A PowerShell module for retrieving tenant information.
- Clone or download this repository
- Import the module:
Import-Module .\TenantInfo.psd1# Import the module
Import-Module .\TenantInfo.psd1 -Force
# Collect all tenant data and generate interactive report
# (automatically connects to Microsoft Graph)
Get-TenantInfo
# Collect specific data types only
Get-TenantInfo -CollectExchange -CollectUsers
# Generate report with PDF
Get-TenantInfo -GeneratePDF
# Connect to specific tenant
Get-TenantInfo -TenantId "contoso.onmicrosoft.com"
# Use device code for MFA
Get-TenantInfo -UseDeviceCodeTenantInfo/
├── TenantInfo.psd1 # Module manifest
├── TenantInfo.psm1 # Module script file
├── Public/ # Public functions (exported)
│ ├── Get-TenantInfo.ps1
│ ├── Get-TenantExchangeInfo.ps1
│ ├── Get-TenantUserInfo.ps1
│ ├── Get-TenantOneDriveInfo.ps1
│ ├── Get-TenantSharePointInfo.ps1
│ ├── Get-TenantComplianceInfo.ps1
│ └── New-TenantReport.ps1
├── Private/ # Private helper functions (not exported)
├── Scripts/ # Helper scripts
│ └── Get-SharePointInfoWithLabels.ps1
├── Tests/ # Pester tests
│ └── TenantInfo.Tests.ps1
└── Output/ # Generated reports and data files
- PowerShell: 5.1 or 7+ (PowerShell 5.1 is recommended for SharePoint Online module compatibility)
- Microsoft Graph PowerShell SDK:
Install-Module Microsoft.Graph - Exchange Online Management:
Install-Module ExchangeOnlineManagement - SharePoint Online Management:
Install-Module Microsoft.Online.SharePoint.PowerShell - Microsoft Edge: Required for PDF generation (optional)
Note: While this module works with both PowerShell 5.1 and 7+, PowerShell 5.1 is recommended when collecting SharePoint data, as the SharePoint Online Management Shell module has better compatibility with PowerShell 5.1.
There is a known assembly conflict between certain versions of ExchangeOnlineManagement and Microsoft.Graph modules due to incompatible versions of Microsoft.Identity.Client. See GitHub Issue #3331 and Issue #3394.
Recommended compatible versions:
- Microsoft.Graph: v2.29.1
- ExchangeOnlineManagement: v3.4.0 (confirmed working) or v3.8.0
To install compatible versions:
# Install specific versions that work together
Install-Module Microsoft.Graph -RequiredVersion 2.29.1 -Force
Install-Module ExchangeOnlineManagement -RequiredVersion 3.4.0 -Force
# Install latest Microsoft Graph
Install-Module Microsoft.Graph -ForceTo check your current versions:
Get-Module ExchangeOnlineManagement -ListAvailable | Select-Object Name, Version
Get-Module Microsoft.Graph.Authentication -ListAvailable | Select-Object Name, VersionTenantInfo mitigation: This module automatically connects to Exchange before loading Graph modules to minimize conflicts, but using compatible versions is still recommended for best results.
Get-TenantInfo automatically handles authentication to Microsoft Graph and Security & Compliance Center. For other services:
# For Exchange data - connect to Exchange Online
Connect-ExchangeOnline
# For SharePoint sensitivity labels - connect to SharePoint Online
Connect-SPOService -Url "https://contoso-admin.sharepoint.com"
# For compliance data - automatically connects to Security & Compliance if needed
# If you prefer to connect manually:
# Connect-IPPSSession
# Then collect data (authentication to Graph and IPPS is automatic)
Get-TenantInfoTo collect SharePoint site sensitivity labels, you must connect to SharePoint Online PowerShell in a fresh PowerShell session before connecting to Microsoft Graph. This is due to assembly conflicts between the SPO and Graph modules.
