- Powershell v7 or higher
- Azure Reader role on the tenant Management Group level to collect information on the entire environment.
Following PowerShell modules are used by the different scripts:
- "Microsoft.Graph.Authentication",
- "Microsoft.Graph.DirectoryObjects",
- "Microsoft.Graph.Applications",
- "Microsoft.Graph.Identity.DirectoryManagement",
- "Microsoft.Graph.Identity.SignIns",
- "Microsoft.Graph.Identity.Governance",
- "Microsoft.Graph.Beta.Identity.DirectoryManagement",
- "Microsoft.Graph.Beta.Identity.SignIns",
- "Az.ResourceGraph",
- "Az.Accounts"
Note: If these modules are not installed on the system, they will be saved into the modules folder and be imported from there.
Following Microsoft Graph scopes are required to run the scripts:
- "RoleManagement.Read.Directory",
- "Application.Read.All",
- "DeviceManagementServiceConfig.Read.All",
- "Domain.Read.All",
- "LicenseAssignment.Read.All",
- "Policy.Read.All",
- "DirectoryRecommendations.Read.All"
Note: If permission for these scopes has not been given yet, the script will prompt the user to grant the permissions.
- Clone the repo to a folder on your computer
- Open a Powershell folder in the folder where you cloned the repo
- Validate the content of the configCollection.json file and optionally adapt the log and/or rawResults folder.
- Run the script Collect-Data.ps1
- Results will be stored as .json files in the rawResults folder and will also be added to the archive results.zip
See Release Notes
2025.05.23-13.54