IntuneBackup

1.0.1

backup/Backup-AppProtection.ps1

                                #Requires -Version 7.0

function Backup-AppProtection {

    [CmdletBinding()]

    param(

        [Parameter(Mandatory)] [string]$BackupPath,

        [Parameter(Mandatory)] [SecureString]$Token,

        [hashtable]$ScopeTagMap = @{}

    )

    try {

        $folder = Join-Path $BackupPath 'App Protection'

        $uri = '/beta/deviceAppManagement/managedAppPolicies'

        $items = Invoke-GraphRequest2 -Uri $uri -Token $Token

        foreach ($item in $items) {

            # determine assignment URI based on @odata.type

            $odataType = $item.'@odata.type'

            $assignmentUri = $null

            switch ($odataType) {

                '#microsoft.graph.windowsManagedAppProtection' {

                    $assignmentUri = "/beta/deviceAppManagement/windowsManagedAppProtections/$($item.id)/assignments"

                }

                '#microsoft.graph.iosManagedAppProtection' {

                    $assignmentUri = "/beta/deviceAppManagement/iosManagedAppProtections/$($item.id)/assignments"

                }

                '#microsoft.graph.androidManagedAppProtection' {

                    $assignmentUri = "/beta/deviceAppManagement/androidManagedAppProtections/$($item.id)/assignments"

                }

                '#microsoft.graph.mdmWindowsInformationProtectionPolicy' {

                    $assignmentUri = "/beta/deviceAppManagement/mdmWindowsInformationProtectionPolicies/$($item.id)/assignments"

                }

                '#microsoft.graph.windowsInformationProtectionPolicy' {

                    $assignmentUri = "/beta/deviceAppManagement/windowsInformationProtectionPolicies/$($item.id)/assignments"

                }

            }

            # fetch and attach assignments if applicable

            if ($assignmentUri) {

                $assignments = Resolve-Assignments -AssignmentsUri $assignmentUri -Token $Token

                if ($assignments) {

                    $item | Add-Member -MemberType NoteProperty -Name 'assignments' -Value $assignments -Force

                }

            }

            # construct filename

            $type = $odataType -replace '#microsoft\.graph\.', ''

            $fileName = "$($item.displayName)_$type"

            $clean = Remove-VolatileKeys -InputObject $item

            Save-BackupItem -Item $clean -Folder $folder -FileName $fileName -ScopeTagMap $ScopeTagMap

        }

        Write-Verbose "backed up $($items.Count) app protection policies to $folder"

    }

    catch {

        Write-Error "failed to backup app protection policies: $_"

        return

    }

}

Export-ModuleMember -Function Backup-AppProtection