Option 1: Use the helper script (recommended)
# In a FRESH PowerShell session:
.\Scripts\Get-SharePointInfoWithLabels.ps1 -TenantAdminUrl "https://contoso-admin.sharepoint.com"Option 2: Manual connection in correct order
# 1. Close all PowerShell windows and open a FRESH session
# 2. Connect to SharePoint Online FIRST
Connect-SPOService -Url "https://contoso-admin.sharepoint.com"
# 3. Then connect to Exchange/Compliance
Connect-ExchangeOnline
# or
Connect-IPPSSession
# 4. Then load the module and collect data
Import-Module .\TenantInfo.psd1 -Force
Get-TenantSharePointInfo
# 5. Or collect all data
Get-TenantInfoNote: If you see "WARNING: Not connected to SharePoint Online" when running Get-TenantSharePointInfo, you need to follow the connection order above in a fresh session. Without SPO connection, sites will show "None" for sensitivity labels even if labels are assigned.
# Collect Exchange information
Get-TenantExchangeInfo
# Collect user and license information
Get-TenantUserInfo
# Collect OneDrive usage
Get-TenantOneDriveInfo
# Collect SharePoint usage
Get-TenantSharePointInfo
# Collect compliance data (sensitivity & retention labels and policies)
Get-TenantComplianceInfo# Generate comprehensive HTML report
New-TenantReport
# Generate HTML and open in browser
New-TenantReport -OpenInBrowser
# Generate HTML and PDF report
New-TenantReport -GeneratePDFOrchestrates collection of all Microsoft 365 tenant data in a single command with built-in Microsoft Graph authentication and automatically generates an interactive HTML report.
Features:
- Built-in Authentication: Automatically connects to Microsoft Graph with required permissions
- Sequential collection of Exchange, Users, OneDrive, SharePoint, and Compliance data
- Progress tracking with step-by-step status updates
- Automatic interactive HTML report generation
- Report automatically opens in browser
- Optional PDF generation
- Error handling with detailed failure reporting
- Smart defaults (collects all data types when no parameters specified)
- Selective collection via opt-in parameters
Parameters:
OutputDirectory- Directory for output files (default:.\Output)TenantId- Specific tenant to connect to (optional)UseDeviceCode- Use device code authentication flowClientId- Custom application ID for authenticationCollectExchange- Collect Exchange Online dataCollectUsers- Collect User, License, and Group dataCollectOneDrive- Collect OneDrive usage dataCollectSharePoint- Collect SharePoint usage dataCollectCompliance- Collect Compliance data (sensitivity and retention labels and policies)GeneratePDF- Generate PDF version of report
Examples:
# Collect all data and generate interactive report (default)
Get-TenantInfo
# Collect specific data types only
Get-TenantInfo -CollectExchange -CollectUsers
# Collect all data and generate PDF
Get-TenantInfo -GeneratePDF
# Custom output directory
Get-TenantInfo -OutputDirectory "C:\Reports"Note: After successful data collection, an interactive HTML report is automatically generated and opened in your browser. The report includes sortable tables, filters, and detailed analytics across all collected data.
Collects comprehensive Exchange Online information including mailboxes, domains, DNS records, connectors, and transport rules.
Features:
- DNS Records: SPF, DKIM (TXT and CNAME), DMARC validation
- Mailboxes: Statistics with sizes and quotas
- Domains: Accepted domains with authentication types
- Remote Domains: External domain email handling settings (OOF, auto-reply, auto-forward, delivery reports, NDR)
- Connectors: Inbound and outbound mail flow connectors
- Transport Rules: Mail flow rules with conditions and actions
Parameters:
OutputPath- JSON output file path (default:.\Output\ExchangeInfo.json)
Example:
Get-TenantExchangeInfo -OutputPath "C:\Reports\Exchange.json"Retrieves user accounts, admin roles, licenses, groups, and device information.
