Project • Free Tool • M365 Administration.

gtools.pro — Local-First M365 Administration Suite

Free Microsoft 365 administration tools. Local PowerShell collectors export Intune, Entra ID, and Safety setups; a self-hosted Teams chat exporter handles Teams 1:1, group, and channel conversations. Audit reports map to ISO 27001 Annex A controls.

Free Tool. M365 Administration. Local-First. PowerShell Audit. Teams Chat Export. ISO 27001 Mapping.

Platform Overview

gtools.pro is a local-first administration suite for Microsoft 365 IT teams. The audit toolchain runs as PowerShell collectors on the operator’s own machine, authenticating directly against Microsoft Graph. The Teams chat exporter ships as a self-hosted React frontend + FastAPI backend that runs inside the operator’s perimeter; tenant credentials are used by that local service only and never touch any curta-hosted SaaS.

What ships today: 18 PowerShell collectors covering ID, safety, and setup; 11 pre-built reports mapped to ISO 27001 Annex A controls; a self-hosted Teams chat exporter (1:1, group, and channel conversations); Intune device-policy export; Entra ID ID-setup export. Free for all users.

18
PowerShell Audit Collectors
11
Audit Reports
1
Framework Mapped (ISO 27001)
Free
Now Pricing
Local-First Design.

Security by Design

Local-Only Credential Handling

PowerShell collectors authenticate directly to Microsoft Graph from the operator’s own machine. The Teams chat exporter runs as a self-hosted service inside the operator’s perimeter; tenant credentials are used by that local service only. No curta-hosted SaaS gets, stores, or proxies your credentials.

Direct Graph API Exports

All data exports are made via direct calls from your browser to Microsoft Graph API. Exported files download directly to your machine without transiting or being stored on any third-party server.

WebAssembly Encryption

Cryptographic ops use AES-256-GCM and ChaCha20-Poly1305 set up in WebAssembly for high-speed, browser-native encoding without JavaScript library dependencies.

Microsoft OAuth Only

Sign-in is handled entirely through Microsoft's OAuth 2.0 flow. Supports both delegated user permissions and application permissions via service principal / app listing.

Content Backup.

Backup What Matters

Three backup centers cover all major M365 content workloads, with both private and team-wide scope options.

Communication Backup

Teams chats, channels, email, calendar, contacts.

Export Teams conversations and channel history, Exchange mailbox content, calendar entries, and contact lists. Supports delta sync for incremental backups. Output includes JSON and PST formats.

Files Backup

OneDrive and SharePoint docs.

Back up OneDrive private drives and SharePoint site libraries. Delta sync support exports only files changed since the last backup. Live log viewer shows real-time progress for large tenants.

Productivity Backup

Planner, Bookings, To Do tasks.

Export Microsoft Planner boards with tasks, buckets, and assignments. Back up Bookings calendars and appointment history. Export private and shared To Do task lists to JSON.

Setup Export.

8 Configuration Export Tools

Document your M365 tenant setup before moves, policy changes, or audits. All exports download directly to your machine.

Entra ID Advanced Export

Full Entra ID (Azure AD) setup including Privileged ID Control (PIM), MFA policies, Conditional Access rules, B2B settings, custom safety attributes, and team branding.

Exchange Online Deep Export

13 export categories covering mailbox policies, transport rules, connectors, anti-spam and anti-malware settings, keep policies, and audit fit setups.

Intune Configuration Export

26 setup categories: device audit fit policies, setup profiles, app safety policies, enrollment restrictions, Windows Autopilot profiles, and update rings.

M365DSC Export

Make Microsoft365DSC PowerShell scripts from your live tenant setup for systems-as-code docs, drift finding, and setup replication.

Power Platform Inventory

Export Power Apps, Power Auto-run flows, Power BI workspaces, and Dataverse setups across your tenant. Find shadow IT and ungoverned auto-work assets.

Security & Compliance Export

13 parts: DLP policies, trust level labels, keep labels, comms audit fit policies, eDiscovery cases, insider risk control settings, and audit log setups.

SharePoint Permissions Export

Document site collection permissions, unique permission inheritance breaks, outside sharing settings, and guest access at scale across all SharePoint sites and libraries.

Teams Voice Configuration

Export Teams Phone System setup: dial plans, call queues, auto attendants, emergency locations, voice routing policies, and Direct Routing trunk settings.

Audit & Audit fit.

Audit and Compliance Reports

Eleven pre-built reports covering safety posture, access rules, sharing risks, Teams rules, and ISO 27001 fit.

Security Posture

  • M365 Tenant Audit (ISO 27001 Annex A mapping)
  • Safety Risk Dashboard.
  • Privileged Access Report.
  • Copilot Readiness Assessment.
  • Permission Change Audit.

