diff --git a/README.md b/README.md index daa40ca..8e92751 100644 Binary files a/README.md and b/README.md differ diff --git a/docs/index.html b/docs/index.html index e8a93e4..27236b2 100644 Binary files a/docs/index.html and b/docs/index.html differ diff --git a/help/Export-M365SecurityAuditTable.md b/help/Export-M365SecurityAuditTable.md index 6afe3bf..a2a7ba0 100644 --- a/help/Export-M365SecurityAuditTable.md +++ b/help/Export-M365SecurityAuditTable.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable @@ -110,22 +110,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -OutputTestNumber -The test number to output as an object. -Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". - -```yaml -Type: String -Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle -Aliases: - -Required: True -Position: 2 -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -ExportAllTests Switch to export all test results. @@ -141,6 +125,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ExportOriginalTests +Switch to export the original audit results to a CSV file. + +```yaml +Type: SwitchParameter +Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ExportPath The path where the CSV files will be exported. @@ -156,8 +155,8 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ExportOriginalTests -Switch to export the original audit results to a CSV file. +### -ExportToExcel +Switch to export the results to an Excel file. ```yaml Type: SwitchParameter @@ -171,17 +170,18 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ExportToExcel -Switch to export the results to an Excel file. +### -OutputTestNumber +The test number to output as an object. +Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". ```yaml -Type: SwitchParameter -Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv +Type: String +Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle Aliases: -Required: False -Position: Named -Default value: False +Required: True +Position: 2 +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` diff --git a/help/Get-AdminRoleUserLicense.md b/help/Get-AdminRoleUserLicense.md index 629903e..22625bb 100644 --- a/help/Get-AdminRoleUserLicense.md +++ b/help/Get-AdminRoleUserLicense.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense @@ -38,6 +38,21 @@ This example retrieves all administrative role users along with their licenses w ## PARAMETERS +### -ProgressAction +{{ Fill ProgressAction Description }} + +```yaml +Type: ActionPreference +Parameter Sets: (All) +Aliases: proga + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -SkipGraphConnection A switch parameter that, when set, skips the connection to Microsoft Graph if already established. This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally. @@ -54,21 +69,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ProgressAction -{{ Fill ProgressAction Description }} - -```yaml -Type: ActionPreference -Parameter Sets: (All) -Aliases: proga - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/help/Get-MFAStatus.md b/help/Get-MFAStatus.md index e5accc3..9e9b878 100644 --- a/help/Get-MFAStatus.md +++ b/help/Get-MFAStatus.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus @@ -37,17 +37,16 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com ## PARAMETERS -### -UserId -The User Principal Name (UPN) of a specific user to retrieve MFA status for. -If not provided, the function retrieves MFA status for all users. +### -ProgressAction +{{ Fill ProgressAction Description }} ```yaml -Type: String +Type: ActionPreference Parameter Sets: (All) -Aliases: +Aliases: proga Required: False -Position: 1 +Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False @@ -68,16 +67,17 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ProgressAction -{{ Fill ProgressAction Description }} +### -UserId +The User Principal Name (UPN) of a specific user to retrieve MFA status for. +If not provided, the function retrieves MFA status for all users. ```yaml -Type: ActionPreference +Type: String Parameter Sets: (All) -Aliases: proga +Aliases: Required: False -Position: Named +Position: 1 Default value: None Accept pipeline input: False Accept wildcard characters: False diff --git a/help/Grant-M365SecurityAuditConsent.md b/help/Grant-M365SecurityAuditConsent.md new file mode 100644 index 0000000..e2c864c --- /dev/null +++ b/help/Grant-M365SecurityAuditConsent.md @@ -0,0 +1,179 @@ +--- +external help file: M365FoundationsCISReport-help.xml +Module Name: M365FoundationsCISReport +online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent +schema: 2.0.0 +--- + +# Grant-M365SecurityAuditConsent + +## SYNOPSIS +Grants Microsoft Graph permissions for an auditor. + +## SYNTAX + +``` +Grant-M365SecurityAuditConsent [-UserPrincipalNameForConsent] [-SkipGraphConnection] + [-SkipModuleCheck] [-SuppressRevertOutput] [-DoNotDisconnect] [-ProgressAction ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +This function grants the specified Microsoft Graph permissions to a user, allowing the user to perform audits. +It connects to Microsoft Graph, checks if a service principal exists for the client application, creates it if it does not exist, and then grants the specified permissions. +Finally, it assigns the app to the user. + +## EXAMPLES + +### EXAMPLE 1 +``` +Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com +``` + +Grants Microsoft Graph permissions to user@example.com for the client application with the specified Application ID. + +### EXAMPLE 2 +``` +Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com -SkipGraphConnection +``` + +Grants Microsoft Graph permissions to user@example.com, skipping the connection to Microsoft Graph. + +## PARAMETERS + +### -DoNotDisconnect +If specified, does not disconnect from Microsoft Graph after granting consent. