diff --git a/CHANGELOG.md b/CHANGELOG.md index dc91822..a2b3a73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ The format is based on and uses the types of changes according to [Keep a Change ## [Unreleased] +## [0.1.14] - 2024-06-23 + ### Fixed - Fixed test 1.3.1 to include notification window for password expiration. diff --git a/help/Export-M365SecurityAuditTable.md b/help/Export-M365SecurityAuditTable.md new file mode 100644 index 0000000..1d06070 --- /dev/null +++ b/help/Export-M365SecurityAuditTable.md @@ -0,0 +1,208 @@ +--- +external help file: M365FoundationsCISReport-help.xml +Module Name: M365FoundationsCISReport +online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable +schema: 2.0.0 +--- + +# Export-M365SecurityAuditTable + +## SYNOPSIS +Exports M365 security audit results to a CSV file or outputs a specific test result as an object. + +## SYNTAX + +### OutputObjectFromAuditResultsSingle +``` +Export-M365SecurityAuditTable [-AuditResults] [-OutputTestNumber] + [] +``` + +### ExportAllResultsFromAuditResults +``` +Export-M365SecurityAuditTable [-AuditResults] [-ExportAllTests] -ExportPath + [-ExportOriginalTests] [-ExportToExcel] [] +``` + +### OutputObjectFromCsvSingle +``` +Export-M365SecurityAuditTable [-CsvPath] [-OutputTestNumber] [] +``` + +### ExportAllResultsFromCsv +``` +Export-M365SecurityAuditTable [-CsvPath] [-ExportAllTests] -ExportPath [-ExportOriginalTests] + [-ExportToExcel] [] +``` + +## DESCRIPTION +This function exports M365 security audit results from either an array of CISAuditResult objects or a CSV file. +It can export all results to a specified path or output a specific test result as an object. + +## EXAMPLES + +### EXAMPLE 1 +``` +Export-M365SecurityAuditTable -AuditResults $object -OutputTestNumber 6.1.2 +``` + +# Output object for a single test number from audit results + +### EXAMPLE 2 +``` +Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" +``` + +# Export all results from audit results to the specified path + +### EXAMPLE 3 +``` +Export-M365SecurityAuditTable -CsvPath "C:\temp\auditresultstoday1.csv" -OutputTestNumber 6.1.2 +``` + +# Output object for a single test number from CSV + +### EXAMPLE 4 +``` +Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" +``` + +# Export all results from CSV to the specified path + +### EXAMPLE 5 +``` +Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportOriginalTests +``` + +# Export all results from audit results to the specified path along with the original tests + +### EXAMPLE 6 +``` +Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" -ExportOriginalTests +``` + +# Export all results from CSV to the specified path along with the original tests + +## PARAMETERS + +### -AuditResults +An array of CISAuditResult objects containing the audit results. + +```yaml +Type: CISAuditResult[] +Parameter Sets: OutputObjectFromAuditResultsSingle, ExportAllResultsFromAuditResults +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CsvPath +The path to a CSV file containing the audit results. + +```yaml +Type: String +Parameter Sets: OutputObjectFromCsvSingle, ExportAllResultsFromCsv +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExportAllTests +Switch to export all test results. + +```yaml +Type: SwitchParameter +Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv +Aliases: + +Required: True +Position: 1 +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExportOriginalTests +Switch to export the original audit results to a CSV file. + +```yaml +Type: SwitchParameter +Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExportPath +The path where the CSV files will be exported. + +```yaml +Type: String +Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExportToExcel +Switch to export the results to an Excel file. + +```yaml +Type: SwitchParameter +Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OutputTestNumber +The test number to output as an object. +Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". + +```yaml +Type: String +Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### [CISAuditResult[]], [string] +## OUTPUTS + +### [PSCustomObject] +## NOTES + +## RELATED LINKS + +[https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable) + diff --git a/help/Get-AdminRoleUserLicense.md b/help/Get-AdminRoleUserLicense.md new file mode 100644 index 0000000..0100860 --- /dev/null +++ b/help/Get-AdminRoleUserLicense.md @@ -0,0 +1,74 @@ +--- +external help file: M365FoundationsCISReport-help.xml +Module Name: M365FoundationsCISReport +online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense +schema: 2.0.0 +--- + +# Get-AdminRoleUserLicense + +## SYNOPSIS +Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API. + +## SYNTAX + +``` +Get-AdminRoleUserLicense [-SkipGraphConnection] [] +``` + +## DESCRIPTION +The Get-AdminRoleUserLicense function connects to Microsoft Graph and retrieves all users who are assigned administrative roles along with their user details and licenses. +This function is useful for auditing and compliance checks to ensure that administrators have appropriate licenses and role assignments. + +## EXAMPLES + +### EXAMPLE 1 +``` +Get-AdminRoleUserLicense +``` + +This example retrieves all administrative role users along with their licenses by connecting to Microsoft Graph using the default scopes. + +### EXAMPLE 2 +``` +Get-AdminRoleUserLicense -SkipGraphConnection +``` + +This example retrieves all administrative role users along with their licenses without attempting to connect to Microsoft Graph, assuming that the connection is already established. + +## PARAMETERS + +### -SkipGraphConnection +A switch parameter that, when set, skips the connection to Microsoft Graph if already established. +This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. You cannot pipe objects to Get-AdminRoleUserLicense. +## OUTPUTS + +### PSCustomObject +### Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses. +## NOTES +Creation Date: 2024-04-15 +Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing. + +## RELATED LINKS + +[https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense) + diff --git a/help/Get-MFAStatus.md b/help/Get-MFAStatus.md new file mode 100644 index 0000000..5e1750e --- /dev/null +++ b/help/Get-MFAStatus.md @@ -0,0 +1,95 @@ +--- +external help file: M365FoundationsCISReport-help.xml +Module Name: M365FoundationsCISReport +online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus +schema: 2.0.0 +--- + +# Get-MFAStatus + +## SYNOPSIS +Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users. + +## SYNTAX + +``` +Get-MFAStatus [[-UserId] ] [-SkipMSOLConnectionChecks] [] +``` + +## DESCRIPTION +The Get-MFAStatus function connects to Microsoft Online Service and retrieves the MFA status for all Azure Active Directory users, excluding guest accounts. +Optionally, you can specify a single user by their User Principal Name (UPN) to get their MFA status. + +## EXAMPLES + +### EXAMPLE 1 +``` +Get-MFAStatus +``` + +Retrieves the MFA status for all Azure Active Directory users. + +### EXAMPLE 2 +``` +Get-MFAStatus -UserId "example@domain.com" +``` + +Retrieves the MFA status for the specified user with the UPN "example@domain.com". + +## PARAMETERS + +### -UserId +The User Principal Name (UPN) of a specific user to retrieve MFA status for. +If not provided, the function retrieves MFA status for all users. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipMSOLConnectionChecks +{{ Fill SkipMSOLConnectionChecks Description }} + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object +### Returns a sorted list of custom objects containing the following properties: +### - UserPrincipalName +### - DisplayName +### - MFAState +### - MFADefaultMethod +### - MFAPhoneNumber +### - PrimarySMTP +### - Aliases +## NOTES +The function requires the MSOL module to be installed and connected to your tenant. +Ensure that you have the necessary permissions to read user and MFA status information. + +## RELATED LINKS + +[https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus) + diff --git a/help/Invoke-M365SecurityAudit.md b/help/Invoke-M365SecurityAudit.md new file mode 100644 index 0000000..06150e6 --- /dev/null +++ b/help/Invoke-M365SecurityAudit.md @@ -0,0 +1,421 @@ +--- +external help file: M365FoundationsCISReport-help.xml +Module Name: M365FoundationsCISReport +online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit +schema: 2.0.0 +--- + +# Invoke-M365SecurityAudit + +## SYNOPSIS +Invokes a security audit for Microsoft 365 environments. + +## SYNTAX + +### Default (Default) +``` +Invoke-M365SecurityAudit [-TenantAdminUrl ] [-M365DomainForPWPolicyTest ] [-DoNotConnect] + [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [] +``` + +### ELevelFilter +``` +Invoke-M365SecurityAudit [-TenantAdminUrl ] [-M365DomainForPWPolicyTest ] -ELevel + -ProfileLevel [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] + [-WhatIf] [-Confirm] [] +``` + +### IG1Filter +``` +Invoke-M365SecurityAudit [-TenantAdminUrl ] [-M365DomainForPWPolicyTest ] [-IncludeIG1] + [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] + [] +``` + +### IG2Filter +``` +Invoke-M365SecurityAudit [-TenantAdminUrl ] [-M365DomainForPWPolicyTest ] [-IncludeIG2] + [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] + [] +``` + +### IG3Filter +``` +Invoke-M365SecurityAudit [-TenantAdminUrl ] [-M365DomainForPWPolicyTest ] [-IncludeIG3] + [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] + [] +``` + +### RecFilter +``` +Invoke-M365SecurityAudit [-TenantAdminUrl ] [-M365DomainForPWPolicyTest ] + -IncludeRecommendation [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] + [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [] +``` + +### SkipRecFilter +``` +Invoke-M365SecurityAudit [-TenantAdminUrl ] [-M365DomainForPWPolicyTest ] + -SkipRecommendation [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters. +It allows auditing of various configurations and settings within a Microsoft 365 environment, such as compliance with CIS benchmarks. + +## EXAMPLES + +### EXAMPLE 1 +``` +Invoke-M365SecurityAudit +``` + +Performs a security audit using default parameters. +Output: +Status : Fail +ELevel : E3 +ProfileLevel: L1 +Connection : Microsoft Graph +Rec : 1.1.1 +Result : False +Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 +FailureReason: Non-Compliant Accounts: 2 + +### EXAMPLE 2 +``` +Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -ELevel "E5" -ProfileLevel "L1" +``` + +Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment. +Output: +Status : Fail +ELevel : E5 +ProfileLevel: L1 +Connection : Microsoft Graph +Rec : 1.1.1 +Result : False +Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 +FailureReason: Non-Compliant Accounts: 2 + +### EXAMPLE 3 +``` +Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -IncludeIG1 +``` + +Performs an audit including all tests where IG1 is true. +Output: +Status : Fail +ELevel : E3 +ProfileLevel: L1 +Connection : Microsoft Graph +Rec : 1.1.1 +Result : False +Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 +FailureReason: Non-Compliant Accounts: 2 + +### EXAMPLE 4 +``` +Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -SkipRecommendation '1.1.3', '2.1.1' +``` + +Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1. +Output: +Status : Fail +ELevel : E3 +ProfileLevel: L1 +Connection : Microsoft Graph +Rec : 1.1.1 +Result : False +Details : Non-compliant accounts: + Username | Roles | HybridStatus | Missing Licence + user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM + user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 +FailureReason: Non-Compliant Accounts: 2 + +### EXAMPLE 5 +``` +$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" +``` + +PS\> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation + +Captures the audit results into a variable and exports them to a CSV file. +Output: +CISAuditResult\[\] +auditResults.csv + +### EXAMPLE 6 +``` +Invoke-M365SecurityAudit -WhatIf +``` + +Displays what would happen if the cmdlet is run without actually performing the audit. +Output: +What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment". + +## PARAMETERS + +### -TenantAdminUrl +The URL of the tenant admin. +If not specified, none of the SharePoint Online tests will run. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -M365DomainForPWPolicyTest +The domain name of the Microsoft 365 environment to test. +This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ELevel +Specifies the E-Level (E3 or E5) for the audit. +This parameter is optional and can be combined with the ProfileLevel parameter. + +```yaml +Type: String +Parameter Sets: ELevelFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ProfileLevel +Specifies the profile level (L1 or L2) for the audit. +This parameter is optional and can be combined with the ELevel parameter. + +```yaml +Type: String +Parameter Sets: ELevelFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeIG1 +If specified, includes tests where IG1 is true. + +```yaml +Type: SwitchParameter +Parameter Sets: IG1Filter +Aliases: + +Required: True +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeIG2 +If specified, includes tests where IG2 is true. + +```yaml +Type: SwitchParameter +Parameter Sets: IG2Filter +Aliases: + +Required: True +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeIG3 +If specified, includes tests where IG3 is true. + +```yaml +Type: SwitchParameter +Parameter Sets: IG3Filter +Aliases: + +Required: True +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeRecommendation +Specifies specific recommendations to include in the audit. +Accepts an array of recommendation numbers. + +```yaml +Type: String[] +Parameter Sets: RecFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SkipRecommendation +Specifies specific recommendations to exclude from the audit. +Accepts an array of recommendation numbers. + +```yaml +Type: String[] +Parameter Sets: SkipRecFilter +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DoNotConnect +If specified, the cmdlet will not establish a connection to Microsoft 365 services. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DoNotDisconnect +If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NoModuleCheck +If specified, the cmdlet will not check for the presence of required modules. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DoNotConfirmConnections +If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None. You cannot pipe objects to Invoke-M365SecurityAudit. +## OUTPUTS + +### CISAuditResult[] +### The cmdlet returns an array of CISAuditResult objects representing the results of the security audit. +## NOTES +- This module is based on CIS benchmarks. +- Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. +- Commercial use is not permitted. This module cannot be sold or used for commercial purposes. +- Modifications and sharing are allowed under the same license. +- For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en +- Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks + +## RELATED LINKS + +[https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit) + diff --git a/help/M365FoundationsCISReport.md b/help/M365FoundationsCISReport.md new file mode 100644 index 0000000..27043e8 --- /dev/null +++ b/help/M365FoundationsCISReport.md @@ -0,0 +1,28 @@ +--- +Module Name: M365FoundationsCISReport +Module Guid: 0d064bfb-d1ce-484b-a173-993b55984dc9 +Download Help Link: {{Please enter Link manually}} +Help Version: 1.0.0.0 +Locale: en-US +--- + +# M365FoundationsCISReport Module +## Description +The `M365FoundationsCISReport` module provides a set of cmdlets to audit and report on the security compliance of Microsoft 365 environments based on CIS (Center for Internet Security) benchmarks. It enables administrators to generate detailed reports, sync data with CIS Excel sheets, and perform security audits to ensure compliance. + +## M365FoundationsCISReport Cmdlets +### [Get-AdminRoleUserLicense](Get-AdminRoleUserLicense.md) +Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API. + +### [Get-MFAStatus](Get-MFAStatus.md) +Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users. + +### [Invoke-M365SecurityAudit](Invoke-M365SecurityAudit.md) +Invokes a security audit for Microsoft 365 environments. + +### [Remove-RowsWithEmptyCSVStatus](Remove-RowsWithEmptyCSVStatus.md) +Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file. + +### [Sync-CISExcelAndCsvData](Sync-CISExcelAndCsvData.md) +Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates. + diff --git a/help/Remove-RowsWithEmptyCSVStatus.md b/help/Remove-RowsWithEmptyCSVStatus.md new file mode 100644 index 0000000..368981c --- /dev/null +++ b/help/Remove-RowsWithEmptyCSVStatus.md @@ -0,0 +1,74 @@ +--- +external help file: M365FoundationsCISReport-help.xml +Module Name: M365FoundationsCISReport +online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit +schema: 2.0.0 +--- + +# Remove-RowsWithEmptyCSVStatus + +## SYNOPSIS +Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file. + +## SYNTAX + +``` +Remove-RowsWithEmptyCSVStatus [-FilePath] [-WorksheetName] [] +``` + +## DESCRIPTION +The Remove-RowsWithEmptyCSVStatus function imports data from a specified worksheet in an Excel file, checks for the presence of the 'CSV_Status' column, and filters out rows where the 'CSV_Status' column is empty. +The filtered data is then exported to a new Excel file with a '-Filtered' suffix added to the original file name. + +## EXAMPLES + +### EXAMPLE 1 +``` +Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1" +``` + +This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, removes rows where the 'CSV_Status' column is empty, and saves the filtered data to a new file named "Report-Filtered.xlsx" in the same directory. + +## PARAMETERS + +### -FilePath +The path to the Excel file to be processed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorksheetName +The name of the worksheet within the Excel file to be processed. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES +This function requires the ImportExcel module to be installed. + +## RELATED LINKS diff --git a/help/Sync-CISExcelAndCsvData.md b/help/Sync-CISExcelAndCsvData.md new file mode 100644 index 0000000..96a2155 --- /dev/null +++ b/help/Sync-CISExcelAndCsvData.md @@ -0,0 +1,103 @@ +--- +external help file: M365FoundationsCISReport-help.xml +Module Name: M365FoundationsCISReport +online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData +schema: 2.0.0 +--- + +# Sync-CISExcelAndCsvData + +## SYNOPSIS +Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates. + +## SYNTAX + +``` +Sync-CISExcelAndCsvData [[-ExcelPath] ] [[-CsvPath] ] [[-SheetName] ] + [] +``` + +## DESCRIPTION +The Sync-CISExcelAndCsvData function merges and updates data in a specified Excel worksheet from a CSV file. +This includes adding or updating fields for connection status, details, failure reasons, and the date of the update. +It's designed to ensure that the Excel document maintains a running log of changes over time, ideal for tracking remediation status and audit history. + +## EXAMPLES + +### EXAMPLE 1 +``` +Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "AuditData" +``` + +Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', adding new information and the date of the update. + +## PARAMETERS + +### -ExcelPath +Specifies the path to the Excel file to be updated. +This parameter is mandatory. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CsvPath +Specifies the path to the CSV file containing new data. +This parameter is mandatory. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SheetName +Specifies the name of the worksheet in the Excel file where data will be merged and updated. +This parameter is mandatory. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String +### The function accepts strings for file paths and worksheet names. +## OUTPUTS + +### None +### The function directly updates the Excel file and does not output any objects. +## NOTES +- Ensure that the 'ImportExcel' module is installed and up to date to handle Excel file manipulations. +- It is recommended to back up the Excel file before running this function to avoid accidental data loss. +- The CSV file should have columns that match expected headers like 'Connection', 'Details', 'FailureReason', and 'Status' for correct data mapping. + +## RELATED LINKS + +[https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData) + diff --git a/help/about_M365FoundationsCISReport.md b/help/about_M365FoundationsCISReport.md new file mode 100644 index 0000000..9cd1fed --- /dev/null +++ b/help/about_M365FoundationsCISReport.md @@ -0,0 +1,56 @@ +# M365FoundationsCISReport +## about_M365FoundationsCISReport + +# SHORT DESCRIPTION +The `M365FoundationsCISReport` module provides cmdlets for auditing and reporting on the security compliance of Microsoft 365 