vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Update Help

Browse Source
This commit is contained in:
DrIOS
2025-04-21 11:27:41 -05:00
parent 118bb6f227
commit e2ab71f1a8
10 changed files with 521 additions and 386 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README copy.md
View File

@@ -26,7 +26,7 @@ For full license details, please visit [Creative Commons Attribution-NonCommerci
The `M365FoundationsCISReport` module relies on several other PowerShell modules to perform its operations. The default run ensures these modules are installed with the specified versions. Use -NoModuleCheck to skip this step if you have installed the required modules previously and would like to suppress any output for automated runs.
### Required Modules for Audit Functions
### Minimum Required Modules for Audit Functions
Default modules used for audit functions:
@@ -58,7 +58,7 @@ $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -NoModuleCheck -NoModuleCheck -DoNotConfirmConnections -Confirm:$false
# Example 2: Exporting a security audit and it's nested tables to zipped CSV files
Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportNestedTables
Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp"
# Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
# Example 3: Retrieving licenses for users in administrative roles

79
README.md
View File

@@ -26,7 +26,7 @@ For full license details, please visit [Creative Commons Attribution-NonCommerci
The `M365FoundationsCISReport` module relies on several other PowerShell modules to perform its operations. The default run ensures these modules are installed with the specified versions. Use -NoModuleCheck to skip this step if you have installed the required modules previously and would like to suppress any output for automated runs.
### Required Modules for Audit Functions
### Minimum Required Modules for Audit Functions
Default modules used for audit functions:
@@ -58,7 +58,7 @@ $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -NoModuleCheck -NoModuleCheck -DoNotConfirmConnections -Confirm:$false
# Example 2: Exporting a security audit and it's nested tables to zipped CSV files
Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportNestedTables
Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp"
# Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
# Example 3: Retrieving licenses for users in administrative roles
@@ -97,19 +97,19 @@ If you encounter any issues while using the cmdlets, ensure that your environmen
- [Microsoft 365 Security Documentation](https://docs.microsoft.com/en-us/microsoft-365/security/)
- [PowerShell Documentation](https://docs.microsoft.com/en-us/powershell/)
# M365FoundationsCISReport Module
## Export-M365SecurityAuditTable
### Synopsis
Exports Microsoft 365 security audit results to CSV or Excel files and supports outputting specific test results as objects.
### Syntax
```powershell
Export-M365SecurityAuditTable [-AuditResults] <CISAuditResult[]> [-OutputTestNumber] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Export-M365SecurityAuditTable -AuditResults <PSObject[]> -ExportPath <String> [-ExportToExcel] [-Prefix <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Export-M365SecurityAuditTable [-AuditResults] <CISAuditResult[]> [[-ExportNestedTables]] -ExportPath <String> [-ExportOriginalTests] [-ExportToExcel] [-Prefix <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Export-M365SecurityAuditTable -AuditResults <PSObject[]> -OutputTestNumber <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Export-M365SecurityAuditTable [-CsvPath] <String> [-OutputTestNumber] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Export-M365SecurityAuditTable [-CsvPath] <String> [[-ExportNestedTables]] -ExportPath <String> [-ExportOriginalTests] [-ExportToExcel] [-Prefix <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Export-M365SecurityAuditTable -AuditResults <PSObject[]> -ExportPath <String> [-ExportToExcel] [-Prefix <String>] -OnlyExportNestedTables [-WhatIf] [-Confirm] [<CommonParameters>]
@@ -119,20 +119,18 @@ Export-M365SecurityAuditTable [-CsvPath] <String> [[-ExportNestedTables]] -Expor
| Name | Alias | Description | Required? | Pipeline Input | Default Value |
| - | - | - | - | - | - |
| <nobr>AuditResults</nobr> | | An array of CISAuditResult objects containing the audit results. This parameter is mandatory when exporting from audit results. | true | false | |
| <nobr>CsvPath</nobr> | | The path to a CSV file containing the audit results. This parameter is mandatory when exporting from a CSV file. | true | false | |
| <nobr>OutputTestNumber</nobr> | | The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". This parameter is used to output a specific test result. | true | false | |
| <nobr>ExportNestedTables</nobr> | | Switch to export all test results. When specified, all test results are exported to the specified path. | false | false | False |
| <nobr>ExportPath</nobr> | | The path where the CSV or Excel files will be exported. This parameter is mandatory when exporting all tests. | true | false | |
| <nobr>ExportOriginalTests</nobr> | | Switch to export the original audit results to a CSV file. When specified, the original test results are exported along with the processed results. | false | false | False |
| <nobr>ExportToExcel</nobr> | | Switch to export the results to an Excel file. When specified, results are exported in Excel format. | false | false | False |
| <nobr>Prefix</nobr> | | Add Prefix to filename after date when outputting to excel or csv. Validate that the count of letters in the prefix is less than 5. | false | false | Corp |
| <nobr>Prefix</nobr> | | | false | false | Corp |
| <nobr>OnlyExportNestedTables</nobr> | | ─────────────────────────────────────────────────────────────────────────── 2\) OnlyExportNestedTables: nested tables only into ZIP -AuditResults, -ExportPath, -OnlyExportNestedTables ─────────────────────────────────────────────────────────────────────────── | true | false | False |
| <nobr>OutputTestNumber</nobr> | | The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". This parameter is used to output a specific test result. | true | false | |
| <nobr>WhatIf</nobr> | wi | | false | false | |
| <nobr>Confirm</nobr> | cf | | false | false | |
### Inputs
- \[CISAuditResult\[\\]\\] - An array of CISAuditResult objects. \[string\\] - A path to a CSV file.
