# TenantReports & TenantReports-Web A PowerShell module for generating Microsoft 365 and Azure security reports. **NOTE**: Open the images in a new tab to view them properly! - ![[Demo_Dashboard.jpeg]] - ![[Demo_IdentityAccess.jpeg]] - ![[Demo_Exchange.jpeg]] ## Why This Module? After years in the MSP space as a SysAdmin and Consultant, I noticed a growing trend: clients increasingly want periodic security and compliance reports for their Microsoft 365 tenants. What started as manual data gathering became repetitive, time-consuming work. TenantReports automates this process. Connect once, run a single command, and get a complete security posture assessment—Secure Score, Conditional Access, Intune compliance, privileged access, and more. **Why I'm sharing this:** 1. **Skill development.** I wanted to challenge myself to write something with proper error handling, readable code and consistent patterns. 2. **Community contribution.** I've pulled a lot of half-working scripts off the internet over the years. Wanted to put something back that actually works out of the box. 3. **Feedback.** I'd genuinely like to know what I'm doing wrong or could do better. # Quick Start Get your first report in under a minute—no app registration required. > **Requires PowerShell 7.** Run `$PSVersionTable.PSVersion` to check. [Download PowerShell 7](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell) > [!example] > ```powershell Install-Module TenantReports -Scope CurrentUser Import-Module TenantReports > > $Report = Invoke-TntReport -Interactive > ``` A browser window opens for sign-in. The module handles permissions, authentication, and session management automatically. This tool performs deep read operations. While it works best with high privilege (to catch everything), the code is fully open source if you want to audit what `Invoke-TntReport` is actually reading before running it. The module will try to run all the supported report sections after authentication. Explore the $Report object to see all the data! > [!info] Don't worry about errors. If a section fails due to missing permissions or disabled features, the report continues. Check `$Report.ReportMetadata.SectionStatus` to see what succeeded—most sections will work out of the box. > | Section | Reason | |---------|--------| | `RiskyUsers` | Requires `IdentityRiskyUser.Read.All` application permission | | `Defender` | Requires application-level Defender for Office 365 permissions | # Visualizing report data The report data can be visualized with the **TenantReports Web Viewer**—a static web application that transforms your report into interactive dashboards. Doing this is very easy: ## 1 - Create a JSON file of your report To get the required JSON, either run `Invoke-TntReport` with the `-OutputPath` and `-OutputFileName` parameters: ```powershell $Report = Invoke-TntReport -Interactive -OutputPath 'C:\Temp' -OutputFileName 'TenantReport.json' ``` Or just by converting the $Report data to JSON yourself: ```powershell $Report | ConvertTo-Json -Depth 20 | Out-File 'C:\Temp\TenantReport.json' ``` ## 2 - Open the TenantReports Web viewer Visit https://report.systom.dev in your browser. ## 3 - Upload your JSON file Simply drag and drop your JSON file on the page, or manually upload it. Your report will be visualized immediately: ![[Demo_Web.gif]] # More information Visit the [GitHub Repo](github.com/systommy/TenantReports) and check out the README.