diff --git a/help/Export-M365SecurityAuditTable.md b/help/Export-M365SecurityAuditTable.md
index 07eb7cf..3a05f2e 100644
--- a/help/Export-M365SecurityAuditTable.md
+++ b/help/Export-M365SecurityAuditTable.md
@@ -1,4 +1,4 @@
----
+---
external help file: M365FoundationsCISReport-help.xml
Module Name: M365FoundationsCISReport
online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable
@@ -109,22 +109,6 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -OutputTestNumber
-The test number to output as an object.
-Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
-
-```yaml
-Type: String
-Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle
-Aliases:
-
-Required: True
-Position: 2
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### -ExportAllTests
Switch to export all test results.
@@ -140,6 +124,21 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -ExportOriginalTests
+Switch to export the original audit results to a CSV file.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
+Aliases:
+
+Required: True
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -ExportPath
The path where the CSV files will be exported.
@@ -155,21 +154,6 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -ExportOriginalTests
-Switch to export the original audit results to a CSV file.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
-Aliases:
-
-Required: True
-Position: Named
-Default value: False
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### -ExportToExcel
Switch to export the results to an Excel file.
@@ -185,13 +169,29 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -OutputTestNumber
+The test number to output as an object.
+Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
+
+```yaml
+Type: String
+Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle
+Aliases:
+
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### [CISAuditResult[]] - An array of CISAuditResult objects.
-### [string] - A path to a CSV file.
+### [string] - A path to a CSV file.
## OUTPUTS
### [PSCustomObject] - A custom object containing the path to the zip file and its hash.
diff --git a/help/Get-AdminRoleUserLicense.md b/help/Get-AdminRoleUserLicense.md
index 0100860..a36d202 100644
--- a/help/Get-AdminRoleUserLicense.md
+++ b/help/Get-AdminRoleUserLicense.md
@@ -63,7 +63,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
## OUTPUTS
### PSCustomObject
-### Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses.
+### Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses.
## NOTES
Creation Date: 2024-04-15
Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing.
diff --git a/help/Get-MFAStatus.md b/help/Get-MFAStatus.md
index c64235b..daf0520 100644
--- a/help/Get-MFAStatus.md
+++ b/help/Get-MFAStatus.md
@@ -1,4 +1,4 @@
----
+---
external help file: M365FoundationsCISReport-help.xml
Module Name: M365FoundationsCISReport
online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus
@@ -36,6 +36,21 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
## PARAMETERS
+### -SkipMSOLConnectionChecks
+{{ Fill SkipMSOLConnectionChecks Description }}
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -UserId
The User Principal Name (UPN) of a specific user to retrieve MFA status for.
If not provided, the function retrieves MFA status for all users.
@@ -52,21 +67,6 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -SkipMSOLConnectionChecks
-{{ Fill SkipMSOLConnectionChecks Description }}
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: False
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
@@ -75,14 +75,14 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
## OUTPUTS
### System.Object
-### Returns a sorted list of custom objects containing the following properties:
-### - UserPrincipalName
-### - DisplayName
-### - MFAState
-### - MFADefaultMethod
-### - MFAPhoneNumber
-### - PrimarySMTP
-### - Aliases
+### Returns a sorted list of custom objects containing the following properties:
+### - UserPrincipalName
+### - DisplayName
+### - MFAState
+### - MFADefaultMethod
+### - MFAPhoneNumber
+### - PrimarySMTP
+### - Aliases
## NOTES
The function requires the MSOL module to be installed and connected to your tenant.
Ensure that you have the necessary permissions to read user and MFA status information.
diff --git a/help/Grant-M365SecurityAuditConsent.md b/help/Grant-M365SecurityAuditConsent.md
index c5c5564..eb1c7aa 100644
--- a/help/Grant-M365SecurityAuditConsent.md
+++ b/help/Grant-M365SecurityAuditConsent.md
@@ -1,4 +1,4 @@
----
+---
external help file: M365FoundationsCISReport-help.xml
Module Name: M365FoundationsCISReport
online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent
@@ -40,18 +40,18 @@ Grants Microsoft Graph permissions to user@example.com, skipping the connection
## PARAMETERS
-### -UserPrincipalNameForConsent
-Specify the UPN of the user to grant consent for.
+### -DoNotDisconnect
+If specified, does not disconnect from Microsoft Graph after granting consent.