- \[CISAuditResult\[\]\] - An array of CISAuditResult objects. \[string\] - A path to a CSV file.
### Outputs
- \[PSCustomObject\\] - A custom object containing the path to the zip file and its hash.
- \[PSCustomObject\] - A custom object containing the path to the zip file and its hash.
### Examples
**EXAMPLE 1**
@@ -228,9 +226,18 @@ This example retrieves all administrative role users along with their licenses w
### Links
- [https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense)
## Get-M365SecurityAuditRecNumberList
### Syntax
```powershell
Get-M365SecurityAuditRecNumberList [[-Version] <string>]
```
### Parameters
| Name | Alias | Description | Required? | Pipeline Input | Default Value |
| - | - | - | - | - | - |
| <nobr>Version</nobr> | None | | false | false | |
## Get-MFAStatus
### Synopsis
Retrieves the MFA \(Multi-Factor Authentication\) status for Azure Active Directory users.
Retrieves the MFA \\(Multi-Factor Authentication\) status for Azure Active Directory users.
### Syntax
```powershell
@@ -243,7 +250,7 @@ Get-MFAStatus [[-UserId] <String>] [-SkipMSOLConnectionChecks] [<CommonParameter
### Parameters
| Name | Alias | Description | Required? | Pipeline Input | Default Value |
| - | - | - | - | - | - |
| <nobr>UserId</nobr> | | The User Principal Name \(UPN\) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. | false | false | |
| <nobr>UserId</nobr> | | The User Principal Name \\(UPN\) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. | false | false | |
| <nobr>SkipMSOLConnectionChecks</nobr> | | | false | false | False |
### Outputs
- System.Object Returns a sorted list of custom objects containing the following properties: - UserPrincipalName - DisplayName - MFAState - MFADefaultMethod - MFAPhoneNumber - PrimarySMTP - Aliases
@@ -284,7 +291,7 @@ Grant-M365SecurityAuditConsent [-UserPrincipalNameForConsent] <String> [-SkipGra
### Parameters
| Name | Alias | Description | Required? | Pipeline Input | Default Value |
| - | - | - | - | - | - |
| <nobr>UserPrincipalNameForConsent</nobr> | | The UPN or ID of the user to grant consent for. | true | true \(ByValue, ByPropertyName\) | |
| <nobr>UserPrincipalNameForConsent</nobr> | | The UPN or ID of the user to grant consent for. | true | true \\(ByValue, ByPropertyName\) | |
| <nobr>SkipGraphConnection</nobr> | | If specified, skips connecting to Microsoft Graph. | false | false | False |
| <nobr>SkipModuleCheck</nobr> | | If specified, skips the check for the Microsoft.Graph module. | false | false | False |
| <nobr>SuppressRevertOutput</nobr> | | If specified, suppresses the output of the revert commands. | false | false | False |
@@ -319,19 +326,19 @@ Invokes a security audit for Microsoft 365 environments.