Features:
- User accounts with license assignments
- Directory roles and membership
- License SKU details and usage
- Groups (Microsoft 365, Security, Distribution)
- Device compliance status
Parameters:
OutputPath- JSON output file path (default:.\Output\UserInfo.json)
Example:
Get-TenantUserInfoCollects OneDrive for Business usage statistics.
Features:
- Storage used and allocated per user
- File counts (total and active)
- Last activity dates
- Storage usage percentages
Parameters:
OutputPath- JSON output file path (default:.\Output\OneDriveInfo.json)
Example:
Get-TenantOneDriveInfoRetrieves SharePoint Online site usage information.
Features:
- Site storage statistics
- File and page view counts
- Site templates and sensitivity labels
- Active file tracking
- Last activity dates
Sensitivity Labels:
- To resolve site sensitivity labels to friendly names, ensure both modules are available and connected:
- SharePoint Online Management Shell:
Install-Module Microsoft.Online.SharePoint.PowerShellthenConnect-SPOService -Url https://<tenant>-admin.sharepoint.com - Exchange Online (or Compliance):
Install-Module ExchangeOnlineManagementthenConnect-ExchangeOnlineorConnect-IPPSSession
- SharePoint Online Management Shell:
- Important: Due to assembly conflicts, connect to SPO before loading Microsoft.Graph in a fresh PowerShell session:
# In a new PowerShell session: Connect-SPOService -Url https://<tenant>-admin.sharepoint.com Connect-ExchangeOnline Import-Module .\TenantInfo.psd1 -Force Get-TenantSharePointInfo
- Without these connections, the report may show the label GUID or
Nonefor sites.
Parameters:
OutputPath- JSON output file path (default:.\Output\SharePointInfo.json)
Example:
Get-TenantSharePointInfoCollects compliance information including sensitivity and retention labels and policies from Security & Compliance Center.
Features:
- Sensitivity labels with encryption, protection, and marking settings
- Sensitivity label policies and their scope assignments
- Retention labels with actions and durations
- Retention policies with location scopes
- Policy rules with compliance actions
- Scope information (Exchange, SharePoint, OneDrive, Teams)
- Label purposes and protection capabilities
Parameters:
OutputPath- JSON output file path (default:.\Output\ComplianceInfo.json)
Prerequisites:
- Requires Security & Compliance Center connection (
Connect-IPPSSession)
Example:
# Connect to Security & Compliance Center
Connect-IPPSSession
# Collect compliance data
Get-TenantComplianceInfoGenerates a comprehensive interactive HTML report combining all tenant data.
Features:
- Tabbed Interface: Overview, Users, Roles, Licenses, Groups, Mailboxes, Domains, Connectors, Rules, OneDrive, SharePoint, Devices, Compliance
- Interactive Tables: Sortable columns, search filters, status filters
- Visual Indicators: Color-coded badges for status, compliance, and usage
- DNS Security: SPF, DKIM, DMARC validation status with tooltips
- PDF Export: Automated PDF generation with intelligent file checking
- Responsive Design: Modern gradient UI with professional styling
Parameters:
ExchangeJsonPath- Exchange data file (default:.\Output\ExchangeInfo.json)UserJsonPath- User data file (default:.\Output\UserInfo.json)OneDriveJsonPath- OneDrive data file (default:.\Output\OneDriveInfo.json)SharePointJsonPath- SharePoint data file (default:.\Output\SharePointInfo.json)ComplianceJsonPath- Compliance data file (default:.\Output\ComplianceInfo.json)OutputPath- HTML output path (default:.\Output\TenantReport.html)OpenInBrowser- Open report in default browserGeneratePDF- Create PDF version using Edge headless mode
Examples:
# Basic report
New-TenantReport
# Open in browser
New-TenantReport -OpenInBrowser
# Generate PDF
New-TenantReport -GeneratePDF
# Custom paths
New-TenantReport -OutputPath "C:\Reports\TenantReport.html" -GeneratePDF# 1. Import the module
Import-Module .\TenantInfo.psd1 -Force
# 2. Optional: Connect to additional services for enhanced data
# Connect to Exchange Online (for Exchange data)
Connect-ExchangeOnline
# Connect to SharePoint Online (for sensitivity labels)
Connect-SPOService -Url "https://contoso-admin.sharepoint.com"
