This blogpost helps you to recover scripts in Intune, in case you forgot to save your script or want to recover the source of a script.
For various management tasks, I use scripts in Intune to get things done on my AzureAD Joined clients. Although nowadays I would first look for a solution via a Remediation Script, using the basic scripts remains very useful. A few advantages of using a basic script are the choice to run scripts under User Context or System Context and the accessibility to quickly fix something. But there are also disadvantages. If you deploy a script without any control, you do not know whether the outcome will be successful on the local device. Once the script has been imported, you can no longer trace the source. Or is it?
Table of Contents
Basic scripts in Intune: where’s the source? And how to recover scripts
When you create a script in Intune, you first enter a name that describes what the script does. Ideally, you use a pre-agreed naming convention for this.
On the next page you upload the script from your local device. If the upload is successful, you will receive a notification at the top right that also states the file size.
At the 4th step, Assignments, make sure you select a dynamic device group or dynamic user group. This may save you lots of manual work in the long run.
Then you complete the wizard, and everything is fine.
UNTIL you realize that you need to make changes to the script, or want to look back at the exact contents of the script. For example, because the upload was done by a colleague and you do not have access to the original source on his computer.
There is no download option from the Intune portal. Are you lost now? No Fortunately not. In the paragraph below you can read how to recover the source information of the script.
Recover the source of an Intune script
Here’s how to recover the sources of your Intune script. Make sure you have appropriate permissions. Intune Administrator should be fine 😉
- In the Intune Portal, navigate to the script. Locate and copy the ID in the URL bar. In this example, I marked the ID of my script: https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/ConfigureWMPolicyMenuBlade/~/properties/policyId/2b3dsa890-12ab-5d2a-bb4c-5eba20c69f12/policyType~/0
- Navigate to the Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer
- At the top right, make sure to Sign In with your account that has Intune permissions granted
- 4a. Make sure GET and beta is selected
4b. Enter the following query address: https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/YOUR ID FROM STEP 1
4c. Make sure the display name reflects the script you want to recover
4d. Copy the script context
- As you can see in step 4d, the script content is pretty unreadable for a human being, It’s base64-encoded. To decode you can use an online Base64 decoder. But you could also use Visual Studio Code and install a decode extension
Et voila! Here’s the original source of your Intune script.
It’s fairly easy to recover a script in Intune. Once you know the steps. Unfortunately, there’s no better way to get back your content. I would advise to maintain a centralized folder, i.e. Sharepoint, to store all your scripts. If you’re in a large team, it may be difficult to stay sharp and archive every script in a specific location. Especially in a dynamic and time pressure environment, mistakes lure. In that case, this recovery blog post might save your day sometimes 🙂