### Syntax
```powershell
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -ELevel <String> -ProfileLevel <String> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -ELevel <String> -ProfileLevel <String> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeIG1 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeIG1 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeIG2 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeIG2 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeIG3 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeIG3 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeRecommendation <String[]> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeRecommendation <String[]> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -SkipRecommendation <String[]> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -SkipRecommendation <String[]> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
@@ -342,27 +349,28 @@ Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -Skip
| - | - | - | - | - | - |
| <nobr>TenantAdminUrl</nobr> | | The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. | false | false | |
| <nobr>DomainName</nobr> | | The domain name of the Microsoft 365 environment to test. It is optional and will trigger various tests to run only for the specified domain. Tests Affected: 2.1.9/Test-EnableDKIM, 1.3.1/Test-PasswordNeverExpirePolicy, 2.1.4/Test-SafeAttachmentsPolicy | false | false | |
| <nobr>ELevel</nobr> | | Specifies the E-Level \(E3 or E5\) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. | true | false | |
| <nobr>ProfileLevel</nobr> | | Specifies the profile level \(L1 or L2\) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise it is not required. | true | false | |
| <nobr>ELevel</nobr> | | Specifies the E-Level \\(E3 or E5\) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. | true | false | |
| <nobr>ProfileLevel</nobr> | | Specifies the profile level \\(L1 or L2\) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise, it is not required. | true | false | |
| <nobr>IncludeIG1</nobr> | | If specified, includes tests where IG1 is true. | true | false | False |
| <nobr>IncludeIG2</nobr> | | If specified, includes tests where IG2 is true. | true | false | False |
| <nobr>IncludeIG3</nobr> | | If specified, includes tests where IG3 is true. | true | false | False |
| <nobr>IncludeRecommendation</nobr> | | Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers. | true | false | |
| <nobr>SkipRecommendation</nobr> | | Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. | true | false | |
| <nobr>ApprovedCloudStorageProviders</nobr> | | Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names for test 8.1.1/Test-TeamsExternalFileSharing. Acceptable values: 'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte' | false | false | @\(\) |
| <nobr>ApprovedCloudStorageProviders</nobr> | | Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names for test 8.1.1/Test-TeamsExternalFileSharing. Acceptable values: 'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte' | false | false | @\\(\) |
| <nobr>ApprovedFederatedDomains</nobr> | | Specifies the approved federated domains for the audit test 8.2.1/Test-TeamsExternalAccess. Accepts an array of allowed domain names. Additional Tests may include this parameter in the future. | false | false | |
| <nobr>DoNotConnect</nobr> | | If specified, the cmdlet will not establish a connection to Microsoft 365 services. | false | false | False |
| <nobr>DoNotDisconnect</nobr> | | If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. | false | false | False |
| <nobr>NoModuleCheck</nobr> | | If specified, the cmdlet will not check for the presence of required modules. | false | false | False |
| <nobr>DoNotConfirmConnections</nobr> | | If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. | false | false | False |
| <nobr>AuthParams</nobr> | | Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services. | false | false | |
| <nobr>Version</nobr> | | Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0". | false | false | 4.0.0 |
| <nobr>WhatIf</nobr> | wi | | false | false | |
| <nobr>Confirm</nobr> | cf | | false | false | |
### Inputs
- None. You cannot pipe objects to Invoke-M365SecurityAudit.
### Outputs
- CISAuditResult\[\\] The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
- CISAuditResult\[\] The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
### Note
- This module is based on CIS benchmarks. - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. - Commercial use is not permitted. This module cannot be sold or used for commercial purposes. - Modifications and sharing are allowed under the same license. - For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en - Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks
@@ -398,12 +406,19 @@ Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
**EXAMPLE 5**
```powershell
Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -Version "3.0.0"
# Performs a security audit using the CIS benchmark definitions version 3.0.0.
```
**EXAMPLE 6**
```powershell
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com"
PS> Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests
```
**EXAMPLE 6**
**EXAMPLE 7**
```powershell
# (PowerShell 7.x Only) Creating a new authentication object for the security audit for app-based authentication.
PS> $authParams = New-M365SecurityAuditAuthObject `
@@ -422,7 +437,7 @@ auditResults.csv
```
**EXAMPLE 7**
**EXAMPLE 8**
```powershell
Invoke-M365SecurityAudit -WhatIf
Displays what would happen if the cmdlet is run without actually performing the audit.
@@ -450,7 +465,7 @@ New-M365SecurityAuditAuthObject [-ClientCertThumbPrint] <String> [-ClientId] <St
| Name | Alias | Description | Required? | Pipeline Input | Default Value |
| - | - | - | - | - | - |
| <nobr>ClientCertThumbPrint</nobr> | | The thumbprint of the client certificate used for authentication. It must be a 40-character hexadecimal string. This certificate is used to authenticate the application in Azure AD. | true | false | |
| <nobr>ClientId</nobr> | | The Client ID \(Application ID\) of the Azure AD application. It must be a valid GUID format. | true | false | |
| <nobr>ClientId</nobr> | | The Client ID \\(Application ID\) of the Azure AD application. It must be a valid GUID format. | true | false | |
| <nobr>TenantId</nobr> | | The Tenant ID of the Azure AD directory. It must be a valid GUID format representing your Microsoft 365 tenant. | true | false | |
| <nobr>OnMicrosoftUrl</nobr> | | The URL of your onmicrosoft.com domain. It should be in the format 'example.onmicrosoft.com'. | true | false | |
| <nobr>SpAdminUrl</nobr> | | The SharePoint admin URL, which should end with '-admin.sharepoint.com'. This URL is used for connecting to SharePoint Online. | true | false | |
@@ -461,7 +476,7 @@ New-M365SecurityAuditAuthObject [-ClientCertThumbPrint] <String> [-ClientId] <St
- CISAuthenticationParameters The function returns an instance of the CISAuthenticationParameters class containing the authentication details.
### Note
Requires PowerShell 7.0 or later.
