Introduction
Does it sound familiar if I would say that you have created a PowerShell script in the past, uploaded this particular PowerShell script in Endpoint Manager, and now you want to make changes or want to re-use the PowerShell script but you didn’t save it? No worries, at least we’ve both dealt with this situation. Microsoft doesn’t offer a download “script” button, so we have to make use of a PowerShell script that uses Graph to export these scripts. Follow the below steps to export PowerShell script from Endpoint Manager
Install the below modules
- MSAL.PS (this module is required to gain a token from Azure AD) Installation can also be done through PowerShell 7 with the below command.
Install-Module -Name MSAL.PS
Make sure that you Install PowerShell 7 instead of the previous version
Receive the PowerShell scripts
Save the below PowerShell script to a location on your client.
[CmdletBinding()]
Param (
[Parameter(Mandatory=$true)][String]$TenantName
)
$authParams = @{
clientId = '53405005-160e-44e4-a86a-8feb23429cf6' #well known intune / graph application
tenantId = "$TenantName"
Interactive = $true
DeviceCode = $true
}
$token = Get-MsalToken @authParams
$graphApiVersion = "beta";
$resource = "/deviceManagement/deviceManagementScripts";
$headers = @{
"Authorization" = "Bearer $($token.AccessToken )";
"Content-Type" = "application/json";
}
#region Get all device policies
$Scripts = Invoke-RestMethod -Uri "https://graph.microsoft.com/$($graphApiVersion)/$($resource)" -Method Get -Headers $headers -UseBasicParsing;
"Found $($Scripts.value.Count) script";
$ContentID = ($scripts.value | select DisplayName,ID | out-gridview -PassThru).ID
$Content = Invoke-RestMethod -Uri "https://graph.microsoft.com/$($graphApiVersion)/$($resource)/$ContentID" -Method Get -Headers $headers -UseBasicParsing;
#Decrypt Base64 and export
$EncodedText = $content.scriptcontent
$DecodedText = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($EncodedText))
$DecodedText | out-file $env:temp\PowerShell-script.ps1 -Force
Notepad.exe $env:temp\PowerShell-script.ps1
This script is developed by Tristan and can also be downloaded from GitHub.
Connect with the Azure AD Tenant
Now that we have installed the two required modules and have saved the upper PowerShell script, we need to run it.
.\<name of the powershellscript>.ps1 -Tenantname <your tenant name>.onmicrosoft.com
Give consent to the IntuneGraph application
It will now ask you to browse to https://microsoft.com/devicelogin and will ask you to enter the code that you can find in the PowerShell window. The next step is to authenticate through the browser and give consent. Don’t consent on behalf of your organization. After we have given the consent, we can see that there were found scripts. In my case, 11 in total.
Now that you have authenticated, it will ask you which PowerShell scripts you want to export. You can select more than one and then click on ok in the right bottom corner to download the PowerShell script. It will open in a new Notepad window.
It’s very common that you will need to change or re-use a PowerShell script, hope this blog helped you.