What does this repo signal mean?

Microsoft published microsoft/intune-tenant-doc (PowerShell). This repository signal exposes tooling, eval, infrastructure, or model-adjacent work before it may appear in a launch post. High-signal details: repo microsoft/intune-tenant-doc · language PowerShell · Low-stars routine documentation repo. onlylabs links this event to 1 captured evidence page and 6 related repo signals.

Microsoft Repo: microsoft/intune-tenant-doc

Captured source

source ↗

GitHub/github.com/microsoft/intune-tenant-doc

microsoft/intune-tenant-doc repository metadata

Source ↗

published May 13, 2026seen 5dcaptured 12hhttp 200method plain

microsoft/intune-tenant-doc

Language: PowerShell

Stars: 3

Forks: 0

Open issues: 3

Created: 2026-05-13T19:14:00Z

Pushed: 2026-06-02T21:05:00Z

Default branch: main

Fork: no

Archived: no

README:

Intune Tenant Configuration Exporter

A PowerShell script that connects to any Intune tenant via Microsoft Graph and generates a complete configuration inventory as Markdown files — one per platform plus a combined full-tenant document.

The export is read-only. In addition to the platform-based Markdown files, the script can generate a reverse group assignment report and an unclassified review file for anything that cannot be mapped cleanly to a platform.

Prerequisites

PowerShell 7+ (required) — install from https://aka.ms/install-powershell
Microsoft.Graph PowerShell module:

Install-Module Microsoft.Graph -Scope CurrentUser

Quick Start

# Basic export (interactive browser login)
.\Export-IntuneTenantDoc.ps1

# Export and embed full script content in the Markdown files
.\Export-IntuneTenantDoc.ps1 -EmbedScripts

# Export a specific tenant
.\Export-IntuneTenantDoc.ps1 -TenantId "contoso.onmicrosoft.com"

# Custom output directory
.\Export-IntuneTenantDoc.ps1 -OutputPath ./contoso-export

# macOS/Linux PowerShell 7 invocation
pwsh ./Export-IntuneTenantDoc.ps1

Step-by-Step Usage

1. Install the Microsoft Graph module (if not already installed):

Install-Module Microsoft.Graph -Scope CurrentUser

2. Navigate to the script directory:

cd /path/to/Intune-tenant-doc

3. Run the script:

.\Export-IntuneTenantDoc.ps1

To include full script bodies and generated script analysis in the Markdown output:

.\Export-IntuneTenantDoc.ps1 -EmbedScripts

4. Sign in when the browser window opens — use an account with appropriate permissions (see [Account Requirements](#account-requirements))

5. Wait for completion — the script will display progress as it collects each configuration category

6. Review the output — check the generated folder (e.g., IntuneExport-2026-04-23/) for your Markdown documentation

Output

Creates a folder (default: IntuneExport-YYYY-MM-DD/) containing:

| File | Contents | | ------ | ---------- | | Windows.md | Windows device configs, compliance, apps, Autopilot, admin templates, update rings, scripts, remediations, driver updates, custom ADMX | | macOS.md | macOS device configs, compliance, apps, shell scripts, ADE/DEP enrollment | | iOS.md | iOS/iPadOS device configs, compliance, MAM, VPP apps, ADE enrollment | | Android.md | Android device configs, compliance, MAM, managed Google Play, device owner enrollment | | Cross-platform.md | Conditional Access, RBAC, scope tags, device categories, filters, APNs cert, VPP tokens, policy sets, branding, T&C, MTD, notifications, cleanup | | Full-Tenant-Documentation.md | Combined document with all platforms, table of contents, and complete inventory | | Group-Assignments.md | Reverse-lookup: every group and what policies, apps, and configurations target it | | Unclassified.md | Items that couldn't be auto-classified (created only when needed) | | _warnings.md | Any sections that were skipped (permissions, licensing, API errors; created only when needed) |

Each generated Markdown file includes export metadata such as timestamp, tenant, and organization when that information is available from Microsoft Graph.

What It Documents

| Category | API Source | Notes | | ---------- | ----------- | ------- | | Device Configuration Profiles | v1.0 | Template-based legacy profiles with all setting values | | Settings Catalog Policies | beta | Modern policy engine with all configured settings | | Administrative Templates | beta | GPO-style Edge/Office/OneDrive policies with full setting values | | Compliance Policies | v1.0 | Per-platform compliance rules | | Custom Compliance Scripts | beta | Detection scripts for custom compliance | | App Protection Policies (MAM) | v1.0 | iOS, Android, Windows WIP | | App Configuration Policies | beta | Managed device + managed app configs | | Applications | v1.0 | All app types with install intents and assignments | | Endpoint Security / Baselines | beta | Security baselines, AV, firewall, EDR, ASR | | Scripts | beta | PowerShell (Windows), shell (macOS), and macOS PKG app pre/post install scripts; full content and analysis when -EmbedScripts is used | | Proactive Remediations | beta | Device health scripts (custom only) | | Enrollment Configuration | v1.0 + beta | Restrictions, ESP, Autopilot, ADE/DEP, Android Enterprise | | Android Device Owner Enrollment | beta | Dedicated/fully managed enrollment profiles | | Update Policies | beta | Feature updates, quality updates, update rings | | Driver Update Profiles | beta | Windows driver update management | | Conditional Access | v1.0 | All CA policies with conditions and controls | | Assignment Filters | beta | Platform-specific filters with rules | | Scope Tags | beta | Custom and built-in scope tags | | RBAC Roles | v1.0 | Role definitions and assignment counts | | Device Categories | v1.0 | Tenant-defined device categories | | Apple Push Certificate | v1.0 | APNs certificate status and expiration | | VPP / ABM Tokens | beta | Apple Volume Purchase Program tokens | | Policy Sets | beta | Bundled policy deployments | | Custom ADMX Imports | beta | Uploaded ADMX definition files | | Intune Branding | beta | Company Portal branding profiles | | Mobile Threat Defense | beta | MTD connector status | | Device Management Partners | beta | Third-party management integrations | | Terms and Conditions | v1.0 | Enrollment T&C with assignments | | Notification Templates | beta | Notification message templates with localization | | Device Cleanup Settings | beta | Automatic device cleanup rules |

Required Permissions (Read-Only)

The script requests these Microsoft Graph scopes (all read-only):

DeviceManagementConfiguration.Read.All
DeviceManagementApps.Read.All
DeviceManagementManagedDevices.Read.All
DeviceManagementServiceConfig.Read.All
DeviceManagementRBAC.Read.All
Policy.Read.All
Directory.Read.All
Group.Read.All

Parameters

| Parameter | Type | Default | Description | | ----------- | ------ | --------- | ------------- | | -OutputPath | string | ./IntuneExport- | Directory for output…

Excerpt shown — open the source for the full document.

Notability

notability 1.0/10

Low-stars routine documentation repo