Requires PowerShell 7.0 or later. https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps
### Examples
**EXAMPLE 1**

128
docs/index.html
View File

@@ -2,7 +2,7 @@
<!--
<auto-generated>
<synopsis>
This code was generated by a tool. on: 08/04/2024 15:16:23
This code was generated by a tool. on: 04/21/2025 11:26:56
</synopsis>
<description>
If you'd like to regenerate the documentation, please open up powershell and run
@@ -99,6 +99,7 @@
<ul class="nav navbar-nav list-group" id="searchList">
<li class="nav-menu list-group-item"><a href="#Export-M365SecurityAuditTable">Export-M365SecurityAuditTable</a></li>
<li class="nav-menu list-group-item"><a href="#Get-AdminRoleUserLicense">Get-AdminRoleUserLicense</a></li>
<li class="nav-menu list-group-item"><a href="#Get-M365SecurityAuditRecNumberList">Get-M365SecurityAuditRecNumberList</a></li>
<li class="nav-menu list-group-item"><a href="#Get-MFAStatus">Get-MFAStatus</a></li>
<li class="nav-menu list-group-item"><a href="#Grant-M365SecurityAuditConsent">Grant-M365SecurityAuditConsent</a></li>
<li class="nav-menu list-group-item"><a href="#Invoke-M365SecurityAudit">Invoke-M365SecurityAudit</a></li>
@@ -122,13 +123,11 @@
</div>
<div class="panel panel-default">
<div class='panel-body'>
<pre class="brush: ps">Export-M365SecurityAuditTable [-AuditResults] &lt;CISAuditResult[]&gt; [-OutputTestNumber] &lt;String&gt; [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
<pre class="brush: ps">Export-M365SecurityAuditTable -AuditResults &lt;PSObject[]&gt; -ExportPath &lt;String&gt; [-ExportToExcel] [-Prefix &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Export-M365SecurityAuditTable [-AuditResults] &lt;CISAuditResult[]&gt; [[-ExportNestedTables]] -ExportPath &lt;String&gt; [-ExportOriginalTests] [-ExportToExcel] [-Prefix &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Export-M365SecurityAuditTable -AuditResults &lt;PSObject[]&gt; -OutputTestNumber &lt;String&gt; [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [-OutputTestNumber] &lt;String&gt; [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]] -ExportPath &lt;String&gt; [-ExportOriginalTests] [-ExportToExcel] [-Prefix &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
Export-M365SecurityAuditTable -AuditResults &lt;PSObject[]&gt; -ExportPath &lt;String&gt; [-ExportToExcel] [-Prefix &lt;String&gt;] -OnlyExportNestedTables [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
</div>
</div>
<div>
@@ -153,30 +152,6 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-CsvPath</nobr></td>
<td class="visible-lg visible-md"></td>
<td>The path to a CSV file containing the audit results. This parameter is mandatory when exporting from a CSV file.</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-OutputTestNumber</nobr></td>
<td class="visible-lg visible-md"></td>
<td>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". This parameter is used to output a specific test result.</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-ExportNestedTables</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Switch to export all test results. When specified, all test results are exported to the specified path.</td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg">False</td>
</tr>
<tr>
<td><nobr>-ExportPath</nobr></td>
<td class="visible-lg visible-md"></td>
@@ -185,14 +160,6 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-ExportOriginalTests</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Switch to export the original audit results to a CSV file. When specified, the original test results are exported along with the processed results.</td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg">False</td>
</tr>
<tr>
<td><nobr>-ExportToExcel</nobr></td>
<td class="visible-lg visible-md"></td>
@@ -204,11 +171,27 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
<tr>
<td><nobr>-Prefix</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Add Prefix to filename after date when outputting to excel or csv.<br>Validate that the count of letters in the prefix is less than 5.</td>
<td></td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg">Corp</td>
</tr>
<tr>
<td><nobr>-OnlyExportNestedTables</nobr></td>
<td class="visible-lg visible-md"></td>
<td>───────────────────────────────────────────────────────────────────────────<br> 2) OnlyExportNestedTables: nested tables only into ZIP<br> -AuditResults, -ExportPath, -OnlyExportNestedTables<br>───────────────────────────────────────────────────────────────────────────</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg">False</td>
</tr>
<tr>
<td><nobr>-OutputTestNumber</nobr></td>
<td class="visible-lg visible-md"></td>
<td>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". This parameter is used to output a specific test result.</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-WhatIf</nobr></td>
<td class="visible-lg visible-md">wi</td>
@@ -364,6 +347,36 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
</div>
</div>
</div>
<div id="Get-M365SecurityAuditRecNumberList" class="toggle_container">
<div class="page-header">
<h2> Get-M365SecurityAuditRecNumberList </h2>
</div>
<div>
<h3> Parameters </h3>
<table class="table table-striped table-bordered table-condensed visible-on">
<thead>
<tr>
<th>Name</th>
<th class="visible-lg visible-md">Alias</th>
<th>Description</th>
<th class="visible-lg visible-md">Required?</th>
<th class="visible-lg">Pipeline Input</th>
<th class="visible-lg">Default Value</th>
</tr>
</thead>
<tbody>
<tr>
<td><nobr>-Version</nobr></td>
<td class="visible-lg visible-md">None</td>
<td></td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
</tbody>
</table>
</div>
</div>
<div id="Get-MFAStatus" class="toggle_container">
<div class="page-header">
<h2> Get-MFAStatus </h2>
@@ -581,26 +594,26 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
<div class="page-header">
