PS C:\Blog\rksolutions> cd ..

InforcerCommunity: A PowerShell Module for the Inforcer REST API

· updated April 16, 2026 · 10 min read · Roy Klooster
Conditional Access Exchange Online Entra ID Graph API Intune Reports Tools

If you use Inforcer to manage Microsoft 365 baselines, alignment scores, and policies across tenants, you already know the value of a single pane of glass for compliance and policy drift. But automation and scripting often mean wrestling with REST APIs, building your own auth and error handling, and maintaining scripts that break when the API changes. InforcerCommunity is a community PowerShell module that wraps the Inforcer API so you can connect, query tenants, baselines, policies, alignment details, users, and audit events from the command line or from your own scripts - with consistent parameters, sensible defaults, and help that works. This guide explains what it does, how to use it, and how you can contribute or ask for new features.

Table of Contents

What is InforcerCommunity?

InforcerCommunity is a PowerShell script module that talks to the Inforcer REST API.

What it gives you:

  • Connect once, query everything: Authenticate with your Inforcer API key and region, then run cmdlets to list tenants, baselines, policies, alignment details, users, and audit events.
  • Consistent behavior: All Get-* cmdlets support -Format, -OutputType (PowerShellObject or JsonObject), and -TenantId for filtering. TenantId accepts a numeric ID, Microsoft Tenant ID (GUID), or tenant name.
  • No secrets in scripts: The API key is stored as a SecureString in the session; you can pass it once via Connect-Inforcer and then run as many commands as you need.
  • Tab completion and help: Every cmdlet has comment-based help; Get-Help Connect-Inforcer -Full and tab completion on parameters (e.g. -EventType on Get-InforcerAuditEvent) work out of the box.
  • Pipeline support: Pipe tenants into other cmdlets - e.g. Get-InforcerTenant | Get-InforcerUser or Get-InforcerTenant | Get-InforcerTenantPolicies works out of the box.

Where to find it:

Community project notice: InforcerCommunity was created by me for the community. It is not owned, endorsed, or maintained by Inforcer. It is an independent, community-driven project to make the Inforcer API easier to use from PowerShell. You use it at your own responsibility.

What’s New in v0.3.0

The biggest addition in v0.3.0 is Compare-InforcerEnvironments — compare two tenants’ Intune configurations side-by-side and get an interactive HTML report showing every difference, duplicate, and deprecated setting.

Highlights:

  • Cross-tenant comparison: Compare any two tenants in one command. The report includes four tabs: Comparison (flat settings table), Manual Review (scripts, compliance rules, non-Settings-Catalog policies), Duplicates (settings in 2+ policies with different values), and Deprecated (settings flagged by Microsoft).
  • Cross-account support: Use Connect-Inforcer -PassThru to capture sessions from different Inforcer accounts, then pass them to -SourceSession / -DestinationSession.
  • Script and rules decoding: Base64-encoded detection scripts, remediation scripts, and compliance rules are automatically decoded and displayed as collapsible code blocks with syntax highlighting (PowerShell, Bash, and JSON — each with their own color theme).
  • Friendly setting names: Non-Settings-Catalog property names are converted from camelCase to human-readable titles (e.g., allowBluetooth becomes “Allow Bluetooth”) in both Export and Compare reports.
  • Graph enrichment for Compare: When -FetchGraphData is specified, compliance policy detection rules (rulesContent) are fetched from Graph, discovery scripts are linked to parent policies, and group/filter/scope tag names are resolved for both tenants.
  • New cmdlets: Get-InforcerGroup and Get-InforcerRole — retrieve Entra ID groups (with search, filter, pagination, and member detail) and directory role definitions from any tenant.
  • Export improvements: Collapsible syntax-highlighted code blocks for scripts and JSON rules, GitHub issues link in the footer, and tenant name displayed during Graph sign-in.

Still included from v0.2.0:

  • Export-InforcerTenantDocumentation — HTML, Markdown, and Excel output formats with Settings Catalog resolution, Graph integration, baseline and tag filtering.
  • Settings Catalog resolution: Automatically downloaded and cached from IntuneSettingsCatalogData.
  • Connection cmdlets: Connect-Inforcer supports -FetchGraphData for Microsoft Graph. Disconnect-Inforcer cleans up both sessions.

Requirements

  • PowerShell 7.0 or later (Windows, macOS, or Linux).
  • An Inforcer API key from your Inforcer tenant (Configure > REST API > New API Key).

Installation

Install-Module -Name InforcerCommunity -Scope CurrentUser

Option 2: From source (GitHub)

git clone https://github.com/royklo/InforcerCommunity.git
cd InforcerCommunity
Import-Module ./module/InforcerCommunity.psd1 -Force

Important: When loading from source, always run Import-Module from the repository root and use the path ./module/InforcerCommunity.psd1. If you see errors about a missing file or wrong path, make sure you are in the InforcerCommunity repo root.

