Using the Microsoft 365 assessment tool,
I would like to check the usage status of SharePoint Add-ins in my tenant.
https://learn.microsoft.com/ja-jp/sharepoint/dev/sp-add-ins/retirement-payment-for-add-ins#microsoft-365-assessment-tool

I ran .\microsoft365-assessment.exe and it says "An error occurred while reporting for this Microsoft 365 assessment: The assessment was "skimmed""
"Data cannot be exported because it has not been terminated or paused" is displayed. I hope it gets resolved.

=================================================
Preparations were carried out as follows.

A. Registering your application with Microsoft Entra ID

We issued a self-certificate and registered the application with Microsoft Entra ID by referring to the public information below, "Set up an Azure AD app for app-only access."

Title: Grant access using Azure AD app-only - Set up an Azure AD app for app-only access -
Address: https://learn.microsoft.com/ja-jp/sharepoint/dev/solution-guidance/security-apponly-azuread#setting-up-an-azure-ad-app-for-app-only-access

*Access permission is granted as follows.
Microsoft Graph -> Application Permissions -> Sites.Read.All and Application.Read.All
SharePoint -> Application permissions -> Site.Read.All

B. Obtain the Microsoft 365 Assessment tool for Windows

Visit the following site and download the latest version of the Microsoft 365 Assessment tool for Windows (microsoft365-assessment.exe) to your work device.

Title: Microsoft 365 Assessment tool for Windows
Address: https://github.com/pnp/pnpassessment/releases

Steps to run the tool

1. Start the command prompt or Windows PowerShell on your work terminal and run the downloaded microsoft365-assessment.exe with the following parameters.

.\microsoft365-assessment.exe start --mode AddInsACS --authmode application --tenant .sharepoint.com --applicationid --certfile "<path to self certificate (.pfx)>" - -certpassword ""

The values ​​to enter for each parameter are as follows.
tenant: SharePoint domain of the tenant
applicationid: Client ID of the application registered in advance preparation
certfile: Path to the self-certificate (.pfx file) created in advance preparation
certpassword: Password for the self-certificate created in advance preparation

(execution example)
.\microsoft365-assessment.exe start --mode AddInsACS --authmode application--tenant contoso.sharepoint.com --applicationid 91a02c15-01b0-448e-9e78-c296b8b14cb8 --certfile "C:\acs.pfx" --certpassword "password"

2. If the tool runs successfully, the Assessment id will be output as shown below, so take note of the value.

Initializing authentication
Starting the Microsoft 365 Assessment
Microsoft 365 Assessment authentication initialized
Enumerated 94 site collections for tenant contoso.sharepoint.com
Sites to assess are defined
Sites to assess are queued up. Assessment id = f57da9d4-54d0-4e44-a383-36a0e751e1c3

3. Continue running microsoft365-assessment.exe with the following parameters:

.\microsoft365-assessment.exe report --id f57da9d4-54d0-4e44-a383-36a0e751e1c3 --mode CsvOnly --path "C:\report"

The values ​​to enter for each parameter are as follows.
id: Assessment id output when the tool is successful
path: report output folder

Hi, I have multiple questions about the assessment tool for Sharepoint Add-in.

1. We have multiple tenants and currently only one tenant (UAT tenant) has the configuration for the Azure AD application for the permission. Would it be possible to execute the tool in PowerShell on a device within the production tenant, with the understanding that it will operate against the UAT tenant environment? Will using the MSOnline module work this setup?

2. Is it strongly recommended to utilise a certificate for authentication instead of a client secret? Will client secret work?

3. How much time does it typically take for the "No running Microsoft 365 Assessment found, starting one... Starting Microsoft 365 Assessment..." process to complete? What could be the reason if the process remains stuck at that stage? I left my device running overnight in an attempt to allow it to finish, but it was still stuck on that process the following day.

Hello,

I am sorry but I am totally new to M365 Assessment and just followed the instructions. I created the Azure App and granted the permissions:

However, I am getting an error that the assessment job could not be started. I need an assessment for all add ins.