<h2> Invoke-M365SecurityAudit </h2>
<p>Invokes a security audit for Microsoft 365 environments.</p>
<p>The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters.<br>It allows auditing of various configurations and settings within a Microsoft 365 environment in alignment with CIS benchmarks designated "Automatic".</p>
<p>The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters.<br>It allows auditing of various configurations and settings within a Microsoft 365 environment in alignment with CIS benchmarks designated "Automatic".<br>Supports selection of CIS benchmark definitions version (default is 4.0.0).</p>
</div>
<div>
<h3> Syntax </h3>
</div>
<div class="panel panel-default">
<div class='panel-body'>
<pre class="brush: ps">Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
<pre class="brush: ps">Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -ELevel &lt;String&gt; -ProfileLevel &lt;String&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -ELevel &lt;String&gt; -ProfileLevel &lt;String&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG1 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG1 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG2 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG2 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG3 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG3 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeRecommendation &lt;String[]&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeRecommendation &lt;String[]&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -SkipRecommendation &lt;String[]&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -SkipRecommendation &lt;String[]&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
</div>
</div>
<div>
@@ -644,7 +657,7 @@ Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;Strin
<tr>
<td><nobr>-ProfileLevel</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Specifies the profile level (L1 or L2) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise it is not required.</td>
<td>Specifies the profile level (L1 or L2) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise, it is not required.</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
@@ -745,6 +758,14 @@ Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;Strin
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-Version</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg">4.0.0</td>
</tr>
<tr>
<td><nobr>-WhatIf</nobr></td>
<td class="visible-lg visible-md">wi</td>
@@ -808,10 +829,14 @@ Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;Strin
# Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.</pre>
<div></div>
<strong>EXAMPLE 5</strong>
<pre class="brush: ps">Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -Version "3.0.0"
# Performs a security audit using the CIS benchmark definitions version 3.0.0.</pre>
<div></div>
<strong>EXAMPLE 6</strong>
<pre class="brush: ps">$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com"
PS&gt; Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests</pre>
<div></div>
<strong>EXAMPLE 6</strong>
<strong>EXAMPLE 7</strong>
<pre class="brush: ps"># (PowerShell 7.x Only) Creating a new authentication object for the security audit for app-based authentication.
PS&gt; $authParams = New-M365SecurityAuditAuthObject `
-ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" `
@@ -827,7 +852,7 @@ PS&gt; $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
CISAuditResult[]
auditResults.csv</pre>
<div></div>
<strong>EXAMPLE 7</strong>
<strong>EXAMPLE 8</strong>
<pre class="brush: ps">Invoke-M365SecurityAudit -WhatIf
Displays what would happen if the cmdlet is run without actually performing the audit.
Output:
@@ -931,7 +956,8 @@ PS&gt; $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
<div class='panel-heading'>
<h3 class='panel-title'> Note </h3>
</div>
<div class='panel-body'>Requires PowerShell 7.0 or later.</div>
<div class='panel-body'>Requires PowerShell 7.0 or later.
https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps</div>
</div>
<div>
<h3> Examples </h3>

138
help/Export-M365SecurityAuditTable.md
View File

@@ -12,30 +12,23 @@ Exports M365 security audit results to a CSV file or outputs a specific test res
## SYNTAX
### OutputObjectFromAuditResultsSingle
### DefaultExport (Default)
```
Export-M365SecurityAuditTable [-AuditResults] <CISAuditResult[]> [-OutputTestNumber] <String>
Export-M365SecurityAuditTable -AuditResults <PSObject[]> -ExportPath <String> [-ExportToExcel]
[-Prefix <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### SingleObject
```
Export-M365SecurityAuditTable -AuditResults <PSObject[]> -OutputTestNumber <String>
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### ExportAllResultsFromAuditResults
### OnlyExportNestedTables
```
Export-M365SecurityAuditTable [-AuditResults] <CISAuditResult[]> [-ExportNestedTables] -ExportPath <String>
[-ExportOriginalTests] [-ExportToExcel] [-Prefix <String>] [-ProgressAction <ActionPreference>] [-WhatIf]
[-Confirm] [<CommonParameters>]
```
### OutputObjectFromCsvSingle
```
Export-M365SecurityAuditTable [-CsvPath] <String> [-OutputTestNumber] <String>
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### ExportAllResultsFromCsv
```
Export-M365SecurityAuditTable [-CsvPath] <String> [-ExportNestedTables] -ExportPath <String>
[-ExportOriginalTests] [-ExportToExcel] [-Prefix <String>] [-ProgressAction <ActionPreference>] [-WhatIf]
[-Confirm] [<CommonParameters>]
Export-M365SecurityAuditTable -AuditResults <PSObject[]> -ExportPath <String> [-ExportToExcel]
[-Prefix <String>] [-OnlyExportNestedTables] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm]
[<CommonParameters>]
```
## DESCRIPTION
@@ -86,69 +79,23 @@ Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoda
An array of CISAuditResult objects containing the audit results.
