diff --git a/source/Public/Invoke-M365SecurityAudit.ps1 b/source/Public/Invoke-M365SecurityAudit.ps1 index f45940a..4a5b004 100644 --- a/source/Public/Invoke-M365SecurityAudit.ps1 +++ b/source/Public/Invoke-M365SecurityAudit.ps1 @@ -6,11 +6,12 @@ .PARAMETER TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. .PARAMETER DomainName - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + The domain name of the Microsoft 365 environment to test. It is optional and will trigger various tests to run only for the specified domain. + Tests Affected: 2.1.9/Test-EnableDKIM, 1.3.1/Test-PasswordNeverExpirePolicy, 2.1.4/Test-SafeAttachmentsPolicy .PARAMETER ELevel Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. .PARAMETER ProfileLevel - Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. + Specifies the profile level (L1 or L2) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise it is not required. .PARAMETER IncludeIG1 If specified, includes tests where IG1 is true. .PARAMETER IncludeIG2 @@ -23,8 +24,9 @@ Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. .PARAMETER ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. + Acceptable values: 'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte' .PARAMETER ApprovedFederatedDomains - Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. + Specifies the approved federated domains for the audit test 8.2.1/Test-TeamsExternalAccess. Accepts an array of allowed domain names. .PARAMETER DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. .PARAMETER DoNotDisconnect @@ -37,79 +39,84 @@ PS> Invoke-M365SecurityAudit Performs a security audit using default parameters. - Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Output: + + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1" Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment. - Output: - Status : Fail - ELevel : E5 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Output: + + Status : Fail + ELevel : E5 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1 Performs an audit including all tests where IG1 is true. - Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Output: + + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1' Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1. - Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Output: + + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation Captures the audit results into a variable and exports them to a CSV file. - Output: - CISAuditResult[] - auditResults.csv + Output: + CISAuditResult[] + auditResults.csv .EXAMPLE PS> Invoke-M365SecurityAudit -WhatIf Displays what would happen if the cmdlet is run without actually performing the audit. - Output: - What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment". + Output: + + What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment". .INPUTS None. You cannot pipe objects to Invoke-M365SecurityAudit. .OUTPUTS