This is what I see at the logs:

[ERR] Code in PreScanningAsync failed. This can happen when the first enumerated site collection is locked
HttpResponseCode: 403
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
PnP.Core.MicrosoftGraphServiceException: Microsoft Graph service exception
at PnP.Core.Services.BatchClient.ExecuteMicrosoftGraphInteractiveAsync(Batch batch)
at PnP.Core.Services.BatchClient.ExecuteMicrosoftGraphBatchAsync(Batch batch)
at PnP.Core.Services.BatchClient.ExecuteBatch(Batch batch)
at PnP.Core.Model.BaseDataModel1.RequestAsync(ApiCall apiCall, HttpMethod method, String operationName) at PnP.Core.Model.BaseDataModel1.RawRequestAsync(ApiCall apiCall, HttpMethod method, String operationName)
at PnP.Core.Admin.Model.SharePoint.LegacyPrincipalManagement.GetValidLegacyServicePrincipalAppIdsAsync(PnPContext context, Boolean includeExpiredPrincipals)
at PnP.Core.Admin.Model.SharePoint.SiteCollectionManager.GetLegacyServicePrincipalsAsync(Boolean includeExpiredPrincipals)
at PnP.Scanning.Core.Scanners.AddInACSScanComponent.ExecutePreScanningAsync(ScannerBase scannerBase, PnPContext context, ClientContext csomContext, VanityUrlOptions vanityUrlOptions)
at PnP.Scanning.Core.Scanners.AddInACSScanner.PreScanningAsync()

[ERR] Preassessment for assessment "023c2da1-f47b-49cd-bf5d-e6754b31cf87" failed. Error: Microsoft Graph service exception
HttpResponseCode: 403
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
PnP.Core.MicrosoftGraphServiceException: Microsoft Graph service exception
at PnP.Core.Services.BatchClient.ExecuteMicrosoftGraphInteractiveAsync(Batch batch)
at PnP.Core.Services.BatchClient.ExecuteMicrosoftGraphBatchAsync(Batch batch)
at PnP.Core.Services.BatchClient.ExecuteBatch(Batch batch)
at PnP.Core.Model.BaseDataModel1.RequestAsync(ApiCall apiCall, HttpMethod method, String operationName) at PnP.Core.Model.BaseDataModel1.RawRequestAsync(ApiCall apiCall, HttpMethod method, String operationName)
at PnP.Core.Admin.Model.SharePoint.LegacyPrincipalManagement.GetValidLegacyServicePrincipalAppIdsAsync(PnPContext context, Boolean includeExpiredPrincipals)
at PnP.Core.Admin.Model.SharePoint.SiteCollectionManager.GetLegacyServicePrincipalsAsync(Boolean includeExpiredPrincipals)
at PnP.Scanning.Core.Scanners.AddInACSScanComponent.ExecutePreScanningAsync(ScannerBase scannerBase, PnPContext context, ClientContext csomContext, VanityUrlOptions vanityUrlOptions)
at PnP.Scanning.Core.Scanners.AddInACSScanner.PreScanningAsync()
at PnP.Scanning.Core.Services.ScanManager.StartScanAsync(StartRequest start, AuthenticationManager authenticationManager, List`1 siteCollectionList)

Which permissions are required or wrong?

I used the "Start a new SharePoint Add-In and Azure ACS assessment (application permissions) for a complete tenant" command.

You are using the latest version 1.7.0

Connecting Microsoft 365 Assessment on port 25010...
OK

Initializing authentication
Starting the Microsoft 365 Assessment
Microsoft 365 Assessment authentication initialized
Enumerated 8720 site collections for tenant .sharepoint.com
Sites to assess are defined
Assessment job not started due to error: Microsoft Graph service exception

Many thanks for help
Joe

PS: I added my account I use for the assessment to all Site Collections within our tenant as a SCA.

Has anyone had any issues with the assessment tool not processing beyond a certain percentage of sites? I have tried to run the assessment tool twice on my environment and both times it stopped at 70%, and never proceeded beyond that even after letting run for a couple of weeks. Are there any logs I could take a look at? Any suggestions as to how I can get it to run all the way through?

Hi,

When trying to start an AddInsACS assessment got the following error: "Assessment job not started due to error: Invalid URI: The format of the URI could not be determined.", when running list command the job shows as queued, any clues? (I'm suspecting that could have some to do with Vanity URLs, my tenant uses them but InfoPath and Workflow scans works fine).

Please assist

Thanks!

Hi, we're facing an issue when attempting to run Assessment tool in Add-Ins and ACS mode,
previously we had a similar Graph Exception issue thrown by missing permissions on delegated user, however this time the error seems to be a different cause stating Bad Request where Max Page should be equal or less than 501.

