thomaskur / intunedocumentation Goto Github PK

It would be very cool if there was an option to output to HTML or Markdown.

Reason:
Then we can automaticly put it on a storageblob with static webpage.
this way we have an updated documentation webpage.

Hello,

I've followed article 7 however I cannot give permission for Powershell.

After pressing accept, nothing happens and cannot see Intune in Enterprise apps

How else can I get the script to work with modern authentication?

Thanks,

We have in our environment in some regions more than 1000 elements.
For example in applications.

We figured out that there are only 1000 apps visible in the document.

From other projects I know that the normal limit for graph calls is 1000.
Maybe it is possible to add an pagination to your script too?

Thank you.

Hi,

In Invoke-PrintAssignmentDetail at string 21 it is

foreach($group in $DCPA)

but should be

foreach($group in $Assignments)

Best regards

Allow users to choose to not output not configured settings to make documentation smaller.

There's a space to much on this line. Therefor the script didn't work when I tried it.

Hi, we tried to install the Automatic Intune Documentation script with these commands:
Install-Module Microsoft.Graph.Intune
Install-Module PSWord
Install-Module IntuneDocumentation
Invoke-IntuneDocumentation -FullDocumentationPath c:\temp\IntuneDoc.docx
=> Invoke-IntuneDocumentation : The 'Invoke-IntuneDocumentation' command was found in the module 'IntuneDocumentation' but the module could not be loaded.
CategoryInfo : ObjectNotFoud (IntuneDocumentation: string) [], CommandNotFoundException
FullyQualifiedErrorId: CouldNotAutoloadMatchingModule

I hope you can help? Br / John

When you change line 88 in Invoke-IntuneDocumentation.ps1 (#region Document Apps) from

Get-IntuneMobileApp | ForEach-Object {

to

(Invoke-MSGraphRequest -HttpMethod GET -Url https://graph.microsoft.com/beta/deviceAppManagement/mobileApps).Value | ForEach-Object {

you get all app types returned, including win32LobApp and officeSuiteApp.
Get-IntuneMobileApp uses https://graph.microsoft.com/**v1.0**/deviceAppManagement/mobileApps which currently only returns part of the app types.

Is OSX currently supported? When following the instructions I run into the following issues:

Line |
  39 |      $LogFilePathFolder     = Join-Path -Path $Env:TEMP -ChildPath $Sc …
     |                                               ~~~~~~~~~
     | Cannot bind argument to parameter 'Path' because it is null.

Connect-MSGraph: /Users/<user>/.local/share/powershell/Modules/IntuneDocumentation/2.0.15/Functions/Invoke-IntuneDocumentation.ps1:64
Line |
  64 |      Connect-MSGraph
     |      ~~~~~~~~~~~~~~~
     | Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.

InvalidOperation: /Users/<user>/.local/share/powershell/Modules/IntuneDocumentation/2.0.15/Internal/Get-MobileAppsBeta.ps1:18
Line |
  18 |          $errorResponse = $ex.Response.GetResponseStream()
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | You cannot call a method on a null-valued expression.```

Hi, ran the script and it worked like a charm but I had an issue with DomainJoin Configuration Profile in Intune. These are in Preview, but is there a way to update the script to capture those too? I have quite a few of those and it would be handy to have them included in the script ;)

Does not work. All ID's are redacted for security reason. I am the Global Admin of that tenant.

PS C:\temp> $p = New-IntuneDocumentationAppRegistration
PS C:\temp> $p | fl


ClientID               : 31ddbfbd-563f-
ClientSecret           : zbvSsjZcvr
ClientSecretExpiration : 18.02.2022 00:11:21
TenantId               : be398df7-



PS C:\temp> Invoke-IntuneDocumentation -FullDocumentationPath c:\temp\IntuneDoc.docx

Here I am asked for Admin consent and granted it

UPN                               TenantId
---                               --------
[email protected]           be398df7-

