thomaskur / m365documentation Goto Github PK

Issue 1
After installing the pre-reqs - connect-m365doc from admin powershell pulls prompt for login but gives an access issue to a folder. If I grant everyone access to that folder it works.

Issue 2
after login and running $doc = Get-M365Doc -Components Intune (or any component) I get constant errors (regardless if its admin powershell or reg user

I have an urgent need that pulling this data would be nice, if I could get an updated app.

Thanks

i have run the Get-M365Doc and found graph have a limitation of 25 policy
https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies

so it only listed the first 25 policies.

the code should consider whether @odata.nextLink is exist and then continue to pull.
I am looking at the Invoke-DocGraph and it should do something there (maybe)

Not sure whats wrong. I followed the instructions to install the 3 modules. Connect-M365Doc as a global admin and consented to the app permissions request, but when I trying to run Get-M365Doc I receive nothing but errors complaining that properties weren't found.

PS C:\Users\jch> Connect-M365Doc
PS C:\Users\jch> $doc = Get-M365Doc -Components Intune -ExcludeSections @("MobileAppDetailed") New-Object : Cannot find type [Doc]: verify that the assembly containing this type is loaded. At line:32 char:18 + return @(& $origNewObject @psBoundParameters) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidType: (:) [New-Object], PSArgumentException + FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand The property 'Organization' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Functions\Get-M365Doc.ps1:143 char:9 + $Data.Organization = $org.Value.displayName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound The property 'Components' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Functions\Get-M365Doc.ps1:144 char:9 + $Data.Components = $Components + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound The property 'SubSections' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Functions\Get-M365Doc.ps1:145 char:9 + $Data.SubSections = @() + ~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound The property 'CreationDate' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Functions\Get-M365Doc.ps1:146 char:9 + $Data.CreationDate = Get-Date + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound The property 'Translated' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Functions\Get-M365Doc.ps1:147 char:9 + $Data.Translated = $false + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound New-Object : Cannot find type [DocSection]: verify that the assembly containing this type is loaded. At line:32 char:18 + return @(& $origNewObject @psBoundParameters) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidType: (:) [New-Object], PSArgumentException + FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand The property 'Title' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio nProfile.ps1:19 char:5 + $DocSec.Title = "Device Configuration (ADMX)" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound The property 'Text' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio nProfile.ps1:20 char:5 + $DocSec.Text = "This section contains a list of all device config ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound New-Object : Cannot find type [DocSection]: verify that the assembly containing this type is loaded. At line:32 char:18 + return @(& $origNewObject @psBoundParameters) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidType: (:) [New-Object], PSArgumentException + FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand The property 'Title' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio nProfile.ps1:29 char:9 + $DocSecSingleValue.Title = "Settings" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound The property 'Text' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio nProfile.ps1:30 char:9 + $DocSecSingleValue.Text = "" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound The property 'Objects' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio nProfile.ps1:31 char:9 + $DocSecSingleValue.Objects = @() + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound The property 'Transpose' cannot be found on this object. Verify that the property exists and can be set. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio

nProfile.ps1:32 char:9

•     $DocSecSingleValue.Transpose = $false
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException

  • FullyQualifiedErrorId : PropertyNotFound

WARNING: 2023-08-03 18:00:11-05 WARN Error reading ADMX setting - [System.Management.Automation.RuntimeException] The

property 'Objects' cannot be found on this object. Verify that the property exists and can be set.

New-Object : Cannot find type [DocSection]: verify that the assembly containing this type is loaded.

At line:32 char:18

•     return @(& $origNewObject @psBoundParameters)
  

•              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidType: (:) [New-Object], PSArgumentException

  • FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand

The property 'Title' cannot be found on this object. Verify that the property exists and can be set.

At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio

nProfile.ps1:59 char:9

•     $DocSecSingle.Title = $Policy.displayName
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException

  • FullyQualifiedErrorId : PropertyNotFound

The property 'Text' cannot be found on this object. Verify that the property exists and can be set.

At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio

nProfile.ps1:60 char:9

•     $DocSecSingle.Text = $Policy.description
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException

  • FullyQualifiedErrorId : PropertyNotFound

The property 'Objects' cannot be found on this object. Verify that the property exists and can be set.

At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio

nProfile.ps1:61 char:9

•     $DocSecSingle.Objects = $Policy
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException

  • FullyQualifiedErrorId : PropertyNotFound

The property 'Transpose' cannot be found on this object. Verify that the property exists and can be set.