We're running version 1.6.0 on Windows 10

2024-02-07 18:02:06.890 -05:00 [INF] End processing HTTP request after 355.5699ms - 200 
2024-02-07 18:02:07.000 -05:00 [INF] Start processing HTTP request GET "https://tenant.sharepoint.com/api/Site/$select-Id%2cGroupId"
2024-02-07 18:02:07.001 -05:00 [INF] Sending HTTP request GET https://tenant.sharepoint.com/_api/Site/$select-Id%2cGroupId
2024-02-07 18:02:07.123 -05:00 [INF] Received HTTP response headers after 122.0903ms - 200
2024-02-07 18:02:07.123 -05:00 [INF] End processing HTTP request after 122.4234ms - 200
2024-02-07 18:02:07.131 -05:00 [INF] Vanity URLs passed in: my site host and tenant admin
2024-02-07 18:02:07.229 -05:00 [INF] Start processing HTTP request GET https://graph.microsoft.com/v1.0/me/memberOf?$count=true&$search=\"displayName: Company Administrator\" OR \"displayName: Global Administrator\"
2024-02-07 18:02:07.220 -05:00 [INF] Sending HTTP request GET "https://graph.microsoft.com/v1.0/me/memberOf?$count=true?$search=\"displayName: Company Administrator\" OR \"displayName: Global Administrator\"
2024-02-07 18:02:07.700 -05:00 [INF] Received HTTP response headers after 551.6501 - 200
2024-02-07 18:02:07.781 -05:00 [INF] End processing HTTP request after 551.9481ms - 200
2024-02-07 18:02:07.799 -05:00 [INF] Start processing HTTP request POST "https://graph.microsoft.com/v1.0/search/query"
2024-02-07 18:02:07.799 -05:00 [INF] Sending HTTP request POST "https://graph.microsoft.com/v1.0/search/query 
2024-02-07 18:02:10.926 -05:00 [INF] Received HTTP response headers after 3126.5674ms - 200
2024-02-07 18:02:10.926 -05:00 [INF] End processing HTTP request after 3126.8386ms - 200 
2024-02-07 18:02:10.948 -05:00 [INF] Start processing HTTP request POST "https://graph.microsoft.com/v1.0/search/query
2024-02-07 18:02:10.948 -05:00 [INF] Sending HTTP request POST "https://graph.microsoft.com/v1.0/search/query 
2024-02-07 18:02:11.126 -05:00 [INF] Received HTTP response headers after 178.0127ms - 400
2024-02-07 18:02:11.126 -05:00 [INF] End processing HTTP request after 178.3536ms - 400 
2024-02-07 18:02:11.137 -05:00 [ERR] Error starting assessment job: Microsoft Graph service exception
HttpResponseCode: 400
Code: BadRequest
Message: SearchRequest Invalid (Max page size should be <= 501.)
ClientRequestId:
target:
details: [{"code":"Microsoft.SubstrateSearch.Api.ErrorReporting.ResourceBasedExceptions.BadRequestException", "message": "Max page size should be <= 501.", "target":"","httpCode":400}]
httpCode: 400

PnP.Core.MicrosoftGraphServiceException: Microsoft Graph service exception 
    at PnP.Core.Services.BatchClient.ExecuteMicrosoftGraphInteractiveAsync(Batch batch)
    at PnP.Core.Services.BatchClient.ExecuteMicrosoftGraphBatchAsync(Batch batch)
    at PnP.Core.Services.BatchClient.ExecuteBatch(Batch batch)
    at PnP.Core.Model.BaseDataModel`1. RequestAsync(Apicall apicall, HttpMethod method, String operationName)
    at PnP.Core.Model.BaseDataModel`1. RawRequestAsync(Apicall apicall, HttpMethod method, String operationName)
    at PnP.Core.Admin.Model.SharePoint.SiteCollectionEnumerator.GetViagraphSearchApAsync(PnPContext context, VanityUrlOptions vanityUrloptions, SiteCollectionFilter filter, Int32 pagesize)
    at PnP.Core.Admin.Model.SharePoint.SiteCollectionEnumerator.GetAsync(PPContext context, VanityUrloptions vanityUrloptions, Boolean ignoreUserIsTenantAdmin, SiteCollectionFilter Filter)
    at PnP.Core.Admin.Model.SharePoint.SiteCollectionManager.GetSiteCollectionsAsync(Boolean ignoretUserIsSharePointAdmin, SiteCollectionFilter filter, VanityUrloptions vanitytUrlOptions)
    at PnP.Scanning.Core.Services.SiteEnumerationManager.EnumerateSiteCollectionsToScanAsync(StartRequest start, AuthenticationManager authentication/Manager, Action 1 feedback)
    at PnP.Scanning.Core.Services.Scanner.Start(StartRequest request, IServerStreamWriter`1 responseStream, ServerCallContext context)
2024-02-07 18:02:11.105 -05:00 [INF] Executed endpoint 'gRPC/PnP.Scanning.Core.Services.PrPScanner/Start
2024-02-07 18:02:11.166 -05:00 [INF] Request finished HTTP/2 POST http://localhost:25818/PnP.Scanning.Core.Services.PnPScanner/Start application/grpc - - 200 - application/grpc 5408.8682ms

