-
-
Notifications
You must be signed in to change notification settings - Fork 42
Backup
Tobias Almén edited this page Jun 28, 2024
·
17 revisions
List of available arguments that can be passed when running IntuneCD-startbackup.
| Argument | Description |
|---|---|
| -o, --output | The format backups will be saved as, valid options are json or yaml. Default is json |
| -p, --path | The path to which the configurations will be saved |
| -m, --mode | The mode in which the script is run, 0 = devtoprod (backup from dev -> update to prod) uses os.environ DEV_TENANT_NAME, DEV_CLIENT_ID, DEV_CLIENT_SECRET1 = standalone (backup from prod) uses os.environ TENANT_NAME, CLIENT_ID,CLIENT_SECRET
|
| -a, --localauth | When this parameter is set, provide a path to a local dict file containing the following keys: params:TENANT_NAME, CLIENT_ID, CLIENT_SECRET when run in standalone mode andparams:DEV_TENANT_NAME, DEV_CLIENT_ID, DEV_CLIENT_SECRET when run in devtoprod
|
| -c, --certauth | When using certificate auth, the following ENV variables is required:
|
| -i, --interactive | When using interactive auth, the following ENV variables is required:
|
| -e, --exclude | List of objects to exclude from the backup, separated by space. Available options are:
|
| -f, --frontend | DEPRECATED |
| --intunecdmonitor | When this parameter is set, the script is run in the IntuneCDMonitor context |
| --prefix | When set, only backs up configurations whose name starts with the configured prefix |
| -ap, --autopilot | If set to True, a record of autopilot devices will be saved |
| --append-id | When set, the id of the configuration will be appended to the name of the exported file |
| --entrabackup | When set, backs up Entra configurations |
| --ignore-omasettings | When set, ignores encrypted OMA Settings configuration type. Useful if you only want read permissions to Graph API. |
| --activationlock | When set, backs up Activation Lock Bypass Codes |
| --scopes | The scopes to use when obtaining an access token interactively separated by space. Only used when using interactive auth. Default is:
|
| -v, --verbose | Prints verbose output |
| --audit | When set, the script will process the audit data from Intune and commit the changes to the git repo using the name of the user who made the change and the date and time of the change. To configure the amount of days back to get from the audit logs, set the env var AUDIT_DAYS_BACK to a number of days. |
| --token | The authentication token to use for the backup if not using an app registration |
| --exit-on-error | When this parameter is set, IntuneCD will exit on error |
When a backup is performed, the configurations will be saved using the following folder structure in the path specified in -p:
- Root
- App Configuration
- App Protection
- Apple Push Notification
- Apple VPP Tokens
- Applications
- Android
- iOS
- macOS
- Windows
- Compliance Policies
- Message Templates
- Policies
- Conditional Access'
- Custom Attributes
- Device Categories
- Device Configurations
- mobileconfig
- Enrollment Configurations
- Enrollment Profiles
- Apple
- Windows
- Filters
- Group Policy Configurations
- Managed Google Play
- Management Intents
- Intent Type
- Proactive Remediations
- Script Data
- Scripts
- Powershell
- Script Data
Shell
- Script Data
- Settings Catalog
In the example below, since it is run from the terminal interactively, the -i argument is used for interactive authentication. Additionally, the backup's output will be in YAML format instead of JSON as specified in -o.
IntuneCD-startbackup -i -p /tmp/IntuneBackup -o yamlIn the example pipeline below, the backup is running with the parameters -m 1 (standalone mode) and -o yaml (output configurations in yaml format). If you are running this in DEV -> PROD mode, remove -m and add DEV_ in front of all env: variables except for REPO_DIR. CLIENT_SECRET should be added as a secret variable.
env:
REPO_DIR: $(REPO_DIR)
DEV_TENANT_NAME: $(TENANT_NAME)
DEV_CLIENT_ID: $(CLIENT_ID)
DEV_CLIENT_SECRET: $(CLIENT_SECRET)pool:
vmImage: ubuntu-latest
variables:
REPO_DIR: $(Build.SourcesDirectory)
TENANT_NAME: example.onmicrosoft.com
CLIENT_ID: xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx
steps:
- checkout: self
persistCredentials: true
- script: pip3 install IntuneCD
displayName: Install IntuneCD
- script: |
git config --global user.name "devopspipeline"
git config --global user.email "devopspipeline@azuredevops.local"
displayName: Configure Git
- script: IntuneCD-startbackup -m 1 -o yaml
env:
REPO_DIR: $(REPO_DIR)
TENANT_NAME: $(TENANT_NAME)
CLIENT_ID: $(CLIENT_ID)
CLIENT_SECRET: $(CLIENT_SECRET)
displayName: Run IntuneCD backup
- script: |
export branch_name=configs-`date +'%Y-%m-%d-%H-%M'`
cd $(REPO_DIR)
git checkout -b $branch_name
git add --all
git commit -m "Updated configurations"
git push --set-upstream origin $branch_name
displayName: Commit changes