At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\Intune\Get-MdmAdmxConfiguratio

Getting error when running (same error when ran $doc | Write-M365DocWord -FullDocumentationPath "c:\temp$($doc.CreationDate.ToString("yyyyMMddHHmm"))-WPNinjas-Doc.docx")

Connect-M365Doc
$doc | Write-M365DocWord -FullDocumentationPath "c:\temp\WPNinjas-Doc.docx"

Write-M365DocWord : Cannot bind argument to parameter 'Data' because it is null.
At line:2 char:8

• $doc | Write-M365DocWord -FullDocumentationPath "c:\temp\WPNinjas-Doc ...

•    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Write-M365DocWord], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Write-M365DocWord

I just tried installing and then connecting, but I get an error message like below:

New-MsalClientApplication : Cannot convert argument "builder", with value: "Microsoft.Identity.Client.PublicClientAppli

cationBuilder", for "WithDesktopFeatures" to type "Microsoft.Identity.Client.PublicClientApplicationBuilder": "Cannot c
onvert the "Microsoft.Identity.Client.PublicClientApplicationBuilder" value of type "Microsoft.Identity.Client.PublicCl
ientApplicationBuilder" to type "Microsoft.Identity.Client.PublicClientApplicationBuilder"."
At C:\Program Files\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\Select-MsalClientApplication.ps1:56 char:29

• ... plication = New-MsalClientApplication -ErrorAction Stop @paramNewMsal ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [New-MsalClientApplication], MethodException
  • FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument,New-MsalClientApplication

The property 'AppConfig' cannot be found on this object. Verify that the property exists.
At C:\Program Files\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\Select-MsalClientApplication.ps1:88 char:9

•     Write-Debug ('Adding Application with ClientId [{0}] and Redi ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
  • FullyQualifiedErrorId : PropertyNotFoundStrict

Add-MsalClientApplication : Cannot bind argument to parameter 'PublicClientApplication' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\Select-MsalClientApplication.ps1:89 char:35

•     Add-MsalClientApplication $ClientApplication
  

•                               ~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Add-MsalClientApplication], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-MsalClientApplication

The property 'ClientId' cannot be found on this object. Verify that the property exists.
At C:\Program Files\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\Get-MsalToken.ps1:291 char:21

• ... Write-Verbose ('Attempting Silent Authentication to Appli ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
  • FullyQualifiedErrorId : PropertyNotFoundStrict

Get-MsalToken : Cannot bind argument to parameter 'PublicClientApplication' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\Get-MsalToken.ps1:293 char:96

• ... ken -Silent -PublicClientApplication $PublicClientApplication @paramg ...

•                                      ~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Get-MsalToken], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Get-MsalToken

Environment is Windows 11 Enterprise and PSVersion 5.1.22000.653

The module on the PowerShell Gallery is out of date. Several updates and bug fixes have been made to the repo, but these are not reflected in the published module.

Thanks!

Hi,
I have been running into the following errors

New-M365DocAppRegistration Error

`Set-AzureADApplication : Error occurred while executing SetApplication
Code: Request_BadRequest
Message: Property requiredResourceAccess.resourceAccess is invalid.
RequestId: 58c0b738-f6ae-421a-b8df-df961132b408
DateTimeStamp: Fri, 02 Dec 2022 09:45:11 GMT
Details: PropertyName - requiredResourceAccess.resourceAccess, PropertyErrorCode - GenericError
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Helper\Set-AzureADAppPermission.ps1:35
char:9

•     Set-AzureADApplication -ObjectId $childApp.ObjectId -Required ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Set-AzureADApplication], ApiException
  • FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.SetAppl
    ication`

Connect-M365Doc -ClientId $ClientID -ClientSecret (ConvertTo-SecureString $ClientSecret -AsPlainText -Force) -TenantId $TenantID Error

`Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program
Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Collector\Intune\Get-MdmAppleConfiguration.ps1:21
char:23

• ... c.Objects = Invoke-DocGraph -Path "/deviceManagement/applePushNotific ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph`

The final set of errors happen when I believe the script is trying to write out the data. The document gets created, and have your logo but no other data

Get-GroupInfo : Cannot bind argument to parameter 'Groups' because it is an empty array. At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Collector\Intune\Get-MobileApp.ps1:53 char:50 + $DocSec2.Objects = Get-GroupInfo -Groups $AppGroups + ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-GroupInfo], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyArrayNotAllowed,Get-GroupInfo

Convert-Path : Cannot find path 'C:\Windows\system32\202212020149-DemoCompany-M365-Doc.docx' because it does not exist.
At C:\Program Files\WindowsPowerShell\Modules\PSWriteWord\1.1.14\PSWriteWord.psm1:966 char:21