```yaml
Type: CISAuditResult[]
Parameter Sets: OutputObjectFromAuditResultsSingle, ExportAllResultsFromAuditResults
Type: PSObject[]
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -CsvPath
The path to a CSV file containing the audit results.
```yaml
Type: String
Parameter Sets: OutputObjectFromCsvSingle, ExportAllResultsFromCsv
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -OutputTestNumber
The test number to output as an object.
Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
```yaml
Type: String
Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -ExportNestedTables
Switch to export all test results. When specified, all test results are exported to the specified path.
```yaml
Type: SwitchParameter
Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
Aliases:
Required: False
Position: 1
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -ExportPath
The path where the CSV files will be exported.
```yaml
Type: String
Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
Parameter Sets: DefaultExport, OnlyExportNestedTables
Aliases:
Required: True
@@ -158,27 +105,12 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -ExportOriginalTests
Switch to export the original audit results to a CSV file.
```yaml
Type: SwitchParameter
Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -ExportToExcel
Switch to export the results to an Excel file.
```yaml
Type: SwitchParameter
Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
Parameter Sets: DefaultExport, OnlyExportNestedTables
Aliases:
Required: False
@@ -194,7 +126,7 @@ Validate that the count of letters in the prefix is less than 5.
```yaml
Type: String
Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
Parameter Sets: DefaultExport, OnlyExportNestedTables
Aliases:
Required: False
@@ -204,6 +136,40 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -OnlyExportNestedTables
───────────────────────────────────────────────────────────────────────────
2) OnlyExportNestedTables: nested tables only into ZIP
-AuditResults, -ExportPath, -OnlyExportNestedTables
───────────────────────────────────────────────────────────────────────────
```yaml
Type: SwitchParameter
Parameter Sets: OnlyExportNestedTables
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -OutputTestNumber
The test number to output as an object.
Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
```yaml
Type: String
Parameter Sets: SingleObject
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.

61
help/Get-M365SecurityAuditRecNumberList.md Normal file
View File

@@ -0,0 +1,61 @@
---
external help file: M365FoundationsCISReport-help.xml
Module Name: M365FoundationsCISReport
online version:
schema: 2.0.0
---
# Get-M365SecurityAuditRecNumberList
## SYNOPSIS
{{ Fill in the Synopsis }}
## SYNTAX
```
Get-M365SecurityAuditRecNumberList [[-Version] <String>] [<CommonParameters>]
```
## DESCRIPTION
{{ Fill in the Description }}
## EXAMPLES
### Example 1
```powershell
PS C:\> {{ Add example code here }}
```
{{ Add example description here }}
## PARAMETERS
### -Version
{{ Fill Version Description }}
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Accepted values: 3.0.0, 4.0.0
Required: False
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### None
## OUTPUTS
### System.Object
## NOTES
## RELATED LINKS

31
help/Invoke-M365SecurityAudit.md
View File

@@ -17,7 +17,7 @@ Invokes a security audit for Microsoft 365 environments.
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
[-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### ELevelFilter
@@ -25,8 +25,8 @@ Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -ELevel <String>
-ProfileLevel <String> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>]
[-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections]
[-AuthParams <CISAuthenticationParameters>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm]
[<CommonParameters>]
[-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf]
[-Confirm] [<CommonParameters>]
```
### IG1Filter
@@ -34,7 +34,7 @@ Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -ELev
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG1]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
[-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### IG2Filter
@@ -42,7 +42,7 @@ Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-Inc
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG2]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
[-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### IG3Filter
@@ -50,7 +50,7 @@ Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-Inc
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG3]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
[-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### RecFilter
@@ -58,7 +58,7 @@ Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-Inc
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeRecommendation <String[]>
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
[-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### SkipRecFilter
@@ -66,7 +66,7 @@ Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -Incl
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -SkipRecommendation <String[]>
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
[-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```
## DESCRIPTION
@@ -417,6 +417,21 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -Version
Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 4.0.0
Accept pipeline input: False
Accept wildcard characters: False
```
### -WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.

21
help/M365FoundationsCISReport.md
View File

@@ -1,4 +1,4 @@
---
---
Module Name: M365FoundationsCISReport
Module Guid: 0d064bfb-d1ce-484b-a173-993b55984dc9
Download Help Link: {{Please enter Link manually}}
@@ -11,27 +11,30 @@ Locale: en-US
The `M365FoundationsCISReport` module provides a set of cmdlets to audit and report on the security compliance of Microsoft 365 environments based on CIS (Center for Internet Security) benchmarks. It enables administrators to generate detailed reports, sync data with CIS Excel sheets, and perform security audits to ensure compliance.