Access Governance

  • Access Review Report.
  • Outside Teamwork Report.
  • Orphaned Users Report.
  • Oversharing Finding.
  • Unique Permissions Audit.

SharePoint Security

  • SharePoint Safety Center.
  • SharePoint Permissions Report.
  • Sharing Links & Invitations Report.
  • Broken Inheritance Report.
  • Group Membership Report.

Teams & Lifecycle

  • Teams Rules Report.
  • Teams Safety Center.
  • Teams Storage Report.
  • Site Lifecycle Report.
  • Stale Content Report.
Audit fit Framework.

ISO 27001 Audit Coverage

The M365 Tenant Audit runs 18 collectors across safety settings, ID setup, and audit fit controls, mapped to ISO 27001 Annex A. Mappings for other frameworks (SOC 2, GDPR, HIPAA, NIS2) are on the roadmap but not yet set up.

ISO 27001

18 audit collectors mapped to ISO 27001 Annex A controls. Covers ID safety (MFA, PIM, Conditional Access), data safety policies, audit logging, and safety setup starting points.

GDPR — informational

Setup checks covering data minimization, access controls, keep policies, and audit logging surface proof relevant to GDPR reviews. No GDPR-specific control mapping ships yet.

Other frameworks — roadmap

SOC 2 Trust Service Criteria, HIPAA technical safeguards and NIS2 risk-control controls are planned mappings. Not set up today; do not rely on this tool for those audits yet.

Export Formats.

Flexible Output for Every Use Case

Machine-Readable

JSON, CSV

Set data exports for pipeline link-up, vulnerability control platforms, SIEM ingestion, and custom reporting workflows.

Human-Readable

HTML Dashboard, Excel, PDF.

Visual dashboards for audit fit reviews, control reporting, and audit presentations. Excel exports for data study and pivot table reporting.

Infrastructure as Code

PowerShell (.ps1)

M365DSC PowerShell scripts made from live tenant setup for docs, drift finding, and setup replication across tenants.

Backup Archives

ZIP, PST

Packaged backups of Teams content, Exchange mailboxes (PST format), and document libraries shipped as ZIP archives directly to your local machine.

Use Cases.

When IT Teams Reach for gtools.pro

Pre-Migration Documentation

Document source tenant setup before M365 tenant moves or major policy changes. Export all 8 setup categories to create a starting point snapshot for comparison and rollback reference.

Employee Offboarding

Back up departing user's Teams chats, OneDrive content, To Do tasks, and calendar data before account deactivation. Ensure no biz-critical content is lost when accounts are disabled.

Copilot Readiness

Run the Copilot Readiness Assessment and Oversharing Finding reports before M365 Copilot rollout to find permission risks and touchy content that could be exposed through AI-assisted queries.

Compliance Audits

Make ISO 27001 audit proof in a single session. 18 audit collectors produce set findings with high/medium/low/info severity ratings and ISO 27001 Annex A coverage percentages. Mapping to other frameworks (SOC 2, GDPR, HIPAA, NIS2) is on the roadmap.

External Access Review

Audit all guest accounts, outside user sharing, and B2B teamwork settings across your tenant. Find overprovisioned outside access before safety reviews or partner relationship changes.

Storage & Lifecycle

Find stale content, dormant Teams, inactive sites, and storage growth patterns. Prioritize archival or deletion decisions with activity-level categorization across all M365 workloads.

Pricing.

Free for Now

gtools.pro is now free for all M365 IT administrators. All tools and reports are accessible without subscription. Needs Microsoft 365 E3 or E5 licenses for the M365 tenant features being administered. Advanced audit features (1-year keep, unified audit log) need M365 E5.

Access Needs: Microsoft 365 tenant with right administrator role. Supported roles include Global Administrator, Audit fit Administrator, Teams Administrator, Exchange Administrator, and Power Platform Administrator depending on the tools used. App listing in Azure AD needed for application permission flows.

Open gtools.pro →
Fit & Limitations.

Best fit and known limitations

Best for

Microsoft 365 administrators preparing for an ISO 27001 audit who want local-first PowerShell collectors and a self-hosted Teams export service rather than handing tenant data to a third-party SaaS. Mapping to SOC 2, GDPR, HIPAA and NIS2 is on the roadmap.

Not the right fit

Non-Microsoft estates; runtime tracking (use a SIEM); setups that ban any local processing of admin data, even client-side encoded.

Known limitations

Browser-bound — very large tenant exports are constrained by browser memory; read-only by design (does not modify tenant setup); coverage focuses on the most-used M365 surfaces, not every Microsoft Graph endpoint.

Need M365 governance, migration, or compliance support?

Let's discuss how gtools.pro fits into your M365 administration, audit, and audit fit workflows.

Book a Call ← All Projects