v1.6.1
Fixes
- The tool now obtains missing permissions itself — no portal step. If a required Microsoft Graph scope isn't in your sign-in token (most often the admin-restricted
Policy.ReadWrite.ConditionalAccessthat Step 10 needs), the tool re-opens the consent window automatically and asks you to consent on behalf of the organization. Just accept the dialog (tick "Consent on behalf of your organization"). - Step 10 no longer fails the whole offboarding. The Conditional Access policy is optional, report-only defense-in-depth. The "Offboarded Users" group membership — the actual mechanism — is always created; if the report-only policy still can't be created, the step records a clear warning with remediation instead of a red failure, so a fully-completed offboarding is reported as successful.
Full Changelog: v1.6.0...v1.6.1