TenuVault
Skip to main content
10 min read

Getting Started with TenuVault

Welcome to TenuVault, the comprehensive backup and recovery solution for Microsoft Intune configurations. This guide will help you understand what TenuVault is, why you should use it, and how to get started quickly.

Table of Contents

  • What is TenuVault?
  • Why Use TenuVault?
  • Key Features
  • Deployment Options
  • Prerequisites
  • Quick Start
  • Next Steps

    What is TenuVault?

    TenuVault (formerly IntuneSnap) is an open-source backup and recovery solution designed specifically for Microsoft Intune configurations. It provides automated, scheduled backups of your entire Intune environment, ensuring you can recover from accidental changes, configuration drift, or compliance violations.

    Unlike traditional backup solutions, TenuVault is purpose-built for Intune, understanding the complex relationships between policies, configurations, and compliance settings. It stores your backups in your own Azure storage account, giving you complete control over your data.

    The Problem TenuVault Solves

    Microsoft Intune is powerful but lacks native backup capabilities. Without proper backups:

  • Accidental policy deletions can affect thousands of devices
  • Configuration changes are difficult to track and reverse
  • Compliance audits become challenging without historical data
  • Disaster recovery is nearly impossible

    TenuVault fills this critical gap by providing enterprise-grade backup capabilities while remaining completely free and open-source.

    Why Use TenuVault?

    Complete Data Sovereignty

Your backups never leave your Azure environment. All data is stored in your own storage accounts, encrypted with your keys, and accessible only by you. There's no third-party cloud, no external dependencies, and no vendor lock-in.

Zero Cost

TenuVault is 100% free and open-source. You only pay for the Azure resources you consume (storage and automation), which typically costs less than $10 per month for most organizations.

Comprehensive Coverage

TenuVault backs up your entire Intune configuration:
  • Device Configuration Policies
  • Compliance Policies
  • Application Protection Policies
  • Conditional Access Policies
  • Windows Autopilot Profiles
  • Enrollment Restrictions
  • Group Policy Analytics
  • Scripts and Proactive Remediations
  • Applications and Assignments
  • Administrative Templates
  • Security Baselines
  • Update Rings
  • And much more

    Enterprise Features

Despite being free, TenuVault includes enterprise-grade features:
  • Automated Scheduling: Set it and forget it with customizable backup schedules
  • Drift Detection: Automatically detect and alert on configuration changes
  • Multi-Tenant Support: Manage backups for multiple Intune tenants from one portal
  • Point-in-Time Recovery: Restore configurations from any backup point
  • Audit Trail: Complete logging of all backup and restore operations
  • Role-Based Access: Control who can view and restore backups

    Key Features

    1. Automated Backups

Schedule backups to run hourly, daily, or weekly. The automation runs entirely in your Azure environment using Azure Automation runbooks, ensuring reliability and security.

2. Configuration Drift Detection

Compare current configurations against previous backups to identify unauthorized or accidental changes. Get alerts when critical policies are modified.

3. Selective Restoration

Don't restore everything - choose specific policies or configurations to restore. Preview changes before applying them to avoid unintended consequences.

4. Compliance Reporting

Generate reports showing configuration changes over time. Perfect for compliance audits and change management documentation.

5. Multi-Tenant Management

If you manage multiple organizations or have a complex Azure AD structure, TenuVault can handle multiple tenants from a single deployment.

6. Version Control

Every backup is versioned and timestamped. Track changes over time and understand who made what changes when.

Deployment Options

TenuVault offers two deployment models to suit different needs:

Option 1: PowerShell Module (Simple)

Perfect for:

  • Small to medium organizations
  • Quick, one-time backups
  • Simple command-line operations
  • Minimal setup requirements

    The PowerShell module provides core backup functionality through simple commands. Install it from the PowerShell Gallery and start backing up in minutes.

    Key Commands:

powershell

Install the module

Install-Module -Name TenuVault
Create a backup

New-IntuneBackup -TenantId "your-tenant-id"
Restore from backup

Restore-IntuneBackup -BackupPath "path-to-backup"

Option 2: TenuVault Cloud Portal (Advanced)

Perfect for:

  • Large enterprises
  • Multiple tenant management
  • Teams requiring web interface
  • Advanced features like drift detection

    The TenuVault Cloud Portal is a secure SaaS solution that manages your backups while keeping all data in YOUR Azure tenant. You get enterprise features without hosting any infrastructure.