Es ist nicht möglich, eine Methode für einen Ausdruck aufzurufen, der den NULL hat.
In C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Get-MobileAppsBeta.ps1:18 Zeichen:9
+         $errorResponse = $ex.Response.GetResponseStream()
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Get-IntuneAppProtectionPolicy : 400 Bad Request
{
  "error": {
    "code": "AuthenticationError",
    "message": "Error authenticating with resource",
    "innerError": {
      "date": "2021-02-17T23:13:43",
      "request-id": "128e1a31-43e3-4a0f-8c04
      "client-request-id": "128e1a31-43e3-4a0f
    }
  }
}
In C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Functions\Invoke-IntuneDocumentation.ps1:153 Zeichen:13
+     $MAMs = Get-IntuneAppProtectionPolicy | Where-Object { $_.'@odata ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : Verbindungsfehler: (@{Request=; Response=}:PSObject) [Get-DeviceAppMa...agedAppPolicies], HttpRequestException
    + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_DeviceAppManagement_ManagedAppPolic
   ies

Get-IntuneAppProtectionPolicy : 400 Bad Request
{
  "error": {
    "code": "AuthenticationError",
    "message": "Error authenticating with resource",
    "innerError": {
      "date": "2021-02-17T23:13:43",
      "request-id": "2d59d983-ef55-
      "client-request-id": "2d59d983
    }
  }
}

Then I tried Invoke-ConditionalAccessDocumentation - this worked and I got a Word-File with content.

########################################################

PS C:\temp> Invoke-ConditionalAccessDocumentation -FullDocumentationPath c:\temp\CADoc.docx

Cmdlet Invoke-ConditionalAccessDocumentation an der Befehlspipelineposition 1
Geben Sie Werte für die folgenden Parameter an:
ClientId: 31ddbfbd-563f-
ClientSecret: zbvSsjZc
Tenant: be398df7-a2a8

#########################################################

Then I tried the other command with the same credetial details. This does NOT work.

PS C:\temp> Invoke-IntuneDocumentation -FullDocumentationPath c:\temp\IntuneDoc2.docx -ClientId 31ddbfbd-563f -ClientSecret zbvSsjZcvr -Tenant be398df7-a2a8
Es ist nicht möglich, eine Methode für einen Ausdruck aufzurufen, der den NULL hat.
In C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Get-MobileAppsBeta.ps1:18 Zeichen:9
+         $errorResponse = $ex.Response.GetResponseStream()
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Get-IntuneAppProtectionPolicy : 400 Bad Request
{
  "error": {
    "code": "AuthenticationError",
    "message": "Error authenticating with resource",
    "innerError": {
      "date": "2021-02-17T23:20:53",
      "request-id": "c644bc4c-
      "client-request-id": "c644bc4c-
    }
  }
}

My environment

PS C:\temp> Get-Module -ListAvailable *Azure*


    Verzeichnis: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Binary     2.0.2.128  AzureAD                             {Add-AzureADApplicationOwner, Get-AzureADApplication, Get-AzureADApplicationExtensionProperty, Get-...
Binary     2.0.2.129  AzureADPreview                      {Add-AzureADApplicationOwner, Get-AzureADApplication, Get-AzureADApplicationExtensionProperty, Get-...


PS C:\temp> Get-Module -ListAvailable *Intune*


    Verzeichnis: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     2.0.19     IntuneDocumentation                 {Invoke-ConditionalAccessDocumentation, Invoke-IntuneDocumentation, New-IntuneDocumentationAppRegis...
Binary     6.1907.1.0 Microsoft.Graph.Intune              {New-AccessActionObject, New-ActivityHistoryItemObject, New-AlertHistoryStateObject, New-AlertObjec...
Manifest   4.8        WindowsAutoPilotIntune              {Get-AutopilotEvent, Get-AutopilotProfileAssignedDevice, Remove-AutopilotImportedDevice, Import-Aut...


PS C:\temp> Get-Module -ListAvailable *Graph*


    Verzeichnis: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Binary     6.1907.1.0 Microsoft.Graph.Intune              {New-AccessActionObject, New-ActivityHistoryItemObject, New-AlertHistoryStateObject, New-AlertObjec...


PS C:\temp> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.19041.610
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.610
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Hi,

I am unable to get the documentation..looks it looks for Global Azure Admin credentials? Is it so? Not sure why? Can you advice?