```yaml
-Type: String
+Type: SwitchParameter
Parameter Sets: (All)
Aliases:
-Required: True
-Position: 1
-Default value: None
-Accept pipeline input: True (ByPropertyName, ByValue)
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
Accept wildcard characters: False
```
@@ -100,17 +100,32 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -DoNotDisconnect
-If specified, does not disconnect from Microsoft Graph after granting consent.
+### -UserPrincipalNameForConsent
+Specify the UPN of the user to grant consent for.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
-Aliases:
+Aliases: cf
Required: False
Position: Named
-Default value: False
+Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
@@ -131,21 +146,6 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -Confirm
-Prompts you for confirmation before running the cmdlet.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases: cf
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
diff --git a/help/Invoke-M365SecurityAudit.md b/help/Invoke-M365SecurityAudit.md
index 886c5d2..34ff707 100644
--- a/help/Invoke-M365SecurityAudit.md
+++ b/help/Invoke-M365SecurityAudit.md
@@ -1,4 +1,4 @@
----
+---
external help file: M365FoundationsCISReport-help.xml
Module Name: M365FoundationsCISReport
online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit
@@ -165,12 +165,26 @@ What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsof
## PARAMETERS
-### -TenantAdminUrl
-The URL of the tenant admin.
-If not specified, none of the SharePoint Online tests will run.
+### -ApprovedCloudStorageProviders
+Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
```yaml
-Type: String
+Type: String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: @()
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ApprovedFederatedDomains
+Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
+
+```yaml
+Type: String[]
Parameter Sets: (All)
Aliases:
@@ -196,25 +210,54 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -ELevel
-Specifies the E-Level (E3 or E5) for the audit.
-This parameter is optional and can be combined with the ProfileLevel parameter.
+### -DoNotConfirmConnections
+If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
```yaml
-Type: String
-Parameter Sets: ELevelFilter
+Type: SwitchParameter
+Parameter Sets: (All)
Aliases:
-Required: True
+Required: False
Position: Named
-Default value: None
+Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
-### -ProfileLevel
-Specifies the profile level (L1 or L2) for the audit.
-This parameter is optional and can be combined with the ELevel parameter.
+### -DoNotConnect
+If specified, the cmdlet will not establish a connection to Microsoft 365 services.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DoNotDisconnect
+If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ELevel
+Specifies the E-Level (E3 or E5) for the audit.
+This parameter is optional and can be combined with the ProfileLevel parameter.
```yaml
Type: String
@@ -289,6 +332,37 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -NoModuleCheck
+If specified, the cmdlet will not check for the presence of required modules.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ProfileLevel
+Specifies the profile level (L1 or L2) for the audit.
+This parameter is optional and can be combined with the ELevel parameter.
+
+```yaml
+Type: String
+Parameter Sets: ELevelFilter
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -SkipRecommendation
Specifies specific recommendations to exclude from the audit.
Accepts an array of recommendation numbers.
@@ -305,105 +379,15 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -ApprovedCloudStorageProviders
-Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
+### -TenantAdminUrl
+The URL of the tenant admin.
+If not specified, none of the SharePoint Online tests will run.
```yaml
-Type: String[]
+Type: String
Parameter Sets: (All)
Aliases:
-Required: False
-Position: Named
-Default value: @()
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -ApprovedFederatedDomains
-Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
-
-```yaml
-Type: String[]
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -DoNotConnect
-If specified, the cmdlet will not establish a connection to Microsoft 365 services.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: False
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -DoNotDisconnect
-If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: False
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -NoModuleCheck
-If specified, the cmdlet will not check for the presence of required modules.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: False
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -DoNotConfirmConnections
-If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: False
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -WhatIf
-Shows what would happen if the cmdlet runs.
-The cmdlet is not run.
-
-```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
-Aliases: wi
-
Required: False
Position: Named
Default value: None
@@ -426,6 +410,22 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
@@ -435,7 +435,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
## OUTPUTS
### CISAuditResult[]
-### The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
+### The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
## NOTES
- This module is based on CIS benchmarks.
- Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
diff --git a/help/Sync-CISExcelAndCsvData.md b/help/Sync-CISExcelAndCsvData.md
index 758f362..c869002 100644
--- a/help/Sync-CISExcelAndCsvData.md
+++ b/help/Sync-CISExcelAndCsvData.md
@@ -1,4 +1,4 @@
----
+---
external help file: M365FoundationsCISReport-help.xml
Module Name: M365FoundationsCISReport
online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData
@@ -32,22 +32,6 @@ Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', add
## PARAMETERS
-### -ExcelPath
-Specifies the path to the Excel file to be updated.
