From f91af6e725b3ff7a0f7680f7e5beb89deeefd380 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 10:24:32 -0500 Subject: [PATCH 01/19] change: Test-ExternalSharingCalendars reverted to simple test --- source/Private/Get-Action.ps1 | 63 +++++++++------- .../tests/Test-ExternalSharingCalendars.ps1 | 72 +++++++++---------- 2 files changed, 72 insertions(+), 63 deletions(-) diff --git a/source/Private/Get-Action.ps1 b/source/Private/Get-Action.ps1 index 3d24f11..894cca7 100644 --- a/source/Private/Get-Action.ps1 +++ b/source/Private/Get-Action.ps1 @@ -75,39 +75,48 @@ function Get-Action { return $Dictionary } "ConvertActions" { - $actionDictionary = switch ($ActionType) { - "Admin" { $Dictionary.AdminActions } - "Delegate" { $Dictionary.DelegateActions } - "Owner" { $Dictionary.OwnerActions } + try { + $actionDictionary = switch ($ActionType) { + "Admin" { $Dictionary.AdminActions } + "Delegate" { $Dictionary.DelegateActions } + "Owner" { $Dictionary.OwnerActions } + } + + $abbreviatedActions = @() + foreach ($action in $Actions) { + if ($actionDictionary.ContainsKey($action)) { + $abbreviatedActions += $actionDictionary[$action] + } + } + return $abbreviatedActions + } + catch { + throw $_ } - $abbreviatedActions = @() - foreach ($action in $Actions) { - if ($actionDictionary.ContainsKey($action)) { - $abbreviatedActions += $actionDictionary[$action] - } - } - return $abbreviatedActions } "ReverseActions" { - $reverseDictionary = @{} - $originalDictionary = switch ($ReverseActionType) { - "Admin" { $Dictionary.AdminActions } - "Delegate" { $Dictionary.DelegateActions } - "Owner" { $Dictionary.OwnerActions } - } - - foreach ($key in $originalDictionary.Keys) { - $reverseDictionary[$originalDictionary[$key]] = $key - } - - $fullNames = @() - foreach ($abbrAction in $AbbreviatedActions) { - if ($reverseDictionary.ContainsKey($abbrAction)) { - $fullNames += $reverseDictionary[$abbrAction] + try { + $reverseDictionary = @{} + $originalDictionary = switch ($ReverseActionType) { + "Admin" { $Dictionary.AdminActions } + "Delegate" { $Dictionary.DelegateActions } + "Owner" { $Dictionary.OwnerActions } } + foreach ($key in $originalDictionary.Keys) { + $reverseDictionary[$originalDictionary[$key]] = $key + } + $fullNames = @() + foreach ($abbrAction in $AbbreviatedActions) { + if ($reverseDictionary.ContainsKey($abbrAction)) { + $fullNames += $reverseDictionary[$abbrAction] + } + } + return $fullNames + } + catch { + throw $_ } - return $fullNames } } } diff --git a/source/tests/Test-ExternalSharingCalendars.ps1 b/source/tests/Test-ExternalSharingCalendars.ps1 index 0a43079..15d88d9 100644 --- a/source/tests/Test-ExternalSharingCalendars.ps1 +++ b/source/tests/Test-ExternalSharingCalendars.ps1 @@ -5,12 +5,14 @@ function Test-ExternalSharingCalendars { # Aligned # Parameters can be added if needed ) + begin { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 + # Initialization code, if needed $recnum = "1.3.3" - Write-Verbose "Running Test-ExternalSharingCalendars for $recnum..." + # Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated) # # Validate test for a pass: @@ -25,19 +27,12 @@ function Test-ExternalSharingCalendars { # - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled. # - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`. } + process { try { # Step: Retrieve sharing policies related to calendar sharing - # $sharingPolicies Mock Object - <# - $sharingPolicies = [PSCustomObject]@{ - Name = "Default Sharing Policy" - Domains = @("Anonymous:CalendarSharingFreeBusySimple") - Enabled = $true - Default = $true - } - #> $sharingPolicies = Get-CISExoOutput -Rec $recnum + # Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies $isExternalSharingDisabled = $true $sharingPolicyDetails = @() @@ -47,43 +42,47 @@ function Test-ExternalSharingCalendars { $sharingPolicyDetails += "$($policy.Name): Enabled" } } - # Retrieve calendars with publishing enabled (from 1.3.3b) - # $calendarDetails Mock Object - <# - $calendarDetails = @( - [PSCustomObject]@{ - Calendar = "SMBuser1@domain.com" - URL = "https://example.com/calendar/smbuser1" - }, - [PSCustomObject]@{ - Calendar = "SMBuser2@domain.com" - URL = "https://example.com/calendar/smbuser2" - }, - [PSCustomObject]@{ - Calendar = "SMBuser4@domain.com" - URL = "https://example.com/calendar/smbuser3" - } - ) - #> - $calendarDetails = Get-CISExoOutput -Rec "$("$recnum" + "b")" - # Build the failure reason string + $failureRemediation = @' +# Get all mailboxes +$mailboxes = Get-Mailbox -ResultSize Unlimited + +# Initialize a hashtable to store calendar folder names +$calendarFolders = @{} +# Get the default calendar folder names for all mailboxes +$mailboxes | ForEach-Object { + $calendarFolderName = [string](Get-EXOMailboxFolderStatistics $_.PrimarySmtpAddress -FolderScope Calendar | Where-Object { $_.FolderType -eq `'Calendar`' }).Name + $calendarFolders[$_.PrimarySmtpAddress] = $calendarFolderName +} +# Get the calendar folder settings for each mailbox +foreach ($mailbox in $mailboxes) { + $primarySmtpAddress = $mailbox.PrimarySmtpAddress + $calendarFolder = $calendarFolders[$primarySmtpAddress] + # Get users calendar folder settings for their default Calendar folder + $calendar = Get-MailboxCalendarFolder -Identity "$primarySmtpAddress:\$calendarFolder" + # Check if calendar publishing is enabled and display a message + if ($calendar.PublishEnabled) { + Write-Host -ForegroundColor Yellow "Calendar publishing is enabled for $primarySmtpAddress on $($calendar.PublishedCalendarUrl)" + } +} +'@ + # Step: Prepare failure reasons and details based on compliance (Condition A & B: Fail) $failureReasons = if (-not $isExternalSharingDisabled) { - $baseMessage = "Calendar sharing with external users is enabled in one or more policies." - if ($calendarDetails.Count -gt 0) { - $baseMessage += "`nPrior to remediating, check the following mailboxes that have calendar publishing enabled: `n$($calendarDetails -join '`n')" - } - $baseMessage + "Calendar sharing with external users is enabled in one or more policies.`n`n" + ` + "Use the following command to verify which users are sharing calendars prior to disabling:`n`n" + ` + $failureRemediation } else { "N/A" } + # Step: Prepare details for the audit result (Condition A & B: Pass/Fail) $details = if ($isExternalSharingDisabled) { "Calendar sharing with external users is disabled." } else { - "Enabled Sharing Policies:`n$($sharingPolicyDetails -join ', ')" + "Enabled Sharing Policies: $($sharingPolicyDetails -join ', ')" } + # Step: Create and populate the CISAuditResult object $params = @{ Rec = $recnum @@ -99,6 +98,7 @@ function Test-ExternalSharingCalendars { $auditResult = Get-TestError -LastError $LastError -recnum $recnum } } + end { # Return the audit result return $auditResult From ff1162f96210d922433cc74930868295a4fc955f Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 10:25:15 -0500 Subject: [PATCH 02/19] change: Test-ExternalSharingCalendars reverted to simple test --- source/Private/Get-CISExoOutput.ps1 | 54 ----------------------------- 1 file changed, 54 deletions(-) diff --git a/source/Private/Get-CISExoOutput.ps1 b/source/Private/Get-CISExoOutput.ps1 index e2994b3..074bd87 100644 --- a/source/Private/Get-CISExoOutput.ps1 +++ b/source/Private/Get-CISExoOutput.ps1 @@ -87,60 +87,6 @@ function Get-CISExoOutput { # [psobject[]] return $sharingPolicies } - '1.3.3b' { - # $mailboxes Mock Object - <# - $mailboxes = @( - [PSCustomObject]@{ - UserPrincipalName = "SMBuser1@domain.com" - ExternalDirectoryObjectId = "123e4567-e89b-12d3-a456-426614174000" - PrimarySmtpAddress = "SMBuser1@domain.com" - PublishEnabled = $False - PublishedCalendarUrl = "https://example.com/calendar/smbuser1" - }, - [PSCustomObject]@{ - UserPrincipalName = "SMBuser2@domain.com" - ExternalDirectoryObjectId = "987e6543-21ba-12d3-a456-426614174000" - PrimarySmtpAddress = "SMBuser2@domain.com" - PublishEnabled = $False - PublishedCalendarUrl = "https://example.com/calendar/smbuser2" - }, - [PSCustomObject]@{ - UserPrincipalName = "SMBuser3@domain.com" - ExternalDirectoryObjectId = "abcddcba-98fe-76dc-a456-426614174000" - PrimarySmtpAddress = "SMBuser3@domain.com" - PublishEnabled = $False - PublishedCalendarUrl = "https://example.com/calendar/smbuser3" - } - ) - #> - $mailboxes = Get-Mailbox -ResultSize Unlimited - $results = foreach ($mailbox in $mailboxes) { - # Get the name of the default calendar folder (depends on the mailbox's language) - # Return single string Ex: return "Calendar" x 3 in array - $calendarFolder = [string](Get-EXOMailboxFolderStatistics $mailbox.PrimarySmtpAddress -Folderscope Calendar | Where-Object { $_.FolderType -eq 'Calendar' }).Name - Write-Verbose "Calendar folder for $($mailbox.PrimarySmtpAddress): $calendarFolder" - # Get users calendar folder settings for their default Calendar folder - # calendar has the format identity:\ - $calendar = Get-MailboxCalendarFolder -Identity "$($mailbox.PrimarySmtpAddress):\$calendarFolder" - #Write-Host "Calendar object for $($mailbox.PrimarySmtpAddress): $calendar" - Write-Verbose "Calendar publishing enabled: $($calendar.PublishEnabled)" - # Check if calendar publishing is enabled and create a custom object - if ($calendar.PublishEnabled) { - [PSCustomObject]@{ - PrimarySmtpAddress = $mailbox.PrimarySmtpAddress - CalendarFolder = $calendarFolder - PublishEnabled = $calendar.PublishEnabled - PublishedCalendarUrl = $calendar.PublishedCalendarUrl - } - } - } - $calendarDetails = @() - foreach ($calendar in $results) { - $calendarDetails += "Calendar: $($calendar.PrimarySmtpAddress); URL: $($calendar.PublishedCalendarUrl)" - } - return $calendarDetails - } '1.3.6' { # Test-CustomerLockbox.ps1 # Step: Retrieve the organization configuration (Condition C: Pass/Fail) From fcaebf1db179607e691c36fe5b9a22f01f20330e Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 11:58:16 -0500 Subject: [PATCH 03/19] change: Get-Action Testing --- source/Private/Get-Action.ps1 | 151 +++++++++++++++++++++++----------- 1 file changed, 103 insertions(+), 48 deletions(-) diff --git a/source/Private/Get-Action.ps1 b/source/Private/Get-Action.ps1 index 894cca7..e78dcfc 100644 --- a/source/Private/Get-Action.ps1 +++ b/source/Private/Get-Action.ps1 @@ -11,6 +11,12 @@ function Get-Action { [ValidateSet("Admin", "Delegate", "Owner")] [string]$ActionType, + [Parameter(Position = 2, Mandatory = $true, ParameterSetName = "ConvertActions")] + [Parameter(Position = 2, Mandatory = $true, ParameterSetName = "ReverseActions")] + [Parameter(Position = 1, Mandatory = $true, ParameterSetName = "GetDictionaries")] + [ValidateSet("6.1.2", "6.1.3")] + [string]$Version = "6.1.2", + [Parameter(Position = 0, ParameterSetName = "ReverseActions")] [string[]]$AbbreviatedActions, @@ -20,62 +26,110 @@ function Get-Action { ) $Dictionary = @{ - AdminActions = @{ - ApplyRecord = 'AR' - Copy = 'CP' - Create = 'CR' - FolderBind = 'FB' - HardDelete = 'HD' - MailItemsAccessed = 'MIA' - Move = 'MV' - MoveToDeletedItems = 'MTDI' - SendAs = 'SA' - SendOnBehalf = 'SOB' - Send = 'SD' - SoftDelete = 'SD' - Update = 'UP' - UpdateCalendarDelegation = 'UCD' - UpdateFolderPermissions = 'UFP' - UpdateInboxRules = 'UIR' + "6.1.2" = @{ + AdminActions = @{ + ApplyRecord = 'AR' + Copy = 'CP' + Create = 'CR' + FolderBind = 'FB' + HardDelete = 'HD' + Move = 'MV' + MoveToDeletedItems = 'MTDI' + SendAs = 'SA' + SendOnBehalf = 'SOB' + SoftDelete = 'SD' + Update = 'UP' + UpdateCalendarDelegation = 'UCD' + UpdateFolderPermissions = 'UFP' + UpdateInboxRules = 'UIR' + } + DelegateActions = @{ + ApplyRecord = 'AR' + Create = 'CR' + FolderBind = 'FB' + HardDelete = 'HD' + Move = 'MV' + MoveToDeletedItems = 'MTDI' + SendAs = 'SA' + SendOnBehalf = 'SOB' + SoftDelete = 'SD' + Update = 'UP' + UpdateFolderPermissions = 'UFP' + UpdateInboxRules = 'UIR' + } + OwnerActions = @{ + ApplyRecord = 'AR' + Create = 'CR' + HardDelete = 'HD' + MailboxLogin = 'ML' + Move = 'MV' + MoveToDeletedItems = 'MTDI' + SoftDelete = 'SD' + Update = 'UP' + UpdateCalendarDelegation = 'UCD' + UpdateFolderPermissions = 'UFP' + UpdateInboxRules = 'UIR' + } } - DelegateActions = @{ - ApplyRecord = 'AR' - Create = 'CR' - FolderBind = 'FB' - HardDelete = 'HD' - MailItemsAccessed = 'MIA' - Move = 'MV' - MoveToDeletedItems = 'MTDI' - SendAs = 'SA' - SendOnBehalf = 'SOB' - SoftDelete = 'SD' - Update = 'UP' - UpdateFolderPermissions = 'UFP' - UpdateInboxRules = 'UIR' - } - OwnerActions = @{ - ApplyRecord = 'AR' - Create = 'CR' - HardDelete = 'HD' - MailboxLogin = 'ML' - MailItemsAccessed = 'MIA' - Move = 'MV' - MoveToDeletedItems = 'MTDI' - Send = 'SD' - SoftDelete = 'SD' - Update = 'UP' - UpdateCalendarDelegation = 'UCD' - UpdateFolderPermissions = 'UFP' - UpdateInboxRules = 'UIR' + "6.1.3" = @{ + AdminActions = @{ + ApplyRecord = 'AR' + Copy = 'CP' + Create = 'CR' + FolderBind = 'FB' + HardDelete = 'HD' + MailItemsAccessed = 'MIA' + Move = 'MV' + MoveToDeletedItems = 'MTDI' + SendAs = 'SA' + SendOnBehalf = 'SOB' + Send = 'SD' + SoftDelete = 'SD' + Update = 'UP' + UpdateCalendarDelegation = 'UCD' + UpdateFolderPermissions = 'UFP' + UpdateInboxRules = 'UIR' + } + DelegateActions = @{ + ApplyRecord = 'AR' + Create = 'CR' + FolderBind = 'FB' + HardDelete = 'HD' + MailItemsAccessed = 'MIA' + Move = 'MV' + MoveToDeletedItems = 'MTDI' + SendAs = 'SA' + SendOnBehalf = 'SOB' + SoftDelete = 'SD' + Update = 'UP' + UpdateFolderPermissions = 'UFP' + UpdateInboxRules = 'UIR' + } + OwnerActions = @{ + ApplyRecord = 'AR' + Create = 'CR' + HardDelete = 'HD' + MailboxLogin = 'ML' + MailItemsAccessed = 'MIA' + Move = 'MV' + MoveToDeletedItems = 'MTDI' + Send = 'SD' + SoftDelete = 'SD' + Update = 'UP' + UpdateCalendarDelegation = 'UCD' + UpdateFolderPermissions = 'UFP' + UpdateInboxRules = 'UIR' + } } } switch ($PSCmdlet.ParameterSetName) { "GetDictionaries" { - return $Dictionary + return $Dictionary[$Version] } "ConvertActions" { try { + $Dictionary = $Dictionary[$Version] $actionDictionary = switch ($ActionType) { "Admin" { $Dictionary.AdminActions } "Delegate" { $Dictionary.DelegateActions } @@ -97,6 +151,7 @@ function Get-Action { } "ReverseActions" { try { + $Dictionary = $Dictionary[$Version] $reverseDictionary = @{} $originalDictionary = switch ($ReverseActionType) { "Admin" { $Dictionary.AdminActions } @@ -119,4 +174,4 @@ function Get-Action { } } } -} +} \ No newline at end of file From 4557c1806f1a41795758ce44aa8fd2a2bb38d968 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 12:01:34 -0500 Subject: [PATCH 04/19] change: Get-Action Testing --- source/tests/Test-MailboxAuditingE5.ps1 | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/source/tests/Test-MailboxAuditingE5.ps1 b/source/tests/Test-MailboxAuditingE5.ps1 index 0bc9020..75c6d5e 100644 --- a/source/tests/Test-MailboxAuditingE5.ps1 +++ b/source/tests/Test-MailboxAuditingE5.ps1 @@ -24,13 +24,14 @@ function Test-MailboxAuditingE5 { # - Condition B: AuditAdmin actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SendAs, SendOnBehalf, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules. # - Condition C: AuditDelegate actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, SendAs, SendOnBehalf, SoftDelete, Update, UpdateFolderPermissions, UpdateInboxRules. # - Condition D: AuditOwner actions do not include all of the following: ApplyRecord, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules. - $actionDictionaries = Get-Action -Dictionaries + $recnum = "6.1.3" + $version = $recnum + $actionDictionaries = Get-Action -Dictionaries -Version $version $AdminActions = $actionDictionaries.AdminActions.Keys $DelegateActions = $actionDictionaries.DelegateActions.Keys $OwnerActions = $actionDictionaries.OwnerActions.Keys $allFailures = @() $processedUsers = @{} - $recnum = "6.1.3" Write-Verbose "Running Test-MailboxAuditingE5 for $recnum..." $allUsers = Get-CISMgOutput -Rec $recnum } @@ -52,19 +53,19 @@ function Test-MailboxAuditingE5 { # Validate Admin actions foreach ($action in $AdminActions) { if ($mailbox.AuditAdmin -notcontains $action) { - $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin") # Condition B + $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin" -Version $version) # Condition B } } # Validate Delegate actions foreach ($action in $DelegateActions) { if ($mailbox.AuditDelegate -notcontains $action) { - $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate") # Condition C + $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate" -Version $version) # Condition C } } # Validate Owner actions foreach ($action in $OwnerActions) { if ($mailbox.AuditOwner -notcontains $action) { - $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner") # Condition D + $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner" -Version $version) # Condition D } } if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) { @@ -130,4 +131,4 @@ function Test-MailboxAuditingE5 { } return $auditResult } -} \ No newline at end of file +} From d941459ac0b2bc6babc101bc91539cbad486269d Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 12:11:06 -0500 Subject: [PATCH 05/19] change: Get-Action Testing --- source/tests/Test-MailboxAuditingE3.ps1 | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/source/tests/Test-MailboxAuditingE3.ps1 b/source/tests/Test-MailboxAuditingE3.ps1 index ab6b2dc..1e78179 100644 --- a/source/tests/Test-MailboxAuditingE3.ps1 +++ b/source/tests/Test-MailboxAuditingE3.ps1 @@ -24,13 +24,15 @@ function Test-MailboxAuditingE3 { #> # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 - $actionDictionaries = Get-Action -Dictionaries - # E3 specific actions - $AdminActions = $actionDictionaries.AdminActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") } - $DelegateActions = $actionDictionaries.DelegateActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed") } - $OwnerActions = $actionDictionaries.OwnerActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") } - $allFailures = @() $recnum = "6.1.2" + $version = $recnum + $actionDictionaries = Get-Action -Dictionaries -Version $version + # E3 specific actions + $AdminActions = $actionDictionaries.AdminActions.Keys + $DelegateActions = $actionDictionaries.DelegateActions.Keys + $OwnerActions = $actionDictionaries.OwnerActions.Keys + $allFailures = @() + Write-Verbose "Running Test-MailboxAuditingE3 for $recnum..." $allUsers = Get-CISMgOutput -Rec $recnum $processedUsers = @{} # Dictionary to track processed users @@ -52,17 +54,17 @@ function Test-MailboxAuditingE3 { if ($mailbox.AuditEnabled) { foreach ($action in $AdminActions) { if ($mailbox.AuditAdmin -notcontains $action) { - $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin") + $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin" -Version $version) } } foreach ($action in $DelegateActions) { if ($mailbox.AuditDelegate -notcontains $action) { - $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate") + $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate" -Version $version) } } foreach ($action in $OwnerActions) { if ($mailbox.AuditOwner -notcontains $action) { - $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner") + $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner" -Version $version) } } if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) { From 17647d71807e233d2d2e1fa311420cc9891d5426 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 12:18:38 -0500 Subject: [PATCH 06/19] change: Get-Action Testing-DONE --- source/Public/Export-M365SecurityAuditTable.ps1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source/Public/Export-M365SecurityAuditTable.ps1 b/source/Public/Export-M365SecurityAuditTable.ps1 index 5003275..eec9b58 100644 --- a/source/Public/Export-M365SecurityAuditTable.ps1 +++ b/source/Public/Export-M365SecurityAuditTable.ps1 @@ -117,9 +117,9 @@ function Export-M365SecurityAuditTable { } if ($null -ne $csv) { foreach ($row in $csv) { - $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }) -join ',' - $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate | Where-Object { $_ -notin @("MailItemsAccessed") }) -join ',' - $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }) -join ',' + $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin -Version '6.1.2') -join ',' + $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate -Version '6.1.2' ) -join ',' + $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner -Version '6.1.2' ) -join ',' } $newObjectDetails = $csv } @@ -138,9 +138,9 @@ function Export-M365SecurityAuditTable { } if ($null -ne $csv) { foreach ($row in $csv) { - $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin) -join ',' - $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate) -join ',' - $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner) -join ',' + $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin -Version '6.1.3') -join ',' + $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate -Version '6.1.3') -join ',' + $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner -Version '6.1.3') -join ',' } $newObjectDetails = $csv } From e86c61d2214705cb563fcd5b63e4abda4bad916f Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 12:48:39 -0500 Subject: [PATCH 07/19] change: Get-Action Testing-Refactor export --- source/Private/Get-AuditMailboxDetail.ps1 | 33 +++++++++++++++++ .../Public/Export-M365SecurityAuditTable.ps1 | 36 ++----------------- .../Private/Get-AuditMailboxDetail.tests.ps1 | 27 ++++++++++++++ 3 files changed, 62 insertions(+), 34 deletions(-) create mode 100644 source/Private/Get-AuditMailboxDetail.ps1 create mode 100644 tests/Unit/Private/Get-AuditMailboxDetail.tests.ps1 diff --git a/source/Private/Get-AuditMailboxDetail.ps1 b/source/Private/Get-AuditMailboxDetail.ps1 new file mode 100644 index 0000000..35a0b92 --- /dev/null +++ b/source/Private/Get-AuditMailboxDetail.ps1 @@ -0,0 +1,33 @@ +function Get-AuditMailboxDetail { + [cmdletBinding()] + param ( + [Parameter(Mandatory = $true)] + [String]$Details, + [Parameter(Mandatory = $true)] + [String]$Version + ) + process { + switch ($Version) { + "6.1.2" { [string]$VersionText = "No M365 E3 licenses found."} + "6.1.3" { [string]$VersionText = "No M365 E5 licenses found."