# Connect to Security & Compliance (for compliance data)
Connect-IPPSSession
# 3. Collect all data (automatically connects to Microsoft Graph)
Get-TenantInfo -GeneratePDF
# 4. View output files
Get-ChildItem .\Output\All data is saved to JSON files in the Output folder:
Output/
├── ExchangeInfo.json # Exchange data with DNS records
├── UserInfo.json # Users, roles, licenses, groups, devices
├── OneDriveInfo.json # OneDrive usage statistics
├── SharePointInfo.json # SharePoint site usage
├── ComplianceInfo.json # Sensitivity and retention labels and policies
├── TenantReport.html # Interactive HTML report
└── TenantReport.pdf # PDF report (if generated)
- Organization name and tenant ID
- Collection timestamp
- Summary metrics
- User accounts with license status
- Account enabled/disabled status
- Job titles and departments
- Searchable and filterable
- Directory roles grouped by role type
- Member listings per role
- Role descriptions
- SKU details and friendly names
- Consumed vs. available licenses
- Usage percentage with color coding
- FLOW_FREE licenses filtered out
- Microsoft 365, Security, Distribution, and Mail-enabled security groups
- Member counts
- Group types with badges
- Mailbox sizes and item counts
- Quota information
- Mailbox types (User, Shared, Room, Equipment)
- Accepted domains with types
- DNS Security Records:
- SPF records with validation
- DKIM records (TXT and CNAME support)
- DMARC records with policy details
- Default and initial domain indicators
- Remote Domains:
- External domain email policies
- OOF (Out of Office) settings
- Auto-reply and auto-forward configuration
- Delivery report and NDR settings
- Meeting forward notifications
- Inbound and outbound connectors
- Enabled/disabled status
- Sender/recipient domain restrictions
- Mail flow rules
- Priority ordering
- Conditions and actions
- Enabled/disabled filtering
- Per-user storage statistics
- Storage used vs. allocated
- File counts and activity dates
- Usage percentage indicators
- Site-level storage statistics
- Page view counts
- Site templates
- Sensitivity labels
- Active file tracking
- Device compliance status
- Operating systems and versions
- Managed vs. unmanaged devices
- Trust types
- Sensitivity Labels: Name, GUID, encryption settings, site/group protection, priority
- Sensitivity Label Policies: Labels assigned, location scopes, advanced settings
- Retention Labels: Name, enabled status, record designation, action, duration, type
- Retention Policies: Name, enabled status, mode, type, location scopes
- Policy Rules: Detailed rules with actions (Keep/Delete/Keep & Delete), durations, label applications, content queries
- Scope information for Exchange, SharePoint, OneDrive, Microsoft 365 Groups, Teams Channels, Teams Chats
# Collect data to custom locations
Get-TenantExchangeInfo -OutputPath "D:\TenantData\Exchange.json"
Get-TenantUserInfo -OutputPath "D:\TenantData\Users.json"
# Generate report from custom locations
New-TenantReport -ExchangeJsonPath "D:\TenantData\Exchange.json" `
-UserJsonPath "D:\TenantData\Users.json" `
-OutputPath "D:\Reports\CustomReport.html"# Create scheduled task for daily collection
$action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument @"
-NoProfile -WindowStyle Hidden -Command "
Import-Module TenantInfo
Connect-TenantInfo -UseDeviceCode
Get-TenantExchangeInfo
Get-TenantUserInfo
Get-TenantOneDriveInfo
Get-TenantSharePointInfo
New-TenantReport -GeneratePDF
"
"@
$trigger = New-ScheduledTaskTrigger -Daily -At 2AM
Register-ScheduledTask -TaskName "DailyTenantReport" -Action $action -Trigger $trigger# Load and filter JSON data
$userData = Get-Content ".\Output\UserInfo.json" | ConvertFrom-Json
# Filter licensed users only
$licensedUsers = $userData.Users.Details | Where-Object { $_.HasLicense -eq $true }
# Filter large mailboxes (>5GB)
$exchangeData = Get-Content ".\Output\ExchangeInfo.json" | ConvertFrom-Json
$largeMailboxes = $exchangeData.Mailboxes.Details | Where-Object { $_.SizeGB -gt 5 }Error when running Connect-ExchangeOnline:
Methode nicht gefunden: "Microsoft.Identity.Client.PublicClientApplicationBuilder
Microsoft.Identity.Client.Broker.BrokerExtension.WithBroker..."
