Skip to content

Commit eb0e683

Browse files
committed
feat: Add WindowsBackupRestore standard for Intune WBfO enrollment config
Implements standard to enable/disable Windows Backup and Restore for Organizations (WBfO) enrollment setting in Intune via Graph API.
1 parent c7d872a commit eb0e683

1 file changed

Lines changed: 101 additions & 0 deletions

File tree

Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
function Invoke-CIPPStandardWindowsBackupRestore {
2+
<#
3+
.FUNCTIONALITY
4+
Internal
5+
.COMPONENT
6+
(APIName) WindowsBackupRestore
7+
.SYNOPSIS
8+
(Label) Set Windows Backup and Restore state
9+
.DESCRIPTION
10+
(Helptext) Configures the Windows Backup and Restore enrollment setting in Intune. When enabled, users see a restore page during Windows Autopilot/OOBE that allows them to restore their apps and settings from a previous device backup. **Before you can restore a backup, a policy to enable it on devices must be set up in Settings Catalog.**
11+
(DocsDescription) Configures the Windows Backup and Restore (WBfO) device enrollment setting in Intune. This feature allows users to restore apps and settings from a previous device backup during Windows setup. Enabling this shows a restore page during enrollment (OOBE) so users can migrate their workspace configuration to a new device. More information can be found in [Microsoft's documentation.](https://learn.microsoft.com/en-us/intune/intune-service/enrollment/windows-backup-restore)
12+
.NOTES
13+
CAT
14+
Intune Standards
15+
TAG
16+
EXECUTIVETEXT
17+
Controls the Windows Backup and Restore for Organizations feature in Intune. When enabled, employees setting up new devices can restore their apps and settings from a previous backup during Windows enrollment. This streamlines device provisioning, reduces setup time for new or replacement devices, and improves the employee experience during device transitions.
18+
ADDEDCOMPONENT
19+
{"type":"autoComplete","multiple":false,"creatable":false,"label":"Select value","name":"standards.WindowsBackupRestore.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"},{"label":"Not Configured","value":"notConfigured"}]}
20+
IMPACT
21+
Low Impact
22+
ADDEDDATE
23+
2026-02-26
24+
POWERSHELLEQUIVALENT
25+
Graph API
26+
RECOMMENDEDBY
27+
UPDATECOMMENTBLOCK
28+
Run the Tools\Update-StandardsComments.ps1 script to update this comment block
29+
.LINK
30+
https://docs.cipp.app/user-documentation/tenant/standards/list-standards
31+
#>
32+
33+
[CmdletBinding()]
34+
param($Tenant, $Settings)
35+
36+
$TestResult = Test-CIPPStandardLicense -StandardName 'WindowsBackupRestore' -TenantFilter $Tenant -RequiredCapabilities @('INTUNE_A', 'MDM_Services', 'EMS', 'SCCM', 'MICROSOFTINTUNEPLAN1')
37+
38+
if ($TestResult -eq $false) {
39+
return $true
40+
}
41+
42+
# Get state value using null-coalescing operator
43+
$WantedState = $Settings.state.value ?? $Settings.state
44+
45+
try {
46+
$Config = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations?$filter=deviceEnrollmentConfigurationType eq ''windowsRestore''' -tenantid $Tenant
47+
$CurrentState = $Config.state
48+
} catch {
49+
$ErrorMessage = Get-CippException -Exception $_
50+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to retrieve Windows Backup and Restore configuration. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
51+
return
52+
}
53+
54+
$StateIsCorrect = $CurrentState -eq $WantedState
55+
56+
$CurrentValue = [PSCustomObject]@{
57+
state = $CurrentState
58+
}
59+
$ExpectedValue = [PSCustomObject]@{
60+
state = $WantedState
61+
}
62+
63+
# Input validation
64+
if ([string]::IsNullOrWhiteSpace($WantedState)) {
65+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'WindowsBackupRestore: Invalid state parameter set' -sev Error
66+
return
67+
}
68+
69+
if ($Settings.remediate -eq $true) {
70+
if ($StateIsCorrect -eq $true) {
71+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Windows Backup and Restore is already set to $WantedState." -sev Info
72+
} else {
73+
try {
74+
$Body = @{
75+
'@odata.type' = '#microsoft.graph.windowsRestoreDeviceEnrollmentConfiguration'
76+
state = $WantedState
77+
} | ConvertTo-Json -Depth 10
78+
79+
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$($Config.id)" -tenantid $Tenant -type PATCH -body $Body
80+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set Windows Backup and Restore to $WantedState." -sev Info
81+
} catch {
82+
$ErrorMessage = Get-CippException -Exception $_
83+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set Windows Backup and Restore to $WantedState. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
84+
}
85+
}
86+
}
87+
88+
if ($Settings.alert -eq $true) {
89+
if ($StateIsCorrect -eq $true) {
90+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Windows Backup and Restore is set correctly to $WantedState." -sev Info
91+
} else {
92+
Write-StandardsAlert -message "Windows Backup and Restore is not set correctly. Expected: $WantedState, Current: $CurrentState" -object @{ CurrentState = $CurrentState; WantedState = $WantedState } -tenant $Tenant -standardName 'WindowsBackupRestore' -standardId $Settings.standardId
93+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Windows Backup and Restore is not set correctly to $WantedState." -sev Info
94+
}
95+
}
96+
97+
if ($Settings.report -eq $true) {
98+
Set-CIPPStandardsCompareField -FieldName 'standards.WindowsBackupRestore' -CurrentValue $CurrentValue -ExpectedValue $ExpectedValue -TenantFilter $Tenant
99+
Add-CIPPBPAField -FieldName 'WindowsBackupRestore' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $Tenant
100+
}
101+
}

0 commit comments

Comments
 (0)