开始使用 SharePoint 现代化扫描程序Getting started with the SharePoint modernization scanner

使用 SharePoint 现代化扫描程序,可以为现代化经典网站做好准备。Using the SharePoint Modernization scanner you can prepare your classic sites for modernization. 此扫描程序将帮助你准备以下现代化操作:The scanner will help you prepare for the following modernization efforts:

  • 优化现代列表和库的使用情况Optimizing the usage of modern list and libraries
  • 将这些网站连接到 Microsoft 365 组Connecting these sites to a Microsoft 365 group
  • 通过创建新式网站页面现代化 wiki 和 Web 部件页面Modernizing the wiki and web part pages by creating modern site pages
  • 将经典发布门户重新生成为新式发布门户Rebuilding classic publishing portals as modern publishing portals
  • 了解使用经典工作流的位置Understanding where classic workflow is used
  • 了解使用 InfoPath 的位置Understanding where InfoPath is being used
  • 了解经典博客页面的用法Understanding the usage of classic blog pages

如果你想要准备现代化你的经典网站,那么此扫描程序是一个重要工具,因为它将为你提供有关轻松现代化你的网站的事实性数据。This scanner is a key tool to use if you want to prepare for modernizing your classic sites as it will give you factual data about how easy it is to modernize your sites. 使用由扫描程序生成的仪表板,你将能够向下钻取网站的“现代化准备情况”并在需要时计划所需的修正工作。Using the dashboards generated by the scanner you'll be able to drill down on the "modernization readiness" of your sites and plan the needed remediation work where needed.

备注

针对 SharePoint Online 运行仅支持 SharePoint 新式化扫描程序。The SharePoint modernization scanner only is supported for running against SharePoint Online. 若要扫描本地 SharePoint,你可以考虑使用 SharePoint 迁移评估工具 (SMAT)。For scanning on-premises SharePoint you can consider using the SharePoint Migration Assessment Tool (SMAT).

重要

现代化工具和所有其他 PnP 组件均为开放源代码工具,由负责提供支付服务的活跃社区支持。Modernization tooling and all other PnP components are open-source tools backed by an active community providing support for them. 没有来自 Microsoft 的官方支持渠道的开放源代码工具支持的 SLA。There is no SLA for open-source tool support from official Microsoft support channels.

步骤 1:获取 SharePoint 现代化扫描程序的最新版本Step 1: Get the latest version of the SharePoint modernization scanner

因为 SharePoint Online 不断发展且不断添加更多新式功能,所以始终下载最新版本的扫描程序很重要。Since SharePoint Online continuously evolves and more and more modern capabilities are added, it's important to always download the latest version of the scanner. 下载 SharePoint 现代化扫描程序可执行文件并开始使用。Download the SharePoint Modernization Scanner executable and get started. 在此页面和链接到它的其他页面中,有帮助你入门的所有信息,还有各项报告详细信息和常见问题解答。This page and the other pages linked to it contain all information to get you started, and also all the report details and an FAQ.

步骤 2:准备扫描Step 2: Preparing for a scan

因为典型扫描需要能够扫描所有网站集,所以建议为扫描使用具有租户范围权限的仅限应用主体。Since a typical scan needs to be able to scan all site collections, it's recommended to use an app-only principal with tenant scoped permissions for the scan. 此方法将确保扫描程序始终具有访问权限,如果使用帐户(如你的 SharePoint 租户管理员帐户),则扫描程序仅能访问此用户也具有访问权限的网站。This approach will ensure the scanner always has access, if you use an account (for example, your SharePoint tenant admin account) then the scanner can only access the sites where this user also has access. 可以将 Azure AD 应用程序或 SharePoint 应用主体用于仅适用于应用的访问权限,下面的链接描述手动设置内容的方法。You can either use an Azure AD application or a SharePoint app principal for app-only access and below links describe the manual approach to setting up things. 由于建议的方法是 Azure AD 仅限应用,因此可以使用 PnP PowerShell Initialize-PnPPowerShellAuthentication cmdlet 简化 Azure AD 应用程序的设置。As the recommended approach is Azure AD App-Only, you can easy the setup of your Azure AD application by using the PnP PowerShell Initialize-PnPPowerShellAuthentication cmdlet. 参见“使用 Initialize-PnPPowerShellAuthentication 设置 Azure AD 仅限应用”一节了解详细信息。See the Using Initialize-PnPPowerShellAuthentication to setup Azure AD App-Only chapter for more details.