•     $FilePath = Convert-Path -LiteralPath $FilePath
  

•                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ObjectNotFound: (C:\Windows\syst...y-M365-Doc.docx:String) [Convert-Path], ItemNotFoundE
    xception
  • FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.ConvertPathCommand

Test-Path : Cannot bind argument to parameter 'LiteralPath' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\PSWriteWord\1.1.14\PSWriteWord.psm1:967 char:36

•     if (Test-Path -LiteralPath $FilePath) {
  

•                                ~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Test-Path], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.TestPathCom
    mand

Both Paragraph and WordDocument are null
At C:\Program Files\WindowsPowerShell\Modules\PSWriteWord\1.1.14\PSWriteWord.psm1:1326 char:103

• ... graph() } else { throw 'Both Paragraph and WordDocument are null' } }

•                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (Both Paragraph and WordDocument are null:String) [], RuntimeException
  • FullyQualifiedErrorId : Both Paragraph and WordDocument are null

When running: Install-Module M365Documentation

this fails with: WARNING: Unable to resolve package source 'https://www.poshtestgallery.com/api/v2'.

PS C:\temp> Install-Module M365Documentation WARNING: Unable to resolve package source 'https://www.poshtestgallery.com/api/v2'.

This could be linked to this issue: PowerShell/PowerShellGallery#219

Could you deploying to powershellgallery.com as suggested? thanks for your help.

Will the module be updated to work with Powershell Graph SDK? With the deprecation of the Azure AD module, how will this module continue to work?

Hi, did i just not see ah list of correct/allowed components parameters?

Like "Azure AD" in Readme Supported Components section is AzureAD for Powershell!?!

Steve

Hey there. Getting an error when I try to Connect-M365Doc

Get-MsalToken: C:\Users\myusername\Documents\PowerShell\Modules\MSAL.PS\4.21.0.1\Get-MsalToken.ps1:304
Line |
 304 |  … ionResult = Get-MsalToken -Interactive -PublicClientApplication $Publ …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Only loopback redirect uri is supported, but msalxxxredactedxxx://auth/ was
     | found. Configure http://localhost or http://localhost:port both during app registration and when you
     | create the PublicClientApplication object. See https://aka.ms/msal-net-os-browser for details

Any ideas why this may be happening or how to fix? Note, this is with PowerShell 7.

Great stuff, Thomas!

But I'm checking the document and I see that I'm missing the export from the Settings Catalog. And the settings catalog contains for 99% of all the Intune device configuration settings.
Any chance to add this soon?

Have this working fine for the Intune Component but when running for the AzureAD component i get the below output . This is using the built in app registration.

Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Collector\AzureAD\Get-AADPolicy.ps1:140
char:34

• ... .Objects = (Invoke-DocGraph -Path "/identity/continuousAccessEvaluati ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph

After running the Get-M365Doc -Components Intune and Write-M365DocJson commands, when querying the resulting json file I have noticed that groups that are shown as excluded from assignments in the Intune portal are being reported as included.

@ThomasKur
Are there any plans for Exchange Online? Is someone already working on an Exchange Online module?

Hi , trying to generate a report for AIP labels
Not sure which component to use in command line , I.E
When using $doc = Get-M365Doc -Components aip, iam getting errors
Get-M365Doc : Cannot validate argument on parameter 'Components'.
pls advise
TIA
PS any change to add aip/dlp/retention policies into this reporting tool ?

Windows 11. PS Version 7.2.15
follow install instructions
grant permissions as required..

connect-m365doc
$doc = Get-M365Doc -Components Intune -ExcludeSections "MobileAppDetailed"

the below error is returned. This seems to be an graph forbidden error - although the perms are granted for the app.
checking the app logs I can see authentication requests to the app are successful.

Get-MdmAdmxConfigurationProfile.ps1:24
Line |
24 | … $Policies = Invoke-DocGraph -Path "/deviceManagement/groupPolicyConfi …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"error":{"code":"UnknownError","message":"{"ErrorCode":"Forbidden","Message":"{\r\n \"_version\":
| 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support):
| 00000000-0000-0000-0000-000000000000 - Activity ID: 3ea1eab9-de3f-4566-853e-e21a48f28c5e - Url:
| https://fef.msub06.manage.microsoft.com/GroupPolicy/GroupPolicyAdminService/b15c97ad-ffff-2381-1005-101803302442/deviceManagement/groupPolicyConfigurations?api-version=5018-11-06\\\",\\r\\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{\\\"WWW-Authenticate\\\":\\\"Bearer realm=\\\\\\\"urn:intune:service,e222d5da-8504-4631-88ef-3a3318f7dc07,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7,3e9c57b9-808d-4aa0-9500-4b2d369279e7\\\\\\\"\\\"}\"\r\n}","Target":null,"Details":null,"InnerError":null,"InstanceAnnotations":[]}","innerError":{"date":"2023-10-18T12:25:09","request-id":"3ea1eab9-de3f-4566-853e-e21a48f28c5e","client-request-id":"3ea1eab9-de3f-4566-853e-e

Hello,
When I attempt to run the report I recieve an error for Get-GroupInfo.