Quick Start

After installing the module:

# Connect with your API key (region: uk, eu, us, or anz)
Connect-Inforcer -ApiKey "your-api-key" -Region uk

# List all tenants you have access to
Get-InforcerTenant

# Get alignment details in table format
Get-InforcerAlignmentDetails

# Get users for a tenant (by name, numeric ID, or GUID)
Get-InforcerUser -TenantId "Contoso"

# Get policies for a specific tenant
Get-InforcerTenantPolicies -TenantId 482

# Disconnect when done
Disconnect-Inforcer

You can use Get-Help <CmdletName> -Full for parameters and examples (e.g. Get-Help Get-InforcerUser -Full).

Tenant Documentation

The new Export-InforcerTenantDocumentation cmdlet generates comprehensive documentation for an entire tenant in one command:

# Generate HTML documentation (opens in browser automatically)
Export-InforcerTenantDocumentation -TenantId "Contoso" -Format Html

# Generate HTML and Excel, with Graph enrichment for group/filter names
Connect-Inforcer -ApiKey "your-api-key" -Region uk -FetchGraphData
Export-InforcerTenantDocumentation -TenantId "Contoso" -Format Html,Excel -OutputPath C:\Reports

# Export only policies from a specific baseline
Export-InforcerTenantDocumentation -TenantId 139 -Baseline "Inforcer Blueprint Baseline - Tier 1" -Format Html

# Filter by tag
Export-InforcerTenantDocumentation -TenantId "Contoso" -Tag "Production" -Format Markdown

HTML output is a self-contained file with no external dependencies — you can email it, archive it, or open it offline. It includes:

  • Collapsible Product > Category > Policy navigation in a sidebar
  • Real-time search with text highlighting
  • Dark/light mode toggle (persisted in localStorage)
  • Tag filter pills with AND/OR logic
  • Hide empty fields and show metadata toggles
  • Collapsible long values and a back-to-top button

Excel output creates a workbook with one sheet per product area. Each row is a policy with columns for category, name, description, platform, settings, and assignments — ready for filtering and analysis.

Markdown output generates a GFM-compatible document with a table of contents and per-policy tables — useful for including in wikis or version-controlled documentation.

Environment Comparison

The new Compare-InforcerEnvironments cmdlet compares two tenants’ Intune configurations and generates an interactive HTML report:

# Compare two tenants in the same Inforcer account
Compare-InforcerEnvironments -SourceTenantId "Contoso" -DestinationTenantId "Fabrikam"

# Compare across different Inforcer accounts with Graph enrichment
$src = Connect-Inforcer -ApiKey $key1 -Region uk -PassThru
$dst = Connect-Inforcer -ApiKey $key2 -Region eu -PassThru
Compare-InforcerEnvironments -SourceTenantId 482 -DestinationTenantId 139 `
    -SourceSession $src -DestinationSession $dst -FetchGraphData

The HTML report includes four tabs:

  • Comparison — flat table of all Settings Catalog settings with sortable columns, status filter pills (Matched/Conflicting/Source Only/Dest Only), category dropdown, and advanced column filters with AND/OR logic
  • Manual Review — non-Settings-Catalog policies (compliance, enrollment, scripts) in a 50/50 source/destination layout grouped by platform. Matching policy names are aligned side-by-side. Scripts and compliance rules are shown as collapsible code blocks with syntax highlighting
  • Duplicates — settings configured in two or more policies with different values, with automated conflict analysis
  • Deprecated — settings flagged as deprecated by Microsoft, grouped by source and destination

The report also features an animated configuration match score (with confetti at 100%), dark/light mode toggle, column resize handles, and a responsive layout. Like the Export report, the HTML is fully self-contained with no external dependencies.

Key Cmdlets and Use Cases

Cmdlet What it does
Connect-Inforcer Establishes a secure connection to the Inforcer API (ApiKey, Region or BaseUrl). Supports -PassThru for cross-account workflows.
Disconnect-Inforcer Clears the session and disconnects.
Test-InforcerConnection Verifies the current API connection.
Get-InforcerTenant Lists tenants; optional -TenantId to return a single tenant.
Get-InforcerBaseline Retrieves baseline groups and members.
Get-InforcerTenantPolicies Retrieves policies for a given tenant.
Get-InforcerAlignmentDetails Retrieves alignment scores or per-policy alignment details (optional -TenantId, -BaselineId, -Tag).
Get-InforcerAuditEvent Retrieves audit events (optional -EventType, date range, paging).
Get-InforcerSupportedEventType Lists supported audit event types (used for tab completion).
Get-InforcerUser Lists/searches users or gets full user detail by ID (optional -Search, -MaxResults, -UserId).
Get-InforcerGroup Retrieves Entra ID groups (list with search/filter/pagination, or detail by name/GUID with members).
Get-InforcerRole Retrieves Entra ID directory role definitions (built-in, enabled, privileged).
Export-InforcerTenantDocumentation Generates tenant documentation in HTML, Markdown, or Excel (optional -Baseline, -Tag, -FetchGraphData).
Compare-InforcerEnvironments Compares two tenants’ Intune configuration and generates an interactive HTML comparison report.

