[FEATURE] Backup activation lock bypass code (iOS/iPadOS/macOS)

[twigie4]

Is your feature request related to a problem? Please describe. When iOS/iPadOS/macOS devices expire out of Intune due to inactivity the Activation Lock bypass code is lost, if one of these devices is then located and powered back on it is then difficult to remove Activation Lock

Describe the solution you'd like IntuneCD to backup Activation Lock bypass codes so that they can be recovered and used.

[almenscorner]

Hi, do you know which Graph endpoint used to get these codes?

[twigie4]

Hi, do you know which Graph endpoint used to get these codes?

It appears that the Activation Lock Bypass code is present in the "List managedDevices" endpoint - https://learn.microsoft.com/en-us/graph/api/intune-devices-manageddevice-list?view=graph-rest-1.0&tabs=http

"activationLockBypassCode": "Activation Lock Bypass Code value",

[almenscorner]

This feature is now included in the latest beta, please do a test run and verify that the bypass codes is backed up to a folder named Activation Lock Bypass Codes.

To test, install the latest beta: pip3 install IntuneCD==2.0.9b1

Run a backup including the argument --activationlock.

Note that depending on the size of your env the backup of these codes might take awhile as the codes must be grabbed from each device individually. The requests are batched but still takes some time.

[twigie4]

Hey there, I've attempted to run this with the latest beta and including that argument however this version of IntuneCD seems to cause the bug that some others are encountering - https://github.com/almenscorner/IntuneCD/issues/120

The GA version of IntuneCD doesn't cause this behaviour for us.

[almenscorner]

Interesting, and you're not running the beta in a different way like interactive auth vs app auth, including vs not including exclusions etc.?

Nothing in this version has changed when it comes to calling the endpoint where the others have the permission issue