Thanks much,
Anantha

In the output of my script, I received the following output:

WARNING: 2020-10-23 10:56:59+02 WARN You used the option to translate API properties. Some of the configurations of
your tenant could not be translated because translations are missing.
WARNING: 2020-10-23 10:56:59+02 WARN  - C:\Program
Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.15\Data\LabelTranslation\#microsoft.graph.androidDeviceOwnerGen
eralDeviceConfiguration.json
WARNING: 2020-10-23 10:56:59+02 WARN  - C:\Program
Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.15\Data\LabelTranslation\#microsoft.graph.androidCustomConfigur
ation.json
WARNING: 2020-10-23 10:56:59+02 WARN  - C:\Program
Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.15\Data\LabelTranslation\#microsoft.graph.iosWiFiConfiguration.
json
WARNING: 2020-10-23 10:56:59+02 WARN  - C:\Program
Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.15\Data\LabelTranslation\#microsoft.graph.androidGeneralDeviceC
onfiguration.json
WARNING: 2020-10-23 10:56:59+02 WARN You can support the project by translating and submitting the files as issue on
the project page. Then it will be included for the future.
WARNING: 2020-10-23 10:56:59+02 WARN Follow the guide here
https://github.com/ThomasKur/IntuneDocumentation/blob/master/AddTranslation.md

I would love to create Translation Files for the Security Baseline (the new Endpoint Security nodes), but I am not sure how to create these files? How can I find the correct DataType and Metadata.
Is this something that can be generated through a script? I am happy to contribute to this

Fantastic work here. I'm compiling documentation for several different tenants am noticing some issues. For example:

• one tenant I documented has Apple and Android apps deployed, only the Apple apps show in the application list in the word document
• another tenant has all Windows apps. I saw the script get information about them but the Applications list in the Word document is empty.

I'd like to work with you to troubleshoot. Please contact me.

When trying to run the script on a PowerShell 7 system using either a pre-made App registration or just the default, I get the error message that Connect-MSGraph can't load a type, which means the connection doesn't get started and all else just fails horribly:

$tenant = 'tenantid'
$appid = 'appid'
$secret = 'secret'

Invoke-IntuneDocumentation `
    -FullDocumentationPath c:\temp\IntuneDoc.docx `
    -ClientId $appid `
    -ClientSecret $secret `
    -Tenant $tenant


Connect-MSGraph: C:\Users\username\Documents\PowerShell\Modules\IntuneDocumentation\2.0.19\Functions\Invoke-IntuneDocumentation.ps1:94:9
Line |
  94 |          Connect-MSGraph -ClientSecret $ClientSecret -Quiet
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.

InvalidOperation: C:\Users\username\Documents\PowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Get-MobileAppsBeta.ps1:18:9
Line |
  18 |          $errorResponse = $ex.Response.GetResponseStream()
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | You cannot call a method on a null-valued expression.

The exact same happens when running

Invoke-IntuneDocumentation -FullDocumentationPath C:\temp\testdoc.docx


Line |
  96 |          Connect-MSGraph
     |          ~~~~~~~~~~~~~~~
     | Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.

InvalidOperation: C:\Users\username\Documents\PowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Get-MobileAppsBeta.ps1:18:9
Line |
  18 |          $errorResponse = $ex.Response.GetResponseStream()
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | You cannot call a method on a null-valued expression.     

Get-DeviceAppManagement_ManagedAppPolicies: C:\Users\username\Documents\PowerShell\Modules\IntuneDocumentation\2.0.19\Functions\Invoke-IntuneDocumentation.ps1:153:13
Line |
 153 |      $MAMs = Get-IntuneAppProtectionPolicy | Where-Object { $_.'@odata …
     |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Not authenticated.  Please use the "Connect-MSGraph" command to authenticate.

A little bit of digging shows that this seems to be a Connect-MSGraph related issue on PS "core" edition as you can find here.

$psversiontable


Name                           Value
----                           -----
PSVersion                      7.1.2
PSEdition                      Core
GitCommitId                    7.1.2
OS                             Microsoft Windows 10.0.19041
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}       
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Running the exact same code under Windows PowerShell works just fine.

$psversiontable

Name                           Value
----                           -----
PSVersion                      5.1.19041.610
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.610
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Suggestion is to either update documentation that Windows PowerShell is required or perhaps another solution/workaround for this issue.

