Release v1.1.0 - Access Package Documentor

We're excited to announce M365IdentityPosture v1.1.0, featuring a major new reporting capability for Entitlement Management along with significant enhancements to the module framework.

🆕 Major New Feature: Access Package Documentor

The headline feature of this release is the Access Package Documentor - an interactive graph-based visualization and documentation tool for Microsoft Entra Entitlement Management, developed in collaboration with Christian Frohn (@ChrFrohn).

Key Capabilities

📊 Interactive Graph Visualization

• Cytoscape.js Integration: Advanced graph visualization of access packages, catalogs, policies, and resources
• Dynamic Interaction: Zoom, pan, and drag-to-explore with intuitive navigation controls
• Smart Filtering: Filter by catalog, access package, policy, or resource type
• Full-Text Search: Search across all node labels for quick discovery
• Detail Panels: Click any node to view comprehensive details in a collapsible side panel
• Layout Optimization: Automatic graph layout optimization for different data sizes

📋 Comprehensive Documentation

• Access Package Structure: Complete inventory of packages, catalogs, and assignment policies
• Resource Assignments: Maps resource role scopes (groups, applications, SharePoint sites, Teams)
• Approval Workflows: Visualizes multi-stage approval chains with approvers and escalation settings
• Policy Configurations: Captures expiration settings, access reviews, requestor questions, and reviews
• Custom Extensions: Displays integrated custom extension configurations
• Verified ID Integration: Shows Verified ID requirements when configured

💾 Multi-Format Export

• PNG/JPEG: High-resolution graph screenshots for presentations and documentation
• Markdown: Hierarchical documentation with complete details for knowledge bases
• JSON: Structured data export for integration with external tools

Usage Example:

# Document all access packages with interactive graph
Invoke-AccessPackageDocumentor -OutputPath "C:\Reports\AccessPackages"

# Load in light mode
Invoke-AccessPackageDocumentor -Theme Light

# Use custom app registration for authentication
Invoke-AccessPackageDocumentor -TenantID 11111111-2222-3333-4444-555555555555 -ClientID 11111111-2222-3333-4444-555555555555

---

✨ Enhancements

Dual Reporting Framework

• Module now supports two comprehensive reports: Authentication Context Inventory (v1.0) and Access Package Documentor (v1.1)
• Modular report architecture enables independent operation and future expansion
• Shared infrastructure for HTML generation, theming, and data visualization

Improved User Experience

• Runtime Theme Switching: Both reports support instant theme toggle between Classic/Light and Dark modes
• Responsive Layout: Collapsible detail panels and optimized layouts for different screen sizes
• Better Accessibility: Enhanced color schemes and contrast ratios across themes

Version Management

• Automatic Update Notifications: Module now checks PSGallery on import and notifies users of available updates
• New Test-ModuleVersion function for version checking
• Helps users stay current with latest features and fixes

Cross-Service Integration

• Enhanced data correlation between Entitlement Management and other identity services
• Better cross-service context handling and error recovery
• Improved Graph API batch processing for large datasets

---

🔧 Technical Improvements

Performance & Scalability

• Optimized Memory Usage: Enhanced handling of large tenant environments with hundreds of access packages
• Efficient Graph Operations: Improved batching and pagination for Graph API calls
• Better Error Handling: More resilient error handling for Graph API operations with detailed logging

Architecture

• Modular Design: Clean separation between report types enables easier maintenance and testing
• Reusable Components: Shared graph visualization components for future report types
• Enhanced Export System: Unified export functionality supporting multiple formats (PNG, JPEG, Markdown, JSON)

Code Quality

• Improved function organization and naming consistency
• Enhanced logging and progress reporting for debugging
• Better TypeScript/JavaScript integration for Cytoscape.js components

---

🙏 Acknowledgments

Special thanks to Christian Frohn (@ChrFrohn) for the collaborative development of the Access Package Documentor feature. This partnership brought valuable expertise and insights that significantly enhanced this release.

---

📦 Installation

From PowerShell Gallery

Install-Module -Name M365IdentityPosture -Scope CurrentUser
Import-Module M365IdentityPosture

Update from Previous Version

Update-Module -Name M365IdentityPosture

---

📋 Requirements

Access Package Documentor

Microsoft Graph API Permissions:

• EntitlementManagement.Read.All
• Directory.Read.All (for resolving directory objects)

Module Dependencies (auto-loaded):

• Microsoft.Graph.Authentication
• Microsoft.Graph.Identity.Governance

---

🔗 Related Documentation

• Complete README
• CHANGELOG
• Authentication Context Inventory Documentation
• Access Package Documentor Documentation

---

🐛 Bug Reports & Feature Requests

Found an issue or have a suggestion? Please open an issue on GitHub.

