Category Archives: OneDrive for Business

M365Permissions v1.2.2

Are you also curious about all those PowerApps and Flows in your environment? Orphaned ones maybe? Or when someone leaves the company?

1.2.2 adds scanning of PowerApps and Flows! Only when using SPN auth. (setup instructions)

In addition to that, I’ve also added provisional support for scans of tenants in USGOV, USDOD and China. Since I don’t have a test tenant there, I’ll have to rely on you to test how it performs there.

Full changelog here

Download / Use:

M365Permissions module page | Github | PSGallery

M365Permissions v1.2.1

Yes, we finally have Microsoft Azure! All active and eligible permissions are in scope from the subscription level and below.

If you use a service principal for scanning, be sure to assign read permissions for it to all subscriptions (or lower level resource groups) you want it to index.

Full changelog here

Download / Use:

M365Permissions module page | Github | PSGallery

M365Permissions v1.1.6

1.1.6 brings all separate catagories we scan in line by making the report columns the same (=Common Data Mode). This makes comparing and pivoting a LOT easier 🙂

Also, added Partner Permissions and Entra Devices (including Cloud PC’s).

Main changes:

  • [Feature] Add partner relationships
  • [Feature] Add entra devices & cloud pc’s
  • [Feature] Remove group enumeration for all entra type groups
  • [Feature] Implement Common Data Model
  • [BugFix] Don’t scan Teams Channels twice
  • [BugFix] Do not retry when getting 404 errors
  • [BugFix] Properly restore site lock state if modified

Full changelog here

Download / Use:

M365Permissions module page | Github | PSGallery

M365Permissions v1.1.5

1.1.5 brings some initial improvements to prepare for Managed Identities and fully automates creating a Service Principal (unattended/automated scanning).

But, that isn’t entirely finished yet. However, since my target platforms are Automation Accounts and Azure Functions, which are heavily memory-constricted, I’ve focused on reducing the module’s memory footprint and further enhancing performance. The module now uses up to 80% less memory at no cost to scan speed!

I’ve described how to first set up a service principal in a separate post.

Full changelog:

  • [Feature] Add application and policy scanning
  • [Feature] Scan Entra Users in batches
  • [Feature] Improve memory usage
  • [Feature] Use tenant specific report folder
  • [Feature] Make logLevel configurable
  • [Feature] Experimental Managed Identity support
  • [Feature] Automatically handle Sharepoint Site Locks
  • [Feature] Automatically deduplicate and diff all reports
  • [Feature] Add objectId’s to report where useful
  • [Feature] Display calculated remaining scan time
  • [Feature] Service Principal create function
  • [Feature] Improved changed detection (e.g. ignore display name changes)
  • [BugFix] Respect verbose settings in child jobs
  • [BugFix] For english permission descriptions to avoid diff issues

Download / Use:

M365Permissions module page | Github | PSGallery