The M365Documentation PowerShell module is extended with new incredible functions:
Thank you @ylepine for the contribution to support Intune Settings catalog!
Additionally, a few bugfixes and smaller improvements were made. Not change is the list of supported systems which can be documented:
- Microsoft Endpoint Manager / Intune
- Azure AD
- Microsoft Cloud Print
- Microsoft Information Protection
- Windows 365 (CloudPC)
The Automatic Microsoft 365 Documentation PowerShell Module is available in the PowerShell Gallery and therefore its simple to install and use. You can just use these commands to create your first documentation:
Install-Module MSAL.PS
Install-Module PSWriteWord
Install-Module M365Documentation
# Connect to your tenant
Connect-M365Doc
# Collect information for component Intune as an example
$doc = Get-M365Doc -Components Intune -ExcludeSections "MobileAppDetailed"
# Output the documentation to a Word file
$doc | Write-M365DocWord -FullDocumentationPath "c:\temp\$($doc.CreationDate.ToString("yyyyMMddHHmm"))-WPNinjas-Doc.docx"More and advanced use cases are documented on github: M365Documentation/AdvancedUsage.md
Feedback
Feedback is important to improve the solution in the future, therefore you can just submit feature requests or issues via Github Issues.
Principal Security Consultant | MVP at baseVISION AG
I’m a consultant, trainer and architect for modern workplace and enterprise mobility projects with Microsoft Technologies in the past ten years. I love to push and design the modern workplace based on Microsoft 365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs.
Latest posts by Thomas Kurth (see all)
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
9 Comments
Daniel · November 29, 2021 at 10:20
Hi Thomas,
I am a beginner in intune as well as IT Admin and have a task by my manager to document everything we have our Intune. Have started by installing all the packages that are in this page and everything went OK but I got stuck when I trying to connect to M365Doc.
I get this :Connect-M365Doc : The ‘Connect-M365Doc’ command was found in the module ‘M365Documentation’, but the module could not be loaded. For more information, run ‘Import-Module M365Documentation’
.
At line:1 char:1
+ Connect-M365Doc
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Connect-M365Doc:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
Import-Module : File C:\Program Files\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\internal\Assert-DirectoryExists.ps1 cannot be loaded because running scripts is disabled on this system. Fo
r more information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ Import-Module M365Documentation
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Import-Module], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.PowerShell.Commands.ImportModuleCommand
Any ideas ?
Thanks.
Thomas Kurth · January 28, 2022 at 22:15
This means that you have to allow scripts with set-executionpolicy before using the module. Perhaps an Admin has restricted PowerShell usage on your system.
trilochan Padhy · January 15, 2022 at 10:39
Hi Thomas,
I been using the same step which you have mentioned above, however getting below error while running : # Collect information for component Intune as an example
$doc = Get-M365Doc -Components Intune -ExcludeSections “MobileAppDetailed”
Invoke-DocGraph : The remote server returned an error: (400) Bad Request.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Collector\Intune\Get-MdmAdmxConfigurationProfile.ps1:24 char:17
+ … $Policies = Invoke-DocGraph -Path “/deviceManagement/groupPolicyConfi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGrap
Donovan · June 23, 2022 at 22:17
PS C:\intune> Install-Module MSAL.PS
PS C:\intune> Install-Module PSWriteWord
PS C:\intune> Install-Module M365Documentation
PS C:\intune> Connect-M365Doc
PS C:\intune> $doc = Get-M365Doc -Components Intune -ExcludeSections “MobileAppDetailed”
Used application does not have sufficiant permission to access: https://graph.microsoft.com/v1.0/organization
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Helper\Invoke-DocGraph.ps1:51 char:13
+ throw “Used application does not have sufficiant permissi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Used applicatio….0/organization:String) [], RuntimeException
+ FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.
com/v1.0/organization
PS C:\intune>
Asish Pasupuleti · November 11, 2022 at 06:27
Hi Thomas, I’m having the exact same issue as Donovan.
Thomas Kurth · November 11, 2022 at 12:11
Are you using a custom app registration in your tenant or the one which is used by default?
Because I verified the scopes which grant the permission are part of the definition.
DeviceManagementServiceConfig.Read.All,
DeviceManagementConfiguration.Read.All
https://learn.microsoft.com/en-us/graph/api/intune-onboarding-organization-list?view=graph-rest-1.0
Please verify if this permission is also part of you Enterprise App in Azure AD.
Shaun · February 20, 2024 at 08:41
Hi Thomas, this is great! however i am running into an issue where only 25 Settings Catalog policies are being exported (i have >40). How can i overcome this? thanks!
Thomas Kurth · February 20, 2024 at 11:46
Do you have any errors or settings name?
Shaun · February 21, 2024 at 01:20
The report is generated but there is indeed an error as follows:
Get-GroupInfo : Cannot bind argument to parameter ‘Groups’ because it is null.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MobileApp.ps1:53
char:50
+ $DocSec2.Objects = Get-GroupInfo -Groups $AppGroups
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-GroupInfo], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Get-GroupInfo
Thank you for your help