-This parameter is mandatory.
-
-```yaml
-Type: String
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: 1
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### -CsvPath
Specifies the path to the CSV file containing new data.
This parameter is mandatory.
@@ -64,6 +48,22 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -ExcelPath
+Specifies the path to the Excel file to be updated.
+This parameter is mandatory.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -SheetName
Specifies the name of the worksheet in the Excel file where data will be merged and updated.
This parameter is mandatory.
@@ -86,7 +86,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
## INPUTS
### System.String
-### The function accepts strings for file paths and worksheet names.
+### The function accepts strings for file paths and worksheet names.
## OUTPUTS
### None
diff --git a/help/about_M365FoundationsCISReport.md b/help/about_M365FoundationsCISReport.md
index 709b089..fae7e88 100644
--- a/help/about_M365FoundationsCISReport.md
+++ b/help/about_M365FoundationsCISReport.md
@@ -18,9 +18,11 @@ The module includes functionality to synchronize audit results with CIS benchmar
```powershell
# Example 1: Performing a security audit based on CIS benchmarks
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
+$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com"
-# Example 2: Exporting a security audit table to a CSV file
-Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests
+# Example 2: Exporting a security audit and it's nested tables to zipped CSV files
+Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests
+ # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
# Example 3: Retrieving licenses for users in administrative roles
Get-AdminRoleUserLicense
diff --git a/source/en-US/M365FoundationsCISReport-help.xml b/source/en-US/M365FoundationsCISReport-help.xml
index d9a795e..0feb087 100644
--- a/source/en-US/M365FoundationsCISReport-help.xml
+++ b/source/en-US/M365FoundationsCISReport-help.xml
@@ -65,6 +65,17 @@
None
+
+ ExportOriginalTests
+
+ Switch to export the original audit results to a CSV file.
+
+
+ SwitchParameter
+
+
+ False
+
ExportPath
@@ -77,17 +88,6 @@
None
-
- ExportOriginalTests
-
- Switch to export the original audit results to a CSV file.
-
-
- SwitchParameter
-
-
- False
-
ExportToExcel
@@ -152,6 +152,17 @@
None
+
+ ExportOriginalTests
+
+ Switch to export the original audit results to a CSV file.
+
+
+ SwitchParameter
+
+
+ False
+
ExportPath
@@ -164,17 +175,6 @@
None
-
- ExportOriginalTests
-
- Switch to export the original audit results to a CSV file.
-
-
- SwitchParameter
-
-
- False
-
ExportToExcel
@@ -213,18 +213,6 @@
None
-
- OutputTestNumber
-
- The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
-
- String
-
- String
-
-
- None
-
ExportAllTests
@@ -237,6 +225,18 @@
False
+
+ ExportOriginalTests
+
+ Switch to export the original audit results to a CSV file.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ False
+
ExportPath
@@ -249,18 +249,6 @@
None
-
- ExportOriginalTests
-
- Switch to export the original audit results to a CSV file.
-
- SwitchParameter
-
- SwitchParameter
-
-
- False
-
ExportToExcel
@@ -273,6 +261,18 @@
False
+
+ OutputTestNumber
+
+ The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
+
+ String
+
+ String
+
+
+ None
+
@@ -503,18 +503,6 @@
-
- UserId
-
- The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users.
-
- String
-
- String
-
-
- None
-
SkipMSOLConnectionChecks
@@ -527,6 +515,18 @@
False
+
+ UserId
+
+ The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users.
+
+ String
+
+ String
+
+
+ None
+
@@ -660,6 +660,17 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ DoNotDisconnect
+
+ If specified, does not disconnect from Microsoft Graph after granting consent.
+
+
+ SwitchParameter
+
+
+ False
+
SkipGraphConnection
@@ -693,10 +704,10 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- DoNotDisconnect
+
+ Confirm
- If specified, does not disconnect from Microsoft Graph after granting consent.
+ Prompts you for confirmation before running the cmdlet.
SwitchParameter
@@ -715,31 +726,20 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
-
- SwitchParameter
-
-
- False
-
-
- UserPrincipalNameForConsent
+
+ DoNotDisconnect
- Specify the UPN of the user to grant consent for.
+ If specified, does not disconnect from Microsoft Graph after granting consent.