重要

如果选择的目标是 Azure AD 仅限应用,则上面提及的指令会向 Azure AD 应用授予 Sites.FullControl.All 权限;如果需要运行所有扫描组件,则需要该权限。If you're choosing for Azure AD app-only, then above mentioned instructions grant the Azure AD app the Sites.FullControl.All permission, which is needed if you want to run all scan components. 如果你不需要扫描工作流,也可以使用 Sites.Read.All 作为 2.6 版及更高版本的权限。If you're not interested in workflow scanning you can also use Sites.Read.All as a permission (as of version 2.6). 如果想报告已关联 Teams 团队的网站集,需要添加 Group.Read.All权限(版本 2.7 或更高版本)。If you want to report on site collections that have a Teams team linked then you also need to add the Group.Read.All permission (as of version 2.7).

准备工作完成后,就可以继续执行扫描。Once the preparation work is done, let's continue with doing a scan.

使用 Initialize-PnPPowerShellAuthentication 设置 Azure AD 仅限应用Using Initialize-PnPPowerShellAuthentication to setup Azure AD App-Only

若要使用 PnP PowerShell 配置 Azure AD 仅限应用,请按照以下步骤操作:To configure Azure AD App-Only using PnP PowerShell follow these steps:

  1. 安装 PnP PowerShell 或将其更新到2020年4月或更新的版本Install PnP PowerShell or update it to the April 2020 or a more recent version
  2. 使用 Initialize-PnPPowerShellAuthentication cmdet 设置 Azure AD 应用:Use the Initialize-PnPPowerShellAuthentication cmdet to setup an Azure AD app:
Initialize-PnPPowerShellAuthentication -ApplicationName ModernizationScannerApp -Tenant contoso.onmicrosoft.com -Scopes "SPO.Sites.FullControl.All","MSGraph.Group.Read.All"  -OutPath c:\temp -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force)
  1. 系统将要求你进行身份验证,并确保你使用作为租户管理员的用户进行身份验证You'll be asked to authenticate, ensure you authenticate with a user that is a tenant administrator
  2. cmdlet 将安装一个 Azure AD 应用程序,并等待60秒钟,以使 Azure AD 有时间处理应用程序的创建The cmdlet will setup an Azure AD app and wait for 60 seconds to give Azure AD time to handle the App creation
  3. 系统将要求你同意将权限授予给创建的 Azure AD 应用:You'll be asked to consent the permissions granted to the created Azure AD application:
    1. 首先,系统会要求你再次登录,使用租户管理员帐户First you'll be asked to login again, use a tenant administrator account
    2. 接下来,将显示具有已经请求权限的同意对话框(请参见下面的屏幕截图)。Next the consent dialog is shown with the requested permissions (see screenshot below). 单击“接受”。Click Accept
  4. 将返回的 AzureAppId、创建的 PFX 文件和密码存储在安全的地方,将需要按照通过 Azure AD 仅限应用进行身份验证中所述进行使用Store the returned AzureAppId, created PFX file and password somewhere safe, you'll need to use it as described in below chapter Authenticate via Azure AD app-only

扫描程序同意

步骤 3:使用用户界面选项启动扫描Step 3: Launch a scan using the user interface option

最简单的方法是直接启动 SharePoint.Modernization.Scanner.exe,因为扫描程序具有 UI。The easiest approach is to simply launch SharePoint.Modernization.Scanner.exe as the scanner does have a UI. 或者,可以启用 (PowerShell) 命令提示并导航到该文件夹,以便通过命令行使用扫描程序。Alternatively you can start a (PowerShell) command prompt and navigate to that folder so that you can use the scanner via command line. 此章节将引导你完成采取典型完全扫描的 UI 选项。This chapter will walk you through the UI option taking a typical full scan. 首先请启动 SharePoint.Modernization.Scanner.exe。Start by launching the SharePoint.Modernization.Scanner.exe.