Error:
Microsoft.Identity.Client.MsalServiceException: AADSTS90038: Tenant 'xxxxxx-258b-45b4-a519-xxxxx' request is being redirected to the National Cloud 'MicrosoftOnline.COM'.

Please help with correct steps to run ACS assessment in GCC tenant.

Thanks

Hi,

After announcement about deprecating SP2013 Workflows - I wanted to use Assessment tool to run it in Workflow mode.

I receive following error:
Assessment job not started due to error: Microsoft Graph service exception

I tried to use either Interactive or Device --authmode
I am loging in with account which has SharePoint Admin role (so should have Full Control rights to all SP Site Collections)
In our tenant we have configured "PnP Management Shell" application - with Global Admin consent (see below needed permissions)

How I can investigate more details about potential problem, or maybe you can already know what problem I might have?
Any tips / hints would be really appreciated.
Thanks in advance

I'm trying to run the InfoPath assessment and it doesn't seem to import the environment settings defined in the appsettings.json file which is located in the same folder as the exe file or there is an issue when we try using the cert method, but I am unsure that that issue would be.

The Azure app is setup and granted the following permissions:

The appsettings.json file contains the following:

{
  "PnPCore": {
    "Environment": "USGovernmentHigh"
  },
  "CustomSettings": {
    "Environment": "USGovernmentHigh"
  }
}

When I try to run the start command it errors expecting a tenant domain or GUID whether I pass one or not:

When I pull the config it does not reflect the environment settings as I would expect and instead only shows the default port:

Now, I know it is reading the config file because when I intentionally malformed the json file, it crashed:

I know the Azure app is working as I was able to get results via the interactive and sitelist commands:

I can't start a Microsoft 365 Assessment, because of this error:

Assessment job not started due to error: Certificate could not be loaded using this path information
My|CurrentUser|<snipped thumbprint>

I'm using 1.4.0 of the microsoft365-assessment.exe tool in Windows 10.

I generated the Azure AD app and certificate using the Register-PnPAzureADApp command from https://pnp.github.io/pnpassessment/using-the-assessment-tool/setupauth.html. The app and certificate were generated without error, and I have checked that the app exists in AAD, and there's a certificate attached with a thumbprint that matches the one in certmgr (in Personal > Certificates).

Is this a bug in microsoft365-assessment.exe tool, or some kind of problem on my local machine?

Preview Image option is not working for few documents in pnp search result filter.

Can you explain what is missing? Thanks!

PS C:\Scripts\microsoft365-assessment> .\microsoft365-assessment.exe start --mode AddInsACS --authmode application --tenant "tenant.sharepoint.com" --applicationid sdfasdf999-deffe-4xxxxxyyyy-adsfasd99877 --certfile "C:\scripts\PnPCertificate\mypfxfile.pfx" --certpassword "7888yk@1234" --sitesfile "C:\Scripts\microsoft365-assessment\sites.txt"

Initializing authentication
Starting the Microsoft 365 Assessment
Microsoft 365 Assessment authentication initialized
Loaded 1334 site collections from the passed file C:\Scripts\microsoft365-assessment\sites.txt
Sites to assess are defined
Assessment job not started due to error: Microsoft Graph service exception

My customer receives the below error when trying to execute the assessment. He did create the Azure App and ran it using both "Interactive" and "Application"