} + } + if ($details -ne $VersionText ) { + $csv = $details | ConvertFrom-Csv -Delimiter '|' + } + else { + $csv = $null + } + if ($null -ne $csv) { + foreach ($row in $csv) { + $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin -Version $Version) -join ',' + $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate -Version $Version ) -join ',' + $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner -Version $Version ) -join ',' + } + $newObjectDetails = $csv + } + else { + $newObjectDetails = $details + } + return $newObjectDetails + } +} \ No newline at end of file diff --git a/source/Public/Export-M365SecurityAuditTable.ps1 b/source/Public/Export-M365SecurityAuditTable.ps1 index eec9b58..45fb587 100644 --- a/source/Public/Export-M365SecurityAuditTable.ps1 +++ b/source/Public/Export-M365SecurityAuditTable.ps1 @@ -109,44 +109,12 @@ function Export-M365SecurityAuditTable { switch ($test) { "6.1.2" { $details = $auditResult.Details - if ($details -ne "No M365 E3 licenses found.") { - $csv = $details | ConvertFrom-Csv -Delimiter '|' - } - else { - $csv = $null - } - if ($null -ne $csv) { - foreach ($row in $csv) { - $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin -Version '6.1.2') -join ',' - $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate -Version '6.1.2' ) -join ',' - $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner -Version '6.1.2' ) -join ',' - } - $newObjectDetails = $csv - } - else { - $newObjectDetails = $details - } + $newObjectDetails = Get-AuditMailboxDetail -Details $details -Version '6.1.2' $results += [PSCustomObject]@{ TestNumber = $test; Details = $newObjectDetails } } "6.1.3" { $details = $auditResult.Details - if ($details -ne "No M365 E5 licenses found.") { - $csv = $details | ConvertFrom-Csv -Delimiter '|' - } - else { - $csv = $null - } - if ($null -ne $csv) { - foreach ($row in $csv) { - $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin -Version '6.1.3') -join ',' - $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate -Version '6.1.3') -join ',' - $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner -Version '6.1.3') -join ',' - } - $newObjectDetails = $csv - } - else { - $newObjectDetails = $details - } + $newObjectDetails = Get-AuditMailboxDetail -Details $details -Version '6.1.3' $results += [PSCustomObject]@{ TestNumber = $test; Details = $newObjectDetails } } Default { diff --git a/tests/Unit/Private/Get-AuditMailboxDetail.tests.ps1 b/tests/Unit/Private/Get-AuditMailboxDetail.tests.ps1 new file mode 100644 index 0000000..4a2aa69 --- /dev/null +++ b/tests/Unit/Private/Get-AuditMailboxDetail.tests.ps1 @@ -0,0 +1,27 @@ +$ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path +$ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{ + ($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and + $(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } ) + }).BaseName + + +Import-Module $ProjectName + +InModuleScope $ProjectName { + Describe Get-PrivateFunction { + Context 'Default' { + BeforeEach { + $return = Get-PrivateFunction -PrivateData 'string' + } + + It 'Returns a single object' { + ($return | Measure-Object).Count | Should -Be 1 + } + + It 'Returns a string based on the parameter PrivateData' { + $return | Should -Be 'string' + } + } + } +} + From f830bdf2f01dee3f6cbe6d476f486e16499dd05b Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 12:56:02 -0500 Subject: [PATCH 08/19] docs: Update testfile --- helpers/Build-Help.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpers/Build-Help.ps1 b/helpers/Build-Help.ps1 index 6bc99f2..71bf273 100644 --- a/helpers/Build-Help.ps1 +++ b/helpers/Build-Help.ps1 @@ -4,7 +4,7 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1 <# - $ver = "v0.1.22" + $ver = "v0.1.23" git checkout main git pull origin main git tag -a $ver -m "Release version $ver refactor Update" From 8197187f70429f7776d325d148123d743cb7bcda Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 13:02:11 -0500 Subject: [PATCH 09/19] docs: Update CHANGELOG --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fff4627..79fd66e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,20 @@ The format is based on and uses the types of changes according to [Keep a Change ## [Unreleased] +### Added + +- New private function `Get-AuditMailboxDetail` for 6.1.2 and 6.1.3 tests to get the action details for the test. + +### Changed + +- Changed `Get-Action` function to include both dictionaries. + +### Fixed + +- Fixed Test 1.3.3 to be the simpler version of the test while including output to check for current users sharing calendars. + +## [0.1.23] - 2024-07-02 + # Fixed - SPO tests formatting and output. From fe04175798418a2c7ce3a27b4bc8a477537baf9b Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 13:06:19 -0500 Subject: [PATCH 10/19] fix: formatting of 1.3.3 here string --- source/tests/Test-ExternalSharingCalendars.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/tests/Test-ExternalSharingCalendars.ps1 b/source/tests/Test-ExternalSharingCalendars.ps1 index 15d88d9..9169261 100644 --- a/source/tests/Test-ExternalSharingCalendars.ps1 +++ b/source/tests/Test-ExternalSharingCalendars.ps1 @@ -50,7 +50,7 @@ $mailboxes = Get-Mailbox -ResultSize Unlimited $calendarFolders = @{} # Get the default calendar folder names for all mailboxes $mailboxes | ForEach-Object { - $calendarFolderName = [string](Get-EXOMailboxFolderStatistics $_.PrimarySmtpAddress -FolderScope Calendar | Where-Object { $_.FolderType -eq `'Calendar`' }).Name + $calendarFolderName = [string](Get-EXOMailboxFolderStatistics $_.PrimarySmtpAddress -FolderScope Calendar | Where-Object { $_.FolderType -eq 'Calendar' }).Name $calendarFolders[$_.PrimarySmtpAddress] = $calendarFolderName } # Get the calendar folder settings for each mailbox From 228c58cef37af62c5482b0124cbb03d1b70cf141 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 16:18:43 -0500 Subject: [PATCH 11/19] fix: Safe Attachments logic --- source/Private/Get-CISExoOutput.ps1 | 5 +- source/tests/Test-SafeAttachmentsPolicy.ps1 | 63 +++++++++++++-------- 2 files changed, 42 insertions(+), 26 deletions(-) diff --git a/source/Private/Get-CISExoOutput.ps1 b/source/Private/Get-CISExoOutput.ps1 index 074bd87..272521f 100644 --- a/source/Private/Get-CISExoOutput.ps1 +++ b/source/Private/Get-CISExoOutput.ps1 @@ -220,10 +220,11 @@ function Get-CISExoOutput { ) #> $safeAttachmentPolicies = Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue | Where-Object { $_.Enable -eq $true } + $safeAttachmentRules = Get-SafeAttachmentRule # [object[]] - return $safeAttachmentPolicies + return $safeAttachmentPolicies, $safeAttachmentRules else { - return 1 + return 1,1 } } } diff --git a/source/tests/Test-SafeAttachmentsPolicy.ps1 b/source/tests/Test-SafeAttachmentsPolicy.ps1 index 9337729..dda59f0 100644 --- a/source/tests/Test-SafeAttachmentsPolicy.ps1 +++ b/source/tests/Test-SafeAttachmentsPolicy.ps1 @@ -1,19 +1,22 @@ function Test-SafeAttachmentsPolicy { [CmdletBinding()] [OutputType([CISAuditResult])] - param () + param ( + [Parameter(Mandatory = $false)] + [string]$DomainName + ) begin { $recnum = "2.1.4" Write-Verbose "Running Test-SafeAttachmentsPolicy for $recnum..." <# Conditions for 2.1.4 (L2) Ensure Safe Attachments policy is enabled: Validate test for a pass: - - Ensure the highest priority Safe Attachments policy is enabled. - - Check if the policy's action is set to 'Block'. + - Ensure Safe Attachments policies are enabled. + - Check if each policy's action is set to 'Block'. - Confirm the QuarantineTag is set to 'AdminOnlyAccessPolicy'. - Verify that the Redirect setting is disabled. Validate test for a fail: - - If the highest priority Safe Attachments policy's action is not set to 'Block'. + - If any Safe Attachments policy's action is not set to 'Block'. - If the QuarantineTag is not set to 'AdminOnlyAccessPolicy'. - If the Redirect setting is enabled. - If no enabled Safe Attachments policies are found. @@ -33,35 +36,47 @@ function Test-SafeAttachmentsPolicy { } ) #> - $safeAttachmentPolicies = Get-CISExoOutput -Rec $recnum + $safeAttachmentPolicies, $safeAttachmentRules = Get-CISExoOutput -Rec $recnum + $safeAttachmentPolicies = $safeAttachmentPolicies | Where-Object { $_.Identity -in $safeAttachmentRules.SafeAttachmentPolicy } if ($safeAttachmentPolicies -ne 1) { try { - $highestPriorityPolicy = $safeAttachmentPolicies | Select-Object -First 1 + if ($DomainName) { + $safeAttachmentPolicies = $safeAttachmentPolicies | Where-Object { $_.Identity -eq ($safeAttachmentRules | Sort-Object -Property Priority | Where-Object { $_.RecipientDomainIs -in $DomainName } | Select-Object -ExpandProperty SafeAttachmentPolicy -First 1) } + $RecipientDomains = $safeAttachmentRules | Where-Object { $_.SafeAttachmentPolicy -eq $safeAttachmentPolicies.Identity } | Select-Object -ExpandProperty RecipientDomainIs + } # Initialize details and failure reasons $details = @() $failureReasons = @() - # Check policy specifics as per CIS benchmark requirements - if ($highestPriorityPolicy.Action -ne 'Block') { - $failureReasons += "Policy action is not set to 'Block'." + foreach ($policy in $safeAttachmentPolicies) { + # Check policy specifics as per CIS benchmark requirements + if ($Policy.Action -ne 'Block') { + $failureReasons += "Policy: $($Policy.Identity); Action is not set to 'Block'." + } + if ($Policy.QuarantineTag -ne 'AdminOnlyAccessPolicy') { + $failureReasons += "Policy: $($Policy.Identity); Quarantine is not set to 'AdminOnlyAccessPolicy'." + } + if ($Policy.Redirect -ne $false) { + $failureReasons += "Policy: $($Policy.Identity); Redirect is not disabled." + } + # The result is a pass if there are no failure reasons + $details += [PSCustomObject]@{ + Policy = ($Policy.Identity).trim() + Action = $Policy.Action + QuarantineTag = $Policy.QuarantineTag + Redirect = $Policy.Redirect + Enabled = $Policy.Enable + Priority = [int]($safeAttachmentRules | Where-Object { $_.SafeAttachmentPolicy -eq $Policy.Identity } | Select-Object -ExpandProperty Priority) + } } - if ($highestPriorityPolicy.QuarantineTag -ne 'AdminOnlyAccessPolicy') { - $failureReasons += "Quarantine policy is not set to 'AdminOnlyAccessPolicy'." - } - if ($highestPriorityPolicy.Redirect -ne $false) { - $failureReasons += "Redirect is not disabled." - } - # The result is a pass if there are no failure reasons $result = $failureReasons.Count -eq 0 - $details = [PSCustomObject]@{ - Policy = $highestPriorityPolicy.Identity - Action = $highestPriorityPolicy.Action - QuarantineTag = $highestPriorityPolicy.QuarantineTag - Redirect = $highestPriorityPolicy.Redirect - Enabled = $highestPriorityPolicy.Enable + if ($RecipientDomains) { + $failureReasons += "Recipient domain(s): '$($RecipientDomains -join ', ' )' included in tested policy." } # Format details for output manually - $detailsString = "Policy|Action|QuarantineTag|Redirect|Enabled`n" + ($details | - ForEach-Object { "$($_.Policy)|$($_.Action)|$($_.QuarantineTag)|$($_.Redirect)|$($_.Enabled)`n" } + $detailsString = "Policy|Action|QuarantineTag|Redirect|Enabled|Priority`n" + ` + ($details | ForEach-Object { + "$($_.Policy)|$($_.Action)|$($_.QuarantineTag)|$($_.Redirect)|$($_.Enabled)|$($_.Priority)`n" + } ) $failureReasonsString = ($failureReasons -join "`n") # Create and populate the CISAuditResult object From 5ddcd4466ee572efbd96d102a365b6e47c9dd2f0 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 16:21:05 -0500 Subject: [PATCH 12/19] docs: Update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79fd66e..186059a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The format is based on and uses the types of changes according to [Keep a Change ### Fixed - Fixed Test 1.3.3 to be the simpler version of the test while including output to check for current users sharing calendars. +- Safe Attachments logic and added `$DomainName` as input to 2.1.4 to test main policy. ## [0.1.23] - 2024-07-02 From 14ed9f65980bb5e63fc33157aaed6e4d919c7528 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 16:32:50 -0500 Subject: [PATCH 13/19] docs: Update Comment Help --- source/Public/Invoke-M365SecurityAudit.ps1 | 119 +++++++++++---------- 1 file changed, 63 insertions(+), 56 deletions(-) diff --git a/source/Public/Invoke-M365SecurityAudit.ps1 b/source/Public/Invoke-M365SecurityAudit.ps1 index f45940a..4a5b004 100644 --- a/source/Public/Invoke-M365SecurityAudit.ps1 +++ b/source/Public/Invoke-M365SecurityAudit.ps1 @@ -6,11 +6,12 @@ .PARAMETER TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. .PARAMETER DomainName - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + The domain name of the Microsoft 365 environment to test. It is optional and will trigger various tests to run only for the specified domain. + Tests Affected: 2.1.9/Test-EnableDKIM, 1.3.1/Test-PasswordNeverExpirePolicy, 2.1.4/Test-SafeAttachmentsPolicy .PARAMETER ELevel Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. .PARAMETER ProfileLevel - Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. + Specifies the profile level (L1 or L2) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise it is not required. .PARAMETER IncludeIG1 If specified, includes tests where IG1 is true. .PARAMETER IncludeIG2 @@ -23,8 +24,9 @@ Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. .PARAMETER ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. + Acceptable values: 'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte' .PARAMETER ApprovedFederatedDomains - Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. + Specifies the approved federated domains for the audit test 8.2.1/Test-TeamsExternalAccess. Accepts an array of allowed domain names. .PARAMETER DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. .PARAMETER DoNotDisconnect @@ -37,79 +39,84 @@ PS> Invoke-M365SecurityAudit Performs a security audit using default parameters. - Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Output: + + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1" Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment. - Output: - Status : Fail - ELevel : E5 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Output: + + Status : Fail + ELevel : E5 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1 Performs an audit including all tests where IG1 is true. - Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Output: + + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1' Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1. - Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Output: + + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation Captures the audit results into a variable and exports them to a CSV file. - Output: - CISAuditResult[] - auditResults.csv + Output: + CISAuditResult[] + auditResults.csv .EXAMPLE PS> Invoke-M365SecurityAudit -WhatIf Displays what would happen if the cmdlet is run without actually performing the audit. - Output: - What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment". + Output: + + What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment". .INPUTS None. You cannot pipe objects to Invoke-M365SecurityAudit. .OUTPUTS From 337a21bc7d9f12432dca4c9e3406927c62b045f2 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 16:37:38 -0500 Subject: [PATCH 14/19] docs: Update Comment Help --- source/Public/Invoke-M365SecurityAudit.ps1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source/Public/Invoke-M365SecurityAudit.ps1 b/source/Public/Invoke-M365SecurityAudit.ps1 index 4a5b004..afca15a 100644 --- a/source/Public/Invoke-M365SecurityAudit.ps1 +++ b/source/Public/Invoke-M365SecurityAudit.ps1 @@ -2,7 +2,8 @@ .SYNOPSIS Invokes a security audit for Microsoft 365 environments. .DESCRIPTION - The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters. It allows auditing of various configurations and settings within a Microsoft 365 environment, such as compliance with CIS benchmarks. + The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters. + It allows auditing of various configurations and settings within a Microsoft 365 environment in alignment with CIS benchmarks designated "Automatic". .PARAMETER TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. .PARAMETER DomainName @@ -23,10 +24,11 @@ .PARAMETER SkipRecommendation Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. .PARAMETER ApprovedCloudStorageProviders - Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. + Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names for test 8.1.1/Test-TeamsExternalFileSharing. Acceptable values: 'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte' .PARAMETER ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1/Test-TeamsExternalAccess. Accepts an array of allowed domain names. + Additional Tests may include this parameter in the future. .PARAMETER DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. .PARAMETER DoNotDisconnect From 7226afd1984bee4a9aeb350d12b9279bce4ee240 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 16:42:55 -0500 Subject: [PATCH 15/19] docs: Update Comment Help --- .../Public/Export-M365SecurityAuditTable.ps1 | 16 +-- source/Public/Get-AdminRoleUserLicense.ps1 | 8 +- source/Public/Get-MFAStatus.ps1 | 20 +-- .../Public/Grant-M365SecurityAuditConsent.ps1 | 4 +- source/Public/Invoke-M365SecurityAudit.ps1 | 127 +++++++++--------- .../Public/Remove-RowsWithEmptyCSVStatus.ps1 | 9 +- source/Public/Sync-CISExcelAndCsvData.ps1 | 24 ++-- 7 files changed, 101 insertions(+), 107 deletions(-) diff --git a/source/Public/Export-M365SecurityAuditTable.ps1 b/source/Public/Export-M365SecurityAuditTable.ps1 index 45fb587..45eeb00 100644 --- a/source/Public/Export-M365SecurityAuditTable.ps1 +++ b/source/Public/Export-M365SecurityAuditTable.ps1 @@ -21,30 +21,30 @@ Switch to export the results to an Excel file. When specified, results are exported in Excel format. .INPUTS [CISAuditResult[]] - An array of CISAuditResult objects. - [string] - A path to a CSV file. + [string] - A path to a CSV file. .OUTPUTS [PSCustomObject] - A custom object containing the path to the zip file and its hash. .EXAMPLE Export-M365SecurityAuditTable -AuditResults $object -OutputTestNumber 6.1.2 - # Outputs the result of test number 6.1.2 from the provided audit results as an object. + # Outputs the result of test number 6.1.2 from the provided audit results as an object. .EXAMPLE Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" - # Exports all audit results to the specified path in CSV format. + # Exports all audit results to the specified path in CSV format. .EXAMPLE Export-M365SecurityAuditTable -CsvPath "C:\temp\auditresultstoday1.csv" -OutputTestNumber 6.1.2 - # Outputs the result of test number 6.1.2 from the CSV file as an object. + # Outputs the result of test number 6.1.2 from the CSV file as an object. .EXAMPLE Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" - # Exports all audit results from the CSV file to the specified path in CSV format. + # Exports all audit results from the CSV file to the specified path in CSV format. .EXAMPLE Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportOriginalTests - # Exports all audit results along with the original test results to the specified path in CSV format. + # Exports all audit results along with the original test results to the specified path in CSV format. .EXAMPLE Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" -ExportOriginalTests - # Exports all audit results from the CSV file along with the original test results to the specified path in CSV format. + # Exports all audit results from the CSV file along with the original test results to the specified path in CSV format. .EXAMPLE Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportToExcel - # Exports all audit results to the specified path in Excel format. + # Exports all audit results to the specified path in Excel format. .LINK https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable #> diff --git a/source/Public/Get-AdminRoleUserLicense.ps1 b/source/Public/Get-AdminRoleUserLicense.ps1 index 1af177a..b7fc6f7 100644 --- a/source/Public/Get-AdminRoleUserLicense.ps1 +++ b/source/Public/Get-AdminRoleUserLicense.ps1 @@ -8,19 +8,19 @@ .EXAMPLE PS> Get-AdminRoleUserLicense - This example retrieves all administrative role users along with their licenses by connecting to Microsoft Graph using the default scopes. + This example retrieves all administrative role users along with their licenses by connecting to Microsoft Graph using the default scopes. .EXAMPLE PS> Get-AdminRoleUserLicense -SkipGraphConnection - This example retrieves all administrative role users along with their licenses without attempting to connect to Microsoft Graph, assuming that the connection is already established. + This example retrieves all administrative role users along with their licenses without attempting to connect to Microsoft Graph, assuming that the connection is already established. .INPUTS None. You cannot pipe objects to Get-AdminRoleUserLicense. .OUTPUTS PSCustomObject - Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses. + Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses. .NOTES Creation Date: 2024-04-15 - Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing. + Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing. .LINK https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense #> diff --git a/source/Public/Get-MFAStatus.ps1 b/source/Public/Get-MFAStatus.ps1 index a073ba9..fed5037 100644 --- a/source/Public/Get-MFAStatus.ps1 +++ b/source/Public/Get-MFAStatus.ps1 @@ -7,20 +7,20 @@ The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. .EXAMPLE Get-MFAStatus - Retrieves the MFA status for all Azure Active Directory users. + Retrieves the MFA status for all Azure Active Directory users. .EXAMPLE Get-MFAStatus -UserId "example@domain.com" - Retrieves the MFA status for the specified user with the UPN "example@domain.com". + Retrieves the MFA status for the specified user with the UPN "example@domain.com". .OUTPUTS System.Object - Returns a sorted list of custom objects containing the following properties: - - UserPrincipalName - - DisplayName - - MFAState - - MFADefaultMethod - - MFAPhoneNumber - - PrimarySMTP - - Aliases + Returns a sorted list of custom objects containing the following properties: + - UserPrincipalName + - DisplayName + - MFAState + - MFADefaultMethod + - MFAPhoneNumber + - PrimarySMTP + - Aliases .NOTES The function requires the MSOL module to be installed and connected to your tenant. Ensure that you have the necessary permissions to read user and MFA status information. diff --git a/source/Public/Grant-M365SecurityAuditConsent.ps1 