This is the following error:

Get-GroupInfo : Cannot bind argument to parameter 'Groups' because it is null.                                         
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.3.0\Internal\Collector\Intune\Get-MobileApp.ps1:53    char:50                                                                                                                 
+         $DocSec2.Objects = Get-GroupInfo -Groups $AppGroups                                                           
+                                                    ~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-GroupInfo], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Get-GroupInfo

I hope there is an easy fix for this issue.

The command used when receving the error was: $doc = Get-M365Doc -Components Intune -IncludeSections MobileApp

Only when using against AzureAD, I get the following errors, no idea if they're known or something to do with my system, but here they are:

Copy-Item : Could not find a part of the path 'C:\FILENAME.docx'.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Functions\Write-M365DocWord.ps1:45 char:13
+             Copy-Item "$PSScriptRoot\..\Data\Template.docx" -Destinat ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Copy-Item], DirectoryNotFoundException
    + FullyQualifiedErrorId : System.IO.DirectoryNotFoundException,Microsoft.PowerShell.Commands.CopyItemCommand
 
Convert-Path : Cannot find path 'c:\FILENAME.docx' because it does not exist.
At C:\Program Files\WindowsPowerShell\Modules\PSWriteWord\1.1.14\PSWriteWord.psm1:966 char:21
+         $FilePath = Convert-Path -LiteralPath $FilePath
+                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (c:\FILENAME.docx:String) [Convert-Path], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.ConvertPathCommand
 
Test-Path : Cannot bind argument to parameter 'LiteralPath' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\PSWriteWord\1.1.14\PSWriteWord.psm1:967 char:36
+         if (Test-Path -LiteralPath $FilePath) {
+                                    ~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Test-Path], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.TestPathCommand
 
Both Paragraph and WordDocument are null
At C:\Program Files\WindowsPowerShell\Modules\PSWriteWord\1.1.14\PSWriteWord.psm1:1326 char:103
+ ... graph() } else { throw 'Both Paragraph and WordDocument are null' } }
+                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Both Paragraph and WordDocument are null:String) [], RuntimeException
    + FullyQualifiedErrorId : Both Paragraph and WordDocument are null
 

PS C:\WINDOWS\system32> C:\Data\Blackstar\ALL,ps1.ps1
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Get-AADBranding.ps1:23 char:27
+ ... c.Objects = Invoke-DocGraph -Path "/organization/$($org.value.id)/bra ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Helper\Get-AzureADUser.ps1:19 char:18
+         $user = (Invoke-DocGraph -Path "/users/$UserId" -Beta)
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Helper\Get-AzureADUser.ps1:19 char:18
+         $user = (Invoke-DocGraph -Path "/users/$UserId" -Beta)
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Helper\Get-AzureADUser.ps1:19 char:18
+         $user = (Invoke-DocGraph -Path "/users/$UserId" -Beta)
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Helper\Get-AzureADUser.ps1:19 char:18
+         $user = (Invoke-DocGraph -Path "/users/$UserId" -Beta)
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Helper\Get-AzureADUser.ps1:19 char:18
+         $user = (Invoke-DocGraph -Path "/users/$UserId" -Beta)
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Helper\Get-AzureADUser.ps1:19 char:18
+         $user = (Invoke-DocGraph -Path "/users/$UserId" -Beta)
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Helper\Get-AzureADUser.ps1:19 char:18
+         $user = (Invoke-DocGraph -Path "/users/$UserId" -Beta)
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Helper\Get-AzureADUser.ps1:19 char:18
+         $user = (Invoke-DocGraph -Path "/users/$UserId" -Beta)
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph
 
Invoke-DocGraph : The remote server returned an error: (404) Not Found.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.2.1\Internal\Collector\AzureAD\Get-AADPolicy.ps1:140 char:34
+ ... .Objects = (Invoke-DocGraph -Path "/identity/continuousAccessEvaluati ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph

I'm running:
$doc1 = Get-M365Doc -Components AzureAD

And receiving the error:

Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/identityProviders
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.0.3\Internal\Helper\Invoke-DocGraph.ps1:51 char:13

•         throw "Used application does not have sufficiant permissi ...
  

I have conditional access policies to always require MFA for all Admin roles. There are also no pending admin consent requests in Enterprise Applications.

