vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Update Comment Help

Browse Source
This commit is contained in:
DrIOS
2024-07-07 16:32:50 -05:00
parent 5ddcd4466e
commit 14ed9f6598
1 changed files with 63 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
source/Public/Invoke-M365SecurityAudit.ps1
View File

@@ -6,11 +6,12 @@
.PARAMETER TenantAdminUrl .PARAMETER TenantAdminUrl
The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
.PARAMETER DomainName .PARAMETER DomainName
The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. The domain name of the Microsoft 365 environment to test. It is optional and will trigger various tests to run only for the specified domain.
Tests Affected: 2.1.9/Test-EnableDKIM, 1.3.1/Test-PasswordNeverExpirePolicy, 2.1.4/Test-SafeAttachmentsPolicy
.PARAMETER ELevel .PARAMETER ELevel
Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter.
.PARAMETER ProfileLevel .PARAMETER ProfileLevel
Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. Specifies the profile level (L1 or L2) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise it is not required.
.PARAMETER IncludeIG1 .PARAMETER IncludeIG1
If specified, includes tests where IG1 is true. If specified, includes tests where IG1 is true.
.PARAMETER IncludeIG2 .PARAMETER IncludeIG2
@@ -23,8 +24,9 @@
Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.
.PARAMETER ApprovedCloudStorageProviders .PARAMETER ApprovedCloudStorageProviders
Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
Acceptable values: 'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte'
.PARAMETER ApprovedFederatedDomains .PARAMETER ApprovedFederatedDomains
Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. Specifies the approved federated domains for the audit test 8.2.1/Test-TeamsExternalAccess. Accepts an array of allowed domain names.
.PARAMETER DoNotConnect .PARAMETER DoNotConnect
If specified, the cmdlet will not establish a connection to Microsoft 365 services. If specified, the cmdlet will not establish a connection to Microsoft 365 services.
.PARAMETER DoNotDisconnect .PARAMETER DoNotDisconnect
@@ -37,79 +39,84 @@
PS> Invoke-M365SecurityAudit PS> Invoke-M365SecurityAudit
Performs a security audit using default parameters. Performs a security audit using default parameters.
Output: Output:
Status : Fail
ELevel : E3 Status : Fail
ProfileLevel: L1 ELevel : E3
Connection : Microsoft Graph ProfileLevel: L1
Rec : 1.1.1 Connection : Microsoft Graph
Result : False Rec : 1.1.1
Details : Non-compliant accounts: Result : False
Username | Roles | HybridStatus | Missing Licence Details : Non-compliant accounts:
user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM Username | Roles | HybridStatus | Missing Licence
user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM
FailureReason: Non-Compliant Accounts: 2 user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2
FailureReason: Non-Compliant Accounts: 2
.EXAMPLE .EXAMPLE
PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1" PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1"
Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment. Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
Output: Output:
Status : Fail
ELevel : E5 Status : Fail
ProfileLevel: L1 ELevel : E5
Connection : Microsoft Graph ProfileLevel: L1
Rec : 1.1.1 Connection : Microsoft Graph
Result : False Rec : 1.1.1
Details : Non-compliant accounts: Result : False
Username | Roles | HybridStatus | Missing Licence Details : Non-compliant accounts:
user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM Username | Roles | HybridStatus | Missing Licence
user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM
FailureReason: Non-Compliant Accounts: 2 user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2
FailureReason: Non-Compliant Accounts: 2
.EXAMPLE .EXAMPLE
PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1 PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1
Performs an audit including all tests where IG1 is true. Performs an audit including all tests where IG1 is true.
Output: Output:
Status : Fail
ELevel : E3 Status : Fail
ProfileLevel: L1 ELevel : E3
Connection : Microsoft Graph ProfileLevel: L1
Rec : 1.1.1 Connection : Microsoft Graph
Result : False Rec : 1.1.1
Details : Non-compliant accounts: Result : False
Username | Roles | HybridStatus | Missing Licence Details : Non-compliant accounts:
user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM Username | Roles | HybridStatus | Missing Licence
user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM
FailureReason: Non-Compliant Accounts: 2 user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2
FailureReason: Non-Compliant Accounts: 2
.EXAMPLE .EXAMPLE
PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1' PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1. Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
Output: Output:
Status : Fail
ELevel : E3 Status : Fail
ProfileLevel: L1 ELevel : E3
Connection : Microsoft Graph ProfileLevel: L1
Rec : 1.1.1 Connection : Microsoft Graph
Result : False Rec : 1.1.1
Details : Non-compliant accounts: Result : False
Username | Roles | HybridStatus | Missing Licence Details : Non-compliant accounts:
user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM Username | Roles | HybridStatus | Missing Licence
user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM
FailureReason: Non-Compliant Accounts: 2 user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2
FailureReason: Non-Compliant Accounts: 2
.EXAMPLE .EXAMPLE
PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com"
PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
Captures the audit results into a variable and exports them to a CSV file. Captures the audit results into a variable and exports them to a CSV file.
Output: Output:
CISAuditResult[] CISAuditResult[]
auditResults.csv auditResults.csv
.EXAMPLE .EXAMPLE
PS> Invoke-M365SecurityAudit -WhatIf PS> Invoke-M365SecurityAudit -WhatIf
Displays what would happen if the cmdlet is run without actually performing the audit. Displays what would happen if the cmdlet is run without actually performing the audit.
Output: Output:
What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment".
What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment".
.INPUTS .INPUTS
None. You cannot pipe objects to Invoke-M365SecurityAudit. None. You cannot pipe objects to Invoke-M365SecurityAudit.
.OUTPUTS .OUTPUTS