vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: App Authentication test

Browse Source
This commit is contained in:
DrIOS
2024-08-03 18:52:46 -05:00
parent 45eb961554
commit d7d16ff0b5
14 changed files with 1035 additions and 1035 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
source/Public/Invoke-M365SecurityAudit.ps1
View File

@@ -37,6 +37,8 @@
If specified, the cmdlet will not check for the presence of required modules.
.PARAMETER DoNotConfirmConnections
If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
.PARAMETER AuthParams
Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services.
.EXAMPLE
PS> Invoke-M365SecurityAudit
@@ -203,13 +205,18 @@ function Invoke-M365SecurityAudit {
[Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not check for the presence of required modules.")]
[switch]$NoModuleCheck,
[Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.")]
[switch]$DoNotConfirmConnections
[switch]$DoNotConfirmConnections,
[Parameter(Mandatory = $false, HelpMessage = "Specifies an authentication object containing parameters for application-based authentication.")]
[CISAuthenticationParameters]$AuthParams
)
Begin {
if ($script:MaximumFunctionCount -lt 8192) {
Write-Verbose "Setting the `$script:MaximumFunctionCount to 8192 for the test run."
$script:MaximumFunctionCount = 8192
}
if ($AuthParams) {
$script:PnpAuth = $true
}
# Ensure required modules are installed
$requiredModules = Get-RequiredModule -AuditFunction
# Format the required modules list
@@ -267,7 +274,7 @@ function Invoke-M365SecurityAudit {
$actualUniqueConnections = Get-UniqueConnection -Connections $requiredConnections
if (!($DoNotConnect) -and $PSCmdlet.ShouldProcess("Establish connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')", "Connect")) {
Write-Information "Establishing connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')"
Connect-M365Suite -TenantAdminUrl $TenantAdminUrl -RequiredConnections $requiredConnections -SkipConfirmation:$DoNotConfirmConnections
Connect-M365Suite -TenantAdminUrl $TenantAdminUrl -RequiredConnections $requiredConnections -SkipConfirmation:$DoNotConfirmConnections -AuthParams $AuthParams
}
}
catch {
@@ -331,4 +338,4 @@ function Invoke-M365SecurityAudit {
End {
}
}
}

61
source/Public/New-CISAuthenticationParameters.ps1 Normal file
View File

@@ -0,0 +1,61 @@
<#
.SYNOPSIS
Creates a new CISAuthenticationParameters object for Microsoft 365 authentication.
.DESCRIPTION
The New-CISAuthenticationParameters function constructs a new CISAuthenticationParameters object
containing the necessary credentials and URLs for authenticating to various Microsoft 365 services.
It validates input parameters to ensure they conform to expected formats and length requirements.
.PARAMETER ClientCertThumbPrint
The thumbprint of the client certificate used for authentication. It must be a 40-character hexadecimal string.
This certificate is used to authenticate the application in Azure AD.
.PARAMETER ClientId
The Client ID (Application ID) of the Azure AD application. It must be a valid GUID format.
.PARAMETER TenantId
The Tenant ID of the Azure AD directory. It must be a valid GUID format representing your Microsoft 365 tenant.
.PARAMETER OnMicrosoftUrl
The URL of your onmicrosoft.com domain. It should be in the format 'example.onmicrosoft.com'.
.PARAMETER SpAdminUrl
The SharePoint admin URL, which should end with '-admin.sharepoint.com'. This URL is used for connecting to SharePoint Online.
.INPUTS
None. You cannot pipe objects to this function.
.OUTPUTS
CISAuthenticationParameters
The function returns an instance of the CISAuthenticationParameters class containing the authentication details.
.EXAMPLE
PS> $authParams = New-CISAuthenticationParameters -ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" `
-ClientId "6aa0efb0-31c8-4215-9071-662ba6b2443c" `
-TenantId "54407279-440c-4691-90af-ed56de3ef801" `
-OnMicrosoftUrl "yourcompany.onmicrosoft.com" `
-SpAdminUrl "https://yourcompany-admin.sharepoint.com"
Creates a new CISAuthenticationParameters object with the specified credentials and URLs, validating each parameter's format and length.
#>
function New-CISAuthenticationParameters {
[CmdletBinding()]
[OutputType([CISAuthenticationParameters])]
param(
[Parameter(Mandatory = $true, HelpMessage = "The 40-character hexadecimal thumbprint of the client certificate.")]
[ValidatePattern("^[0-9a-fA-F]{40}$")] # Regex for a valid thumbprint format
[ValidateLength(40, 40)] # Enforce exact length
[string]$ClientCertThumbPrint,
[Parameter(Mandatory = $true, HelpMessage = "The Client ID (GUID format) of the Azure AD application.")]
[ValidatePattern("^[0-9a-fA-F\-]{36}$")] # Regex for a valid GUID
[string]$ClientId,
[Parameter(Mandatory = $true, HelpMessage = "The Tenant ID (GUID format) of the Azure AD directory.")]
[ValidatePattern("^[0-9a-fA-F\-]{36}$")] # Regex for a valid GUID
[string]$TenantId,
[Parameter(Mandatory = $true, HelpMessage = "The onmicrosoft.com domain URL (e.g., 'example.onmicrosoft.com').")]
[ValidatePattern("^[a-zA-Z0-9]+\.onmicrosoft\.com$")] # Regex for a valid onmicrosoft.com URL
[string]$OnMicrosoftUrl,
[Parameter(Mandatory = $true, HelpMessage = "The SharePoint admin URL ending with '-admin.sharepoint.com'.")]
[ValidatePattern("^https:\/\/[a-zA-Z0-9\-]+\-admin\.sharepoint\.com$")] # Regex for a valid SharePoint admin URL
[string]$SpAdminUrl
)
# Create and return the authentication parameters object
return [CISAuthenticationParameters]::new(
$ClientCertThumbPrint,
$ClientId,
$TenantId,
$OnMicrosoftUrl,
$SpAdminUrl
)
}