## M365FoundationsCISReport Cmdlets
### [Export-M365SecurityAuditTable](Export-M365SecurityAuditTable)
### [Export-M365SecurityAuditTable](Export-M365SecurityAuditTable.md)
Exports M365 security audit results to a CSV file or outputs a specific test result as an object.
### [Get-AdminRoleUserLicense](Get-AdminRoleUserLicense)
### [Get-AdminRoleUserLicense](Get-AdminRoleUserLicense.md)
Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API.
### [Get-MFAStatus](Get-MFAStatus)
### [Get-M365SecurityAuditRecNumberList](Get-M365SecurityAuditRecNumberList.md)
{{ Fill in the Synopsis }}
### [Get-MFAStatus](Get-MFAStatus.md)
Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users.
### [Grant-M365SecurityAuditConsent](Grant-M365SecurityAuditConsent)
### [Grant-M365SecurityAuditConsent](Grant-M365SecurityAuditConsent.md)
Grants Microsoft Graph permissions for an auditor.
### [Invoke-M365SecurityAudit](Invoke-M365SecurityAudit)
### [Invoke-M365SecurityAudit](Invoke-M365SecurityAudit.md)
Invokes a security audit for Microsoft 365 environments.
### [New-M365SecurityAuditAuthObject](New-M365SecurityAuditAuthObject)
### [New-M365SecurityAuditAuthObject](New-M365SecurityAuditAuthObject.md)
Creates a new CISAuthenticationParameters object for Microsoft 365 authentication.
### [Remove-RowsWithEmptyCSVStatus](Remove-RowsWithEmptyCSVStatus)
### [Remove-RowsWithEmptyCSVStatus](Remove-RowsWithEmptyCSVStatus.md)
Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file.
### [Sync-CISExcelAndCsvData](Sync-CISExcelAndCsvData)
### [Sync-CISExcelAndCsvData](Sync-CISExcelAndCsvData.md)
Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates.

2
help/about_M365FoundationsCISReport.md
View File

@@ -21,7 +21,7 @@ $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com"
# Example 2: Exporting a security audit and it's nested tables to zipped CSV files
Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests
Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp"
# Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
# Example 3: Retrieving licenses for users in administrative roles

441
source/en-US/M365FoundationsCISReport-help.xml
View File

@@ -15,86 +15,14 @@
<command:syntax>
<command:syntaxItem>
<maml:name>Export-M365SecurityAuditTable</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>OutputTestNumber</maml:name>
<maml:description>
<maml:para>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none">
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>AuditResults</maml:name>
<maml:description>
<maml:para>An array of CISAuditResult objects containing the audit results.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">CISAuditResult[]</command:parameterValue>
<command:parameterValue required="true" variableLength="false">PSObject[]</command:parameterValue>
<dev:type>
<maml:name>CISAuditResult[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga">
<maml:name>ProgressAction</maml:name>
<maml:description>
<maml:para>{{ Fill ProgressAction Description }}</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue>
<dev:type>
<maml:name>ActionPreference</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Export-M365SecurityAuditTable</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>ExportNestedTables</maml:name>
<maml:description>
<maml:para>Switch to export all test results. When specified, all test results are exported to the specified path.</maml:para>
</maml:description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none">
<maml:name>AuditResults</maml:name>
<maml:description>
<maml:para>An array of CISAuditResult objects containing the audit results.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">CISAuditResult[]</command:parameterValue>
<dev:type>
<maml:name>CISAuditResult[]</maml:name>
<maml:name>PSObject[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
@@ -111,17 +39,6 @@
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportOriginalTests</maml:name>
<maml:description>
<maml:para>Switch to export the original audit results to a CSV file.</maml:para>
</maml:description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportToExcel</maml:name>
<maml:description>
@@ -182,10 +99,22 @@
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Export-M365SecurityAuditTable</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>OutputTestNumber</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>AuditResults</maml:name>
<maml:description>
<maml:para>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".</maml:para>
<maml:para>An array of CISAuditResult objects containing the audit results.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">PSObject[]</command:parameterValue>
<dev:type>
<maml:name>PSObject[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportPath</maml:name>
<maml:description>
<maml:para>The path where the CSV files will be exported.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
@@ -194,17 +123,39 @@
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none">
<maml:name>CsvPath</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportToExcel</maml:name>
<maml:description>
<maml:para>The path to a CSV file containing the audit results.</maml:para>
<maml:para>Switch to export the results to an Excel file.</maml:para>
</maml:description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Prefix</maml:name>
<maml:description>
<maml:para>Add Prefix to filename after date when outputting to excel or csv. Validate that the count of letters in the prefix is less than 5.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
<dev:defaultValue>Corp</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>OnlyExportNestedTables</maml:name>
<maml:description>
<maml:para>─────────────────────────────────────────────────────────────────────────── 2) OnlyExportNestedTables: nested tables only into ZIP -AuditResults, -ExportPath, -OnlyExportNestedTables ───────────────────────────────────────────────────────────────────────────</maml:para>
</maml:description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
@@ -243,33 +194,22 @@
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Export-M365SecurityAuditTable</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>ExportNestedTables</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>AuditResults</maml:name>
