WPNinjas HeaderWPNinjas Header

Automatic Intune Documentation evolves to Automatic Microsoft 365 Documentation

One of the biggest pain points of many companies is the documentation of their infrastructure. With the fast changing products/features it’s more important to have an accurate documentation. The Automatic Microsoft 365 Documentation is the successor of the Automatic Intune Documentation which provides many advantages. It’s no longer a simple script and you can interact with the collected data. 

General use

The Automatic Microsoft 365 Documentation PowerShell Module is available in the PowerShell Gallery and therefore its simple to install and use. You can just use these commands:
Install-Module MSAL.PS
Install-Module PSWriteWord
Install-Module M365Documentation
This example covers basic functionality for interactive usage. Advanced use cases like creating your own app registration for silent execution or translating API names is covered in the advanced usage section.
# Connect to your tenant

# Collect information for component Intune as an example 
$doc = Get-M365Doc -Components Intune -ExcludeSections "MobileAppDetailed"

# Output the documentation to a Word file
$doc | Write-M365DocWord -FullDocumentationPath "c:\temp\$($doc.CreationDate.ToString("yyyyMMddHHmm"))-WPNinjas-Doc.docx"

Another example: detect deviations

From the community I got back many feedbacks for new features to allow them to fulfill their requirements. Some of them were also pretty useful for me and therefore I would like to highlight one of them directly in this blog.

From time to time you would like to see if something has changed in your environment. The Azure/Microsoft 365 Audit logs provide not always all information to fully understand the changes. Here the documentation module can help with the option to backup the whole configuration to a json file. These json files can be compared with a webservice like http://www.jsondiff.com/.

You can collect all information like normal, but then use the Write-M365DocJson Cmdlet to save the configuration in a comparable format:

# Connect to your tenant

# Collect information for component Intune as an example 
$doc = Get-M365Doc -Components Intune -ExcludeSections "MobileAppDetailed"

# Output the documentation to a Word file
$doc | Write-M365DocJson -FullDocumentationPath "c:\temp\$($doc.CreationDate.ToString("yyyyMMddHHmm"))-WPNinjas-Doc.json"

The result looks pretty good:

Support translation process

Tto simplify the translation process I added a UI which is able to show and submit your contribution to the project. A step by step guide is available on the project page.

Follow me


Donovan Sobrero · May 26, 2021 at 17:33

NetNew: after install the 3 required modules msal.ps, pswriteword, m365documenation modules without issue in PS7.1.3 I’m not able to issue the command “connect-m365doc”

Get-MsalToken: C:\Users\sobre\Documents\PowerShell\Modules\MSAL.PS\\Get-MsalToken.ps1:304
Line |
304 | … ionResult = Get-MsalToken -Interactive -PublicClientApplication $Publ …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Only loopback redirect uri is supported, but
| msal37f82fa9-674e-4cae-9286-4b21eb9a6389://auth/ was found. Configure
| http://localhost or http://localhost:port both during app registration and when
| you create the PublicClientApplication object. See
| https://aka.ms/msal-net-os-browser for details

    Thomas Kurth · June 13, 2021 at 08:25

    Have you used your own App Registration or my Public Client?

    I have now added http://localhost in my Public client. So you can test it again.

Leon Scott · May 30, 2021 at 09:18

You forgot to mention to enable the application inside your tenant if you have apps set as after approval only.

    Thomas Kurth · June 13, 2021 at 08:21

    Yes this is correct. In this case you can also create your own app registration in your tenant. Then you are under full control.

Brendan · June 2, 2021 at 05:36

error when running following command after approving permissions

PS C:\WINDOWS\system32> $doc = Get-M365Doc -Components Intune -ExcludeSections “MobileAppDetailed”
Used application does not have sufficiant permission to access: https://graph.microsoft.com/v1.0/organization
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.0.3\Internal\Helper\Invoke-DocGraph.ps1:51 char:13
+ throw “Used application does not have sufficiant permissi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Used applicatio….0/organization:String) [], RuntimeException
+ FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.

    Thomas Kurth · June 13, 2021 at 08:28

    Have you used an own app registration? If yes which scopes have you added?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.