The Intune component runs fine though. Any suggestions why AzureAD won't work?

(Amazing tool, by the way!)

Hi Thomas. First off, this is a pretty impressive product. Well done!

I was going through the Graph API permissions list in the New-M365DocAppRegistration script. I see that you are requesting "Policy.ReadWrite.AuthenticationMethod" and "Policy.ReadWrite.FeatureRollout" permissions. Shouldn't read-only access to all Policy related data be granted by "Policy.Read.All" already? That's the impression I got from the Microsoft documentation anyway.

Hi,
I get the following Message with a Global Admin:

Used application does not have sufficiant permission to access:
https://graph.microsoft.com/v1.0/organization
In C:\Program
Files\WindowsPowerShell\Modules\M365Documentation\3.3.0\Internal\Helper\Invoke-DocGraph.ps1:62 Zeichen:13

•         throw "Used application does not have sufficiant permissi ...
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (Used applicatio....0/organization:String) [], RuntimeExc
    eption
  • FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://gra
    ph.microsoft.com/v1.0/organization

I think they changed something with MS Graph that its not working any more.

Greetings

HI,

I try now for hours to run your report and export that as Word Dok. But it isn't running.
I'm using your older Intune-Conditional Access report, that is running without any errors...

I found a discussion at xceedsoftware/DocX#226 and ask me, is this the right version for an "modern powershell" program? Because, many MS CSP / MSP working with Windows clients.. like W10 or W11.
And when I reading at that forum, that new .net versions are only supportet in commercial versions, how do you support newer .net windows clients?
i am not a developer and if i have misunderstood something, then i apologize.

here is my comandline:

`PS C:\WINDOWS\system32> import-module azuread
PS C:\WINDOWS\system32> import-module pswriteword
PS C:\WINDOWS\system32> import-module BDO-M365Documentation PS C:\WINDOWS\system32> Connect-M365Doc -ClientId '6bab04xxxxxxxxxxxxxxxxx8c1cce' -ClientSecret (ConvertTo-SecureString 'F5Yq8Rpeq7xXaeaCJdaoxxxxxxxxxxxxxxx' -AsPlainText -Force) -TenantId '97a6baca-xxxxxxxxxxxxxxxxx-31'

PS C:\WINDOWS\system32> $doc = Get-M365Doc -Components Intune -ExcludeSections "MobileAppDetailed" Invoke-DocGraph : Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. In C:\Program Files\WindowsPowerShell\Modules\xxxxxxxxocumentation\Internal\Collector\Intune\Get-MdmAppleConfiguration.ps1:21 Zeichen:23 + ... c.Objects = Invoke-DocGraph -Path "/deviceManagement/applePushNotific ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-DocGraph

PS C:\WINDOWS\system32> $doc | Write-M365DocWord -FullDocumentationPath "C:\Users\Micxxxxxxxxshva\xxxxxxxxxx\M365-Dok$($doc.CreationDate.ToString("yyyyMMddHHmm"))-xxxxxxxxxxx-M365-Doc.docx" WARNUNG: Get-WordDocument - Document: C:\Users\Micxxxxxxxxshva\xxxxxxxxxx\M365-Dok$($doc.CreationDate.ToString("yyyyMMddHHmm"))-xxxxxxxxxxx-M365-Doc.docx Error: Der Typ [Xceed.Words.NET.DocX] wurde nicht gefunden.
Der Typ [Xceed.Document.NET.Container] wurde nicht gefunden. In C:\Program Files\WindowsPowerShell\Modules\pswriteword\1.1.12\PSWriteWord.psm1:1036 Zeichen:114 + ... mPipeline, Mandatory = $false)][Xceed.Document.NET.Container]$WordDoc ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Xceed.Document.NET.Container:TypeName) [], RuntimeException + FullyQualifiedErrorId : TypeNotFound

Der Typ [Xceed.Document.NET.Container] wurde nicht gefunden. In C:\Program Files\WindowsPowerShell\Modules\pswriteword\1.1.12\PSWriteWord.psm1:1036 Zeichen:114 + ... mPipeline, Mandatory = $false)][Xceed.Document.NET.Container]$WordDoc ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Xceed.Document.NET.Container:TypeName) [], RuntimeException + FullyQualifiedErrorId : TypeNotFound `

regards
Michael

The following Endpoint Security policies are not being documented:

Antivirus:

• Microsoft Defender Antivirus
• Windows Security Experience

Firewall:

• Microsoft Defender Firewall
• Microsoft Defender Firewall Rules

Attack Surface Reduction:

• Attack Surface Reduction Rules

Because of this, creating documentation is still a lot of work. So I hope it's possible to add it.