Hey,

I am triing to use an own template.
I read that there must just be a "Template.docx" in the same location where I got my script located which runs "Invoke-IntuneDocumentation".
But this is not working.

I created a script called "IntuneDocumentation.ps1" to have some stuff arround and placed the "Template.docx" in the same location.

Thanks.

When I run the script for conditional access I get these two errors. It does not prevent the script from running and producing the documents

You cannot call a method on a null-valued expression.
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Get-AzureADUser.ps1:27 char:9

•     $errorResponse = $ex.Response.GetResponseStream()
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Get-AzureADUser.ps1:27 char:9

•     $errorResponse = $ex.Response.GetResponseStream()
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : InvokeMethodOnNull

Any help appreciated

Nirender

My Azure tenant uses MFA how would I change the code around lines 968 - 975 to leverage MFA? I know it might be related to connect-MSOLService. Im not sure how to gather the tokens etc.

Thanks

Hi,

I just noticed that for the App Configuration Policies the Policy Assignments is not shown in documentation.
Please find screenshots below.

Hello,

I'm trying to run this script automatically without user interaction.
It looks like it's not possible because of the "Connect-MSGraph" call.
My guess is that Connect-MSGraph tries to prompt for the user credentials which doesn't work when starting this script in an automated and unattended way.
Connect-MSGraph does provide some switches that could be used to remove the need of user interaction like :

• ClientSecret : providing an app client secret looks like the best way IMHO
• Credential : providing a credential object that could be built automatically when script executes

What's your take on this one ?

• Setup translation table
• https://t.co/RCIhnMnTA4?amp=1 from John Marcum
• Extend for missing properties

Getting this when attempting to run:

At C:\users\stigespen\Desktop\DocumentIntune.ps1:901 char:20

• if($result -eq "OK")    {   Â
  

•                ~
  

You must provide a value expression following the '-eq' operator.
At C:\users\stigespen\Desktop\DocumentIntune.ps1:901 char:20

• if($result -eq "OK")    {   Â
  

•                ~
  

Unexpected token 'Â' in expression or statement.
At C:\users\stigespen\Desktop\DocumentIntune.ps1:901 char:20

• if($result -eq "OK")    {   Â
  

•                ~
  

Missing closing ')' after expression in 'if' statement.
At C:\users\stigespen\Desktop\DocumentIntune.ps1:893 char:4

• try{
• ~
  Missing closing '}' in statement block or type definition.
  At C:\users\stigespen\Desktop\DocumentIntune.ps1:901 char:26

• if($result -eq "OK")    {   Â
  

•                      ~
  

The Try statement is missing its Catch or Finally block.
At C:\users\stigespen\Desktop\DocumentIntune.ps1:901 char:26

• if($result -eq "OK")    {   Â
  

•                      ~
  

Unexpected token ')' in expression or statement.
At C:\users\stigespen\Desktop\DocumentIntune.ps1:910 char:1

• } catch {
• ~
  Unexpected token '}' in expression or statement.
  • CategoryInfo : ParserError: (:) [], ParseException
  • FullyQualifiedErrorId : ExpectedValueExpression

O365 is a new Object Type and needs to be added.

I believe there is a typo in the invoke-intuneDocumentation.ps1 ###file.
@line 247 you call the command
Get-DeviceManagement_DeviceEnrollmentConfigurations_Assignment
where it should be
Get-DeviceManagement_DeviceEnrollmentConfigurations_Assignments
#25

I'm receiving the following error when I run the script, perhaps I'm missing something here? :-)

Hello
I have two factor authenticartion on my admin credentials so when I run the script it prompts me for my crentials but then does not ask for the second factor authentication and fails.

If a conditional access policy has a value for Sign in Frequency then Invoke-ConditionalAccessDocumentation generates an error due to an Invalid Cast.