environments based on CIS benchmarks. + +# LONG DESCRIPTION +The `M365FoundationsCISReport` module is designed to help administrators ensure that their Microsoft 365 environments adhere to the security best practices outlined by the Center for Internet Security (CIS). The module includes cmdlets for performing comprehensive security audits, generating detailed reports, and synchronizing audit results with CIS benchmark Excel sheets. It aims to streamline the process of maintaining security compliance and improving the overall security posture of Microsoft 365 environments. + +## Optional Subtopics +### Auditing and Reporting +The module provides cmdlets that allow for the auditing of various security aspects of Microsoft 365 environments, including user MFA status, administrative role licenses, and more. The results can be exported and analyzed to ensure compliance with CIS benchmarks. + +### Data Synchronization +The module includes functionality to synchronize audit results with CIS benchmark data stored in Excel sheets. This ensures that the documentation is always up-to-date with the latest audit findings. + +# EXAMPLES +```powershell +# Example 1: Exporting a security audit table to a CSV file +Export-M365SecurityAuditTable -OutputPath "C:\AuditReports\SecurityAudit.csv" + +# Example 2: Retrieving licenses for users in administrative roles +Get-AdminRoleUserLicense -RoleName "Global Administrator" + +# Example 3: Getting MFA status of users +Get-MFAStatus -UserPrincipalName "user@domain.com" + +# Example 4: Performing a security audit based on CIS benchmarks +Invoke-M365SecurityAudit -OutputPath "C:\AuditReports\AuditResults.xlsx" + +# Example 5: Removing rows with empty status values from a CSV file +Remove-RowsWithEmptyCSVStatus -InputPath "C:\AuditReports\AuditResults.csv" -OutputPath "C:\AuditReports\CleanedResults.csv" + +# Example 6: Synchronizing CIS benchmark data with audit results +Sync-CISExcelAndCsvData -ExcelPath "C:\CISBenchmarks\CISBenchmark.xlsx" -CsvPath "C:\AuditReports\AuditResults.csv" +``` + +# NOTE +Ensure that you have the necessary permissions and administrative roles in your Microsoft 365 environment to run these cmdlets. Proper configuration and setup are required for accurate audit results. + +# TROUBLESHOOTING NOTE +If you encounter any issues while using the cmdlets, ensure that your environment meets the module prerequisites. Check for any updates or patches that may address known bugs. For issues related to specific cmdlets, refer to the individual help files for troubleshooting tips. + +# SEE ALSO +- [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/) +- [Microsoft 365 Security Documentation](https://docs.microsoft.com/en-us/microsoft-365/security/) +- [PowerShell Documentation](https://docs.microsoft.com/en-us/powershell/) + +# KEYWORDS +- Microsoft 365 +- Security Audit +- CIS Benchmarks +- Compliance +- MFA +- User Licenses +- Security Reporting diff --git a/helpers/Build-Help.ps1 b/helpers/Build-Help.ps1 index a0904d4..c0d4383 100644 --- a/helpers/Build-Help.ps1 +++ b/helpers/Build-Help.ps1 @@ -4,7 +4,7 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1 <# - $ver = "v0.1.12" + $ver = "v0.1.14" git checkout main git pull origin main git tag -a $ver -m "Release version $ver refactor Update" @@ -13,3 +13,30 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1 git push origin $ver # git tag -d $ver #> + +$OutputFolder = ".\help" +$parameters = @{ + Module = "M365FoundationsCISReport" + OutputFolder = $OutputFolder + AlphabeticParamsOrder = $true + WithModulePage = $true + ExcludeDontShow = $true + Encoding = [System.Text.Encoding]::UTF8 +} +New-MarkdownHelp @parameters +New-MarkdownAboutHelp -OutputFolder $OutputFolder -AboutName "M365FoundationsCISReport" + + +#### +$parameters = @{ + Path = ".\help" + RefreshModulePage = $true + AlphabeticParamsOrder = $true + UpdateInputOutput = $true + ExcludeDontShow = $true + LogPath = ".\log.txt" + Encoding = [System.Text.Encoding]::UTF8 +} +Update-MarkdownHelpModule @parameters +Update-MarkdownHelpModule -Path ".\help" -RefreshModulePage +New-ExternalHelp -Path ".\help" -OutputPath ".\source\en-US" -force \ No newline at end of file