Best Regards and keep up the good work!

Hello
Same Problem,

With write-M365Doccsv also the Problem

Out-File: C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Output\Write-DocumentationCsvSection.ps1:22
Line |
22 | … eInformation -Delimiter ";" | Out-File -FilePath "$CsvPath$Path.csv"
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. : 'D:\ITninnja\202111171804-Autopilot Profiles-AHAZ_ Autopilot profile 20210805_15:16:21.csv'

I think its a culture Problem because of swiss german the time has ": " in filenames whats forbidden .

Many thanks the idea is great

Originally posted by @chuwylerAH in #13 (comment)

Did our first run. Looking great so far. As other have already said - Thank you for this.

Our first run did not include a TOC. Ran the example in readME. What did we do wrong?

In module Get-MobileApp.ps1:53
$DocSec2.Objects = Get-GroupInfo -Groups $AppGroups
Cannot bind argument to parameter 'Groups' because it is an empty array.

Instead of creating own translation files leverage the one provided by the PG.
https://github.com/IntunePMFiles/DeviceConfig

Hi, Using delegated access and with the Policy.Read.All permission I failed to get CA documentation.

$doc = Get-M365Doc -Components AzureAD
Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/conditionalAccess/policies
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.3.0\Internal\Helper\Invoke-DocGraph.ps1:62 char:13

•         throw "Used application does not have sufficiant permissi ...
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (Used applicatio...Access/policies:String) [], RuntimeException
  • FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/conditionalAccess/
    policies

Getting my tokens permissions show Policy.Real.All

scp : AccessReview.Read.All Agreement.Read.All AppCatalog.Read.All Application.Read.All ConsentRequest.Read.All Device.Read.All
DeviceManagementApps.Read.All DeviceManagementConfiguration.Read.All DeviceManagementManagedDevices.Read.All
DeviceManagementRBAC.Read.All DeviceManagementServiceConfig.Read.All Directory.Read.All Domain.Read.All Organization.Read.All
Policy.Read.All PrivilegedAccess.Read.AzureAD PrivilegedAccess.Read.AzureADGroup PrivilegedAccess.Read.AzureResources User.Read
profile openid email

Trying the same in the web I see that is the only permission required

Tried to use this command using my app values and tenant id:
Connect-M365Doc -ClientId '00000000-0000-0000-0000-000000000000' -ClientSecret (ConvertTo-SecureString 'SuperSecretString' -AsPlainText -Force) -TenantId '00000000-0000-0000-0000-000000000000'

I get the following error:

Cannot process argument transformation on parameter 'ClientSecret'. Cannot convert the
| "System.Security.SecureString" value of type "System.String" to type "System.Security.SecureString".

hi , getting this error
Connect-M365Doc
$doc = Get-M365Doc -Components azuread
Used application does not have sufficiant permission to access: https://graph.microsoft.com/v1.0/organization
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Helper\Invoke-DocGraph.ps1:51 char:13

•         throw "Used application does not have sufficiant permissi ...
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (Used applicatio....0/organization:String) [], RuntimeException
  • FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.com/v1.0/organization

all permissions to that application have been provided

I’m getting an error when running : $doc = Get-M365Doc -Components Intune -ExcludeSections “MobileAppDetailed”
PS C:\Scripts> $doc = Get-M365Doc -Components Intune -ExcludeSections “MobileAppDetailed”
Get-GroupInfo : Cannot bind argument to parameter ‘Groups’ because it is an empty array.
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Collector\Intune\Get-MobileApp.ps1:53 char:50

• $DocSec2.Objects = Get-GroupInfo -Groups $AppGroups
• CategoryInfo : InvalidData: (:) [Get-GroupInfo], ParameterBindingValidationException
• FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyArrayNotAllowed,Get-GroupInfo

So in the last 2 week ive been importing all our GPO's to intune and when you migrate it created setting catalog policies,
and none of those and none of any of the new ones ive made recently show when i re-run the script.

First, thank you very much for this cool tool!

Unfortunately when i try to to generate a Word file, i get only the empty template file, json and csv are working as expected.
Are there any special requirements like office or powershell version?