第 1 页:扫描程序身份验证配置Page 1: Scanner authentication configuration

通过 Azure AD 仅限应用进行身份验证Authenticate via Azure AD app-only

现代化扫描程序向导的第一页要求你输入身份验证信息。The first page of the modernization scanner wizard asks you for authentication information. 扫描程序支持四个选项,选择所需的一个选项,然后填写所需的信息,如下所述。The scanner supports four options, select the one you need and fill in the needed information as described below. 最好使用仅限应用模型,因为这将确保扫描程序有权访问其需要扫描的所有网站。Ideally you use an app-only model as that will ensure the scanner has access to all sites it needs to scan.

Azure AD 仅限应用

如果已通过 Azure AD 仅限应用设置了访问权限,则你已创建了 Azure 应用并配置了用于访问它的证书。If you've setup access via Azure AD App-Only, you do have created an Azure App and configured a certificate for accessing it. 需要向工具提供此信息:This information needs to be provided to the tool:

  • Azure AD Application ID:Azure AD 环境中创建的应用程序的 IDAzure AD Application ID: ID of the created application in your Azure AD environment
  • Azure AD Domain name:Azure AD 环境的默认域。Azure AD Domain name: the default domain of your Azure AD environment. 可以从 Azure AD 管理中心的概述页查找此信息。You can find this from the overview page of the Azure AD admin center. 通常,此域的格式为 *. onmicrosoft.com,例如 contoso.onmicrosoft.com。Typically this domain is formatted as *.onmicrosoft.com, for example, contoso.onmicrosoft.com.
  • Certificate file:向 Azure AD 应用授予仅限应用访问权限的证书,这需要被显示为受密码保护的 PFX 文件Certificate file: the certificate that you granted app-only access to the Azure AD app, this needs to be presented as a password protected PFX file
  • Password for the PFX file:用于保护以前提供的 PFX 文件的密码Password for the PFX file: the password used to secure the previously provided PFX file
  • 身份验证区域:如果你的租户位于美国政府 (ITAR)、德国或中国云环境中,则选择相应的区域Authentication region: if your tenant is located in the US Government (ITAR), Germany or China cloud environment then select the respective region

备注

你也可以选择在你的计算机上安装证书,然后通过 -w 命令行参数对其进行引用。You can also opt to install the certificate on your computer and reference it via the -w command line parameters. 若要引用证书,请将此值用于-w 参数 "My |CurrentUser | 1FG498B468AV3895E7659C8A6F098FB701C8CDB1 "。To reference the certificate you would use this value for the -w parameter "My|CurrentUser|1FG498B468AV3895E7659C8A6F098FB701C8CDB1". 可使用 My/Root and CurrentUser/LocalMachine 来表示存储。You can use My/Root and CurrentUser/LocalMachine to identify the store. 最后一个参数是证书指纹。The last argument is the certificate thumbprint. 此选项在 2.7 版本或更高版本上可用。This option is available as of the 2.7 release. 如果使用的是 LocalMachine,请注意,你需要确保扫描程序有权在 LocalMachine 存储中进行读取。If you're using LocalMachine then be aware that you'll need to ensure the scanner has permissions to read in the LocalMachine store. 可通过以下方式执行此操作:使用管理特权运行扫描程序进程,或者向正在使用运行现代化扫描的账户授予权限(更佳)来读取存储在 LocalMachine 存储中的私钥和证书。You can do this by either running the scanner process under administrative privileges or alternatively (and better) grant the account you're using to run the modernization scan permissions to read the private key of the certificate stored in the LocalMachine store.

