1.1.5 brings some initial improvements to prepare for Managed Identities and fully automates creating a Service Principal (unattended/automated scanning).

But, that isn’t entirely finished yet. However, since my target platforms are Automation Accounts and Azure Functions, which are heavily memory-constricted, I’ve focused on reducing the module’s memory footprint and further enhancing performance. The module now uses up to 80% less memory at no cost to scan speed!

I’ve described how to first set up a service principal in a separate post.

Full changelog:

• [Feature] Add application and policy scanning
• [Feature] Scan Entra Users in batches
• [Feature] Improve memory usage
• [Feature] Use tenant specific report folder
• [Feature] Make logLevel configurable
• [Feature] Experimental Managed Identity support
• [Feature] Automatically handle Sharepoint Site Locks
• [Feature] Automatically deduplicate and diff all reports
• [Feature] Add objectId’s to report where useful
• [Feature] Display calculated remaining scan time
• [Feature] Service Principal create function
• [Feature] Improved changed detection (e.g. ignore display name changes)
• [BugFix] Respect verbose settings in child jobs
• [BugFix] For english permission descriptions to avoid diff issues

Download / Use:

M365Permissions module page | Github | PSGallery

1.1.4 finally brings unattended scanning using a service principal!

I’ve described how to first set up a service principal in a separate post.

Full changelog:

• [Feature] Add SPN scanning
• [Feature] Configurable connection method
• [Feature] Scan PowerBI gateways
• [Feature] Scan PowerBI Lakehouses and Warehouses
• [Feature] Add view config function
• [Feature] Client cert creation function
• [BugFix] Fix diff scanning path issue
• [BugFix] Exclude modified field when detecting changes

Download / Use:

M365Permissions module page | Github | PSGallery

Well, a lot to share today! 36 commits with plenty of quality of life stuff, and some nice new features such as automatic retry of jobs when scanning multiple sources (e.g. all mailboxes). Since retrying runs the risk of getting duplicate results in the report, I’ve also added a deduplication function. Also handy for those of you who run over time and add to the same report file or want to merge reports but don’t want to deduplicate manually.

File based caching should also further improve runs over larger environments that take more than a few hours.

Full changelog:

• [Feature] Report on Entra Object ownership
• [Feature] Configurable job timout
• [Feature] Log to file when Verbose logging is enabled
• [Feature] Overview of failed jobs
• [Feature] Faster ACL retrieval for SpO
• [Feature] Automatic job retry
• [Feature] Treat tokens as opaque strings
• [Feature] (optional) deduplication of results
• [BugFix] Fix SpO API token re-use
• [BugFix] File based caching

Download / Use:

M365Permissions module page | Github | PSGallery

Today’s release focuses on efficiency and bugfixes, no real new features other than some parameters which were moved to the set-M365PermissionsConfig function instead of having to be passed to each command.

Full changelog:

• [Feature] Move outputFormat parameter to persistent config
• [Feature] Move includeCurrentUser parameter to persistent config
• [Feature] Add Verbose parameter to persistent config
• [Feature] Faster enumeration when running concurrent jobs
• [Feature] Memory use optimizations
• [BugFix] Concurrent write issues with XLSX output
• [BugFix] Handle special (non-enumerable) groups

Download / Use:

M365Permissions module page | Github | PSGallery

Today’s release has an awesome new feature called ‘Changed Detection’, which will help you identify which permissions have changed since the previous run of M365Permissions.

Full changelog:

• [Feature] Base support for app-only authentication
• [Feature] Change detection (diff)
• [Feature] Persist customizations between runs
• [BugFix] Multi threading module load issue

Download / Use:

M365Permissions module page | Github | PSGallery