Saturday, December 21, 2024

Microsoft 365 Discovery Report

Overview

The Microsoft 365 Discovery Report is a collection of outputs from the various workloads inside a Microsoft 365 tenant, all consolidated into a single Excel based report. It details the following workloads.

  • Exchange Online Mailboxes (Users/Shared)
  • OneDrive Usage
  • SharePoint Sites
  • SharePoint Permissions
  • SharePoint Libraries
  • Teams – including Channels/Memberships
  • MFA details
  • Distribution Lists
  • Contacts
  • Guest Accounts
  • Public Folders
  • Unified Groups
  • Security Groups
  • Calendar Permissions
  • Azure AD Devices
  • Password Expiration Details
  • License Information and Consumption

It is all performed by using a locally based PowerShell 7 script that runs on your own infrastructure, connecting to the various workloads directly from there.

The report gives a solid tenant landscape and is intended to be used in preparation for a migration effort. By using the outputs, various batching and grouping techniques can be used, making the planning easier than using the normal Microsoft 365 Admin Center and the reports contained there.

The latest version is V5.35, released on 27 September 2024.

Getting all that information can normally involve a load of different scripts and console items to view which is why I have put it all together into a single script. The script runs across the tenant and creates multiple CSV files with all the data, then it compiles everything into a single Excel sheet with multiple tabs, all formatted and looking nice.

It even installs automatically all the PowerShell modules for Microsoft 365 that are required to connect and run everything.

Administrative rights required

On the source tenant where the report is being run the account connecting to the various M365 Modules will need to have the following administrative rights assigned to it.

  • Global Reader
  • Teams Administrator
  • SharePoint Administrator (for Site Collection Information)

If the admin user that is running the report has Global Admin rights on the tenant, then no other rights need to be added.

As the script runs it will connect to each of the modules and require the credentials to perform this. This connection is between your machine and Microsoft 365, at no time are any credentials stored in the script, or included in any of the reports.

Application Registration

To use the MS Graph connections, the script works with an Application Registration so that you can define the rights that the script has access to inside the tenant. This is setup prior to the script running and full instructions on how to do this are contained in the PDF file attached to the script when you download it, and also on the YouTube video in my Channel. As a summary, the access requirements look like this.

ORCA / MCCA Report

Update as of December 2023, the tool includes the ability to run the Microsoft ORCA report from inside the script. The ORCA Report is the Office 365 Recommended Configuration Analyzer and gives solid information and recommendations for the tenant with regard to mail/inbound/outbound security. An example is here.

An extremely useful report when looking at your own, or a clients, tenant.

Produce PowerShell Commands for Target Object Creation

It now also adds the ability to use the spreadsheet that is created as a Migration Run Sheet much better than before. The script can add PowerShell code to the Mailbox report that will allow you to copy/paste into the PowerShell ISE to create these items in a target tenant. Supply the target UPN suffix and it will provision the code to create those identities as ANY of these options

  • Mail Contacts
  • Mail Users
  • Mail Users with Exchange GUID and Legacy Exchange DN set – Perfect for MRS matching
  • Mailbox Users – Complete M365 identities ready to be licensed and accept incoming migration data

This is a significate update in the lifecycle of this tool and with these options will aid the migration efforts of many Microsoft 365 Tenant to Tenant scenarios for admins.

Added the additional PowerShell line to populate the Email Alias of the Target Tenants ‘onmicrosoft.com’. Helpful when the tenant does not populate these automatically as it is required for the Cross Tenant Migration.

Included an additional column called ‘Identity’ in the ‘ZZ’ option. This helps greatly when using the output report as a batch run sheet, so you can filter by batch and then copy/paste the Identity field straight into a blank file to be used as a migration import CSV. Watch the latest video here to discover how this is a valuable asset to the tool.

The video below shows a full run through of the new version and what it is capable of

https://store.thecloudgeezer.com/products/microsoft-365-discovery-script

The Output & Tool

Here is an example of the output you can expect. Many columns are included, not just what is shown on the limited space below.

The script checks for all the modules that are required and prompts to install them if they are not present. There is no need to connect to M365 before running as it allows you to enter the credentials and make the connection at runtime./

Everything is run from a simple menu to make it easy to get the output you need.

Downloading and Running

The script comes in the form of a ZIP file which allows you to extract the .PS1 file on to your machine. It is recommended that it be run from the c:\scripts directory on your local machine. If you want to change the output then the first few lines of the script have the location where you can change this.

When you run the PowerShell or PowerShell ISE window to run the script it is important that you “Run As Administrator” when you start it. This is a requirement of the PowerShell modules that Microsoft 365 uses to connect to the cloud and you will find that they will fail without the local administrator privileges.

Discount

To get a 50% discount code for this script, subscribe to my YouTube channel and then drop me an email to mark@thecloudgeezer.com and I will send you a coupon code.

https://youtube.com/thecloudgeezer

All the scripting products, and the CloudOCM system, are available in the store.

https://store.thecloudgeezer.com

Hope you find this useful, please reach out in the comments with any thoughts, comments or improvements you would like to see.

Mark – The Cloud Geezer.

Mark Rochester
Mark Rochesterhttps://thecloudgeezer.com
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

Google GSuite Discovery Tool

When it comes time to perform a migration from Google GSuite to Microsoft 365 the first thing we always ask is - "How much...

Migrate Microsoft 365 Mailboxes to Google Workspace

This is not a very common subject to talk about as most of the migrations that get performed are people moving into the Microsoft...

Batches Paused in ‘Needs Approval’ Status

When you are using the native Microsoft tools to migrate from Google Workspace (Gmail) into Microsoft 365 the tool works very well. It does...

Stay Connected

88FansLike
36,999FollowersFollow
50,237SubscribersSubscribe
- Advertisement -

Latest Articles