<maml:description>
<maml:para>Switch to export all test results. When specified, all test results are exported to the specified path.</maml:para>
<maml:para>An array of CISAuditResult objects containing the audit results.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">PSObject[]</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none">
<maml:name>CsvPath</maml:name>
<maml:description>
<maml:para>The path to a CSV file containing the audit results.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:name>PSObject[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportPath</maml:name>
<maml:name>OutputTestNumber</maml:name>
<maml:description>
<maml:para>The path where the CSV files will be exported.</maml:para>
<maml:para>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
@@ -278,40 +218,6 @@
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportOriginalTests</maml:name>
<maml:description>
<maml:para>Switch to export the original audit results to a CSV file.</maml:para>
</maml:description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportToExcel</maml:name>
<maml:description>
<maml:para>Switch to export the results to an Excel file.</maml:para>
</maml:description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Prefix</maml:name>
<maml:description>
<maml:para>Add Prefix to filename after date when outputting to excel or csv. Validate that the count of letters in the prefix is less than 5.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>Corp</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
@@ -349,54 +255,18 @@
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none">
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>AuditResults</maml:name>
<maml:description>
<maml:para>An array of CISAuditResult objects containing the audit results.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">CISAuditResult[]</command:parameterValue>
<command:parameterValue required="true" variableLength="false">PSObject[]</command:parameterValue>
<dev:type>
<maml:name>CISAuditResult[]</maml:name>
<maml:name>PSObject[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none">
<maml:name>CsvPath</maml:name>
<maml:description>
<maml:para>The path to a CSV file containing the audit results.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>OutputTestNumber</maml:name>
<maml:description>
<maml:para>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>ExportNestedTables</maml:name>
<maml:description>
<maml:para>Switch to export all test results. When specified, all test results are exported to the specified path.</maml:para>
</maml:description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportPath</maml:name>
<maml:description>
@@ -409,18 +279,6 @@
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportOriginalTests</maml:name>
<maml:description>
<maml:para>Switch to export the original audit results to a CSV file.</maml:para>
</maml:description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ExportToExcel</maml:name>
<maml:description>
@@ -445,6 +303,30 @@
</dev:type>
<dev:defaultValue>Corp</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>OnlyExportNestedTables</maml:name>
<maml:description>
<maml:para>─────────────────────────────────────────────────────────────────────────── 2) OnlyExportNestedTables: nested tables only into ZIP -AuditResults, -ExportPath, -OnlyExportNestedTables ───────────────────────────────────────────────────────────────────────────</maml:para>
</maml:description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>OutputTestNumber</maml:name>
<maml:description>
<maml:para>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
@@ -694,6 +576,89 @@
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-M365SecurityAuditRecNumberList</command:name>
<command:verb>Get</command:verb>
<command:noun>M365SecurityAuditRecNumberList</command:noun>
<maml:description>
<maml:para>{{ Fill in the Synopsis }}</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>{{ Fill in the Description }}</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-M365SecurityAuditRecNumberList</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>{{ Fill Version Description }}</maml:para>
</maml:description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">3.0.0</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">4.0.0</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>{{ Fill Version Description }}</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Object</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
<dev:remarks>
<maml:para>{{ Add example description here }}</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks />
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-MFAStatus</command:name>
@@ -1276,6 +1241,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4.0.0</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
@@ -1428,6 +1405,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4.0.0</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
@@ -1580,6 +1569,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4.0.0</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
@@ -1732,6 +1733,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4.0.0</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
@@ -1885,6 +1898,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4.0.0</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
@@ -2038,6 +2063,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4.0.0</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>
@@ -2267,6 +2304,18 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Version</maml:name>
<maml:description>
<maml:para>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4.0.0</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:description>

2
source/en-US/about_M365FoundationsCISReport.help.txt
View File

@@ -33,7 +33,7 @@ EXAMPLES
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com"
# Example 2: Exporting a security audit and it's nested tables to zipped CSV files
Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests
Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp"
# Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
# Example 3: Retrieving licenses for users in administrative roles