重要

  • 上面提及的默认指令会向 Azure AD 应用授予 Sites.FullControl.All 权限;如果需要运行所有扫描组件,则需要该权限。The default instructions mentioned to grant the Azure AD app the Sites.FullControl.All permission which is needed if you want to run all scan components. 如果你不需要扫描工作流,也可以使用 Sites.Read.All 作为 SharePoint 现代化扫描程序 2.6 版及更高版本的权限。If you're not interested in workflow scanning you can also use Sites.Read.All as a permission as of version 2.6 of the SharePoint Modernization Scanner.
  • Azure AD的“仅限应用”选项是美国政府 (ITAR)、德国或中国云环境中的租户唯一可用的身份验证选项。Azure AD App-Only is the only supported authentication option for tenants in the US Government (ITAR), Germany or China cloud environment.

通过 SharePoint AD 仅限应用进行身份验证Authenticate via SharePoint AD app-only

SharePoint 仅限应用

在使用“经典”SharePoint 仅限应用方法的情况下,需要指定:In case you used the "classic" SharePoint App-Only approach then you need to specify:

  • Azure ACS Client ID:创建的仅限应用主体的 IDAzure ACS Client ID: the ID of the created app-only principal
  • Azure ACS Client Secret:创建应用主体时获得的密码Azure ACS Client Secret: the secret that you got when you created the app principal

通过凭据进行身份验证Authenticate via credentials

凭据

使用常规的用户/密码组合也可进行身份验证(假定提供的用户的确具有所需的权限)。Using a regular user/password combo works fine as well, assuming the provided user does have the needed permissions. 从扫描程序 2.9 版开始,基于用户/密码的身份验证不再依赖于在已扫描租户上启用的旧式身份验证。As of version 2.9 of the scanner the user/password based authentication does not rely anymore of legacy auth being enabled on the scanned tenant. 这是所使用账户需要多重身份验证时这种类型身份验证不工作的唯一原因。The only reason why this type of authentication would not work is when the used account requires multi-factor authentication. 如果是这种情况,请使用自 2.9 版开始引入的“多重身份验证”选项。If that's the case then please use the Multi Factor Auth option introduced as of version 2.9.

使用多重身份验证进行身份验证(2.9 或更高版本)Authenticate via Multi Factor Authentication (as of version 2.9)

MFA

根据你正在使用的租户和账户,你的管理员登录到 SharePoint Online 可能需要进行多重身份验证。Depending on the tenant and account you're using your admin might require multi-factor authentication for logging into to SharePoint Online. 在这种情况下,如果想要通过用户凭据使用扫描程序,则需要使用此选项。If that's the case you'll need to use this option if you want to use the scanner via user credentials. 仍然建议使用仅限应用程序的方法,但是如果没有设置仅限应用程序所需的权限,则此方法将允许您扫描拥有访问权限的网站集。Using an app-only approach is still recommended, but if you do not have the needed permissions for setting up app-only this approach will allow you to scan the site collections you as a user have permissions for. 要使用此功能,需要:To use this you'll need to:

  • 输入要扫描的站点的URL(可以访问的任何站点都可以)Enter the URL of a site you want to scan (any site you've access to will be fine)
  • 单击“登录”按钮,将触发多重身份验证流程Click on the Login button which will trigger the multi factor authentication flow

备注

成功登录后,多重身份验证将为扫描仪提供访问令牌。The multi factor authentication will give the scanner an access token after you've successfully logged on. 由于访问令牌的生命周期有限(通常为1小时),因此这意味着扫描只能在令牌仍然有效的情况下访问 SharePoint 网站。Since an access token has limited lifetime (typically 1 hour) this means that scan will only be able to access SharePoint sites while the token is still valid.