Cannot convert value "days" to type "System.Int64". Error: "Input string was not in a correct format."
At
Invoke-ConditionalAccessDocumentation.ps1:195
char:9
+         $ResultCAPolicy | Add-Member Noteproperty "S_SignInFrequencyT ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvalidCastFromStringToInteger

Hi Thomas,

Seeing an error with ADMX device configuration profiles. Error output from the script is:

WARNING: 2020-02-12 13:38:42+10 WARN Error reading ADMX setting - [System.Management.Automation.RuntimeException] You
cannot call a method on a null-valued expression.
WARNING: Call the 'Connect-MSGraph' cmdlet to use the updated environment parameters.
DEBUG: 2020-02-12 13:38:43+10 DEBUG Device Configuration (ADMX):
Add-WordText : Object reference not set to an instance of an object.
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.11\Functions\Invoke-IntuneDocumentation.ps1:249
char:9

•     Add-WordText -FilePath $FullDocumentationPath -Heading Headin ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Add-WordText], NullReferenceException
  • FullyQualifiedErrorId : System.NullReferenceException,PSWord.AddWordText

Add-WordTable : Cannot bind argument to parameter 'InputObject' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.11\Functions\Invoke-IntuneDocumentation.ps1:250
char:32

• ... .Settings | Add-WordTable -FilePath $FullDocumentationPath -AutoFitSt ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Add-WordTable], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,PSWord.AddWordTable

The word document contained the correct heading for the name of the profile but no data underneath it.

we dont have apple configured, it seems that it failing requesting when its not available.

Get-IntuneApplePushNotificationCertificate : 404 Not Found
{
"error": {
"code": "ResourceNotFound",
"message": "{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: d4f43fa4-4791-424c-9cbf-7c4a60796465 - Url:
https://fef.amsub0102.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/applePushNotificationCertificate?api-version=2018-05-24\",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders":
"{}"\r\n}",
"innerError": {
"date": "2020-09-25T09:58:18",
"request-id": "d4f53fa4-4771-454c-9cbf-7c4z60796465",
"client-request-id": "d4f43fa4-4111-424c-9asff-7c4a60796465"
}
}
}

Hi,

When running the script, you'll get a error "Failed to retrieve access token from Azure"

hi,
first time i use this wonderfull tool.
I get this erros :

Get-DeviceAppManagement_AndroidManagedAppProtections_Assignments : 400 Bad Request
{
"error": {
"code": "No method match route template",
"message": "No OData route exists that match template ~/singleton/navigation/key/cast/navigation with http verb
GET for request /MAMAdmin_2007/MAMAdminFEService/deviceAppManagement/androidManagedAppProtections('T_efc4d995-xxxx-yyyy-zzzz-fcc96b9d1b0d')/$/microsoft.management.services.api.androidManagedAppProtection/assignments.",
"innerError": {
"date": "2020-07-24T07:22:49",
"request-id": "a756e412-a056-4227-acda-08aa6800478d"
}
}
}
Au caractère C:\Program
Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.16\Functions\Invoke-IntuneDocumentation.ps1:159 : 25

• ... $MAMA = Get-DeviceAppManagement_AndroidManagedAppProtections_Assi ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-DeviceAppMa...ons_Assignments],
    HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlet
    s.Get_DeviceAppManagement_AndroidManagedAppProtections_Assignments

Hello, I’m trying to contribute to the API names to portal names for this script. I’m following the directions on https://github.com/ThomasKur/IntuneDocumentation/blob/master/AddTranslation.md but I do not get anything for this step “Open one of the displayed json files which are displayed after you generated the documentations.”

running this command- Invoke-IntuneDocumentation -FullDocumentationPath c:\temp\IntuneDoc.docx -UseTranslationbeta

thank you

Hello,
I just tried IntuneDocumentation 2.0.18 on my tenant.
I do like this tool !
But I have 2 custom configuration profils (w10CustomConfiguration) that apprears to be empty in the word file :

These profils are used for ADMX ingestion and for each, the first custom OMA-URI value contains a copy of on premise admx files content (chrome.admx 478KB for the first and Firefox.admx 179KB) for the second) as well as several custom OMA-URI with shorter values.

for others custom configuration profils the settings a well listed in the output docx.

Is there a limit to the size?
Is this a wanted behaviour?

Thanks a lot !

We have required MFA via AAD Conditional Access for all our admins. Hence the auth tokens cannot be retrieved. Is there a workaround?

Even better would be to run this script with non-user credentials, e.g. thru Azure Automation. Any thoughts on that?

