Invoke-MgGraphRequest -Uri "$apiversion/deviceManagement/windowsAutopilotDeploymentProfiles" | Get-MGGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupClientApp.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupClientApp.ps1 index 1793a65..1c9350a 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupClientApp.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupClientApp.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupClientApp { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Client Apps $filter = "microsoft.graph.managedApp/appAvailability eq null or microsoft.graph.managedApp/appAvailability eq 'lineOfBusiness' or isAssigned eq true" diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupClientAppAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupClientAppAssignment.ps1 index 50c9783..a0c0783 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupClientAppAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupClientAppAssignment.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupClientAppAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Client Apps $filter = "microsoft.graph.managedApp/appAvailability eq null or microsoft.graph.managedApp/appAvailability eq 'lineOfBusiness' or isAssigned eq true" diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupConfigurationPolicy.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupConfigurationPolicy.ps1 index 0d69439..c7c6a93 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupConfigurationPolicy.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupConfigurationPolicy.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupConfigurationPolicy { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Setting Catalogs Policies $configurationPolicies = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/configurationPolicies" | Get-MGGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupConfigurationPolicyAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupConfigurationPolicyAssignment.ps1 index 6161545..9444257 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupConfigurationPolicyAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupConfigurationPolicyAssignment.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupConfigurationPolicyAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all assignments from all policies $configurationPolicies = (Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/configurationPolicies").value diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceCompliancePolicy.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceCompliancePolicy.ps1 index c11f733..21322bc 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceCompliancePolicy.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceCompliancePolicy.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupDeviceCompliancePolicy { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Device Compliance Policies $deviceCompliancePolicies = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/deviceCompliancePolicies" | Get-MGGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceCompliancePolicyAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceCompliancePolicyAssignment.ps1 index 3bfbe79..9e86212 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceCompliancePolicyAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceCompliancePolicyAssignment.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupDeviceCompliancePolicyAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Device Compliance Policies $deviceCompliancePolicies = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/deviceCompliancePolicies" | Get-MGGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceConfiguration.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceConfiguration.ps1 index 07fcde2..a9eff0b 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceConfiguration.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceConfiguration.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupDeviceConfiguration { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all device configurations $deviceConfigurations = Invoke-MgGraphRequest -Uri "$apiVersion/deviceManagement/deviceConfigurations" | Get-MGGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceConfigurationAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceConfigurationAssignment.ps1 index aab04dd..39746fd 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceConfigurationAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceConfigurationAssignment.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupDeviceConfigurationAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all assignments from all policies $deviceConfigurations = Invoke-MgGraphRequest -Uri "$apiVersion/deviceManagement/deviceConfigurations" | Get-MGGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceHealthScript.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceHealthScript.ps1 index 589639f..e143d5e 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceHealthScript.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceHealthScript.ps1 @@ -22,10 +22,8 @@ [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Intune Health Scripts $healthScripts = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/deviceHealthScripts" | Get-MGGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceHealthScriptAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceHealthScriptAssignment.ps1 index f56be8a..56f546d 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceHealthScriptAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceHealthScriptAssignment.ps1 @@ -23,10 +23,8 @@ [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all assignments from all policies $healthScripts = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/deviceHealthScripts" | Get-MGGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementIntent.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementIntent.ps1 index 23b9925..50ec337 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementIntent.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementIntent.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupDeviceManagementIntent { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet Write-Verbose "Requesting Intents" $intents = Get-MgBetaDeviceManagementIntent -all diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementScript.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementScript.ps1 index 3c780fd..8c76c93 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementScript.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementScript.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupDeviceManagementScript { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all device management scripts $deviceManagementScripts = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/deviceManagementScripts" | Get-MgGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementScriptAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementScriptAssignment.ps1 index a0ae82c..4309d3e 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementScriptAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupDeviceManagementScriptAssignment.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupDeviceManagementScriptAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all assignments from all policies $deviceManagementScripts = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/deviceManagementScripts" | Get-MgGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupGroupPolicyConfiguration.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupGroupPolicyConfiguration.ps1 index f0794fc..78fd4ab 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupGroupPolicyConfiguration.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupGroupPolicyConfiguration.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupGroupPolicyConfiguration { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Group Policy Configurations $groupPolicyConfigurations = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/groupPolicyConfigurations" | Get-MgGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupGroupPolicyConfigurationAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupGroupPolicyConfigurationAssignment.ps1 index ce143b6..6393953 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneBackupGroupPolicyConfigurationAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneBackupGroupPolicyConfigurationAssignment.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneBackupGroupPolicyConfigurationAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all assignments from all policies $groupPolicyConfigurations = Invoke-MgGraphRequest -Uri "$ApiVersion/deviceManagement/groupPolicyConfigurations" | Get-MgGraphAllPages diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAppProtectionPolicy.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAppProtectionPolicy.ps1 index b47c168..6455196 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAppProtectionPolicy.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAppProtectionPolicy.ps1 @@ -22,10 +22,8 @@ function Invoke-IntuneRestoreAppProtectionPolicy { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all App Protection Policies $appProtectionPolicies = Get-ChildItem -Path "$path\App Protection Policies" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAppProtectionPolicyAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAppProtectionPolicyAssignment.ps1 index e99f5fb..7a8253d 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAppProtectionPolicyAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAppProtectionPolicyAssignment.ps1 @@ -30,10 +30,8 @@ function Invoke-IntuneRestoreAppProtectionPolicyAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all policies with assignments $appProtectionPolicies = Get-ChildItem -Path "$Path\App Protection Policies\Assignments" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAutopilotDeploymentProfile.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAutopilotDeploymentProfile.ps1 index 88af26d..e3aa663 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAutopilotDeploymentProfile.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAutopilotDeploymentProfile.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneRestoreAutopilotDeploymentProfile { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all device health scripts $winAutopilotDeploymentProfiles = Get-ChildItem -Path "$Path\Autopilot Deployment Profiles" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAutopilotDeploymentProfileAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAutopilotDeploymentProfileAssignment.ps1 index 1e22ede..05ed57f 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAutopilotDeploymentProfileAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreAutopilotDeploymentProfileAssignment.ps1 @@ -32,6 +32,9 @@ function Invoke-IntuneRestoreAutopilotDeploymentProfileAssignment { [string]$ApiVersion = "Beta" ) + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet + # Get all profiles with assignments $winAutopilotDeploymentProfiles = Get-ChildItem -Path "$Path\Autopilot Deployment Profiles\Assignments" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreClientAppAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreClientAppAssignment.ps1 index d8342ef..7591f46 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreClientAppAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreClientAppAssignment.ps1 @@ -30,10 +30,8 @@ function Invoke-IntuneRestoreClientAppAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all policies with assignments $clientAppsAssignmentItems = Get-ChildItem -Path "$Path\Client Apps\Assignments" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreConfigurationPolicy.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreConfigurationPolicy.ps1 index bbd2767..b24daf0 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreConfigurationPolicy.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreConfigurationPolicy.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneRestoreConfigurationPolicy { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Settings Catalog Policies $configurationPolicies = Get-ChildItem -Path "$Path\Settings Catalog" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreConfigurationPolicyAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreConfigurationPolicyAssignment.ps1 index 07eda1c..30bccc8 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreConfigurationPolicyAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreConfigurationPolicyAssignment.ps1 @@ -31,10 +31,8 @@ function Invoke-IntuneRestoreConfigurationPolicyAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all policies with assignments $configurationPolicies = Get-ChildItem -Path "$Path\Settings Catalog\Assignments" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceCompliancePolicy.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceCompliancePolicy.ps1 index 3956712..8f7f7c2 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceCompliancePolicy.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceCompliancePolicy.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneRestoreDeviceCompliancePolicy { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Device Compliance Policies $deviceCompliancePolicies = Get-ChildItem -Path "$Path\Device Compliance Policies" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceCompliancePolicyAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceCompliancePolicyAssignment.ps1 index 16f118b..57f9f2d 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceCompliancePolicyAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceCompliancePolicyAssignment.ps1 @@ -31,10 +31,8 @@ function Invoke-IntuneRestoreDeviceCompliancePolicyAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all policies with assignments $deviceCompliancePolicies = Get-ChildItem -Path "$Path\Device Compliance Policies\Assignments" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceConfiguration.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceConfiguration.ps1 index 6919f98..265170b 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceConfiguration.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceConfiguration.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneRestoreDeviceConfiguration { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all device configurations $deviceConfigurations = Get-ChildItem -Path "$path\Device Configurations" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceConfigurationAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceConfigurationAssignment.ps1 index c1885ba..59e0807 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceConfigurationAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceConfigurationAssignment.ps1 @@ -32,10 +32,8 @@ function Invoke-IntuneRestoreDeviceConfigurationAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all policies with assignments $deviceConfigurations = Get-ChildItem -Path "$Path\Device Configurations\Assignments" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceHealthScript.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceHealthScript.ps1 index b4fefac..3ac1ea9 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceHealthScript.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceHealthScript.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneRestoreDeviceHealthScript { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if($null -eq (Get-MgContext)){ - Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all device health scripts $deviceHealthScripts = Get-ChildItem -Path "$Path\Device Health Scripts" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceHealthScriptAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceHealthScriptAssignment.ps1 index c4f29dc..d436116 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceHealthScriptAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceHealthScriptAssignment.ps1 @@ -32,6 +32,9 @@ function Invoke-IntuneRestoreDeviceHealthScriptAssignment { [string]$ApiVersion = "Beta" ) + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet + # Get all policies with assignments $deviceHealthScripts = Get-ChildItem -Path "$Path\Device Health Scripts\Assignments" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementIntent.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementIntent.ps1 index 103732d..c1b3d1d 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementIntent.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementIntent.ps1 @@ -24,10 +24,8 @@ function Invoke-IntuneRestoreDeviceManagementIntent { ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all device management intents $deviceManagementIntents = Get-ChildItem -Path "$Path\Device Management Intents" -Recurse -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementScript.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementScript.ps1 index ff26bd5..a3a584f 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementScript.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementScript.ps1 @@ -26,10 +26,8 @@ function Invoke-IntuneRestoreDeviceManagementScript { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all device management scripts $deviceManagementScripts = Get-ChildItem -Path "$Path\Device Management Scripts" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementScriptAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementScriptAssignment.ps1 index 9aa3f97..84cd7f7 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementScriptAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreDeviceManagementScriptAssignment.ps1 @@ -33,10 +33,8 @@ function Invoke-IntuneRestoreDeviceManagementScriptAssignment { ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all policies with assignments $deviceManagementScripts = Get-ChildItem -Path "$Path\Device Management Scripts\Assignments" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreGroupPolicyConfiguration.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreGroupPolicyConfiguration.ps1 index 2c23602..bf9b8d1 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreGroupPolicyConfiguration.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreGroupPolicyConfiguration.ps1 @@ -23,10 +23,8 @@ function Invoke-IntuneRestoreGroupPolicyConfiguration { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Get all Group Policy Configurations $groupPolicyConfigurations = Get-ChildItem -Path "$Path\Administrative Templates" -File -ErrorAction SilentlyContinue diff --git a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreGroupPolicyConfigurationAssignment.ps1 b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreGroupPolicyConfigurationAssignment.ps1 index 57b02f2..590651e 100644 --- a/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreGroupPolicyConfigurationAssignment.ps1 +++ b/IntuneBackupAndRestore/Public/Invoke-IntuneRestoreGroupPolicyConfigurationAssignment.ps1 @@ -32,10 +32,8 @@ function Invoke-IntuneRestoreGroupPolicyConfigurationAssignment { [string]$ApiVersion = "Beta" ) - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - } + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet # Create the base requestBody $requestBody = @{ diff --git a/IntuneBackupAndRestore/Public/Start-IntuneBackup.ps1 b/IntuneBackupAndRestore/Public/Start-IntuneBackup.ps1 index a85a02a..9934c32 100644 --- a/IntuneBackupAndRestore/Public/Start-IntuneBackup.ps1 +++ b/IntuneBackupAndRestore/Public/Start-IntuneBackup.ps1 @@ -24,6 +24,9 @@ function Start-IntuneBackup() { [string]$Path ) + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet + [PSCustomObject]@{ "Action" = "Backup" "Type" = "Intune Backup and Restore Action" @@ -31,27 +34,6 @@ function Start-IntuneBackup() { "Path" = $Path } - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "EntitlementManagement.ReadWrite.All, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementScripts.ReadWrite.All" - }else{ - Write-Host "MS-Graph already connected, checking scopes" - $scopes = Get-MgContext | Select-Object -ExpandProperty Scopes - $IncorrectScopes = $false - if ($scopes -notcontains "DeviceManagementApps.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementConfiguration.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementServiceConfig.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementManagedDevices.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementScripts.ReadWrite.All") {$IncorrectScopes = $true} - if ($IncorrectScopes) { - Write-Host "Incorrect scopes, please sign in again" - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementScripts.ReadWrite.All" - }else{ - Write-Host "MS-Graph scopes are correct" - } - Write-Host "" - } - Invoke-IntuneBackupAutopilotDeploymentProfile -Path $Path Invoke-IntuneBackupAutopilotDeploymentProfileAssignment -Path $Path Invoke-IntuneBackupClientApp -Path $Path diff --git a/IntuneBackupAndRestore/Public/Start-IntuneRestoreAssignments.ps1 b/IntuneBackupAndRestore/Public/Start-IntuneRestoreAssignments.ps1 index b6b0aad..2f41bd0 100644 --- a/IntuneBackupAndRestore/Public/Start-IntuneRestoreAssignments.ps1 +++ b/IntuneBackupAndRestore/Public/Start-IntuneRestoreAssignments.ps1 @@ -29,6 +29,9 @@ function Start-IntuneRestoreAssignments() { [bool]$RestoreById = $false ) + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet + [PSCustomObject]@{ "Action" = "Restore" "Type" = "Intune Backup and Restore Action" @@ -36,26 +39,6 @@ function Start-IntuneRestoreAssignments() { "Path" = $Path } - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "EntitlementManagement.ReadWrite.All, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - }else{ - Write-Host "MS-Graph already connected, checking scopes" - $scopes = Get-MgContext | Select-Object -ExpandProperty Scopes - $IncorrectScopes = $false - if ($scopes -notcontains "DeviceManagementApps.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementConfiguration.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementServiceConfig.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementManagedDevices.ReadWrite.All") {$IncorrectScopes = $true} - if ($IncorrectScopes) { - Write-Host "Incorrect scopes, please sign in again" - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - }else{ - Write-Host "MS-Graph scopes are correct" - } - - } - Invoke-IntuneRestoreAutopilotDeploymentProfileAssignment -Path $path -RestoreById $restoreById Invoke-IntuneRestoreConfigurationPolicyAssignment -Path $path -RestoreById $restoreById Invoke-IntuneRestoreClientAppAssignment -Path $path -RestoreById $restoreById diff --git a/IntuneBackupAndRestore/Public/Start-IntuneRestoreConfig.ps1 b/IntuneBackupAndRestore/Public/Start-IntuneRestoreConfig.ps1 index aa7a377..6d1bf8e 100644 --- a/IntuneBackupAndRestore/Public/Start-IntuneRestoreConfig.ps1 +++ b/IntuneBackupAndRestore/Public/Start-IntuneRestoreConfig.ps1 @@ -24,6 +24,9 @@ function Start-IntuneRestoreConfig() { [string]$Path ) + #Assert MS-Graph connection + Assert-GraphConnection -Cmdlet $PSCmdlet + [PSCustomObject]@{ "Action" = "Restore" "Type" = "Intune Backup and Restore Action" @@ -31,26 +34,6 @@ function Start-IntuneRestoreConfig() { "Path" = $Path } - #Connect to MS-Graph if required - if ($null -eq (Get-MgContext)) { - connect-mggraph -scopes "EntitlementManagement.ReadWrite.All, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - }else{ - Write-Host "MS-Graph already connected, checking scopes" - $scopes = Get-MgContext | Select-Object -ExpandProperty Scopes - $IncorrectScopes = $false - if ($scopes -notcontains "DeviceManagementApps.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementConfiguration.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementServiceConfig.ReadWrite.All") {$IncorrectScopes = $true} - if ($scopes -notcontains "DeviceManagementManagedDevices.ReadWrite.All") {$IncorrectScopes = $true} - if ($IncorrectScopes) { - Write-Host "Incorrect scopes, please sign in again" - connect-mggraph -scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All" - }else{ - Write-Host "MS-Graph scopes are correct" - } - - } - Invoke-IntuneRestoreAutopilotDeploymentProfile -Path $Path Invoke-IntuneRestoreConfigurationPolicy -Path $Path Invoke-IntuneRestoreDeviceCompliancePolicy -Path $Path diff --git a/README.md b/README.md index 307aac8..0fdeece 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,27 @@ Update-Module -Name IntuneBackupAndRestore - Requires [Microsoft.Graph](https://github.com/microsoftgraph/msgraph-sdk-powershell) PowerShell Module (`Install-Module -Name Microsoft.Graph`, `Install-Module Microsoft.Graph.Beta -AllowClobber`) - Make sure to import the IntuneBackupAndRestore PowerShell module before using it with the `Import-Module IntuneBackupAndRestore` cmdlet. +## Connection + +A new function has been developed to connect before hand, and available to connect with either "Delegated" or "Application" Flow. + +### Delegated Connection +```Powershell +Connect-IntuneBackupAndRestore +``` +No parameters are needed, and username and password will be required. + +### Application Connection +```Powershell +Connect-IntuneBackupAndRestore -TenantID "1234" -ClientID "abcd" -CertificateThumbprint "A1B2C3D4" +``` +It will connect using an App Registration created in your tenant. The app requires the scopes already granted. + +```Powershell +Connect-IntuneBackupAndRestore -TenantID "1234" -ClientID "abcd" -ClientSecret "AppS3cr3T" +``` +It will connect using an App Registration created in your tenant. The app requires the scopes already granted. + ## Features ### Backup actions