backup/Backup-ComplianceScripts.ps1
|
#Requires -Version 7.0 function Backup-ComplianceScripts { [CmdletBinding()] param( [Parameter(Mandatory)] [string]$BackupPath, [Parameter(Mandatory)] [SecureString]$Token, [hashtable]$ScopeTagMap = @{} ) try { $folder = Join-Path $BackupPath 'Compliance Policies' 'Scripts' $scriptFolder = Join-Path $folder 'Script Data' $uri = '/beta/deviceManagement/deviceComplianceScripts/' $items = Invoke-GraphRequest2 -Uri $uri -Token $Token foreach ($item in $items) { # fetch full details $fullUri = "/beta/deviceManagement/deviceComplianceScripts/$($item.id)" $fullItem = Invoke-GraphRequest2 -Uri $fullUri -Token $Token # decode and save script content if ($fullItem.detectionScriptContent) { $scriptBytes = [System.Convert]::FromBase64String($fullItem.detectionScriptContent) $scriptContent = [System.Text.Encoding]::UTF8.GetString($scriptBytes) $scriptFileName = ConvertTo-SanitizatedFileName -fileName "$($fullItem.displayName + "__" + $item.id).ps1" $scriptPath = Join-Path $scriptFolder $scriptFileName New-Item -ItemType Directory -Path $scriptFolder -Force | Out-Null Set-Content -Path $scriptPath -Value $scriptContent -Encoding UTF8 } # save metadata JSON without the script content $clean = Remove-VolatileKeys -InputObject $fullItem Save-BackupItem -Item $clean -Folder $folder -ScopeTagMap $ScopeTagMap } Write-Verbose "backed up $($items.Count) compliance scripts to $folder" } catch { Write-Error "failed to backup compliance scripts: $_" return } } Export-ModuleMember -Function Backup-ComplianceScripts |