Conversation
- Added error handling with -ErrorAction Continue - Fixed scope validation case-sensitivity issue - Added null handling for Group Policy and App Protection Policies - Removed unnecessary EntitlementManagement scope - Added DeviceManagementScripts.ReadWrite.All for future compliance - Removed duplicate DeviceHealthScript calls
## Configuration Restore Fixes ### Policy Sets - Fixed Invoke-IntuneBackupPolicySet to handle API limitation where $expand is not supported on collection queries - Now queries each policy set individually with $expand parameter ### Device Enrollment Configurations - Changed to use Beta API endpoint (required by Microsoft Graph) - Fixed to include deviceEnrollmentConfigurationType property during restore - Implemented automatic priority conflict resolution with priority increment - Added [int] casting for priority values to prevent type conversion errors ### Notification Templates - Implemented two-step restore process: create template first, then add localized messages separately - Fixed property handling: removed defaultLocale and description during creation (causes BadRequest errors) - Properly handles comma-separated brandingOptions string format ### Conditional Access - Updated Invoke-IntuneRestoreConditionalAccessPolicy to use Beta API - Updated Invoke-IntuneRestoreNamedLocation to use Beta API - Added Policy.ReadWrite.ConditionalAccess scope requirement ## Scope Validation Updates - Updated Start-IntuneBackup scope validation from 4 to 8 scopes - Updated Start-IntuneRestoreConfig scope validation to match backup requirements - Added: DeviceManagementScripts.ReadWrite.All, Policy.Read.All, Policy.ReadWrite.ConditionalAccess ## Error Handling - Improved error handling to continue restore operations even when individual policy types fail - Added comprehensive verbose logging throughout restore functions for debugging ## Documentation - Updated CHANGELOG.md with version 5.1.0 changes - Updated README.md with complete permission requirements including Policy.ReadWrite.ConditionalAccess - Created CURRENTSTATUS.md with comprehensive implementation status for all 16 new policy types - Documented implementation nuances, API quirks, and next steps for assignment restore development All configuration backup and restore functions are now fully functional. Assignment restore for 9 new policy types remains as the next phase of work.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[5.1.0] - 2025-12-05
Invoke-IntuneBackupPolicySetto handle API limitation where $expand is not supported on collection queries. Now queries each policy set individually with expand.Invoke-IntuneRestoreDeviceEnrollmentConfigurationto use Beta API endpoint (required by Microsoft Graph).Invoke-IntuneRestoreDeviceEnrollmentConfigurationpriority conflict handling with automatic priority increment.Invoke-IntuneRestoreDeviceEnrollmentConfigurationto correctly includedeviceEnrollmentConfigurationTypeproperty.Invoke-IntuneRestoreDeviceEnrollmentConfigurationto add [int] casting for priority values to prevent type conversion errors.Invoke-IntuneRestoreNotificationTemplateto use two-step process: create template first, then add localized messages separately.Invoke-IntuneRestoreNotificationTemplateto removedefaultLocaleanddescriptionproperties during creation (causes BadRequest errors).Invoke-IntuneBackupConfigurationPolicyAssignmentto use pagination so more than 25 assignments are returned.Invoke-IntuneRestoreConditionalAccessPolicyandInvoke-IntuneRestoreNamedLocationto use Beta API and require Policy.ReadWrite.ConditionalAccess scope.Start-IntuneBackupandStart-IntuneRestoreConfigto include all 8 required scopes including Policy.ReadWrite.ConditionalAccess.Start-IntuneBackupscope validation from 4 scopes to 8 scopes (added DeviceManagementScripts, Policy.Read.All, Policy.ReadWrite.ConditionalAccess).Start-IntuneRestoreConfigscope validation to match backup requirements.[5.0.0] - 2025-12-01
Invoke-IntuneBackupAssignmentFilter.Invoke-IntuneRestoreAssignmentFilter.Invoke-IntuneBackupRoleScopeTag.Invoke-IntuneRestoreRoleScopeTag.Invoke-IntuneBackupDeviceEnrollmentConfiguration.Invoke-IntuneRestoreDeviceEnrollmentConfiguration.Invoke-IntuneBackupNamedLocation.Invoke-IntuneRestoreNamedLocation.Invoke-IntuneBackupConditionalAccessPolicy.Invoke-IntuneRestoreConditionalAccessPolicy.Invoke-IntuneBackupWindowsFeatureUpdateProfile.Invoke-IntuneRestoreWindowsFeatureUpdateProfile.Invoke-IntuneBackupWindowsQualityUpdateProfile.Invoke-IntuneRestoreWindowsQualityUpdateProfile.Invoke-IntuneBackupWindowsDriverUpdateProfile.Invoke-IntuneRestoreWindowsDriverUpdateProfile.Invoke-IntuneBackupMobileAppConfiguration.Invoke-IntuneRestoreMobileAppConfiguration.Invoke-IntuneBackupTargetedManagedAppConfiguration.Invoke-IntuneRestoreTargetedManagedAppConfiguration.Invoke-IntuneBackupNotificationTemplate.Invoke-IntuneRestoreNotificationTemplate.Invoke-IntuneBackupIntuneBrandingProfile.Invoke-IntuneRestoreIntuneBrandingProfile.Invoke-IntuneBackupTermsAndConditions.Invoke-IntuneRestoreTermsAndConditions.Invoke-IntuneBackupRoleDefinition.Invoke-IntuneRestoreRoleDefinition.Invoke-IntuneBackupPolicySet.Invoke-IntuneRestorePolicySet.Invoke-IntuneBackupDeviceManagementIntentAssignment.Start-IntuneBackupcmdlet.Start-IntuneRestoreConfigcmdlet.Start-IntuneBackupandStart-IntuneRestoreConfigwith try-catch error handling for all function calls.DeviceManagementRBAC.ReadWrite.AllandPolicy.Read.All.