wipash/aad_export.yaml

## aad_export.yaml
name: Azure AD Config Backup

on:
  workflow_dispatch:

  # Runs daily at 4pm UTC
  schedule:
    - cron: "0 16 * * *"

permissions:
  id-token: write
  contents: write

jobs:
  backup-aad-config:
    name: Backup Azure AD Config
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v3

      - name: Azure Login using OIDC
        uses: azure/login@v1
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          enable-AzPSSession: true
          allow-no-subscriptions: true

      - name: Log in to MS Graph and back up Azure AD
        uses: Azure/powershell@v1
        with:
          azPSVersion: "latest"
          inlineScript: |
            ## Install MS Graph auth module, and log in to MS Graph
            Install-Module Microsoft.Graph.Authentication -Scope CurrentUser -Force
            $token = Get-AzAccessToken -ResourceTypeName MSGraph
            Connect-MgGraph -AccessToken $token.Token
            Get-MgContext
            $global:TenantID = (Get-MgContext).TenantId

            ## Ensure output folder exists, and remove existing output files
            Write-Host '## Cleaning out output folder'
            $OutputPath = Join-Path $env:GITHUB_WORKSPACE -ChildPath 'AAD Config'
            [System.IO.Directory]::CreateDirectory($OutputPath) | Out-Null
            Get-ChildItem $OutputPath | Remove-Item -Recurse -Force

            ## Install AzureADExporter
            Write-Host '## Installing AzureADExporter'
            # Install-Module AzureADExporter -Scope CurrentUser -Force
            #### Temporary fix ####
            git clone https://github.com/wipash/azureadexporter --branch recursion-fix ../azureadexporter
            Import-Module ../azureadexporter/src/AzureADExporter.psd1 -Force
            #######################

            ## Export AAD Config
            Write-Host '## Exporting Azure AD config'
            Write-Host "# Export-AzureAD -Path $OutputPath -Type 'AccessReviews', 'ConditionalAccess', 'Groups', 'Applications', 'B2C', 'B2B', 'AppProxy', 'Organization', 'Domains', 'EntitlementManagement', 'Policies', 'AdministrativeUnits', 'SKUs', 'Identity', 'Roles', 'Governance'"
            Export-AzureAD -Path $OutputPath -Type 'AccessReviews', 'ConditionalAccess', 'Groups', 'Applications', 'B2C', 'B2B', 'AppProxy', 'Organization', 'Domains', 'EntitlementManagement', 'Policies', 'AdministrativeUnits', 'SKUs', 'Identity', 'Roles', 'Governance'

      - name: Commit changes
        uses: EndBug/add-and-commit@v9
        with:
          message: Update Azure AD configuration
          default_author: github_actions
	name: Azure AD Config Backup

	on:
	workflow_dispatch:

	# Runs daily at 4pm UTC
	schedule:
	- cron: "0 16 * * *"

	permissions:
	id-token: write
	contents: write

	jobs:
	backup-aad-config:
	name: Backup Azure AD Config
	runs-on: windows-latest
	steps:
	- uses: actions/checkout@v3

	- name: Azure Login using OIDC
	uses: azure/login@v1
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	enable-AzPSSession: true
	allow-no-subscriptions: true

	- name: Log in to MS Graph and back up Azure AD
	uses: Azure/powershell@v1
	with:
	azPSVersion: "latest"
	inlineScript: \|
	## Install MS Graph auth module, and log in to MS Graph
	Install-Module Microsoft.Graph.Authentication -Scope CurrentUser -Force
	$token = Get-AzAccessToken -ResourceTypeName MSGraph
	Connect-MgGraph -AccessToken $token.Token
	Get-MgContext
	$global:TenantID = (Get-MgContext).TenantId

	## Ensure output folder exists, and remove existing output files
	Write-Host '## Cleaning out output folder'
	$OutputPath = Join-Path $env:GITHUB_WORKSPACE -ChildPath 'AAD Config'
	[System.IO.Directory]::CreateDirectory($OutputPath) \| Out-Null
	Get-ChildItem $OutputPath \| Remove-Item -Recurse -Force

	## Install AzureADExporter
	Write-Host '## Installing AzureADExporter'
	# Install-Module AzureADExporter -Scope CurrentUser -Force
	#### Temporary fix ####
	git clone https://github.com/wipash/azureadexporter --branch recursion-fix ../azureadexporter
	Import-Module ../azureadexporter/src/AzureADExporter.psd1 -Force
	#######################

	## Export AAD Config
	Write-Host '## Exporting Azure AD config'
	Write-Host "# Export-AzureAD -Path $OutputPath -Type 'AccessReviews', 'ConditionalAccess', 'Groups', 'Applications', 'B2C', 'B2B', 'AppProxy', 'Organization', 'Domains', 'EntitlementManagement', 'Policies', 'AdministrativeUnits', 'SKUs', 'Identity', 'Roles', 'Governance'"
	Export-AzureAD -Path $OutputPath -Type 'AccessReviews', 'ConditionalAccess', 'Groups', 'Applications', 'B2C', 'B2B', 'AppProxy', 'Organization', 'Domains', 'EntitlementManagement', 'Policies', 'AdministrativeUnits', 'SKUs', 'Identity', 'Roles', 'Governance'

	- name: Commit changes
	uses: EndBug/add-and-commit@v9
	with:
	message: Update Azure AD configuration
	default_author: github_actions