Here is what I get when trying to analyze my workflows:
Connecting Microsoft 365 Assessment on port 25010...
No running Microsoft 365 Assessment found, starting one...
Unhandled exception: System.Exception: Microsoft 365 Assessment tool did not start timely
at PnP.Scanning.Process.Services.ScannerManager.WaitForScannerToBeUpAsync()
at PnP.Scanning.Process.Services.ScannerManager.LaunchScannerAsync()
at PnP.Scanning.Process.Services.ScannerManager.GetScannerClientAsync()
at PnP.Scanning.Process.Commands.StartCommandHandler.<>c__DisplayClass19_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Spectre.Console.Status.<>c__DisplayClass16_0.<b__0>d.MoveNext() in //src/Spectre.Console/Live/Status/Status.cs:line 79
--- End of stack trace from previous location ---
at Spectre.Console.Status.<>c__DisplayClass17_01.<<StartAsync>b__0>d.MoveNext() in /_/src/Spectre.Console/Live/Status/Status.cs:line 120 --- End of stack trace from previous location --- at Spectre.Console.Progress.<>c__DisplayClass28_01.<b__0>d.MoveNext() in //src/Spectre.Console/Live/Progress/Progress.cs:line 133
--- End of stack trace from previous location ---
at Spectre.Console.Internal.DefaultExclusivityMode.RunAsync[T](Func1 func) in /_/src/Spectre.Console/Internal/DefaultExclusivityMode.cs:line 40 at Spectre.Console.Progress.StartAsync[T](Func2 action) in //src/Spectre.Console/Live/Progress/Progress.cs:line 116
at Spectre.Console.Status.StartAsync[T](String status, Func2 func) in /_/src/Spectre.Console/Live/Status/Status.cs:line 117 at Spectre.Console.Status.StartAsync(String status, Func2 action) in //src/Spectre.Console/Live/Status/Status.cs:line 77
at PnP.Scanning.Process.Commands.StartCommandHandler.HandleStartAsync(StartOptions arguments)
at PnP.Scanning.Process.Commands.StartCommandHandler.b__18_0(StartOptions arguments)
at System.CommandLine.Invocation.AnonymousCommandHandler.InvokeAsync(InvocationContext context)
at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass15_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass26_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass24_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b__23_0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass21_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b__8_0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b__7_0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass11_0.<b__0>d.MoveNext()

The log file shows this.
2023-04-19 12:23:55.787 -05:00 [INF] Starting Microsoft 365 Assessment on port 25010
2023-04-19 12:23:56.171 -05:00 [INF] Started Microsoft 365 Assessment on port 25010
2023-04-19 12:23:56.241 -05:00 [INF] User profile is available. Using 'C:\Users<username>\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
2023-04-19 12:23:56.602 -05:00 [INF] Now listening on: http://localhost:25010
2023-04-19 12:23:56.608 -05:00 [INF] Application started. Press Ctrl+C to shut down.
2023-04-19 12:23:56.609 -05:00 [INF] Hosting environment: Production
2023-04-19 12:23:56.609 -05:00 [INF] Content root path: C:\microsoft365assessment

Any ideas?

See below:

I'm getting an Unhandled exception: when running the following command
microsoft365-assessment.exe start --mode workflow --authmode application --tenant tenantname.onmicrosoft.com --applicationid e17495d9-xxxx-xxxx-xxxxx-9c9e10af2314 --certpath "My|CurrentUser|05f1153e551e3ae9b2adxxxxxxxx93130f3e81af"

I followed the steps in the authentication page setting up an app with the correct API permissions and created a self cert that I added to the apps certificates as well as adding to my local user
https://pnp.github.io/pnpassessment/using-the-assessment-tool/setupauth.html

I have tried with both v1.9 & 1.8 of the tool

If a CR and/or LF is used inside a field it's not correctly exported resulting into issues loading the report via Power BI Desktop.

Hi,

Any idea for this issue? we've configured the required steps to run the tools

1. Download the tool
2. Configure authentication
3. Run an assessment
   

But we've got error saying SharePoint Rest service exception

Could you please help me for this error or if I missed anything?

Thanks,

When nothing was running then stop shouldn't spawn a new server process

My SOC just quarantined me after attempting to download the latest release that the file matched the bolonykte trojan…. No clue if it is a false positive or if the file has been compromised.

We are trying to run an assessment
microsoft365-assessment.exe start --mode AddInsACS --authmode application ...
with application API permissions set according the required ones documented here: https://pnp.github.io/pnpassessment/addinsacs/requirements.html

Here application permissions in Azure AD

Yet getting Insufficient priviliges errors in job logfile.

2024-03-28 12:10:03.082 +00:00 [ERR] Code in PreScanningAsync failed. This can happen when the first enumerated site collection is locked
HttpResponseCode: 403
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.

Hi,

I've registered an azure app to use for running the process but I'm getting the error below.
"Assessment job not started due to error:"

I made sure all relevant permissions are granted in azure following that guide.
https://pnp.github.io/pnpassessment/using-the-assessment-tool/setupauth.html

Is there anything I'm missing?