b/source/Public/Grant-M365SecurityAuditConsent.ps1 index 0b13d9c..8674689 100644 --- a/source/Public/Grant-M365SecurityAuditConsent.ps1 +++ b/source/Public/Grant-M365SecurityAuditConsent.ps1 @@ -16,11 +16,11 @@ .EXAMPLE Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com - Grants Microsoft Graph permissions to user@example.com for the client application with the specified Application ID. + Grants Microsoft Graph permissions to user@example.com for the client application with the specified Application ID. .EXAMPLE Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com -SkipGraphConnection - Grants Microsoft Graph permissions to user@example.com, skipping the connection to Microsoft Graph. + Grants Microsoft Graph permissions to user@example.com, skipping the connection to Microsoft Graph. .NOTES This function requires the Microsoft.Graph module version 2.4.0 or higher. .LINK diff --git a/source/Public/Invoke-M365SecurityAudit.ps1 b/source/Public/Invoke-M365SecurityAudit.ps1 index afca15a..b7dbe96 100644 --- a/source/Public/Invoke-M365SecurityAudit.ps1 +++ b/source/Public/Invoke-M365SecurityAudit.ps1 @@ -8,7 +8,7 @@ The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. .PARAMETER DomainName The domain name of the Microsoft 365 environment to test. It is optional and will trigger various tests to run only for the specified domain. - Tests Affected: 2.1.9/Test-EnableDKIM, 1.3.1/Test-PasswordNeverExpirePolicy, 2.1.4/Test-SafeAttachmentsPolicy + Tests Affected: 2.1.9/Test-EnableDKIM, 1.3.1/Test-PasswordNeverExpirePolicy, 2.1.4/Test-SafeAttachmentsPolicy .PARAMETER ELevel Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. .PARAMETER ProfileLevel @@ -25,10 +25,10 @@ Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. .PARAMETER ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names for test 8.1.1/Test-TeamsExternalFileSharing. - Acceptable values: 'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte' + Acceptable values: 'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte' .PARAMETER ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1/Test-TeamsExternalAccess. Accepts an array of allowed domain names. - Additional Tests may include this parameter in the future. + Additional Tests may include this parameter in the future. .PARAMETER DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. .PARAMETER DoNotDisconnect @@ -40,90 +40,91 @@ .EXAMPLE PS> Invoke-M365SecurityAudit - Performs a security audit using default parameters. - Output: + Performs a security audit using default parameters. + Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1" - Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment. - Output: + Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment. + Output: - Status : Fail - ELevel : E5 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Status : Fail + ELevel : E5 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1 - Performs an audit including all tests where IG1 is true. - Output: + Performs an audit including all tests where IG1 is true. + Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1' - Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1. - Output: - Status : Fail - ELevel : E3 - ProfileLevel: L1 - Connection : Microsoft Graph - Rec : 1.1.1 - Result : False - Details : Non-compliant accounts: - Username | Roles | HybridStatus | Missing Licence - user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM - user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 - FailureReason: Non-Compliant Accounts: 2 + Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1. + Output: + + Status : Fail + ELevel : E3 + ProfileLevel: L1 + Connection : Microsoft Graph + Rec : 1.1.1 + Result : False + Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 + FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation - Captures the audit results into a variable and exports them to a CSV file. - Output: - CISAuditResult[] - auditResults.csv + Captures the audit results into a variable and exports them to a CSV file. + Output: + CISAuditResult[] + auditResults.csv .EXAMPLE PS> Invoke-M365SecurityAudit -WhatIf - Displays what would happen if the cmdlet is run without actually performing the audit. - Output: + Displays what would happen if the cmdlet is run without actually performing the audit. + Output: - What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment". + What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment". .INPUTS None. You cannot pipe objects to Invoke-M365SecurityAudit. .OUTPUTS CISAuditResult[] - The cmdlet returns an array of CISAuditResult objects representing the results of the security audit. + The cmdlet returns an array of CISAuditResult objects representing the results of the security audit. .NOTES - This module is based on CIS benchmarks. - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. diff --git a/source/Public/Remove-RowsWithEmptyCSVStatus.ps1 b/source/Public/Remove-RowsWithEmptyCSVStatus.ps1 index 0e4f38e..4acbc2d 100644 --- a/source/Public/Remove-RowsWithEmptyCSVStatus.ps1 +++ b/source/Public/Remove-RowsWithEmptyCSVStatus.ps1 @@ -9,7 +9,7 @@ The name of the worksheet within the Excel file to be processed. .EXAMPLE PS C:\> Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1" - This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, removes rows where the 'CSV_Status' column is empty, and saves the filtered data to a new file named "Report-Filtered.xlsx" in the same directory. + This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, removes rows where the 'CSV_Status' column is empty, and saves the filtered data to a new file named "Report-Filtered.xlsx" in the same directory. .NOTES This function requires the ImportExcel module to be installed. #> @@ -22,28 +22,21 @@ function Remove-RowsWithEmptyCSVStatus { [Parameter(Mandatory = $true)] [string]$WorksheetName ) - # Import the Excel file $ExcelData = Import-Excel -Path $FilePath -WorksheetName $WorksheetName - # Check if CSV_Status column exists if (-not $ExcelData.PSObject.Properties.Match("CSV_Status")) { throw "CSV_Status column not found in the worksheet." } - # Filter rows where CSV_Status is not empty $FilteredData = $ExcelData | Where-Object { $null -ne $_.CSV_Status -and $_.CSV_Status -ne '' } - # Get the original file name and directory $OriginalFileName = [System.IO.Path]::GetFileNameWithoutExtension($FilePath) $Directory = [System.IO.Path]::GetDirectoryName($FilePath) - # Create a new file name for the filtered data $NewFileName = "$OriginalFileName-Filtered.xlsx" $NewFilePath = Join-Path -Path $Directory -ChildPath $NewFileName - # Export the filtered data to a new Excel file $FilteredData | Export-Excel -Path $NewFilePath -WorksheetName $WorksheetName -Show - Write-Output "Filtered Excel file created at $NewFilePath" } \ No newline at end of file diff --git a/source/Public/Sync-CISExcelAndCsvData.ps1 b/source/Public/Sync-CISExcelAndCsvData.ps1 index 7dfa467..8503e21 100644 --- a/source/Public/Sync-CISExcelAndCsvData.ps1 +++ b/source/Public/Sync-CISExcelAndCsvData.ps1 @@ -1,27 +1,27 @@ <# .SYNOPSIS - Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates. + Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates. .DESCRIPTION - The Sync-CISExcelAndCsvData function merges and updates data in a specified Excel worksheet from a CSV file. This includes adding or updating fields for connection status, details, failure reasons, and the date of the update. It's designed to ensure that the Excel document maintains a running log of changes over time, ideal for tracking remediation status and audit history. + The Sync-CISExcelAndCsvData function merges and updates data in a specified Excel worksheet from a CSV file. This includes adding or updating fields for connection status, details, failure reasons, and the date of the update. It's designed to ensure that the Excel document maintains a running log of changes over time, ideal for tracking remediation status and audit history. .PARAMETER ExcelPath - Specifies the path to the Excel file to be updated. This parameter is mandatory. + Specifies the path to the Excel file to be updated. This parameter is mandatory. .PARAMETER CsvPath - Specifies the path to the CSV file containing new data. This parameter is mandatory. + Specifies the path to the CSV file containing new data. This parameter is mandatory. .PARAMETER SheetName - Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory. + Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory. .EXAMPLE - PS> Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "AuditData" - Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', adding new information and the date of the update. + PS> Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "AuditData" + Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', adding new information and the date of the update. .INPUTS - System.String - The function accepts strings for file paths and worksheet names. + System.String + The function accepts strings for file paths and worksheet names. .OUTPUTS None The function directly updates the Excel file and does not output any objects. .NOTES - - Ensure that the 'ImportExcel' module is installed and up to date to handle Excel file manipulations. - - It is recommended to back up the Excel file before running this function to avoid accidental data loss. - - The CSV file should have columns that match expected headers like 'Connection', 'Details', 'FailureReason', and 'Status' for correct data mapping. + - Ensure that the 'ImportExcel' module is installed and up to date to handle Excel file manipulations. + - It is recommended to back up the Excel file before running this function to avoid accidental data loss. + - The CSV file should have columns that match expected headers like 'Connection', 'Details', 'FailureReason', and 'Status' for correct data mapping. .LINK https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData #> From e1ab050e69e5b4b9e138e6dbce9b6cf942e5c06a Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 17:00:42 -0500 Subject: [PATCH 16/19] docs: Update Comment Help --- source/Public/Invoke-M365SecurityAudit.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source/Public/Invoke-M365SecurityAudit.ps1 b/source/Public/Invoke-M365SecurityAudit.ps1 index b7dbe96..5b81453 100644 --- a/source/Public/Invoke-M365SecurityAudit.ps1 +++ b/source/Public/Invoke-M365SecurityAudit.ps1 @@ -107,9 +107,12 @@ FailureReason: Non-Compliant Accounts: 2 .EXAMPLE PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" + PS> Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests + + Or: PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation - Captures the audit results into a variable and exports them to a CSV file. + Captures the audit results into a variable and exports them to a CSV file (Nested tables will be truncated). Output: CISAuditResult[] auditResults.csv @@ -203,6 +206,7 @@ function Invoke-M365SecurityAudit { ) Begin { if ($script:MaximumFunctionCount -lt 8192) { + Write-Verbose "Setting the `$script:MaximumFunctionCount to 8192 for the test run." -Verbose $script:MaximumFunctionCount = 8192 } # Ensure required modules are installed From 7688071899e20fa53fb7b8f4676147494ec00ee8 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 17:15:05 -0500 Subject: [PATCH 17/19] docs: Update Markdown --- help/Export-M365SecurityAuditTable.md | 66 +- help/Get-AdminRoleUserLicense.md | 2 +- help/Get-MFAStatus.md | 48 +- help/Grant-M365SecurityAuditConsent.md | 54 +- help/Invoke-M365SecurityAudit.md | 220 +-- help/Sync-CISExcelAndCsvData.md | 36 +- help/about_M365FoundationsCISReport.md | 6 +- .../en-US/M365FoundationsCISReport-help.xml | 1188 ++++++++--------- .../about_M365FoundationsCISReport.help.txt | 6 +- 9 files changed, 815 insertions(+), 811 deletions(-) diff --git a/help/Export-M365SecurityAuditTable.md b/help/Export-M365SecurityAuditTable.md index 07eb7cf..3a05f2e 100644 --- a/help/Export-M365SecurityAuditTable.md +++ b/help/Export-M365SecurityAuditTable.