Explanation:
Our use case is that we have three independent tenants (Development, Integration and Production) and want to regularly create reports for all three to manually check for config deviations.
Eventually we dream of continuous integration/deployment. But that would definitely require an official Graph API endpoint to read/write Conditional Access policies.

Would it be possible for you to add a switch that would allow us to dump out all of the items in Intune that can be configured? Sadly customers want to see what they can do before they decide what they want to do. I used to have this as an Excel that I manually created but it was just too much to keep it up to date.

This is a great idea. I think Word may not be the right tool For example, if I want to document all APPs across a tenant seeing those in a list, non relative to each other, is still very tricky to parse. If the output was into say excel or even CSV you could have a excel page in a workbook for APPs and each row is a single APP each column is an attribute and you could quickly at a glance see which settings were common across polities. Then another page for Device Configuration, Device Compliance etc. etc.

My small test lab generated a 120 page document that was very interesting but I'm not sure how it would be in a production environment. Just a thought.

If you could that that ability to your script that would be awesome. I am getting the group names, type (user or device), membership type (static or dynamic), the rule if it is dynamic, and the member count.

Would be great to have the new Endpoint Security configurations included in the script. Maybe also the Security Baseline profiles

So a customer can decide to hide a specific setting always
Allow the following configuration in the JSON:
Print = False (Default would be true)

My App Config policies are getting identified as App Protection policies for some reason, in the word document that gets generated. Also, there doesn't appear to be any meaningful configuration data that gets documented in those app protection policies.

Hello, i'm getting the error below. I've ran this before with no issues.
This is a test environment I'm running this on.

Get-Groups : 404 Not Found
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '98abd59d-976f-4b23-b4f2-185b3450267a' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-03-16T18:09:57",
"request-id": "88f7adec-286d-4ccb-a837-a9a9f75ca14a",
"client-request-id": "88f7adec-286d-4ccb-a837-a9a9f75ca14a"
}
}
}
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail_Assignment.ps1:25 char:21

•     $GroupObj = Get-Groups -groupid $Assignment.target.groupId
  

•                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-Groups], HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_Groups

Get-Groups_Members : 404 Not Found
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '98abd59d-976f-4b23-b4f2-185b3450267a' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-03-16T18:09:57",
"request-id": "3304d2d4-fb6b-43e9-94e9-1fd19141ac41",
"client-request-id": "3304d2d4-fb6b-43e9-94e9-1fd19141ac41"
}
}
}
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail_Assignment.ps1:36 char:20

• ... $Members = Get-Groups_Members -groupId $Assignment.target.groupId

•                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-Groups_Members], HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_Groups_Members

Add-WordTable : Object reference not set to an instance of an object.
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail.ps1:29 char:33

• ... endedInfo | Add-WordTable -FilePath $FullDocumentationPath -AutoFitSt ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : WriteError: (System.NullRefe...ProcessRecord():NullReferenceException) [Add-WordTable], NullReferenceException
  • FullyQualifiedErrorId : -2147467261,PSWord.AddWordTable

Get-Groups : 404 Not Found
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '98abd59d-976f-4b23-b4f2-185b3450267a' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-03-16T18:09:57",
"request-id": "34f5cfb0-d60f-4d57-b018-cc88783ac4b7",
"client-request-id": "34f5cfb0-d60f-4d57-b018-cc88783ac4b7"
}
}
}
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail_Assignment.ps1:25 char:21

•     $GroupObj = Get-Groups -groupid $Assignment.target.groupId
  

•                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-Groups], HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_Groups

Get-Groups_Members : 404 Not Found
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '98abd59d-976f-4b23-b4f2-185b3450267a' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-03-16T18:09:58",
"request-id": "d7e50f52-8ed5-42ad-8177-09f8949d93f4",
"client-request-id": "d7e50f52-8ed5-42ad-8177-09f8949d93f4"
}
}
}
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail_Assignment.ps1:36 char:20

• ... $Members = Get-Groups_Members -groupId $Assignment.target.groupId

•                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-Groups_Members], HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_Groups_Members

Add-WordTable : Object reference not set to an instance of an object.
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail.ps1:29 char:33