第 2 页:扫描程序站点范围配置Page 2: Scanner site scope configuration

扫描完整租户Scan full tenant

此页允许你定义要扫描的网站。This page allows you to define which sites are being scanned. 扫描程序支持从完整租户到单独选择的网站集的扫描。The scanner supports scanning the full tenant up to individually selected site collections.

完整租户

扫描完整租户通常是建议的方法,因为这将为所有租户提供现代化报表。Scanning the complete tenant is often the recommended approach as that will give you modernization reports for all. 如果这是你的选择,则只需填写你的租户名称。If that's your choice, then simply fill your tenant name. 如果你的租户是使用不以 sharepoint.com 结尾的 URL,则此方法不适用,如果是这种情况,则需要使用以下两个选项之一。This approach doesn't work if your tenant is using URLs that do not end on sharepoint.com, if that's the case you need to use one of the two below options.

扫描定义的网站集列表Scan a defined list of site collections

通配符 URL

此选项通过提供以下内容来实现选择一个或多个网站集This option makes it possible to select one or more site collections by either providing

  • 需要扫描的网站集的完全限定的 URLThe fully qualified URL of the site collection(s) that need need(s) to be scanned
  • 通配符 URL:通过添加以星号结尾的 URL,将包含匹配该筛选器的所有网站。A wildcard URL: by adding a URL that ends with a star, you'll include all sites that match that filter. 仅支持以星号结尾的通配符Only ending on an star is a supported wildcard

如果使用不以 sharepoint.com 结尾的 URL(即所谓的虚 URL),则还需要指定租户管理员中心网站的 URL(例如 https://contoso-admin.contoso.com)。If you're using URLs that do not end on sharepoint.com (so called vanity URLs), you'll also need to specify the URL of your tenant admin center site (for example, https://contoso-admin.contoso.com).

扫描 CSV 文件中定义的网站集列表Scan a list of site collections defined in a CSV file

CSV 文件

作为第三个选项,可以提供含有列出要扫描的网站集的 CSV 文件的扫描程序。As a third option you can provide the scanner with a CSV file listing the site collections to scan. 此 CSV 文件是不包含标题的网站集 URL 的简单列表,如以下示例所示:This CSV file is a simple list of site collections, the file doesn't have a header as shown in this sample:

https://contoso.sharepoint.com/sites/hrteam
https://contoso.sharepoint.com/sites/funatwork
https://contoso.sharepoint.com/sites/opensourcerocks

第 3 页:扫描程序模式配置Page 3: Scanner mode configuration

SharePoint 现代化扫描程序支持多个节点,根据你的现代化模式,你可能想要将扫描的范围限定在某个区域或执行完全扫描。The SharePoint modernization scanner does support multiple modes, depending on your modernization mode you might want to scope the scan to a certain area or alternatively, execute a full scan.

扫描程序模式

在下拉列表中选择想要使用的选项,然后,复选框将显示将在扫描中包含的组件。Select the option you want in the dropdown and then the checkboxes will show which components will be included in the scan. “Microsoft 365 组连接准备情况”组件是将被包含在所有扫描模式中的主要组件。The "Microsoft 365 group connection readiness" component is the main component that will be included all scan modes.

第 4 页:扫描程序选项Page 4: Scanner options

作为最后一步,可以调整扫描程序选项。As a last step you can tweak the scanner options. 根据之前选择的扫描程序模式,某些选项可能会被禁用。Depending on the earlier chosen scanner mode, some options might be disabled.

