Document your MEM Configuration in 90 seconds

Hi there, I was recently working with a customer who asked ‘How do we document our MEM configuration’. Well it got me thinking I can use the traditional way of browsing through all the policies, applications and Intune settings and writing these into my own document or I could automate it. My initial instinct was to step into the Graph explorer and write my own PowerShell commands and join all these together. BUT Why would I do that when there are plenty of great tools and documents out there already established. So I turned to Workplace Ninga’s and Thomas Kurth. A big thanks to Thomas who has taken all his hard work and wrapped the configuration into his own PowerShell Module. This is the power of the community. 
After finding his script I set to testing this out and see how long it would take to setup and get results. So follow along the steps below where I complete this in just 90 seconds. Yes you heard that right. Documenting platform configurations can take time and as we build up our various policies keeping a track of all these is becoming more and more important.

When you get the time check out the Workplace Ninja’s blog site at for yourself.Lets get started…

To start run PowerShell ISE on your own Windows device making sure you can run as an administrator on the machine. Once this is open first install the Microsoft Graph.Intune

 and PSWord 

Module. These allow you access your own data within your own Azure tenant and install the Word module used to write all the output into.  

When prompted regarding the execution policy click ‘Yes to all‘ and proceed.

The remaining 3 commands will: 
– Install the Thomas Kurth IntuneDocumentation module
– Set the permissions on your device to ensure the script will run
– Invokes the script to connect to your tenant and pull out all the system configuration settings. 
– Import all policies and settings into a word document c:\temp\intunedoc2.docx (You can change the name of the document and save to a location you have the write permissions to.
Again when promted to install the module click ‘Yes to all’ to continue. You will then be prompted to sign-in to your tenant using your tenant admin account. This will allow the IntuneDocumentaion module to access MS Graph and pull out all necessary data. 


The final stage is to import all collected data into a Workplace Ninga Word formatted document which you can easily amend for your own processes after. The collection of the data can take up to 60 seconds export and then write the word document and you are all done. Please note as shown in the picture above it will warn you if you have already created a previous export and saved to the same document name.


​In the original version the script it performed a collection of all configuration settings for:

  • Configuration Policies
  • Compliance Policies
  • Device Enrollment Restrictions
  • Terms and Conditions
  • Applications (Only Assigned)

And Thomas then extended and improved his module to include details for:

  • Application Protection Policies
  • AutoPilot Configuration
  • Enrollment Page Configuration
  • Apple Push Certificate
  • Apple VPP
  • Device Categories
  • Exchange Connector

​Give this a go for yourself. The real value in this for me is that you can very quickly see all the specific policies details you’ve created as well as the individual settings set within these. 

Thanks for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.