Do you want to recover an Intune PowerShell script but cannot find it at your computer? Yes, this was me a couple of weeks ago. At that moment, I had two options. The first one was to re-write the entire script, or the second option was to find a way to recover an Intune PowerShell script. I chose the second option and accepted the challenge. The result is a lot of fun and a script that I share in this blog, so you can recover Intune Powershell yourself.
My investigation started with a question if I’m able to see the script via the Fiddler (network scanning) tool. I’m using this tool often because it provides insights into the Intune Graph API used to get/update or post configuration items. In the following chapter, you can see how you can install this tool. I have discovered that the Intune scripts are part of the API URL DeviceManagement/DeviceManagementScripts section. A unique GUID represents the script itself. In other words “it’s time to code!” but first of all, I like to explain the steps you can do to discover the API URL.
https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/[GUID]
Using the Fiddler tool
Step 1 – Download and install Fiddler.
Step 2 – In the Azure portal open the Intune blade and go to Configuration > Scripts. Click on the script you want to recover.
Step 3 – Firstly, start the Fiddler app and open one of the PowerShell scripts.
Step 4 – Secondly, you you need to change something like adding a dot in the description field and save.
By doing this the script is saved (update/post) and visible via the Fiddler tool
Step 5 – Open the Fiddler app again and search for;
Step 6 – Any script content block is encoded in base64. Therefore we need to decode it first. You can do this by copying the content from the script content to a .txt file. In this example, it starts from PCMNC. You can do this yourself by running (base64 decode) scrip below. After that the script successfully the output is saved in the path where the script is executed.
Why Base64encoding?
The Microsoft Graph API (language) is based on JSON files/templates. Those templates are built-up line configuration lines to the configuration line. All scripts containing multiple lines of code because of this it’s required to use an alternative like base64encoding.
##Intune-Decode-Base64.ps1## | |
$Base64Code = read-host 'fill in the .txt file containing the base64 code to decode' | |
$Code = Get-Content $Base64Code [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($Code))| ` | |
out-file -Encoding "ascii" output.ps1 | |
notepad.exe .\output.ps1 |
Recover an Intune PowerShell script with the code below
I’ve developed a simple script that you can use to restore any Intune PowerShell script(s). In addition, the screen recording below shows you an example of how you need to use the script.
Note – You need to install the module MSAL.PS and use Powershell 7 or higher.
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory=$true)][String]$TenantName | |
) | |
$authParams = @{ | |
clientId = '53405005-160e-44e4-a86a-8feb23429cf6' #well known intune / graph application | |
tenantId = "$TenantName" | |
Interactive = $true | |
DeviceCode = $true | |
} | |
$token = Get-MsalToken @authParams | |
$graphApiVersion = "beta"; | |
$resource = "/deviceManagement/deviceManagementScripts"; | |
$headers = @{ | |
"Authorization" = "Bearer $($token.AccessToken )"; | |
"Content-Type" = "application/json"; | |
} | |
#region Get all device policies | |
$Scripts = Invoke-RestMethod -Uri "https://graph.microsoft.com/$($graphApiVersion)/$($resource)" -Method Get -Headers $headers -UseBasicParsing; | |
"Found $($Scripts.value.Count) script"; | |
$ContentID = ($scripts.value | select DisplayName,ID | out-gridview -PassThru).ID | |
$Content = Invoke-RestMethod -Uri "https://graph.microsoft.com/$($graphApiVersion)/$($resource)/$ContentID" -Method Get -Headers $headers -UseBasicParsing; | |
#Decrypt Base64 and export | |
$EncodedText = $content.scriptcontent | |
$DecodedText = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($EncodedText)) | |
$DecodedText | out-file $env:temp\PowerShell-script.ps1 -Force | |
Notepad.exe $env:temp\PowerShell-script.ps1 |
Conclusion
In conclusion, the Intune GUI cannot export the Intune PowerShell scripts. However, it’s possible to do this if you use the absolute power of the Graph. The Fiddler tool is a helpful tool to see which API calls Microsoft is using in the background, like retrieve information like the script content block. Return to this blog to read more about these topics.
One comment