AsBuiltReport.Microsoft.Intune.json
|
{ "Report": { "Name": "Microsoft Intune As Built Report", "Version": "0.2.2", "Status": "Released", "ShowCoverPageImage": true, "ShowTableOfContents": true, "ShowHeaderFooter": true, "ShowTableCaptions": true }, "Options": { "UserPrincipalName": "admin@contoso.onmicrosoft.com", "_comment_KeepSession": "Set KeepSession to true during testing to skip the Graph disconnect. Set to false for production.", "KeepSession": false, "_comment_DebugLog": "Set DebugLog to true to write a structured debug log file alongside the report.", "DebugLog": false, "_comment_ComplianceFrameworks": "Enable/disable compliance framework assessment sections.", "ComplianceFrameworks": { "_comment": "ACSCe8: ACSC Essential Eight Maturity Levels 1-3 | CISBaseline: CIS Microsoft 365 Foundations Benchmark v3.x", "ACSCe8": true, "CISBaseline": true }, "_comment_ExcelExport": "Controls whether an Excel workbook is exported alongside the report. Set Enabled to false to skip Excel entirely. Set individual sheet keys to false to exclude specific sheets from the workbook.", "ExcelExport": { "Enabled": true, "Sheets": { "LicenseSummary": true, "CompliancePolicies": true, "ConfigProfiles": true, "SettingsCatalog": true, "AdminTemplates": true, "AppProtection": true, "AppInventory": true, "EnrollmentRestrictions": true, "AutopilotProfiles": true, "SecurityBaselines": true, "EndpointSecurity": true, "PowerShellScripts": true, "ShellScripts": true, "ProactiveRemediations": true, "DeviceInventory": true, "NonCompliantDevices": true, "StaleDevices": true, "ACSCe8Assessment": true, "CISAssessment": true, "AppConfigPolicies": true, "CloudPCProvisioning": true, "CloudPCUserSettings": true, "EmptyGroupAssignments": true, "FailedAssignments": true } }, "_comment_JsonBackup": "Export a structured JSON backup of all Intune configuration alongside the report. The backup can be used for auditing, tenant-to-tenant comparison, and partial restore via Graph API. Set Enabled to false to skip. ExcludeSystemFields strips id/timestamps to produce cleaner restore-ready JSON.", "JsonBackup": { "Enabled": true, "ExcludeSystemFields": true, "_comment_IncludeSections": "Set individual sections to false to exclude them from the backup JSON.", "IncludeSections": { "CompliancePolicies": true, "ConfigurationProfiles": true, "SettingsCatalog": true, "AdminTemplates": true, "AppProtectionPolicies": true, "EnrollmentRestrictions": true, "AutopilotProfiles": true, "SecurityBaselines": true, "EndpointSecurity": true, "Scripts": true, "AppConfigPolicies": true, "CloudPCProvisioning": true, "CloudPCUserSettings": true } }, "_comment_GraphEnvironment": "Graph API environment. Options: Global (default), USGov, USGovDoD", "GraphEnvironment": "Global", "_comment_AppOnlyAuth": "App-only authentication for unattended/scheduled runs. Leave AppId empty to use interactive delegated auth.", "AppOnlyAuth": { "_comment": "Fill AppId + either CertificateThumbprint or ClientSecret. Leave AppId empty for interactive login.", "AppId": "", "TenantId": "", "CertificateThumbprint": "", "ClientSecret": "" }, "_comment_AssignmentResolution": "Controls how assignment groups are displayed in report tables.", "AssignmentResolution": { "ResolveGroupNames": true, "_comment_ResolveGroupNames": "Resolve group IDs to display names. Adds Graph API calls per unique group.", "ShowExcludedGroups": true, "_comment_ShowExcludedGroups": "Show [EXCLUDED] groups alongside included groups in assignment columns.", "CheckEmptyGroups": true, "_comment_CheckEmptyGroups": "Fetch member counts for assignment groups. Flags empty groups (0 members) as Warning.", "ResolveScopeTagNames": true, "_comment_ResolveScopeTagNames": "Resolve scope tag IDs to display names in all policy tables." }, "_comment_LicenceOverride": "Override automatic licence detection. Set SkipLicenceCheck to true to attempt all sections regardless of detected licences (useful for dev/test tenants or when SKU detection is inaccurate). Alternatively set individual flags: ForceIntuneP1, ForceIntuneP2, ForceCloudPC.", "LicenceOverride": { "SkipLicenceCheck": false, "_comment_SkipLicenceCheck": "Set true to skip all licence gating and attempt every section.", "ForceIntuneP1": false, "_comment_ForceIntuneP1": "Force Scripts (PS/Shell) section on regardless of detected SKUs.", "ForceIntuneP2": false, "_comment_ForceIntuneP2": "Force Proactive Remediations section on regardless of detected SKUs.", "ForceCloudPC": false, "_comment_ForceCloudPC": "Force Cloud PC section on regardless of detected SKUs." } }, "InfoLevel": { "_comment": "0 = Disabled | 1 = Summary/Overview | 2 = Detailed (per-device/per-policy tables, drill-down)", "TenantOverview": 1, "DeviceCompliance": 2, "ConfigurationProfiles": 2, "AppManagement": 2, "EnrollmentRestrictions": 2, "SecurityBaselines": 2, "EndpointSecurity": 2, "Scripts": 2, "Devices": 2, "AppConfigPolicies": 2, "CloudPC": 2, "FailedAssignments": 2 }, "HealthCheck": { "_comment": "Set to true to enable colour-coded health check indicators (requires -Healthcheck flag on Invoke-AsBuiltReport).", "Intune": { "DeviceCompliance": true, "ConfigurationProfiles": true, "AppManagement": true, "EnrollmentRestrictions": true, "SecurityBaselines": true, "EndpointSecurity": true, "Devices": true, "CloudPC": true, "EmptyGroups": true, "FailedAssignments": true } } } |