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable @@ -109,22 +109,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -OutputTestNumber -The test number to output as an object. -Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". - -```yaml -Type: String -Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle -Aliases: - -Required: True -Position: 2 -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -ExportAllTests Switch to export all test results. @@ -140,6 +124,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ExportOriginalTests +Switch to export the original audit results to a CSV file. + +```yaml +Type: SwitchParameter +Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv +Aliases: + +Required: True +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ExportPath The path where the CSV files will be exported. @@ -155,21 +154,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ExportOriginalTests -Switch to export the original audit results to a CSV file. - -```yaml -Type: SwitchParameter -Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv -Aliases: - -Required: True -Position: Named -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -ExportToExcel Switch to export the results to an Excel file. @@ -185,13 +169,29 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -OutputTestNumber +The test number to output as an object. +Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". + +```yaml +Type: String +Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS ### [CISAuditResult[]] - An array of CISAuditResult objects. -### [string] - A path to a CSV file. +### [string] - A path to a CSV file. ## OUTPUTS ### [PSCustomObject] - A custom object containing the path to the zip file and its hash. diff --git a/help/Get-AdminRoleUserLicense.md b/help/Get-AdminRoleUserLicense.md index 0100860..a36d202 100644 --- a/help/Get-AdminRoleUserLicense.md +++ b/help/Get-AdminRoleUserLicense.md @@ -63,7 +63,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### PSCustomObject -### Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses. +### Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses. ## NOTES Creation Date: 2024-04-15 Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing. diff --git a/help/Get-MFAStatus.md b/help/Get-MFAStatus.md index c64235b..daf0520 100644 --- a/help/Get-MFAStatus.md +++ b/help/Get-MFAStatus.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus @@ -36,6 +36,21 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com ## PARAMETERS +### -SkipMSOLConnectionChecks +{{ Fill SkipMSOLConnectionChecks Description }} + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -UserId The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. @@ -52,21 +67,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -SkipMSOLConnectionChecks -{{ Fill SkipMSOLConnectionChecks Description }} - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). @@ -75,14 +75,14 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object -### Returns a sorted list of custom objects containing the following properties: -### - UserPrincipalName -### - DisplayName -### - MFAState -### - MFADefaultMethod -### - MFAPhoneNumber -### - PrimarySMTP -### - Aliases +### Returns a sorted list of custom objects containing the following properties: +### - UserPrincipalName +### - DisplayName +### - MFAState +### - MFADefaultMethod +### - MFAPhoneNumber +### - PrimarySMTP +### - Aliases ## NOTES The function requires the MSOL module to be installed and connected to your tenant. Ensure that you have the necessary permissions to read user and MFA status information. diff --git a/help/Grant-M365SecurityAuditConsent.md b/help/Grant-M365SecurityAuditConsent.md index c5c5564..eb1c7aa 100644 --- a/help/Grant-M365SecurityAuditConsent.md +++ b/help/Grant-M365SecurityAuditConsent.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent @@ -40,18 +40,18 @@ Grants Microsoft Graph permissions to user@example.com, skipping the connection ## PARAMETERS -### -UserPrincipalNameForConsent -Specify the UPN of the user to grant consent for. +### -DoNotDisconnect +If specified, does not disconnect from Microsoft Graph after granting consent. ```yaml -Type: String +Type: SwitchParameter Parameter Sets: (All) Aliases: -Required: True -Position: 1 -Default value: None -Accept pipeline input: True (ByPropertyName, ByValue) +Required: False +Position: Named +Default value: False +Accept pipeline input: False Accept wildcard characters: False ``` @@ -100,17 +100,32 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -DoNotDisconnect -If specified, does not disconnect from Microsoft Graph after granting consent. +### -UserPrincipalNameForConsent +Specify the UPN of the user to grant consent for. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. ```yaml Type: SwitchParameter Parameter Sets: (All) -Aliases: +Aliases: cf Required: False Position: Named -Default value: False +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` @@ -131,21 +146,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/help/Invoke-M365SecurityAudit.md b/help/Invoke-M365SecurityAudit.md index 886c5d2..34ff707 100644 --- a/help/Invoke-M365SecurityAudit.md +++ b/help/Invoke-M365SecurityAudit.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit @@ -165,12 +165,26 @@ What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsof ## PARAMETERS -### -TenantAdminUrl -The URL of the tenant admin. -If not specified, none of the SharePoint Online tests will run. +### -ApprovedCloudStorageProviders +Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. ```yaml -Type: String +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: @() +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ApprovedFederatedDomains +Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. + +```yaml +Type: String[] Parameter Sets: (All) Aliases: @@ -196,25 +210,54 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ELevel -Specifies the E-Level (E3 or E5) for the audit. -This parameter is optional and can be combined with the ProfileLevel parameter. +### -DoNotConfirmConnections +If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. ```yaml -Type: String -Parameter Sets: ELevelFilter +Type: SwitchParameter +Parameter Sets: (All) Aliases: -Required: True +Required: False Position: Named -Default value: None +Default value: False Accept pipeline input: False Accept wildcard characters: False ``` -### -ProfileLevel -Specifies the profile level (L1 or L2) for the audit. -This parameter is optional and can be combined with the ELevel parameter. +### -DoNotConnect +If specified, the cmdlet will not establish a connection to Microsoft 365 services. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DoNotDisconnect +If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ELevel +Specifies the E-Level (E3 or E5) for the audit. +This parameter is optional and can be combined with the ProfileLevel parameter. ```yaml Type: String @@ -289,6 +332,37 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -NoModuleCheck +If specified, the cmdlet will not check for the presence of required modules. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProfileLevel +Specifies the profile level (L1 or L2) for the audit. +This parameter is optional and can be combined with the ELevel parameter. + +```yaml +Type: String +Parameter Sets: ELevelFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -SkipRecommendation Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. @@ -305,105 +379,15 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ApprovedCloudStorageProviders -Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. +### -TenantAdminUrl +The URL of the tenant admin. +If not specified, none of the SharePoint Online tests will run. ```yaml -Type: String[] +Type: String Parameter Sets: (All) Aliases: -Required: False -Position: Named -Default value: @() -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -ApprovedFederatedDomains -Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. - -```yaml -Type: String[] -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DoNotConnect -If specified, the cmdlet will not establish a connection to Microsoft 365 services. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DoNotDisconnect -If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -NoModuleCheck -If specified, the cmdlet will not check for the presence of required modules. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DoNotConfirmConnections -If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - Required: False Position: Named Default value: None @@ -426,6 +410,22 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). @@ -435,7 +435,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### CISAuditResult[] -### The cmdlet returns an array of CISAuditResult objects representing the results of the security audit. +### The cmdlet returns an array of CISAuditResult objects representing the results of the security audit. ## NOTES - This module is based on CIS benchmarks. - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. diff --git a/help/Sync-CISExcelAndCsvData.md b/help/Sync-CISExcelAndCsvData.md index 758f362..c869002 100644 --- a/help/Sync-CISExcelAndCsvData.md +++ b/help/Sync-CISExcelAndCsvData.md @@ -1,4 +1,4 @@ ---- +--- external help file: M365FoundationsCISReport-help.xml Module Name: M365FoundationsCISReport online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData @@ -32,22 +32,6 @@ Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', add ## PARAMETERS -### -ExcelPath -Specifies the path to the Excel file to be updated. -This parameter is mandatory. - -```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: False -Position: 1 -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -CsvPath Specifies the path to the CSV file containing new data. This parameter is mandatory. @@ -64,6 +48,22 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ExcelPath +Specifies the path to the Excel file to be updated. +This parameter is mandatory. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -SheetName Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory. @@ -86,7 +86,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String -### The function accepts strings for file paths and worksheet names. +### The function accepts strings for file paths and worksheet names. ## OUTPUTS ### None diff --git a/help/about_M365FoundationsCISReport.md b/help/about_M365FoundationsCISReport.md index 709b089..fae7e88 100644 --- a/help/about_M365FoundationsCISReport.md +++ b/help/about_M365FoundationsCISReport.md @@ -18,9 +18,11 @@ The module includes functionality to synchronize audit results with CIS benchmar ```powershell # Example 1: Performing a security audit based on CIS benchmarks $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" +$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com" -# Example 2: Exporting a security audit table to a CSV file -Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests +# Example 2: Exporting a security audit and it's nested tables to zipped CSV files +Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests + # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip # Example 3: Retrieving licenses for users in administrative roles Get-AdminRoleUserLicense diff --git a/source/en-US/M365FoundationsCISReport-help.xml b/source/en-US/M365FoundationsCISReport-help.xml index d9a795e..0feb087 100644 --- a/source/en-US/M365FoundationsCISReport-help.xml +++ b/source/en-US/M365FoundationsCISReport-help.xml @@ -65,6 +65,17 @@ None + + ExportOriginalTests + + Switch to export the original audit results to a CSV file. + + + SwitchParameter + + + False + ExportPath @@ -77,17 +88,6 @@ None - - ExportOriginalTests - - Switch to export the original audit results to a CSV file. - - - SwitchParameter - - - False - ExportToExcel @@ -152,6 +152,17 @@ None + + ExportOriginalTests + + Switch to export the original audit results to a CSV file. + + + SwitchParameter + + + False + ExportPath @@ -164,17 +175,6 @@ None - - ExportOriginalTests - - Switch to export the original audit results to a CSV file. - - - SwitchParameter - - - False - ExportToExcel @@ -213,18 +213,6 @@ None - - OutputTestNumber - - The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". - - String - - String - - - None - ExportAllTests @@ -237,6 +225,18 @@ False + + ExportOriginalTests + + Switch to export the original audit results to a CSV file. + + SwitchParameter + + SwitchParameter + + + False + ExportPath @@ -249,18 +249,6 @@ None - - ExportOriginalTests - - Switch to export the original audit results to a CSV file. - - SwitchParameter - - SwitchParameter - - - False - ExportToExcel @@ -273,6 +261,18 @@ False + + OutputTestNumber + + The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". + + String + + String + + + None + @@ -503,18 +503,6 @@ - - UserId - - The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. - - String - - String - - - None - SkipMSOLConnectionChecks @@ -527,6 +515,18 @@ False + + UserId + + The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. + + String + + String + + + None + @@ -660,6 +660,17 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + DoNotDisconnect + + If specified, does not disconnect from Microsoft Graph after granting consent. + + + SwitchParameter + + + False + SkipGraphConnection @@ -693,10 +704,10 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - DoNotDisconnect + + Confirm - If specified, does not disconnect from Microsoft Graph after granting consent. + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -715,31 +726,20 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - UserPrincipalNameForConsent + + DoNotDisconnect - Specify the UPN of the user to grant consent for. + If specified, does not disconnect from Microsoft Graph after granting consent. - String + SwitchParameter - String + SwitchParameter - None + False SkipGraphConnection @@ -777,10 +777,22 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - DoNotDisconnect + + UserPrincipalNameForConsent - If specified, does not disconnect from Microsoft Graph after granting consent. + Specify the UPN of the user to grant consent for. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -801,18 +813,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - @@ -869,13 +869,25 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com Invoke-M365SecurityAudit - TenantAdminUrl + ApprovedCloudStorageProviders - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. - String + String[] - String + String[] + + + @() + + + ApprovedFederatedDomains + + Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. + + String[] + + String[] None @@ -892,6 +904,39 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + + + DoNotConnect + + If specified, the cmdlet will not establish a connection to Microsoft 365 services. + + + SwitchParameter + + + False + + + DoNotDisconnect + + If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. + + + SwitchParameter + + + False + ELevel @@ -904,6 +949,17 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + ProfileLevel @@ -916,6 +972,43 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit ApprovedCloudStorageProviders @@ -940,6 +1033,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + DomainName + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -962,77 +1078,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - DomainName - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - IncludeIG1 @@ -1044,6 +1089,54 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit ApprovedCloudStorageProviders @@ -1068,6 +1161,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + DomainName + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -1090,77 +1206,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - DomainName - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - IncludeIG2 @@ -1172,6 +1217,54 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit ApprovedCloudStorageProviders @@ -1196,6 +1289,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + DomainName + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -1218,77 +1334,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - DomainName - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - IncludeIG3 @@ -1300,6 +1345,54 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit ApprovedCloudStorageProviders @@ -1324,6 +1417,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + DomainName + + The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + + String + + String + + + None + + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + + SwitchParameter + + + False + DoNotConnect @@ -1346,77 +1462,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - - - DomainName - - The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. - - String - - String - - - None - IncludeRecommendation @@ -1429,6 +1474,54 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + + SwitchParameter + + + False + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + Invoke-M365SecurityAudit ApprovedCloudStorageProviders @@ -1453,87 +1546,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None - - DoNotConnect - - If specified, the cmdlet will not establish a connection to Microsoft 365 services. - - - SwitchParameter - - - False - - - DoNotDisconnect - - If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. - - - SwitchParameter - - - False - - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - - Invoke-M365SecurityAudit - - TenantAdminUrl - - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - - String - - String - - - None - DomainName @@ -1546,41 +1558,16 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None - - SkipRecommendation - - Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. - - String[] - - String[] - - - None - - ApprovedCloudStorageProviders + DoNotConfirmConnections - Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. - String[] - String[] + SwitchParameter - @() - - - ApprovedFederatedDomains - - Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. - - String[] - - String[] - - - None + False DoNotConnect @@ -1615,10 +1602,34 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - DoNotConfirmConnections + + SkipRecommendation - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. + + String[] + + String[] + + + None + + + TenantAdminUrl + + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -1637,28 +1648,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - TenantAdminUrl + ApprovedCloudStorageProviders - The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. + Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. - String + String[] - String + String[] + + + @() + + + ApprovedFederatedDomains + + Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. + + String[] + + String[] None @@ -1675,6 +1687,42 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + DoNotConfirmConnections + + If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + + SwitchParameter + + SwitchParameter + + + False + + + DoNotConnect + + If specified, the cmdlet will not establish a connection to Microsoft 365 services. + + SwitchParameter + + SwitchParameter + + + False + + + DoNotDisconnect + + If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. + + SwitchParameter + + SwitchParameter + + + False + ELevel @@ -1687,18 +1735,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None - - ProfileLevel - - Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. - - String - - String - - - None - IncludeIG1 @@ -1747,6 +1783,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None + + NoModuleCheck + + If specified, the cmdlet will not check for the presence of required modules. + + SwitchParameter + + SwitchParameter + + + False + + + ProfileLevel + + Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. + + String + + String + + + None + SkipRecommendation @@ -1760,69 +1820,21 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com None - ApprovedCloudStorageProviders + TenantAdminUrl - Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. + The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. - String[] + String - String[] - - - @() - - - ApprovedFederatedDomains - - Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. - - String[] - - String[] + String None - - DoNotConnect + + Confirm - If specified, the cmdlet will not establish a connection to Microsoft 365 services. - - SwitchParameter - - SwitchParameter - - - False - - - DoNotDisconnect - - If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. - - SwitchParameter - - SwitchParameter - - - False - - - NoModuleCheck - - If specified, the cmdlet will not check for the presence of required modules. - - SwitchParameter - - SwitchParameter - - - False - - - DoNotConfirmConnections - - If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -1843,18 +1855,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com False - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - @@ -2099,10 +2099,10 @@ This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, - - ExcelPath + + CsvPath - Specifies the path to the Excel file to be updated. This parameter is mandatory. + Specifies the path to the CSV file containing new data. This parameter is mandatory. String @@ -2111,10 +2111,10 @@ This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, None - - CsvPath + + ExcelPath - Specifies the path to the CSV file containing new data. This parameter is mandatory. + Specifies the path to the Excel file to be updated. This