I couldnt find any documentation in the repo or any other issues but wanted to raise what I'm seeing on a Windows 10 21H1 with the following $psversiontable info

Name Value

PSVersion 5.1.19041.1151
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.1151
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Install-Module M365Documentation -SkipPublisherCheck -AllowClobber -Force
PackageManagement\Install-Package : Access to the cloud file is denied

Import-module M365Documentation
Import-module : The given assembly name or codebase was invalid. (Exception from HRESULT: 0x80131047)

When I try to add a new App registration, the code fails as follows.
The module version is 3.1.2

PS C:\SCRIPTS> $p = New-M365DocAppRegistration Set-AzureADApplication : Error occurred while executing SetApplication Code: Request_BadRequest Message: Property requiredResourceAccess.resourceAccess is invalid. RequestId: 450900c3-5e76-480d-88aa-ef7a53a3aa8d DateTimeStamp: Thu, 28 Oct 2021 09:36:36 GMT Details: PropertyName - requiredResourceAccess.resourceAccess, PropertyErrorCode - GenericError HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed In C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.1.2\Internal\Helper\Set-AzureADAppPermission.ps1:35 Zeichen:9 Set-AzureADApplication -ObjectId $childApp.ObjectId -Required ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CategoryInfo : NotSpecified: (:) [Set-AzureADApplication], ApiException FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.SetAppl ication

Hi,

the AutoCompleter for Get-M365 does not work, it don't points to: "$PSScriptRoot..\Internal\Collector"

its probably that the call of the Autocompleter to the function is not executed. if you switch from:

function Get-ValidComponentsValue {
    [CmdletBinding()]
    param()
    $AllCommands = Get-ChildItem -Path "$PSScriptRoot\..\Internal\Collector" -Directory 
    return $AllCommands.Name
}
[ArgumentCompleter(
            {
                
                param(
                    $Command, 
                    $Parameter, 
                    $WordToComplete, 
                    $CommandAst, 
                    $FakeBoundParams)

                   Get-ValidComponentsValue 
            }
        )]

to:

[ArgumentCompleter(
            {
                
                param(
                    $Command, 
                    $Parameter, 
                    $WordToComplete, 
                    $CommandAst, 
                    $FakeBoundParams)

                    (Get-ChildItem -Path "$PSScriptRoot\..\Internal\Collector" -Directory).Name 
            }
        )]

it works

should I raise a PR?

Hello, I have been trying to use this in our GCC-High tenant to get a record of our baselines for compliance purposes and have not been successful in getting it working.

I have done research and haven't been able to find out if this is actually compatible with GCC-High so before I spend more time on trying to get it to work, I figured I would ask since I haven't been able to find a clear yes or no answer.

Thanks.

I had a look around for a list of valid component and section names, but could not find them easily. Any guidance?

PS C:\Users\xxxxxxxxxx> $doc | Write-M365DocWord -FullDocumentationPath "c:\temp$($doc.CreationDate.ToString("yyyyMMddHHmm"))-WPNinjas-Doc.docx"
PS C:\Users\xxxxxxxxxx>
PS C:\Users\xxxxxxxxxx> Supported Components
Supported: The term 'Supported' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
PS C:\Users\xxxxxxxxxx> Microsoft Endpoint Manager / Intune
Microsoft: The term 'Microsoft' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
PS C:\Users\xxxxxxxxxx>
PS C:\Users\xxxxxxxxxx> The following entities are documented:
The: The term 'The' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Hello Thomas,

Getting some errors after connecting and when running: $doc = Get-M365Doc -Components Intune -ExcludeSections "MobileAppDetailed"

The script seems to run without issue until the end when I start to receive Request_ResourceNotFound errors. This is what I'm finding in Event Viewer:

Error Message = {"error":{"code":"Request_ResourceNotFound","message":"Resource 'GUID' does not exist or one of its queried reference-property objects are not present.","innerError":{"date":"2022-01-24T20:36:01","request-id":"GUID","client-request-id":"GUID"}}}
Fully Qualified Error ID = WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Recommended Action = 


Context:
        Severity = Warning
        Host Name = ConsoleHost
        Host Version = 7.2.1
        Host ID = GUID
        Host Application = C:\Program Files\PowerShell\7\pwsh.dll
        Engine Version = 7.2.1
        Runspace ID = GUID
        Pipeline ID = 111
        Command Name = Invoke-RestMethod
        Command Type = Cmdlet
        Script Name = C:\Users\xxxxxxxxxx\Documents\PowerShell\Modules\M365Documentation\3.1.2\Internal\Helper\Invoke-DocGraph.ps1
        Command Path = 
        Sequence Number = 111
        User = xxxxxxxxxx
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:

The errors are being reported from lines 25 and 36.

Running the last command to generate the docx file produces a document with just the default images and headings, no data.

I am running all commands in an elevated command prompt and connecting with a GA account.

I have checked my resources/modules and imported as many as I could find.

Have you encountered this issue before? Suggestions on where to focus my troubleshooting efforts?

Thank you

I think it's an issue that the required permissions aren't clearly spelled out and that should potentially be a part of the install instructions. Most organizations won't blindly run something needing Global Admin and the act of assigning permissions is a desired step.