• ... endedInfo | Add-WordTable -FilePath $FullDocumentationPath -AutoFitSt ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : WriteError: (System.NullRefe...ProcessRecord():NullReferenceException) [Add-WordTable], NullReferenceException
  • FullyQualifiedErrorId : -2147467261,PSWord.AddWordTable

Get-Groups : 404 Not Found
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '98abd59d-976f-4b23-b4f2-185b3450267a' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-03-16T18:09:58",
"request-id": "ac787286-6e6a-43c0-b921-edaf58deb5a4",
"client-request-id": "ac787286-6e6a-43c0-b921-edaf58deb5a4"
}
}
}
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail_Assignment.ps1:25 char:21

•     $GroupObj = Get-Groups -groupid $Assignment.target.groupId
  

•                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-Groups], HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_Groups

Get-Groups_Members : 404 Not Found
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '98abd59d-976f-4b23-b4f2-185b3450267a' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-03-16T18:09:58",
"request-id": "07a0a9f6-7cbd-438f-ac98-33abddcd3540",
"client-request-id": "07a0a9f6-7cbd-438f-ac98-33abddcd3540"
}
}
}
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail_Assignment.ps1:36 char:20

• ... $Members = Get-Groups_Members -groupId $Assignment.target.groupId

•                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-Groups_Members], HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_Groups_Members

Add-WordTable : Object reference not set to an instance of an object.
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail.ps1:29 char:33

• ... endedInfo | Add-WordTable -FilePath $FullDocumentationPath -AutoFitSt ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : WriteError: (System.NullRefe...ProcessRecord():NullReferenceException) [Add-WordTable], NullReferenceException
  • FullyQualifiedErrorId : -2147467261,PSWord.AddWordTable

Get-Groups : 404 Not Found
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '98abd59d-976f-4b23-b4f2-185b3450267a' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-03-16T18:09:58",
"request-id": "f605b4fc-ebdf-40f3-9830-f8cb94645cae",
"client-request-id": "f605b4fc-ebdf-40f3-9830-f8cb94645cae"
}
}
}
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail_Assignment.ps1:25 char:21

•     $GroupObj = Get-Groups -groupid $Assignment.target.groupId
  

•                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-Groups], HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_Groups

Get-Groups_Members : 404 Not Found
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '98abd59d-976f-4b23-b4f2-185b3450267a' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-03-16T18:09:59",
"request-id": "4e1b8bb4-d163-4ef9-8a35-81395fbc6e6c",
"client-request-id": "4e1b8bb4-d163-4ef9-8a35-81395fbc6e6c"
}
}
}
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail_Assignment.ps1:36 char:20

• ... $Members = Get-Groups_Members -groupId $Assignment.target.groupId

•                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-Groups_Members], HttpRequestException
  • FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_Groups_Members

Add-WordTable : Object reference not set to an instance of an object.
At C:\Program Files\WindowsPowerShell\Modules\IntuneDocumentation\2.0.19\Internal\Invoke-PrintAssignmentDetail.ps1:29 char:33

• ... endedInfo | Add-WordTable -FilePath $FullDocumentationPath -AutoFitSt ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : WriteError: (System.NullRefe...ProcessRecord():NullReferenceException) [Add-WordTable], NullReferenceException
  • FullyQualifiedErrorId : -2147467261,PSWord.AddWordTable

At the first the script wasn't working for me. I had to remove an additional space on line 937.
$Global:authToken = get-graphTokenForIntune -User $user -Password $password

Can you make "notConfigured" show as two words "Not configured" or "Not Configured"? A lot of things that are not configured just show up as blank and others show as notConfigured, not sure why but it would be great if you could make them all Not Configured.

For the policy type or oData policy type can you make say something like. "iOS App Protection" instead of "microsoft.graph.iosManagedAppProtection" (as an example)? and we only need one of those two fields, not both.

Receiving following error on global admin without MFA

get-graphTokenForIntune : Failed to retrieve access token from Azure
At line:954 char:21

• ... l:authToken = get-graphTokenForIntune -User $user -Password $password

•               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,get-graphTokenForIntune

get-graphTokenForIntune : access token is null!
At line:954 char:21

• ... l:authToken = get-graphTokenForIntune -User $user -Password $password

•               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,get-graphTokenForIntune