Root Cause: The ExchangeOnlineManagement and Microsoft.Graph modules use different versions of the Microsoft.Identity.Client assembly. When both are loaded in the same PowerShell session, they conflict.
Solution 1: Let Get-TenantInfo handle authentication (recommended)
# DON'T manually connect - just run Get-TenantInfo
# It automatically connects to Graph FIRST, then Exchange (proven workaround)
Get-TenantInfoSolution 2: Start fresh if you encounter the error
# 1. Close ALL PowerShell windows
# 2. Open a fresh PowerShell session
# 3. Import TenantInfo and run
Import-Module .\TenantInfo.psd1 -Force
Get-TenantInfoSolution 3: Connect in the correct order (manual workaround) If you must manually connect, use this proven workaround:
# In a FRESH PowerShell session:
# 1. Connect to Microsoft Graph FIRST
Connect-MgGraph -Scopes "User.Read.All","Directory.Read.All"
# 2. THEN connect to Exchange Online
Connect-ExchangeOnline
# 3. Then run Get-TenantInfo (it will detect existing connections)
Get-TenantInfoWhy this works: Connecting to Graph first allows its assemblies to load, and Exchange adapts to the loaded version. This is the reverse of the problem scenario and is a documented workaround. Get-TenantInfo automatically uses this connection order.
To avoid module installation conflicts, install required modules manually in a fresh PowerShell session:
# 1. Close ALL PowerShell windows and open a fresh session
# 2. Install modules one at a time
Install-Module Microsoft.Graph -Force -AllowClobber
Install-Module ExchangeOnlineManagement -Force -AllowClobber
Install-Module Microsoft.Online.SharePoint.PowerShell -Force -AllowClobber
# 3. Import TenantInfo and collect data
cd "c:\Git\TenantInfo"
Import-Module .\TenantInfo.psd1 -Force
Get-TenantInfoAlternative: Collect specific data without Exchange module:
# Skip Exchange data collection to avoid module conflicts
Get-TenantInfo -CollectUsers -CollectOneDrive -CollectSharePoint -CollectComplianceError during automatic module installation:
Installing ExchangeOnlineManagement module...
WARNING: The version 'X.X.X.X' of module 'PackageManagement' is currently in use...
Error Acquiring Token: System.NullReferenceException...
Root Cause: The TenantInfo module tries to auto-install missing modules, but this can cause PackageManagement conflicts during the installation process.
Solution: Pre-install modules manually before running TenantInfo:
- Close all PowerShell windows (important!)
- Open a fresh PowerShell session
- Install modules individually:
Install-Module Microsoft.Graph -Force Install-Module ExchangeOnlineManagement -Force
- Then use TenantInfo normally:
Import-Module .\TenantInfo.psd1 -Force Get-TenantInfo
Why this works: When modules are pre-installed, TenantInfo skips the automatic installation process that causes the PackageManagement conflicts.
