Friday, July 3, 2026

Microsoft 365 Discovery Report

How long does a full Microsoft 365 tenant assessment take you?

For me, it used to be half a day. Clicking through Exchange admin, SharePoint admin, Entra ID, Intune, Defender — exporting bits from each, stitching it together in Excel so I could actually use it for a migration runsheet.

So I built a script to do it for me. One PowerShell script. Walk away. Come back to a single Excel workbook with everything — mailboxes, OneDrive, SharePoint, Teams, security posture, licensing, the lot.

Here it is, available to everybody. A menu Driven PowerShell script to report on Mailboxes, OneDrive, Teams, SharePoint, DL’s, Permissions, MFA Details, Contacts, Guests, Security/Unified Groups, Azure AD Devices, License Information, Conditional Access Policies, Connectors/Transport Rules, Planner, InTune, Devices, Enterprise Apps, Entra Role Assignments, Spam/SafeLink/Attachment Policies, Named Locations and more from your Microsoft 365 tenant.

Current Update – V8.12 – June 2026 – Now reports on the following items in your M365 Tenant

✅Users, Shared Mailboxes, Calendar Permissions

✅OneDrive

✅ SharePoint (including subsites & libraries)

✅ Teams — channels, memberships, policies

✅ Distribution Lists, Security Groups & Unified Groups

✅ MFA status across all users

✅ Planner Details

✅ Intune — devices, compliance policies, config profiles & managed apps

✅ Conditional Access Policies & Named Locations

✅ Entra ID Role Assignments

✅ Anti-Spam, Anti-Malware, Safe Attachments & Safe Links

✅ Email Forwarding Rules (mailbox-level and inbox rules)

✅ External Collaboration & SharePoint Sharing Configuration

✅ Enterprise Apps & OAuth Permissions — with friendly permission names

✅ Microsoft Secure Score with per-control breakdown

✅ Azure AD Devices

✅ License Information

✅ MX Records, Transport Roles, Send/Receive Connectors

✅ Named Locations

✅ Audit Log configuration and more

Full instructions updated and included in the delivery package.

It creates a spreadsheet report that can be easily used as a migration runsheet, filterable and containing a lot of very useful information. Especially in that migration stance. This spreadsheet has a nice summary page at the start showing all the details of the workload usage and consumption. Screenshot of that in the product details below.

If you are working with a Microsoft 365 tenant, whether it is for your own or for a client, it is often necessary to obtain a decent report of what is there. You may want to know about all the Mailboxes that are in Exchange Online, Sizing, Delegate information, Licenses, a full listing of Microsoft Teams with members, channels and data sizes, OneDrive sizes/usage, Distribution Lists, Contacts, Guest Accounts and SharePoint sites/data/usage, SharePoint Libraries, Unified Groups, Security Groups, Azure AD Devices, Conditional Access Policies, MX Records, Public Folders, Send/Receive Connectors, Transport Rules and License Information. It also collects MFA details, showing who has it enforced, who has registered for MFA and the type of authentication (App/Txt/Call) that they selected, the phone number and phone type used, and the last logon date/time. All of the data is bundled up nicely into a very usable Excel file.

All updates to the scripts are available for life. Whenever I update the script I push out a download link for the new version to anybody that has ever purchased it.

The report gives a solid tenant landscape and is intended to be used in preparation for a migration effort. By using the outputs, various batching and grouping techniques can be used, making the planning easier than using the normal Microsoft 365 Admin Center and the reports contained there.

https://store.thecloudgeezer.com/products/microsoft-365-discovery-script

Getting all that information can normally involve a load of different scripts and console items to view which is why I have put it all together into a single script. The script runs across the tenant and compiles everything into a single Excel sheet with multiple tabs, all formatted and looking nice.

It even installs automatically all the PowerShell modules for Microsoft 365 that are required to connect and run everything. The modules required are

  • Microsoft Graph
  • Exchange Online
  • Import-Excel (Used for the Excel Output at the end)

Important Note: Everything is read from the tenant only, absolutely nothing is written there.

Administrative rights required

On the source tenant where the report is being run the account connecting to the M365 Modules will need to have the following administrative rights assigned to it. This is for the Exchange Online module only, as the rights in Graph are given to the Application Registration specifically and are not based on an account login.

  • Global Reader

If the admin user that is running the report has Global Admin rights on the tenant, then no other rights need to be added.

To perform the Application Registration at the start, to setup the connection to the tenant, you will need to connect with the appropriate Azure AD / Entra ID rights in order to create the application.

As the script runs it will connect to Microsoft Graph and perform all the work. It does need a small amount of data from the Exchange Online PowerShell Module and will connect to that right at the start.

Application Registration

To use the MS Graph connections, the script works with an Application Registration so that you can define the rights that the script has access to inside the tenant. The script has the option to perform the Application Registration itself and will update the config files accordingly. As a summary, the access requirements look like this.

ORCA / MCCA Report

In the update in December 2023, the tool includes the ability to run the Microsoft ORCA report from inside the script. The ORCA Report is the Office 365 Recommended Configuration Analyzer and gives solid information and recommendations for the tenant with regard to mail/inbound/outbound security. An example is here.

An extremely useful report when looking at your own, or a clients, tenant. Likewise, the MCCA report was also added and can be triggered from the main menu. This gives a great couple of additional reports that are always interesting and well received by the client that you are running this for on their tenant.

https://store.thecloudgeezer.com/products/microsoft-365-discovery-script

The Output & Tool

Here is an example of the output you can expect. Many columns are included, not just what is shown on the limited space below.

Everything is run from a simple menu to make it easy to get the output you need.

Downloading and Running

The script comes in the form of a ZIP file which allows you to extract the .PS1 file on to your machine. It is recommended that it be run from the c:\scripts directory on your local machine. If you want to change the output then the first few lines of the script have the location where you can change this.

When you run the PowerShell session to run the script it is important that you “Run As Administrator” when you start it. This is a requirement of the PowerShell modules that Microsoft 365 uses to connect to the cloud and you will find that they will fail without the local administrator privileges.

All the scripting products, and the CloudOCM system, are available in the store.

https://store.thecloudgeezer.com

Hope you find this useful, please reach out in the comments with any thoughts, comments or improvements you would like to see.

Mark – The Cloud Geezer – mark@thecloudgeezer.com

Mark Rochester
Mark Rochesterhttps://thecloudgeezer.com
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

OneDrive Sharing Report – June 2026

Take Control of OneDrive Sharing Across Your Entire Microsoft 365 Tenant Let's be honest — Microsoft's built-in sharing reports are pretty underwhelming. They show you...

SharePoint Discovery Tool

Know exactly who has access to what across your entire SharePoint Online environment. Managing SharePoint permissions at scale is one of the most time-consuming and...

PowerSync Pro – Full Migration Series

If you’ve ever been responsible for a Microsoft 365 tenant‑to‑tenant migration, you already know the truth: There’s the theory vendors talk about… and then...

Stay Connected

88FansLike
36,999FollowersFollow
70,704SubscribersSubscribe
- Advertisement -

Latest Articles