- String
+ SwitchParameter
- String
+ SwitchParameter
- None
+ False
SkipGraphConnection
@@ -777,10 +777,22 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- DoNotDisconnect
+
+ UserPrincipalNameForConsent
- If specified, does not disconnect from Microsoft Graph after granting consent.
+ Specify the UPN of the user to grant consent for.
+
+ String
+
+ String
+
+
+ None
+
+
+ Confirm
+
+ Prompts you for confirmation before running the cmdlet.
SwitchParameter
@@ -801,18 +813,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
- SwitchParameter
-
- SwitchParameter
-
-
- False
-
@@ -869,13 +869,25 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
Invoke-M365SecurityAudit
- TenantAdminUrl
+ ApprovedCloudStorageProviders
- The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+ Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
- String
+ String[]
- String
+ String[]
+
+
+ @()
+
+
+ ApprovedFederatedDomains
+
+ Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
+
+ String[]
+
+ String[]
None
@@ -892,6 +904,39 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ DoNotConfirmConnections
+
+ If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ DoNotConnect
+
+ If specified, the cmdlet will not establish a connection to Microsoft 365 services.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ DoNotDisconnect
+
+ If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
+
+
+ SwitchParameter
+
+
+ False
+
ELevel
@@ -904,6 +949,17 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ NoModuleCheck
+
+ If specified, the cmdlet will not check for the presence of required modules.
+
+
+ SwitchParameter
+
+
+ False
+
ProfileLevel
@@ -916,6 +972,43 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ TenantAdminUrl
+
+ The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+
+ String
+
+ String
+
+
+ None
+
+
+ Confirm
+
+ Prompts you for confirmation before running the cmdlet.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ WhatIf
+
+ Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+
+ SwitchParameter
+
+
+ False
+
+
+
+ Invoke-M365SecurityAudit
ApprovedCloudStorageProviders
@@ -940,6 +1033,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ DomainName
+
+ The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
+
+ String
+
+ String
+
+
+ None
+
+
+ DoNotConfirmConnections
+
+ If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+
+
+ SwitchParameter
+
+
+ False
+
DoNotConnect
@@ -962,77 +1078,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- NoModuleCheck
-
- If specified, the cmdlet will not check for the presence of required modules.
-
-
- SwitchParameter
-
-
- False
-
-
- DoNotConfirmConnections
-
- If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
-
-
- SwitchParameter
-
-
- False
-
-
- WhatIf
-
- Shows what would happen if the cmdlet runs. The cmdlet is not run.
-
-
- SwitchParameter
-
-
- False
-
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
-
- SwitchParameter
-
-
- False
-
-
-
- Invoke-M365SecurityAudit
-
- TenantAdminUrl
-
- The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
-
- String
-
- String
-
-
- None
-
-
- DomainName
-
- The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
-
- String
-
- String
-
-
- None
-
IncludeIG1
@@ -1044,6 +1089,54 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
+
+ NoModuleCheck
+
+ If specified, the cmdlet will not check for the presence of required modules.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ TenantAdminUrl
+
+ The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+
+ String
+
+ String
+
+
+ None
+
+
+ Confirm
+
+ Prompts you for confirmation before running the cmdlet.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ WhatIf
+
+ Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+
+ SwitchParameter
+
+
+ False
+
+
+
+ Invoke-M365SecurityAudit
ApprovedCloudStorageProviders
@@ -1068,6 +1161,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ DomainName
+
+ The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
+
+ String
+
+ String
+
+
+ None
+
+
+ DoNotConfirmConnections
+
+ If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+
+
+ SwitchParameter
+
+
+ False
+
DoNotConnect
@@ -1090,77 +1206,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- NoModuleCheck
-
- If specified, the cmdlet will not check for the presence of required modules.
-
-
- SwitchParameter
-
-
- False
-
-
- DoNotConfirmConnections
-
- If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
-
-
- SwitchParameter
-
-
- False
-
-
- WhatIf
-
- Shows what would happen if the cmdlet runs. The cmdlet is not run.