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProgressAction +{{ Fill ProgressAction Description }} + +```yaml +Type: ActionPreference +Parameter Sets: (All) +Aliases: proga + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipGraphConnection +If specified, skips connecting to Microsoft Graph. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipModuleCheck +If specified, skips the check for the Microsoft.Graph module. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SuppressRevertOutput +If specified, suppresses the output of the revert commands. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UserPrincipalNameForConsent +Specify the UPN of the user to grant consent for. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Void +## NOTES +This function requires the Microsoft.Graph module version 2.4.0 or higher. + +## RELATED LINKS + +[https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent) + diff --git a/help/Invoke-M365SecurityAudit.md b/help/Invoke-M365SecurityAudit.md index 1ee9ffc..706ab6f 100644 --- a/help/Invoke-M365SecurityAudit.md +++ b/help/Invoke-M365SecurityAudit.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit @@ -164,34 +164,47 @@ What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsof ## PARAMETERS -### -TenantAdminUrl -The URL of the tenant admin. -If not specified, none of the SharePoint Online tests will run. +### -DoNotConfirmConnections +If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. ```yaml -Type: String +Type: SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named -Default value: None +Default value: False Accept pipeline input: False Accept wildcard characters: False ``` -### -M365DomainForPWPolicyTest -The domain name of the Microsoft 365 environment to test. -This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. +### -DoNotConnect +If specified, the cmdlet will not establish a connection to Microsoft 365 services. ```yaml -Type: String +Type: SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named -Default value: None +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DoNotDisconnect +If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False Accept pipeline input: False Accept wildcard characters: False ``` @@ -212,22 +225,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ProfileLevel -Specifies the profile level (L1 or L2) for the audit. -This parameter is optional and can be combined with the ELevel parameter. - -```yaml -Type: String -Parameter Sets: ELevelFilter -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -IncludeIG1 If specified, includes tests where IG1 is true. @@ -289,52 +286,22 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -SkipRecommendation -Specifies specific recommendations to exclude from the audit. -Accepts an array of recommendation numbers. +### -M365DomainForPWPolicyTest +The domain name of the Microsoft 365 environment to test. +This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. ```yaml -Type: String[] -Parameter Sets: SkipRecFilter +Type: String +Parameter Sets: (All) Aliases: -Required: True +Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False ``` -### -DoNotConnect -If specified, the cmdlet will not establish a connection to Microsoft 365 services. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DoNotDisconnect -If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. @@ -350,29 +317,61 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -DoNotConfirmConnections -If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. +### -ProfileLevel +Specifies the profile level (L1 or L2) for the audit. +This parameter is optional and can be combined with the ELevel parameter. ```yaml -Type: SwitchParameter -Parameter Sets: (All) +Type: String +Parameter Sets: ELevelFilter Aliases: -Required: False +Required: True Position: Named -Default value: False +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` -### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. +### -ProgressAction +{{ Fill ProgressAction Description }} ```yaml -Type: SwitchParameter +Type: ActionPreference Parameter Sets: (All) -Aliases: wi +Aliases: proga + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipRecommendation +Specifies specific recommendations to exclude from the audit. +Accepts an array of recommendation numbers. + +```yaml +Type: String[] +Parameter Sets: SkipRecFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TenantAdminUrl +The URL of the tenant admin. +If not specified, none of the SharePoint Online tests will run. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Required: False Position: Named @@ -396,13 +395,14 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ProgressAction -{{ Fill ProgressAction Description }} +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. ```yaml -Type: ActionPreference +Type: SwitchParameter Parameter Sets: (All) -Aliases: proga +Aliases: wi Required: False Position: Named diff --git a/help/Remove-RowsWithEmptyCSVStatus.md b/help/Remove-RowsWithEmptyCSVStatus.md index 8582a86..eca797b 100644 --- a/help/Remove-RowsWithEmptyCSVStatus.md +++ b/help/Remove-RowsWithEmptyCSVStatus.