---

🚀 What's Next?

Check out our Roadmap for upcoming features including:

• Enhanced Access Package analytics
• Role Assignment auditing capabilities
• Conditional Access gap analysis
• Identity Protection insights dashboard

---

Full Changelog: v1.0.0...v1.1.0

M365IdentityPosture v1.0.0 - Initial Release

I'm excited to announce the first release of M365IdentityPosture, a comprehensive PowerShell module for security posture assessment and identity governance reporting across Microsoft 365 and Azure environments!

🎯 Mission Statement

M365IdentityPosture is designed to help security administrators, compliance teams, and identity architects gain deep visibility into their Microsoft 365 security configurations. Starting with Authentication Context inventory, this extensible framework will grow to encompass comprehensive identity and security analytics across your entire Microsoft cloud estate.

✨ What's in v1.0.0

🔍 Authentication Context Inventory Report

This initial release delivers a complete Authentication Context assessment tool that provides:

Comprehensive Service Coverage

• 📋 Purview Sensitivity Labels - Discovers labels with embedded Authentication Context requirements and tracks their application across your environment
• 🔒 Conditional Access Policies - Maps all policies referencing Authentication Contexts, including target users, groups, and applications
• 👥 Privileged Identity Management - Analyzes PIM policies across:
  • Directory role management policies
  • Group-based PIM policies with role assignments
  • Azure resource PIM policies (optional)
• 📁 SharePoint Online - Identifies sites with direct Authentication Context assignments or inherited through sensitivity labels
• 👥 Microsoft 365 Groups & Teams - Tracks context enforcement through sensitivity labels
• 🛡️ Protected Actions - Maps RBAC resource actions requiring authentication contexts

Rich Reporting Capabilities

• Interactive HTML Dashboard with executive summary metrics
• Detailed Inventory Tables with comprehensive data for each service
• Cross-Reference Analysis showing relationships between services
• Runtime Theme Switching between light and dark modes
• Export-Ready Data for further analysis and documentation

🚀 Getting Started

# Install from PowerShell Gallery
Install-Module -Name M365IdentityPosture -Scope CurrentUser

# Run your first report
Invoke-AuthContextInventoryReport -TenantName "yourcompany"

💡 Use Cases

This module is perfect for:

• Security Assessments - Understand your Authentication Context implementation across all services
• Compliance Reporting - Document security controls for auditors and compliance teams
• Zero Trust Journey - Assess readiness and identify gaps in your conditional access strategy
• Migration Planning - Inventory current state before implementing changes
• Operational Insights - Identify unused or misconfigured authentication contexts

🔧 Technical Highlights

• PowerShell 7+ Optimized - Cross-platform support (Windows, macOS, Linux)
• Modular Architecture - Extensible framework ready for additional report types
• Smart Module Loading - Dynamically loads only required dependencies
• Memory Efficient - Handles large tenants with thousands of objects
• Comprehensive Error Handling - Detailed logging and graceful failure recovery
• Progress Tracking - Real-time progress bars for long-running operations

📋 Requirements

• PowerShell 7.0 or higher
• Global Reader or equivalent permissions in your Microsoft 365 tenant
• Required PowerShell modules (automatically loaded as needed):
  • Microsoft.Graph SDK
  • ExchangeOnlineManagement
  • SharePoint Online PowerShell
  • Az.Accounts & Az.Resources (for Azure PIM)

🗺️ What's Next?

This is just the beginning! The roadmap includes:

• Access Package Analytics
• Role Assignment Auditing
• Conditional Access Gap Analysis
• Identity Protection Insights

🤝 Community

M365IdentityPosture is open source and we welcome contributions! Whether it's:

• 🐛 Reporting bugs
• 💡 Suggesting enhancements
• 📝 Improving documentation
• 🔧 Contributing code

Check out our Contributing Guide to get started.

📣 Feedback

We'd love to hear from you!

• ⭐ Star the repository if you find it useful
• 🐛 Report issues
• 💬 Join the discussion
• 🌐 Follow updates on Chance of Security

🙏 Acknowledgments

Special thanks to the PowerShell community and early testers who provided valuable feedback during development.

📄 License

M365IdentityPosture is released under the MIT License, making it free for both personal and commercial use.

---

Ready to assess your Microsoft 365 identity security posture? Get started now!

---

This module performs read-only operations and will not modify any configurations in your tenant. Use the insights provided to enhance your security posture through informed decision-making.