backup/Backup-ConditionalAccess.ps1
|
#Requires -Version 7.0 function Backup-ConditionalAccess { [CmdletBinding()] param( [Parameter(Mandatory)] [string]$BackupPath, [Parameter(Mandatory)] [SecureString]$Token, [hashtable]$ScopeTagMap = @{} ) try { $folder = Join-Path $BackupPath 'Conditional Access' $uri = '/beta/identity/conditionalAccess/policies' $items = Invoke-GraphRequest2 -Uri $uri -Token $Token foreach ($item in $items) { # remove authenticationStrength@odata.context from grantControls if present if ($item.grantControls -and $item.grantControls.PSObject.Properties['authenticationStrength@odata.context']) { $item.grantControls.PSObject.Properties.Remove('authenticationStrength@odata.context') } $clean = Remove-VolatileKeys -InputObject $item Save-BackupItem -Item $clean -Folder $folder -ScopeTagMap $ScopeTagMap } Write-Verbose "backed up $($items.Count) conditional access policies to $folder" } catch { Write-Error "failed to backup conditional access policies: $_" return } } Export-ModuleMember -Function Backup-ConditionalAccess |