Thank you.

Microsoft 365 Assessment Tool Errors attempting to run SharePoint Add/In assessment. Errors received are attached. I am using the following syntax and woud like to run this on one site initially not the entire tenant.

start --mode AddInsACS --authmode application
--tenant company.sharepoint.com --applicationid xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
--siteslist "https://company.sharepoint.com/sites/allcompany38"

Wasn't able to make this work in DoD. Have you been able to make it work? Also...will it work for GCC as well?

Receiving the error as attached below

Unhandled exception: System.Net.Http.HttpRequestException: The requested name is valid, but no data of the requested type was found. (m365x27828082.onmicrosoft.com:443)
---> System.Net.Sockets.SocketException (11004): The requested name is valid, but no data of the requested type was found.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError , CancellationToken )
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 )
at System.Net.Sockets.Socket.g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs , ValueTask , CancellationToken )
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String , Int32 , HttpRequestMessage , Boolean , CancellationToken )
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String , Int32 , HttpRequestMessage , Boolean , CancellationToken )
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage , Boolean , CancellationToken )
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage , Boolean , CancellationToken )
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage )
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken )
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage , Boolean , CancellationToken )
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage , Boolean , Boolean , CancellationToken )
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage , Boolean , CancellationToken )
at System.Net.Http.HttpClient.g__Core|83_0(HttpRequestMessage , HttpCompletionOption , CancellationTokenSource , Boolean , CancellationTokenSource , CancellationToken )
at PnP.Scanning.Core.Authentication.AuthenticationManager.GetAzureADTenantIdAsync(String tenant)
at PnP.Scanning.Process.Commands.StartCommandHandler.HandleStartAsync(StartOptions arguments)
at PnP.Scanning.Process.Commands.StartCommandHandler.b__19_0(StartOptions arguments)
at System.CommandLine.Invocation.AnonymousCommandHandler.InvokeAsync(InvocationContext )
at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass17_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<b__0>d.MoveNext()--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass19_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b__18_0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b__5_0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass8_0.<b__0>d.MoveNext()

It's very common for workflows to be a integral part of business operations but not run within 30 days. It would be more helpful if we could go back and see how many instances ran in a calendar year.

Running version 1.6.0, on Windows 10, 22H2, build 19045.3693.
App set up & configured in Entra (Azure).
Self-signed cert generated per docs and uploaded to registered app.
Verified in Resource Monitor that no other app was using port 25010.
Made sure that there were no "rogue" instances of application running.

Odd thing is, the log shows everything is OK.

2023-12-07 10:12:43.332 -05:00 [INF] Starting Microsoft 365 Assessment on port 25010
2023-12-07 10:12:43.576 -05:00 [INF] Started Microsoft 365 Assessment on port 25010
2023-12-07 10:12:43.638 -05:00 [INF] User profile is available. Using 'C:\Users\xxxxxx\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
2023-12-07 10:12:43.970 -05:00 [INF] Now listening on: http://localhost:25010
2023-12-07 10:12:43.975 -05:00 [INF] Application started. Press Ctrl+C to shut down.
2023-12-07 10:12:43.976 -05:00 [INF] Hosting environment: Production
2023-12-07 10:12:43.977 -05:00 [INF] Content root path: C:\Users\xxxxxx\Downloads\microsoft365assessment

Execute a command (<enter> to quit):
config

┌──────────┬───────┬─────────┬───────────────────────┐
│ Setting  │ Value │ Default │ appsettings.json path │
├──────────┼───────┼─────────┼───────────────────────┤
│ Port     │ 25010 │ 25010   │ CustomSettings:Port   │
└──────────┴───────┴─────────┴───────────────────────┘

Execute a command (<enter> to quit):

Complete error output:

Execute a command (<enter> to quit):
status

Connecting Microsoft 365 Assessment on port 25010...
No running Microsoft 365 Assessment found, starting one...
Unhandled exception: System.Exception: Microsoft 365 Assessment tool did not start timely
   at PnP.Scanning.Process.Services.ScannerManager.WaitForScannerToBeUpAsync()
   at PnP.Scanning.Process.Services.ScannerManager.LaunchScannerAsync()
   at PnP.Scanning.Process.Services.ScannerManager.GetScannerClientAsync()
   at PnP.Scanning.Process.Commands.StatusCommandHandler.HandleStatusAsync()
   at PnP.Scanning.Process.Commands.StatusCommandHandler.<Create>b__2_0()
   at System.CommandLine.Invocation.AnonymousCommandHandler.InvokeAsync(InvocationContext )
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass17_0.<<UseParseErrorReporting>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseVersionOption>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass19_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__18_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseParseDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__5_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass8_0.<<UseExceptionHandler>b__0>d.MoveNext()

Execute a command (<enter> to quit):

I am getting the following error:

"Assessment job not started due to error: Microsoft Graph service exception"
I am connecting in applicaton mode, with a certificate and password. The same issue comes when using interactive login.