JSON Conversion Issues (PowerShell 7) If you encounter "Cannot convert the JSON string because it contains keys with different casing" errors:
- The module automatically handles this issue in version 0.0.4+
- For older versions, restart PowerShell or update to the latest version
PowerShell 5.1 vs 7+ Differences
- PowerShell 5.1: Uses basic JSON conversion
- PowerShell 7+: Has stricter case sensitivity, handled automatically by the module
If you encounter errors like "Method not found: Microsoft.Identity.Client.PublicClientApplication.CreateWithApplicationOptions":
# Solution 1: Run in a fresh PowerShell session
# Close all PowerShell windows and open a new one, then:
Import-Module .\TenantInfo.psd1 -Force
Get-TenantInfo
# Solution 2: Manually install/update required modules in correct order
Install-Module Microsoft.Graph -Force -AllowClobber
Install-Module ExchangeOnlineManagement -Force -AllowClobber
Install-Module Microsoft.Online.SharePoint.PowerShell -Force -AllowClobber
# Solution 3: Use individual collection functions
Get-TenantUserInfo # Uses only Microsoft Graph
Get-TenantOneDriveInfo # Uses only Microsoft Graph
Get-TenantSharePointInfo # Uses Microsoft Graph + optional SPO/Exchange for labels
New-TenantReport # Generate report from collected dataIf you encounter "type was not found" errors related to Microsoft Graph:
# Clear module conflicts
Get-Module Microsoft.Graph* | Remove-Module -Force
Import-Module Microsoft.Graph.Authentication
Import-Module .\TenantInfo.psd1 -Force# Check Microsoft Graph connection
Get-MgContext
# Reconnect if needed
Disconnect-MgGraph
Connect-TenantInfo
# Check Exchange connection
Get-ConnectionInformation# Verify all required modules are installed
Get-Module -ListAvailable Microsoft.Graph*, ExchangeOnlineManagement, Microsoft.Online.SharePoint.PowerShell
# Check output directory
Test-Path .\Output
Get-ChildItem .\Output -Filter *.jsonIf PDF generation fails:
- Ensure Microsoft Edge is installed
- Check Edge installation paths:
C:\Program Files\Microsoft\Edge\Application\msedge.exeC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
- Manually print HTML file: Open HTML → Press Ctrl+P → Save as PDF
# Ensure connected to Security & Compliance Center
Connect-IPPSSession
# Verify connection
Get-Label -ErrorAction SilentlyContinue
# Collect compliance data
Get-TenantComplianceInfo
# Regenerate report
New-TenantReport- Initial release
- Exchange Online information collection
- User, license, and group management
- OneDrive and SharePoint usage statistics
- Sensitivity and retention labels and policies
- Interactive HTML reports with PDF generation
- DNS security records (SPF, DKIM, DMARC)
- Intelligent PDF file checking
- FLOW_FREE license filtering
- PowerShell: 5.1 or later (fully compatible with both Windows PowerShell 5.1 and PowerShell 7+)
- Modules:
- Microsoft.Graph (latest)
- ExchangeOnlineManagement (latest)
- Microsoft.Online.SharePoint.PowerShell (latest)
- Permissions:
- Global Reader or equivalent read permissions
- Security & Compliance Center access for compliance data
- Browser: Microsoft Edge (for PDF generation)
Copyright (c) 2025. All rights reserved.
For issues, questions, or contributions, please contact the module author.
Built with ❤️ using PowerShell and Microsoft Graph API.
## Testing
Run the Pester tests:
```powershell
Invoke-Pester -Path .\Tests\TenantInfo.Tests.ps1
- PowerShell 5.1 or later
- Compatible with both Windows PowerShell and PowerShell Core
Contributions are welcome! Please feel free to submit a Pull Request.
Copyright (c) 2025. All rights reserved.
- The module uses Microsoft Graph PowerShell SDK for authentication and data collection
- PDF generation requires Microsoft Edge or Google Chrome browser
- Some features require specific Microsoft 365 licenses and admin permissions
- All data is collected using official Microsoft APIs and stored locally in JSON format