Typical workflows:

  • Tenant and policy overview: Connect-Inforcer -> Get-InforcerTenant -> Get-InforcerTenantPolicies -TenantId "Contoso" to inspect a specific tenant’s policies.
  • Alignment and drift: Get-InforcerAlignmentDetails for score summaries; Get-InforcerAlignmentDetails -BaselineId "Tier 0" for per-policy detail.
  • User overview: Get-InforcerUser -TenantId "Contoso" for a user list; Get-InforcerUser -TenantId 139 -UserId "8e61ce11-..." for full detail including groups, roles, devices, and risk.
  • Audit and compliance: Get-InforcerAuditEvent with optional -EventType (tab completion for event types), -DateFrom, -DateTo, and paging parameters.
  • Tenant documentation: Export-InforcerTenantDocumentation -TenantId "Contoso" -Format Html,Excel to generate a complete configuration snapshot.
  • Environment comparison: Compare-InforcerEnvironments -SourceTenantId "Contoso" -DestinationTenantId "Fabrikam" to see every difference between two tenants.
  • Group and role lookup: Get-InforcerGroup -TenantId 139 -Search "Finance" for groups, Get-InforcerRole -TenantId 139 | Where-Object IsPrivileged -eq $true for privileged roles.
  • Pipeline: Get-InforcerTenant -TenantId 139 | Get-InforcerUser to list users for a piped tenant.

For full parameter details and example output, see the Cmdlet Reference in the repository.

Output Formats and Filtering

  • -Format: Most Get-* cmdlets support Table or Raw (e.g. for alignment details).
  • -OutputType: PowerShellObject (default) or JsonObject (JSON with depth 100) for piping into other tools or export.
  • -TenantId: Accepts a numeric Client Tenant ID, a Microsoft Tenant ID (GUID), or a tenant name (case-insensitive match). Use it on Get-InforcerTenant, Get-InforcerTenantPolicies, Get-InforcerAlignmentDetails, Get-InforcerUser, and others.
# Example: export all tenants as JSON for use elsewhere
Get-InforcerTenant -OutputType JsonObject | Out-File tenants.json -Encoding utf8

# Example: search users by name
Get-InforcerUser -TenantId "Contoso" -Search "Adele"

# Example: get full user detail as JSON
Get-InforcerUser -TenantId 139 -UserId "8e61ce11-a45b-42a6-8ca4-1d881781566d" -OutputType JsonObject

How to Contribute

Contributions are welcome. The project uses a standard fork-and-pull-request workflow:

  • Fork the repository on GitHub: https://github.com/royklo/InforcerCommunity.
  • Clone your fork and create a branch (e.g. feature/your-feature-name or fix/bug-description).
  • Make your changes under module/ (see CONTRIBUTING.md for code style and the consistency contract - parameter order, -Format/-OutputType, property names, etc.).
  • Run tests from the repo root: Invoke-Pester ./Tests/Consistency.Tests.ps1.
  • Commit and push to your fork, then open a pull request against the main repository. Fill in the PR template (summary, how to test, related issue if any).

New cmdlets must be added to module/Public/, registered in FunctionsToExport in the manifest, and documented in docs/CMDLET-REFERENCE.md. The consistency tests must be updated if you add or change exported cmdlets or key parameters.

How to Report Bugs

If something doesn’t work as expected:

  • Go to New issue.
  • Choose Bug report.
  • Fill in:

Description: What went wrong?

  • Steps to reproduce: Exact commands or steps.
  • Expected behavior: What you expected.
  • Actual behavior: What happened instead (including any error messages).
  • Environment: PowerShell version, OS, and module version (e.g. Get-Module InforcerCommunity | Select-Object Version).
  • Additional context: Logs, screenshots, or other details.

This helps maintainers and the community reproduce and fix issues quickly.

How to Request a Feature

Have an idea for a new cmdlet, parameter, or behaviour?

  • Go to New issue.
  • Choose Feature request.
  • Describe:

The feature you’d like (e.g. a new endpoint, a new parameter, or a different output shape).

  • The use case (why it would help you or others).
  • If you have one, a proposed solution (e.g. cmdlet name, parameters, example usage).

Not every request can be implemented immediately, but all are read and considered; they also help others discover and discuss ideas.

Conclusion

InforcerCommunity turns the Inforcer API into a set of PowerShell cmdlets you can use interactively or in scripts: connect once, then list tenants, baselines, policies, alignment details, users, groups, roles, and audit events with consistent parameters and output. Generate complete tenant documentation in HTML, Markdown, or Excel. Compare two tenants’ Intune configurations side-by-side with an interactive report that shows every difference, duplicate, and deprecated setting. Use tenant names instead of IDs, pipe results between cmdlets, and export to JSON for integration with other tools. It’s a community project, not owned or maintained by Inforcer; feedback, bug reports, and feature requests from users like you shape what comes next. Install it from the PowerShell Gallery, try the quick start, and if you hit a bug or have an idea, open an issue or send a pull request.

back to all posts next: RKSolutions PowerShell Module
PS Select-String -Pattern
↑↓navigate open escclose