扫描程序选项

可以选择以下扫描选项:Following scan options are available:

  • Number of threads:扫描是多线程,默认值为 10,但对于更大型的扫描,选择 20-30 线程将会获得更好的扫描性能(里程可能会有所不同)Number of threads: the scan is multi-threaded, default is 10 but for larger scans 20-30 threads delivers a better scan performance (your mileage might vary)
  • Don't use search:如果对页面/网站使用情况信息不感兴趣,则可以选择此选项。Don't use search: if you're not interested in page/site usage information then you can select this option. 因为这会删除每个网站集的一个搜索查询,所以它可使扫描速度稍微快一些As this removes one search query per site collection, it will make the scan slightly faster
  • Don't include user information:如果你不想看到用户信息(用户名)作为生成的数据的一部分,则选中此框Don't include user information: check this box if you're not interested in seeing user information (user names) as part of the produced data
  • Exclude lists:对于“新式列表和库体验”扫描,可以排除仅由于 OOB 而被阻止的列表Exclude lists: For the "Modern list and library experience" scan you can exclude lists that are only blocked due to an OOB reason
  • Export page details:默认情况下,扫描不会导出详细的 Web 部件信息(Web 部件属性),因为该数据集可能很庞大。Export page details: By default the scan isn't exporting detailed web part information (web part properties) as that dataset can be huge. 如果你想要拥有完整的 Web 部件选项数据,请选中此框Check this box if you would like to have the full web part option data
  • Don't generate reports:默认情况下,在扫描输出时,你将获取基于 Excel 的仪表板,但是,如果你只想要获取原始 CSV 文件,则可跳过这些步骤Don't generate reports: by default you get Excel-based dashboards as scan output, but you can skip these if you're only interested in the raw CSV files
  • Disable feedback:扫描程序会将反馈发送到 Microsoft 以帮助改进扫描程序。Disable feedback: the scanner will send feedback to Microsoft to help improve the scanner. 如果你不希望执行此操作,则可随时选中此框If you don't like that, then feel free to check this box
  • Separator:生成的 CSV 文件的默认分隔符是逗号,但如果你希望使用分号,则可将其更改为分号Separator: the default separator for the generated CSV files is a comma, but you can change this to semi-colon if you would prefer that
  • Date format:生成的 CSV 文件中的默认日期格式为月/日/年。Date format: the default date format in the generated CSV files is month/day/year. 可选择将此格式切换为日/月/年You can optionally switch this to day/month/year

步骤 3(备选选项):使用命令行参数启动扫描仪Step 3 (alternative option): Launch a scan using command line

以下选项是大部分客户默认使用的工具:你指定模式、你的租户名称并创建客户端 ID 和密码:Below option is the default usage of the tool for most customers: you specify the mode, your tenant name, and the created client id and secret:

SharePoint.Modernization.Scanner.exe -t <tenant> -i <clientid> -s <clientsecret>

实际工作中的示例:A real life sample:

SharePoint.Modernization.Scanner.exe -t contoso -i 7a5c1615-997a-4059-a784-db2245ec7cc1 -s eOb6h+s805O/V3DOpd0dalec33Q6ShrHlSKkSra1FFw=

上述步骤将运行所有扫描选项,但也可以通过 Mode 参数 (-m) 设定扫描目标:The above use will run all scanning options, but you can also target the scan via the Mode parameter (-m):

SharePoint.Modernization.Scanner.exe -m <mode> -t <tenant> -i <clientid> -s <clientsecret>

实际工作中的示例:A real life sample:

SharePoint.Modernization.Scanner.exe -m GroupifyOnly -t contoso -i 7a5c1615-997a-4059-a784-db2245ec7cc1 -s eOb6h+s805O/V3DOpd0dalec33Q6ShrHlSKkSra1FFw=