parameter is mandatory. String diff --git a/source/en-US/about_M365FoundationsCISReport.help.txt b/source/en-US/about_M365FoundationsCISReport.help.txt index c64914f..c564cf6 100644 --- a/source/en-US/about_M365FoundationsCISReport.help.txt +++ b/source/en-US/about_M365FoundationsCISReport.help.txt @@ -30,9 +30,11 @@ Optional Subtopics EXAMPLES # Example 1: Performing a security audit based on CIS benchmarks $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" + $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com" - # Example 2: Exporting a security audit table to a CSV file - Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests + # Example 2: Exporting a security audit and it's nested tables to zipped CSV files + Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests + # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip # Example 3: Retrieving licenses for users in administrative roles Get-AdminRoleUserLicense From e4277afdb77dc9457d557038a015821b375b8279 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 7 Jul 2024 17:15:26 -0500 Subject: [PATCH 18/19] docs: Update Help README/HTML --- README copy.md | 93 ++++++++++++----------------------------- README.md | Bin 45446 -> 50704 bytes docs/index.html | Bin 117106 -> 119504 bytes helpers/Build-Help.ps1 | 1 + 4 files changed, 27 insertions(+), 67 deletions(-) diff --git a/README copy.md b/README copy.md index 962380e..1fbe43c 100644 --- a/README copy.md +++ b/README copy.md @@ -13,81 +13,40 @@ For full license details, please visit [Creative Commons Attribution-NonCommerci [Register for and download CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks) ## Invoke-M365SecurityAudit -### Synopsis -Invokes a security audit for Microsoft 365 environments. -### Syntax + +# EXAMPLES ```powershell +# Example 1: Performing a security audit based on CIS benchmarks +$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" +$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com" -Invoke-M365SecurityAudit -TenantAdminUrl -DomainName [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [] +# Example 2: Exporting a security audit and it's nested tables to zipped CSV files +Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests + # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip -Invoke-M365SecurityAudit -TenantAdminUrl -DomainName [-ELevel ] [-ProfileLevel ] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [] - -Invoke-M365SecurityAudit -TenantAdminUrl -DomainName [-IncludeIG1] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [] - -Invoke-M365SecurityAudit -TenantAdminUrl -DomainName [-IncludeIG2] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [] - -Invoke-M365SecurityAudit -TenantAdminUrl -DomainName [-IncludeIG3] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [] - -Invoke-M365SecurityAudit -TenantAdminUrl -DomainName [-IncludeRecommendation ] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [] - -Invoke-M365SecurityAudit -TenantAdminUrl -DomainName [-SkipRecommendation ] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [] +# Example 3: Retrieving licenses for users in administrative roles +Get-AdminRoleUserLicense +# Example 4: Getting MFA status of users +Get-MFAStatus -UserId "user@domain.com" +# Example 5: Removing rows with empty status values from a CSV file +Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1" +# Example 6: Synchronizing CIS benchmark data with audit results +Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles" +# Example 7: Granting Microsoft Graph permissions to the auditor +Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com' ``` -### Parameters -| Name | Alias | Description | Required? | Pipeline Input | Default Value | -| - | - | - | - | - | - | -| TenantAdminUrl | | The URL of the tenant admin. This parameter is mandatory. | true | false | | -| DomainName | | The domain name of the Microsoft 365 environment. This parameter is mandatory. | true | false | | -| ELevel | | Specifies the E-Level \(E3 or E5\) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. | false | false | | -| ProfileLevel | | Specifies the profile level \(L1 or L2\) for the audit. This parameter is optional and can be combined with the ELevel parameter. | false | false | | -| IncludeIG1 | | If specified, includes tests where IG1 is true. | false | false | False | -| IncludeIG2 | | If specified, includes tests where IG2 is true. | false | false | False | -| IncludeIG3 | | If specified, includes tests where IG3 is true. | false | false | False | -| IncludeRecommendation | | Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers. | false | false | | -| SkipRecommendation | | Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. | false | false | | -| DoNotConnect | | If specified, the cmdlet will not establish a connection to Microsoft 365 services. | false | false | False | -| DoNotDisconnect | | If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. | false | false | False | -| NoModuleCheck | | If specified, the cmdlet will not check for the presence of required modules. | false | false | False | -| WhatIf | wi | | false | false | | -| Confirm | cf | | false | false | | -### Inputs - - None. You cannot pipe objects to Invoke-M365SecurityAudit. -### Outputs - - CISAuditResult\\[\] The cmdlet returns an array of CISAuditResult objects representing the results of the security audit. +# NOTE +Ensure that you have the necessary permissions and administrative roles in your Microsoft 365 environment to run these cmdlets. Proper configuration and setup are required for accurate audit results. -### Note -This module is based on CIS benchmarks and is governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. For more details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en +# TROUBLESHOOTING NOTE +If you encounter any issues while using the cmdlets, ensure that your environment meets the module prerequisites. Check for any updates or patches that may address known bugs. For issues related to specific cmdlets, refer to the individual help files for troubleshooting tips. -### Examples -**EXAMPLE 1** -```powershell -Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1" -``` -Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment. - -**EXAMPLE 2** -```powershell -Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1 -``` -Performs an audit including all tests where IG1 is true. - -**EXAMPLE 3** -```powershell -Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1' -``` -Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1. - -**EXAMPLE 4** -```powershell -$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation -``` -Captures the audit results into a variable and exports them to a CSV file. - -### Links - - - [Online Version: [GitHub Repository URL]](#Online Version: [GitHub Repository URL]) +# SEE ALSO +- [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/) +- [Microsoft 365 Security Documentation](https://docs.microsoft.com/en-us/microsoft-365/security/) +- [PowerShell Documentation](https://docs.microsoft.com/en-us/powershell/) \ No newline at end of file diff --git a/README.md b/README.md index 4c04a533ac7e357cb0af9501d47f91d77568f386..9c9dd2911d42213dd57e8cd123b95f6257b0c26c 100644 GIT binary patch delta 3115 zcmb7GU2IfE6rN?J6b(P6Zt6k{(`}$7ZRrm!LIKO#7DOoButhWw+S}dj4{Z0pwva-j zAv_pkY)%DkwRNTloOG0)5+9^EHkl?y%Pgc_Y5y>rWlskc8$!ykx++PO&e@g!(wV%mJq<{J)Gh;)XPiQ3R3%B4xB%jT>Y%cA+F=WYCs-ZQBvwXHDIUqm|5| zPs2SLJ_NNK9t-8BJ^tz>jFcK+VqfXrB!52hlm%9!ky8s) z2KExLYN2{~G$?l_Hh95aah~my(6Js*qjU_`H#8dFjw(KdT$*w^2L22q*97#3TYg!w z|KLi)TV|(p>*^Ou;}`}Thtvr$*R%!o9A=E{ zusQ}hX}p)?gp6de5i#vd8KWbP)>|S#8cZRUEWTJC&mvx%4@1QYOjzp4Y|W~yYJqx8 ze!Nw)%7v=xxPL(dmKYv_;sQol5@5|3xHQ6N(8a*BuuDfQjC}^=h&qS$MJTL$gwB%6 zI>@F)d!!jz7@J()mLhKKn7AA)i<&JNpN4UEyji?8SU7_m+073^N|WU{(ABuv#O-5A z`6=#ODCYnHq2{;=&h2lOGnQ5CIV?#+!2;7J)VSe8k@>~2*=v|5w`WdbmPA}84NAA0 zVam8(N{uk+JpkiDP$LW)@LMb9r{t^oI_a-?VNILbULw60^vO5b%H}W}w}fLpNQZuG zM+tLEvJliM$P!X@-FGf(z7n`;NF&DCEM()*a*vNTv$7R7va0Q0^jb{=?#4G3N9pcm zJ}#zf{Qv1p$NzRl9&Yh@+Va;cW(VcM*pjrId^^AIM32YI&hTKQLDmnC%KfqSe9OsC zJ=Dn0zf>4}eX201J#+UT`o>VZ(^U2$e}Amj>phG*cBUGRup7or{_SZp0sh%KWaH)e z!mQf@BGKJq;(6)zB6gR!Ixp$o#s$Vsrjr-!M8mM=t_mU@WMl+Z$X<5QPH1)Dw+FDh zx~-s00yZqy`qdG1jX_i7)ZA%Slxl~d%UYUM$+K`OiiX2Okzv@&fo*6ZxMmN?^TwFF zbywNeVHl&6K{!d4v6fxVWzkrdZR9-@Q!6CCcEbXzjg`wPFJOTYI~J+Rd%@9yL##8_ zGY>h|aS;n*H3SP>lQCx$HKyq#BdWMR*h%{)^KcjEBA}N4Z5@PJEAKcfL%6Wy4(nR^Z1R!oj5{~)bmfteCn5u zQi41>Qa2vZM}pI>ay8wuHwXsVE1Bsp#&9{2-BwPLN3boga7c!az)H;SdS(6QCJ9~b zl1s1N%wKq;(qp9g1Jdb{v28ta+ph~ZQ!U>GcHwp!z|Dm1mG@Kr4*_*nn9fI*_Iq$~ sJgu5cWjyKOV delta 426 zcmbQx!`$|mX~QbE%{Ag_zLNur6PS4!xF)YJHk|w~ea2?KG%Lo<2U7ePH&4q@VFXH> zfu;EiKW~1Pg(hH@izd*PuLsr4RHVT;`9R9H%@2y-FijS#RAJ3y$Y&^-EVx^=UV$Nz zA&()2L4hHOp%O@@Fr+f10mVugau`a0{7f)e4y1E{P=TQUC|3-G`e0QcQIH7`xip}u zrBKsSfb3kLOeT80ApX`l6AZ6F0YVu z75@-Ic%9(+VYEaeYGSPA8m}hCm?lPJg5igMOboFEBY_&NqVbR5H+T0gt;EMKVs7re z=ggUz^Uch6=KOpn@6zjer@pLOLyhzht;E|*1~t(dYQeV&-)34ne#6t5XF!g}{G;DFv|9e22Ke1dK?+a^{^6a5lq*=OCPr&*z3Zb(?SJt( zTi>idSLkxKP^-op)$y@P^XT}|#;nja`C++1VIVi)FM`o-jGwh*Nvi3|wjF4ofVt!O}GEmtc=Y)H#=rY)zq~o&Dd|T zg4|7%)L-ZF65Ub9g@GjMAyMr{6mj6*540i~2Kof%$RYm8%y<}*I94Pd!}vz%keYs@ zCN-FeQ!?cvr{WnJ&|@=v1n6lzL&%1B9t3F&5XlGn_-HMN<>)rh2Ked&cOuYhr!BMz zwXKJ?Xg+LPWVKV&KwVHy;5h&&aX9XT*?zonI66o%ge1i4!m5;UfDYNtoUNN@Z5@Iy z0T}>DA<_WInkhPVnCYVxc1g0lK0e0Q!5qFhM;WW#DZ$xq*FT#lNDjb_oB{)oIxrG= z5zNANb`$pOPG)>q*#_rg6Njy6$;k;r=Ga6Lj?5&qz1S}urp)u5GrPnEh=bX&J6ym5z3^^f|AdSjW=nyxKR1z53QVE|Qs= zNR;SmKTFT_-q(%v45&%==%@VbwzcD#H606aRK-?!_2m%1Zx22R@H@^RUvKW=^R~rL zJ^Z5j{d~~wX1cPMU$wqy=QhUTzk*yJyq6%mdS`&to44>s{{`bcO{BH5i|cd#Pp~Z1 zwlQb!*YK} zua|RxzM#e)EiaXONA8gUNYbmz$tSn<12f32`?m5zb!Js%?he{za~v29Yvc)j`yV)F zweH}S!UE?ON~+UqOVvp2{rb!hyY-c0TxLxSanS delta 1033 zcmbu8Ur5tY6vxlmAODQZwkiHeZBC;(mO4`@sVH04gJ_mSWtm%Zxw1K$QX<%di15K| zx4aNxLoC9F#IE=&2wBi$NJT^sVI@JLX10o+g3fPipuJW6_#M9Yd(ZvcbAI>!p52ZQ z2jcsuvaL`AB~VOnDHy;Co1lVXIYn~E=JhoquJ&mbxAkIr{8n(lS=cVVoPL`uUU%J9 zipv)iYee8meKK1dys6v>1~xXH$3nMM*`&b+Zt#H@TEPyTP($$yG(!?-7zQ(#IcQ>z zU_KiN=7=Xjjh4L{D~xTytd4cUc>hun8rbOjhZ`(J^FarkfEH4A(gxCP#FOc6ay&F{ zW<4_n>|$5CSehADvNvCwl=5cQKp8W9ejq-4JcVq>qDoB9`%%1@Gb5#x%PHdVVgZWA zPb-`Qie=O5k@x8_OZ0_JF@^_)>3el##HQybMBxu_B3G#~U+tmF+WBY#rY6b7dcaBL zI-ryHRHEMQhISgBqpDl!F;E9`KR!AK7b)457e(h>MC$kra7Ox-Gdz+0qhG;J*(d2# z#!=*cJ+5X` zb8$Sh4^`5F1}nA9W^3WJXk4nw!2|{O8}Ja@YjZ|GX;OGIK1$?92kQ7x9h&$|9p*FL zY&!Sv!d1*TnZn;4Ml&}ap%C6rq1%QY9<0U*9y*E%yuTjr$m*WdxCa*$D@i%(vdD$e z&Sv~Ij}vb|>aWF@xDxtrXyxfifb)nob&vl@l z1 Date: Sun, 7 Jul 2024 17:21:40 -0500 Subject: [PATCH 19/19] docs: Update CHANGELOG --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 186059a..edbac8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,12 @@ The format is based on and uses the types of changes according to [Keep a Change - Fixed Test 1.3.3 to be the simpler version of the test while including output to check for current users sharing calendars. - Safe Attachments logic and added `$DomainName` as input to 2.1.4 to test main policy. +### Docs + +- Updated `about_M365FoundationsCISReport` help file with new functions and changes. +- Updated `Invoke-M365SecurityAudit` help file with examples. +- Updated `Export-M365SecurityAudit` help file with examples. + ## [0.1.23] - 2024-07-02 # Fixed