-
-
- SwitchParameter
-
-
- False
-
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
-
- SwitchParameter
-
-
- False
-
-
-
- Invoke-M365SecurityAudit
-
- TenantAdminUrl
-
- The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
-
- String
-
- String
-
-
- None
-
-
- DomainName
-
- The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
-
- String
-
- String
-
-
- None
-
IncludeIG2
@@ -1172,6 +1217,54 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
+
+ NoModuleCheck
+
+ If specified, the cmdlet will not check for the presence of required modules.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ TenantAdminUrl
+
+ The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+
+ String
+
+ String
+
+
+ None
+
+
+ Confirm
+
+ Prompts you for confirmation before running the cmdlet.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ WhatIf
+
+ Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+
+ SwitchParameter
+
+
+ False
+
+
+
+ Invoke-M365SecurityAudit
ApprovedCloudStorageProviders
@@ -1196,6 +1289,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ DomainName
+
+ The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
+
+ String
+
+ String
+
+
+ None
+
+
+ DoNotConfirmConnections
+
+ If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+
+
+ SwitchParameter
+
+
+ False
+
DoNotConnect
@@ -1218,77 +1334,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- NoModuleCheck
-
- If specified, the cmdlet will not check for the presence of required modules.
-
-
- SwitchParameter
-
-
- False
-
-
- DoNotConfirmConnections
-
- If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
-
-
- SwitchParameter
-
-
- False
-
-
- WhatIf
-
- Shows what would happen if the cmdlet runs. The cmdlet is not run.
-
-
- SwitchParameter
-
-
- False
-
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
-
- SwitchParameter
-
-
- False
-
-
-
- Invoke-M365SecurityAudit
-
- TenantAdminUrl
-
- The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
-
- String
-
- String
-
-
- None
-
-
- DomainName
-
- The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
-
- String
-
- String
-
-
- None
-
IncludeIG3
@@ -1300,6 +1345,54 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
+
+ NoModuleCheck
+
+ If specified, the cmdlet will not check for the presence of required modules.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ TenantAdminUrl
+
+ The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+
+ String
+
+ String
+
+
+ None
+
+
+ Confirm
+
+ Prompts you for confirmation before running the cmdlet.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ WhatIf
+
+ Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+
+ SwitchParameter
+
+
+ False
+
+
+
+ Invoke-M365SecurityAudit
ApprovedCloudStorageProviders
@@ -1324,6 +1417,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ DomainName
+
+ The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
+
+ String
+
+ String
+
+
+ None
+
+
+ DoNotConfirmConnections
+
+ If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+
+
+ SwitchParameter
+
+
+ False
+
DoNotConnect
@@ -1346,77 +1462,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- NoModuleCheck
-
- If specified, the cmdlet will not check for the presence of required modules.
-
-
- SwitchParameter
-
-
- False
-
-
- DoNotConfirmConnections
-
- If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
-
-
- SwitchParameter
-
-
- False
-
-
- WhatIf
-
- Shows what would happen if the cmdlet runs. The cmdlet is not run.
-
-
- SwitchParameter
-
-
- False
-
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
-
- SwitchParameter
-
-
- False
-
-
-
- Invoke-M365SecurityAudit
-
- TenantAdminUrl
-
- The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
-
- String
-
- String
-
-
- None
-
-
- DomainName
-
- The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
-
- String
-
- String
-
-
- None
-
IncludeRecommendation
@@ -1429,6 +1474,54 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ NoModuleCheck
+
+ If specified, the cmdlet will not check for the presence of required modules.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ TenantAdminUrl
+
+ The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+
+ String
+
+ String
+
+
+ None
+
+
+ Confirm
+
+ Prompts you for confirmation before running the cmdlet.
+
+
+ SwitchParameter
+
+
+ False
+
+
+ WhatIf
+
+ Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+
+ SwitchParameter
+
+
+ False
+
+
+
+ Invoke-M365SecurityAudit
ApprovedCloudStorageProviders
@@ -1453,87 +1546,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
-
- DoNotConnect
-
- If specified, the cmdlet will not establish a connection to Microsoft 365 services.
-
-
- SwitchParameter
-
-
- False
-
-
- DoNotDisconnect
-
- If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
-
-
- SwitchParameter
-
-
- False
-
-
- NoModuleCheck
-
- If specified, the cmdlet will not check for the presence of required modules.
-
-
- SwitchParameter
-
-
- False
-
-
- DoNotConfirmConnections
-
- If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
-
-
- SwitchParameter
-
-
- False
-
-
- WhatIf
-
- Shows what would happen if the cmdlet runs. The cmdlet is not run.
-
-
- SwitchParameter
-
-
- False
-
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
-
- SwitchParameter
-
-
- False
-
-
-
- Invoke-M365SecurityAudit
-
- TenantAdminUrl
-
- The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
-
- String
-
- String
-
-
- None
-
DomainName
@@ -1546,41 +1558,16 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
-
- SkipRecommendation
-
- Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.