Full output:

You are using the latest version 1.6.2

Connecting Microsoft 365 Assessment on port 25010...
OK

Initializing authentication
Starting the Microsoft 365 Assessment
Microsoft 365 Assessment authentication initialized
Enumerate30381 site collections for tenant kpnbv.sharepoint.com
Sites to assess are defined
Assessment job not started due to error: Microsoft Graph service exception

as example this shall be (19 not 18)
= Csv.Document(File.Contents("C:\assessmentout\syntexcontenttypeoverview.csv"),[Delimiter=",", Columns=19, Encoding=1252, QuoteStyle=QuoteStyle.None])

and the following shall be 12 not 11 cause you are missing one column
= Csv.Document(File.Contents("C:\assessmentout\syntexcontentfields.csv"),[Delimiter=",", Columns=12, Encoding=1252, QuoteStyle=QuoteStyle.None])

Trying to assess SharePoint online and I get this error message.

I’ve tried adding appsettings.json as stated in manual added my vanity URL, but still same error.
Tried to look for vanity switch but there is none.

Can anyone help me with this? I would really appreciate it.

Kind regards,

I am getting the same message each time I attempt to run the assessment tool for the Azure ACS addin. I do not know ow to solve the problem.

start --mode AddInsACS --tenant mycompany.sharepoint.com --applicationid abcdef-1234-5678-91ef-abcdefhigf8634

Assessment job not started due to error: Microsoft Graph service exception

AddInsACS' scan mode is not available in version 1.6.0. Does that command not be incorporated, or is there something I need to include?

C:...\00microsoft365assessment>microsoft365-assessment.exe start --mode AddInsACS --tenant zzz.sharepoint.com --sitesfile "C:...\00microsoft365assessment\sites.txt" --authmode Application --applicationid <> --certpath "My|CurrentUser|<>"

You are using the latest version 1.6.0

Cannot parse argument 'AddInsACS' for option '--mode' as expected type 'PnP.Scanning.Core.Services.Mode'. Did you mean one of the following?
Classic
InfoPath
Syntex
Workflow

Description:
Starts a new Microsoft 365 Assessment

Usage:
microsoft365-assessment start [options]

Options:
--mode <Classic|InfoPath|Syntex|Workflow> (REQUIRED) Assessment mode [default: Syntex]
--tenant (REQUIRED) Name of the tenant that will be assessed (e.g.
contoso.sharepoint.com)
--siteslist List with site collections to assess
--sitesfile File containing a list of site collections to assess
--authmode <Application|Device|Interactive> (REQUIRED) Authentication mode used for the Microsoft 365 Assessment
[default: Interactive]

Azure ACS principals created in Entra ID and granted permissions on SharePoint Admin Center at https://-admin.sharepoint.com/_layouts/15/appinv.aspx with "http://sharepoint/content/tenant" permission seems to be missing from the report.
Using version 1.8.0 with application permissions.

Steps I followed to test this:

1. Create a new App Registration in Entra ID
2. Create a secret
3. https://-admin.sharepoint.com/_layouts/15/appinv.aspx and authorize the app registration using

<AppPermissionRequests AllowAppOnlyPolicy="true" >
  <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

4. Connect with PnP PowerShell using the app id and app secret
5. Verify that the permissions are in place using a test command like Get-PnPWeb . If this step fails with 401, verify that get-PnPTenant | select DisableCustomAppAuthentication is set to false
6. Run --mode AddInsACS with a different app registration that has Application.Read.All permissions
   
7. Verify in the Power BI report that that particular app registration is not found

I did the same with a different app registration with "http://sharepoint/content/sitecollection" permission on a single site and that app registration was included in the report.

I ran these steps in a dev tenant so let me know if you need any more information.

Hi, I had a 'Syntex' assessment running, and started an 'AddInsACS' assessment while the previous 'Syntex' one was running. The 'AddInsACS' assessment was added to the list, with a status of "Queued".