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: @@ -46,21 +46,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -WorksheetName -The name of the worksheet within the Excel file to be processed. - -```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: True -Position: 2 -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -ProgressAction {{ Fill ProgressAction Description }} @@ -76,6 +61,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -WorksheetName +The name of the worksheet within the Excel file to be processed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/help/Sync-CISExcelAndCsvData.md b/help/Sync-CISExcelAndCsvData.md index e412199..663e3e4 100644 --- a/help/Sync-CISExcelAndCsvData.md +++ b/help/Sync-CISExcelAndCsvData.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData @@ -32,22 +32,6 @@ Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', add ## PARAMETERS -### -ExcelPath -Specifies the path to the Excel file to be updated. -This parameter is mandatory. - -```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: False -Position: 1 -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -CsvPath Specifies the path to the CSV file containing new data. This parameter is mandatory. @@ -64,8 +48,8 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -SheetName -Specifies the name of the worksheet in the Excel file where data will be merged and updated. +### -ExcelPath +Specifies the path to the Excel file to be updated. This parameter is mandatory. ```yaml @@ -74,7 +58,7 @@ Parameter Sets: (All) Aliases: Required: False -Position: 3 +Position: 1 Default value: None Accept pipeline input: False Accept wildcard characters: False @@ -95,6 +79,22 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -SheetName +Specifies the name of the worksheet in the Excel file where data will be merged and updated. +This parameter is mandatory. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/help/about_M365FoundationsCISReport.md b/help/about_M365FoundationsCISReport.md index 6a2e671..709b089 100644 --- a/help/about_M365FoundationsCISReport.md +++ b/help/about_M365FoundationsCISReport.md @@ -33,6 +33,9 @@ Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName # Example 6: Synchronizing CIS benchmark data with audit results Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles" + +# Example 7: Granting Microsoft Graph permissions to the auditor +Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com' ``` # NOTE diff --git a/source/en-US/M365FoundationsCISReport-help.xml b/source/en-US/M365FoundationsCISReport-help.xml index 9b00f7e..4ea02c5 100644 --- a/source/en-US/M365FoundationsCISReport-help.xml +++ b/source/en-US/M365FoundationsCISReport-help.xml @@ -77,6 +77,17 @@ None + + ExportOriginalTests + + Switch to export the original audit results to a CSV file. + + + SwitchParameter + + + False + ExportPath @@ -89,17 +100,6 @@ None - - ExportOriginalTests - - Switch to export the original audit results to a CSV file. - - - SwitchParameter - - - False - ExportToExcel @@ -188,6 +188,17 @@ None + + ExportOriginalTests + + Switch to export the original audit results to a CSV file. + + + SwitchParameter + + + False + ExportPath @@ -200,17 +211,6 @@ None - - ExportOriginalTests - - Switch to export the original audit results to a CSV file. - - - SwitchParameter - - - False - ExportToExcel @@ -261,18 +261,6 @@ None - - OutputTestNumber - - The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". - - String - - String - - - None - ExportAllTests @@ -285,6 +273,18 @@ False + + ExportOriginalTests + + Switch to export the original audit results to a CSV file. + + SwitchParameter + + SwitchParameter + + + False + ExportPath @@ -297,18 +297,6 @@ None - - ExportOriginalTests - - Switch to export the original audit results to a CSV file. - - SwitchParameter - - SwitchParameter - - - False - ExportToExcel @@ -321,6 +309,18 @@ False + + OutputTestNumber + + The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". + + String + + String + + + None + ProgressAction @@ -431,17 +431,6 @@ Get-AdminRoleUserLicense - - SkipGraphConnection - - A switch parameter that, when set, skips the connection to Microsoft Graph if already established. This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally. - - - SwitchParameter - - - False - ProgressAction @@ -454,21 +443,20 @@ None + + SkipGraphConnection + + A switch parameter that, when set, skips the connection to Microsoft Graph if already established. This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally. + + + SwitchParameter + + + False + - - SkipGraphConnection - - A switch parameter that, when set, skips the connection to Microsoft Graph if already established. This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally. - - SwitchParameter - - SwitchParameter - - - False - ProgressAction @@ -481,6 +469,18 @@ None + + SkipGraphConnection + + A switch parameter that, when set, skips the connection to Microsoft Graph if already established. This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally. + + SwitchParameter + + SwitchParameter + + + False + @@ -565,17 +565,6 @@ None - - SkipMSOLConnectionChecks - - {{ Fill SkipMSOLConnectionChecks Description }} - - - SwitchParameter - - - False - ProgressAction @@ -588,17 +577,28 @@ None + + SkipMSOLConnectionChecks + + {{ Fill SkipMSOLConnectionChecks Description }} + + + SwitchParameter + + + False + - - UserId + + ProgressAction - The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. + {{ Fill ProgressAction Description }} - String + ActionPreference - String + ActionPreference None @@ -615,14 +615,14 @@ False - - ProgressAction + + UserId - {{ Fill ProgressAction Description }} + The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. - ActionPreference + String - ActionPreference + String None @@ -733,6 +733,250 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com + + + Grant-M365SecurityAuditConsent + Grant + M365SecurityAuditConsent + + Grants Microsoft Graph permissions for an auditor. + + + + This function grants the specified Microsoft Graph permissions to a user, allowing the user to perform audits. It connects to Microsoft Graph, checks if a service principal exists for the client application, creates it if it does not exist, and then grants the specified permissions. Finally, it assigns the app to the user. + + + + Grant-M365SecurityAuditConsent + + UserPrincipalNameForConsent + + Specify the UPN of the user to grant consent for. + + String + + String + + + None + + + DoNotDisconnect + + If specified, does not disconnect from Microsoft Graph after granting consent. + + + SwitchParameter + + + False + + + ProgressAction + + {{ Fill ProgressAction Description }} + + ActionPreference + + ActionPreference + + + None + + + SkipGraphConnection + + If specified, skips connecting to Microsoft Graph. + + + SwitchParameter + + + False + + + SkipModuleCheck + + If specified, skips the check for the Microsoft.Graph module. + + + SwitchParameter + + + False + + + SuppressRevertOutput + + If specified, suppresses the output of the revert commands. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + + + DoNotDisconnect + + If specified, does not disconnect from Microsoft Graph after granting consent. + + SwitchParameter + + SwitchParameter + + + False + + + ProgressAction + + {{ Fill ProgressAction Description }} + + ActionPreference + + ActionPreference + + + None + + + SkipGraphConnection + + If specified, skips connecting to Microsoft Graph. + + SwitchParameter + + SwitchParameter + + + False + + + SkipModuleCheck + + If specified, skips the check for the Microsoft.Graph module. + + SwitchParameter + + SwitchParameter + + + False + + + SuppressRevertOutput + + If specified, suppresses the output of the revert commands. + + SwitchParameter + + SwitchParameter + + + False + + + UserPrincipalNameForConsent + + Specify the UPN of the user to grant consent for. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + System.Void + + + + + + + + + This function requires the Microsoft.Graph module version 2.4.0 or higher. + + + + + -------------------------- EXAMPLE 1 -------------------------- + Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com + + Grants Microsoft Graph permissions to user@example.com for the client application with the specified Application ID. + + + + -------------------------- EXAMPLE 2 -------------------------- + Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com -SkipGraphConnection + + Grants Microsoft Graph permissions to user@example.com, skipping the connection to Microsoft Graph. + + + + + + https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent + https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent + + + Invoke-M365SecurityAudit @@ -749,28 +993,37 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com Invoke-M365SecurityAudit - TenantAdminUrl + DoNotConfirmConnections - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - String - String + SwitchParameter - None + False - M365DomainForPWPolicyTest + DoNotConnect - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + If specified, the cmdlet will not establish a connection to Microsoft 365 services. - String - String + SwitchParameter - None + False + + + DoNotDisconnect + + If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. + + + SwitchParameter + + + False ELevel @@ -784,6 +1037,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + M365DomainForPWPolicyTest + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + ProfileLevel @@ -796,6 +1072,66 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + ProgressAction + + {{ Fill ProgressAction Description }} + + ActionPreference + + ActionPreference + + + None + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -818,89 +1154,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - ProgressAction - - {{ Fill ProgressAction Description }} - - ActionPreference - - ActionPreference - - - None - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - M365DomainForPWPolicyTest - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - IncludeIG1 @@ -912,6 +1165,89 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False + + M365DomainForPWPolicyTest + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + + + ProgressAction + + {{ Fill ProgressAction Description }} + + ActionPreference + + ActionPreference + + + None + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -934,89 +1270,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - ProgressAction - - {{ Fill ProgressAction Description }} - - ActionPreference - - ActionPreference - - - None - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - M365DomainForPWPolicyTest - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - IncludeIG2 @@ -1028,6 +1281,89 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False + + M365DomainForPWPolicyTest + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + + + ProgressAction + + {{ Fill ProgressAction Description }} + + ActionPreference + + ActionPreference + + + None + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -1050,89 +1386,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - ProgressAction - - {{ Fill ProgressAction Description }} - - ActionPreference - - ActionPreference - - - None - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - M365DomainForPWPolicyTest - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - IncludeIG3 @@ -1144,6 +1397,89 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False + + M365DomainForPWPolicyTest + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + + + ProgressAction + + {{ Fill ProgressAction Description }} + + ActionPreference + + ActionPreference + + + None + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -1166,89 +1502,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - ProgressAction - - {{ Fill ProgressAction Description }} - - ActionPreference - - ActionPreference - - - None - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - M365DomainForPWPolicyTest - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - IncludeRecommendation @@ -1261,6 +1514,89 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + M365DomainForPWPolicyTest + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + + + ProgressAction + + {{ Fill ProgressAction Description }} + + ActionPreference + + ActionPreference + + + None + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -1283,6 +1619,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False + + M365DomainForPWPolicyTest + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + NoModuleCheck @@ -1294,39 +1642,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - ProgressAction @@ -1339,33 +1654,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - M365DomainForPWPolicyTest - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - SkipRecommendation @@ -1379,42 +1667,21 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None - DoNotConnect + TenantAdminUrl - If specified, the cmdlet will not establish a connection to Microsoft 365 services. + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + String - SwitchParameter + String - False + None - - DoNotDisconnect + + Confirm - If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. - - - SwitchParameter - - - False - - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -1433,55 +1700,44 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - ProgressAction - - {{ Fill ProgressAction Description }} - - ActionPreference - - ActionPreference - - - None - - TenantAdminUrl + DoNotConfirmConnections - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - String + SwitchParameter - String + SwitchParameter - None + False - M365DomainForPWPolicyTest + DoNotConnect - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + If specified, the cmdlet will not establish a connection to Microsoft 365 services. - String + SwitchParameter - String + SwitchParameter - None + False + + + DoNotDisconnect + + If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. + + SwitchParameter + + SwitchParameter + + + False ELevel @@ -1495,18 +1751,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None - - ProfileLevel - - Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. - - String - - String - - - None - IncludeIG1 @@ -1555,42 +1799,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None - - SkipRecommendation + + M365DomainForPWPolicyTest - Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - String[] + String - String[] + String None - - DoNotConnect - - If specified, the cmdlet will not establish a connection to Microsoft 365 services. - - SwitchParameter - - SwitchParameter - - - False - - - DoNotDisconnect - - If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. - - SwitchParameter - - SwitchParameter - - - False - NoModuleCheck @@ -1603,10 +1823,58 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - DoNotConfirmConnections + + ProfileLevel - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. + + String + + String + + + None + + + ProgressAction + + {{ Fill ProgressAction Description }} + + ActionPreference + + ActionPreference + + + None + + + SkipRecommendation + + Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. + + String[] + + String[] + + + None + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -1627,30 +1895,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - ProgressAction - - {{ Fill ProgressAction Description }} - - ActionPreference - - ActionPreference - - - None - @@ -1821,18 +2065,6 @@ PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation None - - WorksheetName - - The name of the worksheet within the Excel file to be processed. - - String - - String - - - None - ProgressAction @@ -1845,6 +2077,18 @@ PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation None + + WorksheetName + + The name of the worksheet within the Excel file to be processed. + + String + + String + + + None + @@ -1931,18 +2175,6 @@ This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, - - ExcelPath - - Specifies the path to the Excel file to be updated. This parameter is mandatory. - - String - - String - - - None - CsvPath @@ -1955,10 +2187,10 @@ This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, None - - SheetName + + ExcelPath - Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory. + Specifies the path to the Excel file to be updated. This parameter is mandatory. String @@ -1979,6 +2211,18 @@ This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, None + + SheetName + + Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory. + + String + + String + + + None + diff --git a/source/en-US/about_M365FoundationsCISReport.help.txt b/source/en-US/about_M365FoundationsCISReport.help.txt index 2dc01a1..c64914f 100644 --- a/source/en-US/about_M365FoundationsCISReport.help.txt +++ b/source/en-US/about_M365FoundationsCISReport.help.txt @@ -45,6 +45,9 @@ EXAMPLES # Example 6: Synchronizing CIS benchmark data with audit results Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles" + + # Example 7: Granting Microsoft Graph permissions to the auditor + Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com' NOTE Ensure that you have the necessary permissions and administrative roles in