支持的扫描程序模式Supported scanner modes

模式Mode 说明Description
Full 将包含所有组件,省略 -m 具有相同的结果All components will be included, omitting -m has the same result
GroupifyOnly 仅使用 Microsoft 365 组连接准备情况组件,此组件是每个扫描的一部分Only use the Microsoft 365 group connection readiness component, this component is part of each scan
ListOnly 包括深层列表扫描 + 包括 Microsoft 365 组连接准备情况组件Includes a deep list scan + includes the Microsoft 365 group connection readiness component
HomePageOnly 包括来自 wiki 和 Web 部件页主页的扫描 + 包括 Microsoft 365 组连接准备情况组件Includes a scan from wiki and web part pages home pages + includes the Microsoft 365 group connection readiness component
PageOnly 包括来自 wiki 和 Web 部件页的扫描 + 包括 Microsoft 365 组连接准备情况组件Includes a scan from wiki and web part pages + includes the Microsoft 365 group connection readiness component
PublishingOnly 包括网站和 Web 级别的经典发布门户 + 包括 Microsoft 365 组连接准备情况组件Includes a classic publishing portal scan at site and web level + includes the Microsoft 365 group connection readiness component
PublishingWithPagesOnly 包括网站、Web 和页面级别的经典发布门户扫描 + 包括 Microsoft 365 组连接准备情况组件Includes a classic publishing portal scan at site, web and page level + includes the Microsoft 365 group connection readiness component
WorkflowOnly 包括经典工作流扫描 + 包括 Microsoft 365 组连接准备情况组件Includes the classic workflow scan + includes the Microsoft 365 group connection readiness component
WorkflowWithDetailsOnly 包括带有工作流迁移就绪情况分析的经典工作流扫描,还包括 Microsoft 365 组连接准备情况组件Includes the classic workflow scan with workflow migration readiness analysis + includes the Microsoft 365 group connection readiness component
InfoPathOnly 包括 InfoPath 扫描 + 包括 Microsoft 365 组连接准备情况组件Includes the InfoPath scan + includes the Microsoft 365 group connection readiness component
BlogOnly 包括博客扫描 + 包括 Microsoft 365 组连接准备情况组件Includes the Blog scan + includes the Microsoft 365 group connection readiness component

命令行参数概述Command-line parameter overview

SharePoint PnP Modernization scanner 2.14.0.0
Copyright (C) 2020 SharePoint PnP
==========================================================

See the sp-dev-modernization repo for more information at:
https://github.com/SharePoint/sp-dev-modernization/tree/master/Tools/SharePoint.Modernization

Let the tool figure out your urls (works only for SPO MT):
==========================================================
Using Azure AD app-only:
SharePoint.Modernization.Scanner.exe -t <tenant> -i <your client id> -z <Azure AD domain> -f <PFX file> -x <PFX file
password>
e.g. SharePoint.Modernization.Scanner.exe -t contoso -i e5808e8b-6119-44a9-b9d8-9003db04a882 -z conto.onmicrosoft.com
-f apponlycert.pfx -x pwd

Using app-only:
SharePoint.Modernization.Scanner.exe -t <tenant> -i <your client id> -s <your client secret>
e.g. SharePoint.Modernization.Scanner.exe -t contoso -i 7a5c1615-997a-4059-a784-db2245ec7cc1 -s
eOb6h+s805O/V3DOpd0dalec33Q6ShrHlSKkSra1FFw=

Using credentials:
SharePoint.Modernization.Scanner.exe -t <tenant> -u <your user id> -p <your user password>

e.g. SharePoint.Modernization.Scanner.exe -t contoso -u spadmin@contoso.onmicrosoft.com -p pwd

Specifying url to your sites and tenant admin (needed for SPO with vanity urls):
================================================================================
Using Azure AD app-only:
SharePoint.Modernization.Scanner.exe -r <wildcard urls> -a <tenant admin site>  -i <your client id> -z <Azure AD
domain> -f <PFX file> -x <PFX file password>
e.g. SharePoint.Modernization.Scanner.exe -r "https://teams.contoso.com/sites/*,https://my.contoso.com/personal/*" -a
https://contoso-admin.contoso.com -i e5808e8b-6119-44a9-b9d8-9003db04a882 -z conto.onmicrosoft.com  -f apponlycert.pfx
-x pwd

Using app-only:
SharePoint.Modernization.Scanner.exe -r <wildcard urls> -a <tenant admin site> -i <your client id> -s <your client
secret>
e.g. SharePoint.Modernization.Scanner.exe -r "https://teams.contoso.com/sites/*,https://my.contoso.com/personal/*" -a
https://contoso-admin.contoso.com -i 7a5c1615-997a-4059-a784-db2245ec7cc1 -s
eOb6h+s805O/V3DOpd0dalec33Q6ShrHlSKkSra1FFw=