    How It Works:

  • TenuVault Portal runs as a secure cloud service
  • Your backup data stays in YOUR Azure Storage Account
  • Automation runs in YOUR Azure Automation Account
  • You maintain complete control and data sovereignty
  • No data ever leaves your Azure environment

    Portal Features:

  • Web-based dashboard (SaaS)
  • Real-time backup monitoring
  • Drift detection and alerts
  • Multi-user access with RBAC
  • Advanced scheduling options
  • Detailed audit logs
  • Zero infrastructure to manage

    Feature Comparison

    FeaturePowerShell ModuleTenuVault Cloud Portal
Basic BackupYesYes
RestorationYesYes
SchedulingManual/Task SchedulerAutomated
Web InterfaceNoYes (SaaS)
Drift DetectionNoYes
Multi-TenantManualAutomated
User ManagementNoYes
Audit LogsBasicAdvanced
NotificationsNoYes
Data LocationYour AzureYour Azure
InfrastructureNoneNone (SaaS)
Setup Time5 minutes30 minutes
Best ForSimple needsEnterprise

Prerequisites

Before deploying TenuVault, ensure you have:

Required Permissions

  • Azure Subscription: An active Azure subscription where resources will be deployed
  • Azure AD Role: Global Administrator or Application Administrator to create app registrations
  • Intune Role: Intune Service Administrator or Global Administrator for backup operations

    Technical Requirements

  • Browser: Modern browser (Chrome, Edge, Firefox, Safari) for portal access
  • PowerShell: Version 7.0 or higher for PowerShell module
  • Azure Resources (Portal deployment):
- Storage Account (created during setup) - Automation Account (created during setup) - App Service Plan (if using web portal)

Intune Configuration

  • Active Microsoft Intune subscription
  • At least one configured policy or profile to backup
  • Microsoft Graph API access enabled

    Estimated Costs

  • Storage: ~$0.02 per GB per month
  • Automation: ~$0.002 per job execution
  • Total: Typically $5-10 per month for most organizations

    Quick Start

    For PowerShell Module (5 minutes)

    1. Install the Module

powershell
   Install-Module -Name TenuVault -Scope CurrentUser

2. Connect to Azure 

powershell
   Connect-AzAccount
   Connect-MgGraph -Scopes "DeviceManagementConfiguration.Read.All"

3. Run Your First Backup 

powershell
   New-IntuneBackup -OutputPath "C:\IntuneBackups"

That's it! Your Intune configuration is now backed up.

For TenuVault Cloud Portal (30 minutes)

1. Create Azure App Registration - Create app registration in YOUR Azure AD - Grant Microsoft Graph permissions - Create client secret

2. Set Up YOUR Azure Resources - Storage Account (in YOUR subscription) - Automation Account (in YOUR subscription) - All resources remain under YOUR control

3. Connect to TenuVault Portal - Navigate to portal.tenuvault.com - Sign in with Azure AD credentials - Enter YOUR app registration details

4. Configure and Schedule - Add your tenant(s) - Configure backup frequency - Enable drift detection - All backups stored in YOUR storage account

Detailed instructions are available in the Onboarding Guide.

Next Steps

Now that you understand TenuVault's capabilities, here's how to proceed:

1. Choose Your Deployment Model

  • Simple needs? → Start with the PowerShell module
  • Enterprise requirements? → Deploy the full portal

    2. Follow the Appropriate Guide

  • PowerShell Users: Continue with the PowerShell documentation
  • Portal Users: Proceed to the Onboarding Guide

    3. Configure Your First Backup

  • Start with a test tenant if available
  • Verify backup completion
  • Test restoration process

    4. Set Up Production

  • Configure automated schedules
  • Set up notifications
  • Document your backup procedures

    5. Learn Advanced Features

  • Explore Drift Detection
  • Review Best Practices
  • Configure multi-tenant management

    Getting Help

    Documentation

  • Onboarding Guide - Detailed deployment instructions
  • User Guide - Portal navigation and features
  • Troubleshooting Guide - Common issues and solutions

    Community Support

  • GitHub Issues: Report bugs and request features
  • Discord Community: Join discussions with other users
  • Stack Overflow: Search for tagged questions

    Professional Support

While TenuVault is free and open-source, professional support and consulting services are available for enterprise deployments.

Summary

TenuVault provides essential backup capabilities for Microsoft Intune that are missing from the native platform. Whether you choose the simple PowerShell module or the full-featured portal, you'll gain:

- Peace of mind knowing your configurations are safe

  • Compliance with audit and recovery requirements
  • Control over your data and backup processes
  • Savings compared to commercial alternatives

    Ready to protect your Intune environment? Let's get started with the deployment!

    ---

    Continue to the Onboarding Guide for detailed deployment instructions, or explore the User Guide to understand portal features.

Documentation HomeOnboarding Guide