Setting up and trying the new Windows Backup for Organizations in Intune (with video) and how to make it a more “complete” backup solution.

Recently the Windows Backup and Restore (preview) showed up in preview in the Intune portal.

When I first heard about it I was like “This is really cool!” and then when I understood what it actually was I was like “Hmm… is this just crap?” and then I thought about it some more and went “Maybe this isn’t so bad?”. I’ll tell you all about it below!

What this feature actually is and what it should have been named

As some folks already mentioned, the name of this is kind of misleading. This really isn’t a complete backup solution since it doesn’t backup any files, think of it more as a personlization and settings backup feature. I don’t necessarily think it’s a bad feature though if used in the right way.

In my opinion this should be called “Windows Personalization and Settings backup” or something in order to not confuse people.

This backup feature has a bunch of settings included and they are all specified in this article on Microsoft Learn if you want to read more (basically it includes ALL personal settings a user can do on a device).

How this backup feature combined with OneDrive, Teams and Sharepoint actually is a good complement!

If your users are utilizing OneDrive, Teams and Sharepoint as their primary places to handle files and documents, I really think this is a good complement to be able to restore devices. When I got back from vacation in August I wiped my work computer to get rid of a bunch of old stuff (from labbing and so on) and I didn’t have to worry about any files disappearing since everything was in OneDrive, Sharepoint or Teams. What I had to do though, was configure all my personal settings again such as pinned apps in the menubar and start menu, lanuage, mouse speed etc.

I highly recommend combining this with a well thought out OneDrive policy from Intune to ensure your users are always using OneDrive to store their personal files and that KFM (known folder move) is enabled . This is an example of how I like to set it up:

This is a good baseline for a OneDrive intune policy in my opinion:

What this policy does:

• Starts OneDrive and automatically signs users in using their Windows credentials
• Silently moves known folders to OneDrive and if it the silent move fails, the user will get prompted to move them. Once moved, the user can’t redirect them back to their computer.
• Use OneDrive Files On-Demand to free up as much space for the user as you can.
• Prevent users from syncing personal accounts or accounts from other organizations (in case they have that). This ensures they can only save their data to the organization that the device belongs to.

OPTIONALLY you could also sync Sharepoint sites to file explorer using the Configure team site libraries to sync automatically. However, Microsoft is encouraging users to use the “Add shortcut to OneDrive” button instead of syncing your sites (the sync button is even kind of “hidden” now compared to how it used to be). You should also know that this policy is extremely sensitive and can take up to 8 hours to sync (if you don’t do some regedit changes with Powershell). Personally I would skip this and just encourage users to work with Sharepoint in their browser, use “Add shortcut to OneDrive” or sync the sites that they want in file explorer by themself.

Prerequisites

I’m lazy so here are the prereqs for Windows backup for organizations directly from Microsoft Learn:

Setting it up in Intune

First go to Enrollment > Windows Backup and Restore (preview) > set “Show restore page” to On

You also need the following settings catalog available in Administrative Templates\Windows Components\Sync your settings in order to enable the Windows backup app on your devices:

If you want to control which settings the user is allowed to backup there is a bunch of limtations you can set. For now, I’m happy with just enabling it:

User experience (with video) and some important notes

By default this policy creates a schedueled task to run every 8 days to backup settings and it seems that it runs directly when the policy applies as well. Users can view and change their backup settings in Settings > Account > Windows Backup.

They can manually trigger a backup by opening the Windows Backup app.

Below is a video showing the user doing a backup on one device and then enrolling another device again after it has been wiped. The nice part about this backup is that it’s tied to the Entra ID user hence why it shows up during the OOBE.

Below are some important things I noticed while testing this:

• The backup stage happens before the ESP. So if your devices goes straight to the ESP without showing available backups if the user has any, something probably went wrong.
• I had more consistency when assigning the settings catalog to the dynamic Autopilot group, rather than a user group.
• When the backup failed in the video, I couldn’t find WHAT actually failed in the Windows Backup app (this is hopefully fixed before leaving preview, but I still wanted to point that out).
• As you see in the video on the restore page, it remembered my two most recent device backups from two different devices which is really nice if you have multiple devices.

Final thoughts

Overall I think that this is a good feature and I can see what purpose it fills. There is still a bit of stability needed for consistency, but that’s expected since it’s in preview.

If you have all your apps and configurations in Intune and your users primarly utilize cloud services (OneDrive, Sharepoint, Teams etc) and this backs up all your users personal settings you have pretty much the full scope. However I know that this is not always the case in real world scenarios, so in a lot of (most) cases I would recommend some kind of real backup solution and not solely rely on this. Also, a name change would be great before feature leaves preview.

Also I think this could be really useful for users planning on wiping their device to start clean when going from Windows 10 to 11. Atleast I hope users that are still on Windows 10 is planning for that as October is just around the bend now….

Thanks for reading this far, until next time!