Using credentials:
SharePoint.Modernization.Scanner.exe -r <wildcard urls> -a <tenant admin site> -u <your user id> -p <your user
password>
e.g. SharePoint.Modernization.Scanner.exe -r "https://teams.contoso.com/sites/*,https://my.contoso.com/personal/*" -a
https://contoso-admin.contoso.com -u spadmin@contoso.com -p pwd


  -i, --clientid                           Client ID of the app-only principal used to scan your site collections

  -s, --clientsecret                       Client Secret of the app-only principal used to scan your site collections

  -u, --user                               User id used to scan/enumerate your site collections

  -p, --password                           Password of the user used to scan/enumerate your site collections

  -z, --azuretenant                        Azure tenant (e.g. contoso.microsoftonline.com)

  -y, --azureenvironment                   (Default: Production) Azure environment (only works for Azure AD Cert
                                           auth!). Possible values: Production, USGovernment, Germany, China

  -f, --certificatepfx                     Path + name of the pfx file holding the certificate to authenticate

  -x, --certificatepfxpassword             Password of the pfx file holding the certificate to authenticate

  -a, --tenantadminsite                    Url to your tenant admin site (e.g. https://contoso-admin.contoso.com): only
                                           needed when your not using SPO MT

  -t, --tenant                             Tenant name, e.g. contoso when your sites are under
                                           https://contoso.sharepoint.com/sites. This is the recommended model for
                                           SharePoint Online MT as this way all site collections will be scanned

  -r, --urls                               List of (wildcard) urls (e.g.
                                           https://contoso.sharepoint.com/*,https://contoso-my.sharepoint.com,https://co
                                           ntoso-my.sharepoint.com/personal/*) that you want to get scanned. Ignored if
                                           -t or --tenant are provided.

  -o, --includeod4b                        (Default: False) Include OD4B sites in the scan

  -v, --csvfile                            CSV file name (e.g. input.csv) which contains the list of site collection
                                           urls that you want to scan

  -h, --threads                            (Default: 10) Number of parallel threads, maximum = 100

  -e, --separator                          (Default: ,) Separator used in output CSV files (e.g. ";")

  -m, --mode                               (Default: Full) Execution mode. Use following modes: Full, GroupifyOnly,
                                           ListOnly, PageOnly, HomePageOnly, PublishingOnly, PublishingWithPagesOnly,
                                           WorkflowOnly, WorkflowWithDetailsOnly, InfoPathOnly or BlogOnly. Omit or use
                                           full for a full scan

  -b, --exportwebpartproperties            (Default: False) Export the web part property data

  -c, --skipusageinformation               (Default: False) Don't use search to get the site/page usage information and
                                           don't export that data

  -j, --skipuserinformation                (Default: False) Don't include user information in the exported data

  -k, --skiplistsonlyblockedbyoobreaons    (Default: False) Exclude lists which are blocked due to out of the box
                                           reasons: base template, view type of field type

  -d, --skipreport                         (Default: False) Don't generate an Excel report for the found data

  -g, --exportpaths                        List of paths (e.g. c:\temp\636529695601669598,c:\temp\636529695601656430)
                                           containing scan results you want to add to the report

  -n, --disabletelemetry                   (Default: False) We use telemetry to make this a better tool...but you're
                                           free to disable that

  -q, --dateformat                         (Default: M/d/yyyy) Date format to use for date export in the CSV files. Use
                                           M/d/yyyy or d/M/yyyy

  -w, --storedcertificate                  (Default: ) Path to stored certificate in the form of
                                           StoreName|StoreLocation|Thumbprint. E.g.
                                           My|LocalMachine|3FG496B468BE3828E2359A8A6F092FB701C8CDB1

  --help                                   Display this help screen.