The 'Syntex' assessment was later terminated, however the 'AddInsACS' has still been sitting as "Queued" for ages now, with no progress.

I then went to a completely different machine, and tried running the same 'AddInsACS' assessment there (using --certfile etc after exporting and copying the pfx). The assessment on this machine is also sitting on "Queued" with no progress.

Is there any way to either delete these assessments completely, or force them to start running?

On the first machine - it is now 16:46

On the second machine

Any help would be appreciated.

See

Please see attached. I have ran the tool but it hangs on the final site in the batch and will not complete. Any ideas what could cause this? I allowed this to run overnight the first time that it happened before stopping this tool. The image attached is my 2nd attempt.

microsoft assessment tool job after scan fails to start job due to missing SQL Lite DLL
You are using the latest version 1.7.0

Can you instruct how to get the missing DLL or troubleshoot?

Part of logfile below:
2024-03-21 23:00:42.171 +01:00 [INF] Assessment scope defined: 21838 site collections will be assessed
2024-03-21 23:00:42.177 +01:00 [INF] Starting the assessment job
2024-03-21 23:00:42.177 +01:00 [INF] Assessment id is "43317fc9-ae70-405f-9832-3ba7238eef02"
2024-03-21 23:00:42.876 +01:00 [ERR] Error starting assessment job: The type initializer for 'Microsoft.Data.Sqlite.SqliteConnection' threw an exception.
System.TypeInitializationException: The type initializer for 'Microsoft.Data.Sqlite.SqliteConnection' threw an exception.
---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation.
---> System.DllNotFoundException: Dll was not found.
at SQLitePCL.SQLite3Provider_e_sqlite3.NativeMethods.sqlite3_libversion_number()
at SQLitePCL.SQLite3Provider_e_sqlite3.SQLitePCL.ISQLite3Provider.sqlite3_libversion_number()
at SQLitePCL.raw.SetProvider(ISQLite3Provider imp)
at SQLitePCL.Batteries_V2.Init()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Span1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters) at Microsoft.Data.Sqlite.Utilities.BundleInitializer.Initialize() at Microsoft.Data.Sqlite.SqliteConnection..cctor() --- End of inner exception stack trace --- at Microsoft.Data.Sqlite.SqliteConnection..ctor(String connectionString) at Microsoft.EntityFrameworkCore.Sqlite.Storage.Internal.SqliteRelationalConnection.CreateDbConnection() at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.get_DbConnection() at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.Open(Boolean errorsExpected) at Microsoft.EntityFrameworkCore.Sqlite.Storage.Internal.SqliteDatabaseCreator.Exists() at Microsoft.EntityFrameworkCore.Storage.RelationalDatabaseCreator.ExistsAsync(CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Migrations.HistoryRepository.ExistsAsync(CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Migrations.Internal.Migrator.MigrateAsync(String targetMigration, CancellationToken cancellationToken) at PnP.Scanning.Core.Storage.StorageManager.LaunchNewScanAsync(Guid scanId, StartRequest start, List1 siteCollectionList)
at PnP.Scanning.Core.Services.ScanManager.StartScanAsync(StartRequest start, AuthenticationManager authenticationManager, List1 siteCollectionList) at PnP.Scanning.Core.Services.Scanner.Start(StartRequest request, IServerStreamWriter1 responseStream, ServerCallContext context)

Hi,
I have successfully run the assessment tool and able to get the report fine on all sites but one. I see the reason for failure as below:
could you please advise what might be the reason.

'Setting Web table to status Failed for assessment'

Can I run the assessment on this single site again using the --authmode as application? or do we have to use the interactive --authmode only.
Thanks in advance.
Mak.

The workflow reports table needs a column that links directly to the Workflow Settings for the list or site to which the workflow is associated.​

Without that, this table isn’t as actionable as it could be. For example, if a customer wants to remove a workflow definition from a list, they browse to the site, then the list, then List Settings, then Workflow Settings. But the cx should be able to get there with a single click since the Workflow Settings URL is parameterized by List ID, e.g. https://loremipsum.sharepoint.com/sites/wflab/_layouts/15/WrkSetng.aspx?List={51BD53C1-6D7D-44D7-9A97-5D7D04FD0DDC}. This link can be calculated and added as a column to the table.

We tried to run "SharePoint Add-In and Azure ACS Assessment" tool against one site collection where we know we have created ClientIDs/Secret. The reports are coming blank. Appreciate taking time to look into it.