IntuneBackup

1.0.2

backup/Backup-ActivationLock.ps1

                                #Requires -Version 7.0

function Backup-ActivationLock {

    [CmdletBinding()]

    param(

        [Parameter(Mandatory)] [string]$BackupPath,

        [Parameter(Mandatory)] [SecureString]$Token,

        [hashtable]$ScopeTagMap = @{}

    )

    try {

        $folder = Join-Path $BackupPath 'Activation Lock Bypass Codes'

        # get Apple device IDs

        $deviceUri = '/beta/deviceManagement/managedDevices?$select=id&$filter=startsWith(operatingSystem,''macOS'') or startsWith(operatingSystem,''iOS'') or startsWith(operatingSystem,''iPadOS'')'

        $devices = Invoke-GraphRequest2 -Uri $deviceUri -Token $Token

        $devicesWithBypassCode = @()

        foreach ($device in $devices) {

            # fetch full device details

            $fullUri = "/beta/deviceManagement/managedDevices/$($device.id)?`$select=id,deviceName,serialNumber,activationLockBypassCode"

            $fullDevice = Invoke-GraphRequest2 -Uri $fullUri -Token $Token

            if ($fullDevice.activationLockBypassCode) {

                $devicesWithBypassCode += $fullDevice

            }

        }

        # save as a single file with all devices

        if ($devicesWithBypassCode) {

            Save-BackupItem -Item $devicesWithBypassCode -Folder $folder -FileName 'activation_lock_bypass_codes' -ScopeTagMap $ScopeTagMap

            Write-Verbose "backed up $($devicesWithBypassCode.Count) devices with activation lock bypass codes to $folder"

        }

    }

    catch {

        Write-Error "failed to backup activation lock bypass codes: $_"

        return

    }

}

Export-ModuleMember -Function Backup-ActivationLock