The M365Documentation PowerShell module is extended with new incredible functions:
Thank you @ylepine for the contribution to support Intune Settings catalog!
Additionally, a few bugfixes and smaller improvements were made. Not change is the list of supported systems which can be documented:
- Microsoft Endpoint Manager / Intune
- Azure AD
- Microsoft Cloud Print
- Microsoft Information Protection
- Windows 365 (CloudPC)
The Automatic Microsoft 365 Documentation PowerShell Module is available in the PowerShell Gallery and therefore its simple to install and use. You can just use these commands to create your first documentation:
Install-Module MSAL.PS
Install-Module PSWriteWord
Install-Module M365Documentation
# Connect to your tenant
Connect-M365Doc
# Collect information for component Intune as an example
$doc = Get-M365Doc -Components Intune -ExcludeSections "MobileAppDetailed"
# Output the documentation to a Word file
$doc | Write-M365DocWord -FullDocumentationPath "c:\temp\$($doc.CreationDate.ToString("yyyyMMddHHmm"))-WPNinjas-Doc.docx"More and advanced use cases are documented on github: M365Documentation/AdvancedUsage.md
Feedback
Feedback is important to improve the solution in the future, therefore you can just submit feature requests or issues via Github Issues.
Principal Security Consultant | MVP at baseVISION AG
I’m a consultant, trainer and architect for modern workplace and enterprise mobility projects with Microsoft Technologies in the past ten years. I love to push and design the modern workplace based on Microsoft 365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs.
Latest posts by Thomas Kurth (see all)
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
11 Comments
Daniel · November 29, 2021 at 10:20
Hi Thomas,
I am a beginner in intune as well as IT Admin and have a task by my manager to document everything we have our Intune. Have started by installing all the packages that are in this page and everything went OK but I got stuck when I trying to connect to M365Doc.
I get this :Connect-M365Doc : The ‘Connect-M365Doc’ command was found in the module ‘M365Documentation’, but the module could not be loaded. For more information, run ‘Import-Module M365Documentation’
.
At line:1 char:1
+ Connect-M365Doc
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Connect-M365Doc:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
Import-Module : File C:\Program Files\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\internal\Assert-DirectoryExists.ps1 cannot be loaded because running scripts is disabled on this system. Fo
r more information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ Import-Module M365Documentation
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Import-Module], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.PowerShell.Commands.ImportModuleCommand
Any ideas ?
Thanks.
Thomas Kurth · January 28, 2022 at 22:15
This means that you have to allow scripts with set-executionpolicy before using the module. Perhaps an Admin has restricted PowerShell usage on your system.
trilochan Padhy · January 15, 2022 at 10:39
Hi Thomas,
I been using the same step which you have mentioned above, however getting below error while running : # Collect information for component Intune as an example
$doc = Get-M365Doc -Components Intune -ExcludeSections “MobileAppDetailed”
Invoke-DocGraph : The remote server returned an error: (400) Bad Request.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Collector\Intune\Get-MdmAdmxConfigurationProfile.ps1:24 char:17
+ … $Policies = Invoke-DocGraph -Path “/deviceManagement/groupPolicyConfi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGrap
Donovan · June 23, 2022 at 22:17
PS C:\intune> Install-Module MSAL.PS
PS C:\intune> Install-Module PSWriteWord
PS C:\intune> Install-Module M365Documentation
PS C:\intune> Connect-M365Doc
PS C:\intune> $doc = Get-M365Doc -Components Intune -ExcludeSections “MobileAppDetailed”
Used application does not have sufficiant permission to access: https://graph.microsoft.com/v1.0/organization
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Helper\Invoke-DocGraph.ps1:51 char:13
+ throw “Used application does not have sufficiant permissi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Used applicatio….0/organization:String) [], RuntimeException
+ FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.
com/v1.0/organization
PS C:\intune>
Asish Pasupuleti · November 11, 2022 at 06:27
Hi Thomas, I’m having the exact same issue as Donovan.
Thomas Kurth · November 11, 2022 at 12:11
Are you using a custom app registration in your tenant or the one which is used by default?
Because I verified the scopes which grant the permission are part of the definition.
DeviceManagementServiceConfig.Read.All,
DeviceManagementConfiguration.Read.All
https://learn.microsoft.com/en-us/graph/api/intune-onboarding-organization-list?view=graph-rest-1.0
Please verify if this permission is also part of you Enterprise App in Azure AD.
Shaun · February 20, 2024 at 08:41
Hi Thomas, this is great! however i am running into an issue where only 25 Settings Catalog policies are being exported (i have >40). How can i overcome this? thanks!
Thomas Kurth · February 20, 2024 at 11:46
Do you have any errors or settings name?
Shaun · February 21, 2024 at 01:20
The report is generated but there is indeed an error as follows:
Get-GroupInfo : Cannot bind argument to parameter ‘Groups’ because it is null.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MobileApp.ps1:53
char:50
+ $DocSec2.Objects = Get-GroupInfo -Groups $AppGroups
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-GroupInfo], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Get-GroupInfo
Thank you for your help
Gerardo Hernandez · May 28, 2024 at 21:08
Im facing the following error and my app registration have all the permissions but they are delegated, do they need to be application permissions?
Used application does not have sufficiant permission to access: https://graph.microsoft.com/v1.0/organization
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.3.0\Internal\Helper\Invoke-DocGraph.ps1:62 char:13
+ throw “Used application does not have sufficiant permissi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Used applicatio….0/organization:String) [], RuntimeException
+ FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.
com/v1.0/organization
Thomas Kurth · July 25, 2024 at 22:45
Yes, this error is known but should not block you from creating a documentation. It tries to get the Organization Name but in delegated Scenario this is only possible if the used user has also specific permissions as you can see in this docs article https://learn.microsoft.com/en-us/graph/api/organization-list?view=graph-rest-1.0&tabs=http