In my case, I have a privileged but not global admin account, and our tenant is managed by a 3rd party for SOX requirements, so I need to provide a detailed request of the permissions and things I need as narrowly defined as possible and that request is documented and on file for audit purposes. Requesting a global admin run a PowerShell utility just wouldn't fly.

I found in the advanced usage page the list of scopes, so perhaps including some install steps similar to the following:

# Connect to Azure AD
Connect-AzureAD

# Define the app registration details
$appName = "MyAzureApp"
$homePage = "http://localhost"
$replyUrls = @("http://localhost")
$requiredPermissions = @(
    "AccessReview.Read.All",
    "Agreement.Read.All",
    "AppCatalog.Read.All",
    "Application.Read.All",
    "CloudPC.Read.All",
    "ConsentRequest.Read.All",
    "Device.Read.All",
    "DeviceManagementApps.Read.All",
    "DeviceManagementConfiguration.Read.All",
    "DeviceManagementManagedDevices.Read.All",
    "DeviceManagementRBAC.Read.All",
    "DeviceManagementServiceConfig.Read.All",
    "Directory.Read.All",
    "Domain.Read.All",
    "Organization.Read.All",
    "Policy.Read.All",
    "Policy.ReadWrite.AuthenticationMethod",
    "Policy.ReadWrite.FeatureRollout",
    "PrintConnector.Read.All",
    "Printer.Read.All",
    "PrinterShare.Read.All",
    "PrintSettings.Read.All",
    "PrivilegedAccess.Read.AzureAD",
    "PrivilegedAccess.Read.AzureADGroup",
    "PrivilegedAccess.Read.AzureResources",
    "User.Read"
)

# Create the app registration
$app = New-AzureADApplication -DisplayName $appName -HomePage $homePage -ReplyUrls $replyUrls

# Create a client secret
$endDate = (Get-Date).AddYears(1) # Set expiration to 1 year
$secret = New-AzureADApplicationPasswordCredential -ObjectId $app.ObjectId -EndDate $endDate

# Assign permissions to the app
$graphApp = Get-AzureADServicePrincipal -SearchString "Microsoft Graph"
foreach ($permission in $requiredPermissions) {
    $appPermission = $graphApp.AppRoles | Where-Object { $_.Value -eq $permission -and $_.AllowedMemberTypes -contains "Application" }
    if ($appPermission) {
        New-AzureADServiceAppRoleAssignment -ObjectId $app.ObjectId -PrincipalId $app.ObjectId -ResourceId $graphApp.ObjectId -Id $appPermission.Id
    }
}

# Output the details
Write-Output "ClientId: $($app.AppId)"
Write-Output "ClientSecret: $($secret.Value)"
Write-Output "ClientSecretExpiration: $($secret.EndDate)"
Write-Output "TenantId: $(Get-AzureADTenantDetail).ObjectId"

Or at least a screenshot like the following that lets you know what to expect. This is a LOT of permissions and is initially uncomfortable, but I do note they're mostly "READ" permissions.

I created the App Registration and also added the permissions.
Some of them weren't found and the for example the "Assignments" overview showing only "0"
I guess it is because it probably needs group.read as well?

Is this still the latest permissions needed: ( in big the ones not available)
"AccessReview.Read.All","Agreement.Read.All","AppCatalog.Read.All","Application.Read.All","CloudPC.Read.All","ConsentRequest.Read.All","Device.Read.All","DeviceManagementApps.Read.All","DeviceManagementConfiguration.Read.All","DeviceManagementManagedDevices.Read.All","DeviceManagementRBAC.Read.All","DeviceManagementServiceConfig.Read.All","Directory.Read.All","Domain.Read.All","Organization.Read.All","Policy.Read.All","Policy.ReadWrite.AuthenticationMethod","Policy.ReadWrite.FeatureRollout","PrintConnector.Read.All","Printer.Read.All","PrinterShare.Read.All","PrintSettings.Read.All","PrivilegedAccess.Read.AzureAD","PrivilegedAccess.Read.AzureADGroup","PrivilegedAccess.Read.AzureResources","User.Read"

Hello,

First I'd like to say awesome scripts, we used the Intune doc predecessor prior to this and thank you for the work.

Now the issue, when we run the document exporter against Intune there's a couple things missing. Maybe we're doing it wrong, but wanted to report as capturing some of the items would be beneficial.

• Settings Catalog Configuration profiles
• Apple Enrollment Program token information

The last item is more of a quality of life item, In the document export the ability to target what header exports go under so we could prefix some content in a template and then export into a certain header so its all sorted.

Again amazing script and thank you for the efforts thusfar!