-
- String[]
-
- String[]
-
-
- None
-
- ApprovedCloudStorageProviders
+ DoNotConfirmConnections
- Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
+ If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
- String[]
- String[]
+ SwitchParameter
- @()
-
-
- ApprovedFederatedDomains
-
- Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
-
- String[]
-
- String[]
-
-
- None
+ False
DoNotConnect
@@ -1615,10 +1602,34 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- DoNotConfirmConnections
+
+ SkipRecommendation
- If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+ Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.
+
+ String[]
+
+ String[]
+
+
+ None
+
+
+ TenantAdminUrl
+
+ The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+
+ String
+
+ String
+
+
+ None
+
+
+ Confirm
+
+ Prompts you for confirmation before running the cmdlet.
SwitchParameter
@@ -1637,28 +1648,29 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
-
- SwitchParameter
-
-
- False
-
- TenantAdminUrl
+ ApprovedCloudStorageProviders
- The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+ Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
- String
+ String[]
- String
+ String[]
+
+
+ @()
+
+
+ ApprovedFederatedDomains
+
+ Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
+
+ String[]
+
+ String[]
None
@@ -1675,6 +1687,42 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ DoNotConfirmConnections
+
+ If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ False
+
+
+ DoNotConnect
+
+ If specified, the cmdlet will not establish a connection to Microsoft 365 services.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ False
+
+
+ DoNotDisconnect
+
+ If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ False
+
ELevel
@@ -1687,18 +1735,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
-
- ProfileLevel
-
- Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter.
-
- String
-
- String
-
-
- None
-
IncludeIG1
@@ -1747,6 +1783,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
+
+ NoModuleCheck
+
+ If specified, the cmdlet will not check for the presence of required modules.
+
+ SwitchParameter
+
+ SwitchParameter
+
+
+ False
+
+
+ ProfileLevel
+
+ Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter.
+
+ String
+
+ String
+
+
+ None
+
SkipRecommendation
@@ -1760,69 +1820,21 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
None
- ApprovedCloudStorageProviders
+ TenantAdminUrl
- Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
+ The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
- String[]
+ String
- String[]
-
-
- @()
-
-
- ApprovedFederatedDomains
-
- Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
-
- String[]
-
- String[]
+ String
None
-
- DoNotConnect
+
+ Confirm
- If specified, the cmdlet will not establish a connection to Microsoft 365 services.
-
- SwitchParameter
-
- SwitchParameter
-
-
- False
-
-
- DoNotDisconnect
-
- If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
-
- SwitchParameter
-
- SwitchParameter
-
-
- False
-
-
- NoModuleCheck
-
- If specified, the cmdlet will not check for the presence of required modules.
-
- SwitchParameter
-
- SwitchParameter
-
-
- False
-
-
- DoNotConfirmConnections
-
- If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+ Prompts you for confirmation before running the cmdlet.
SwitchParameter
@@ -1843,18 +1855,6 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
False
-
- Confirm
-
- Prompts you for confirmation before running the cmdlet.
-
- SwitchParameter
-
- SwitchParameter
-
-
- False
-
@@ -2099,10 +2099,10 @@ This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file,
-
- ExcelPath
+
+ CsvPath
- Specifies the path to the Excel file to be updated. This parameter is mandatory.
+ Specifies the path to the CSV file containing new data. This parameter is mandatory.
String
@@ -2111,10 +2111,10 @@ This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file,
None
-
- CsvPath
+
+ ExcelPath
- Specifies the path to the CSV file containing new data. This parameter is mandatory.
+ Specifies the path to the Excel file to be updated. This parameter is mandatory.
String
diff --git a/source/en-US/about_M365FoundationsCISReport.help.txt b/source/en-US/about_M365FoundationsCISReport.help.txt
index c64914f..c564cf6 100644
--- a/source/en-US/about_M365FoundationsCISReport.help.txt
+++ b/source/en-US/about_M365FoundationsCISReport.help.txt
@@ -30,9 +30,11 @@ Optional Subtopics
EXAMPLES
# Example 1: Performing a security audit based on CIS benchmarks
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
+ $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com"
- # Example 2: Exporting a security audit table to a CSV file
- Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests
+ # Example 2: Exporting a security audit and it's nested tables to zipped CSV files
+ Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests
+ # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
# Example 3: Retrieving licenses for users in administrative roles
Get-AdminRoleUserLicense