vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Update Help

Browse Source
This commit is contained in:
DrIOS
2025-04-21 11:27:41 -05:00
parent 118bb6f227
commit e2ab71f1a8
10 changed files with 521 additions and 386 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
docs/index.html
View File

@@ -2,7 +2,7 @@
<!--
<auto-generated>
<synopsis>
This code was generated by a tool. on: 08/04/2024 15:16:23
This code was generated by a tool. on: 04/21/2025 11:26:56
</synopsis>
<description>
If you'd like to regenerate the documentation, please open up powershell and run
@@ -99,6 +99,7 @@
<ul class="nav navbar-nav list-group" id="searchList">
<li class="nav-menu list-group-item"><a href="#Export-M365SecurityAuditTable">Export-M365SecurityAuditTable</a></li>
<li class="nav-menu list-group-item"><a href="#Get-AdminRoleUserLicense">Get-AdminRoleUserLicense</a></li>
<li class="nav-menu list-group-item"><a href="#Get-M365SecurityAuditRecNumberList">Get-M365SecurityAuditRecNumberList</a></li>
<li class="nav-menu list-group-item"><a href="#Get-MFAStatus">Get-MFAStatus</a></li>
<li class="nav-menu list-group-item"><a href="#Grant-M365SecurityAuditConsent">Grant-M365SecurityAuditConsent</a></li>
<li class="nav-menu list-group-item"><a href="#Invoke-M365SecurityAudit">Invoke-M365SecurityAudit</a></li>
@@ -122,13 +123,11 @@
</div>
<div class="panel panel-default">
<div class='panel-body'>
<pre class="brush: ps">Export-M365SecurityAuditTable [-AuditResults] &lt;CISAuditResult[]&gt; [-OutputTestNumber] &lt;String&gt; [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
<pre class="brush: ps">Export-M365SecurityAuditTable -AuditResults &lt;PSObject[]&gt; -ExportPath &lt;String&gt; [-ExportToExcel] [-Prefix &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Export-M365SecurityAuditTable [-AuditResults] &lt;CISAuditResult[]&gt; [[-ExportNestedTables]] -ExportPath &lt;String&gt; [-ExportOriginalTests] [-ExportToExcel] [-Prefix &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Export-M365SecurityAuditTable -AuditResults &lt;PSObject[]&gt; -OutputTestNumber &lt;String&gt; [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [-OutputTestNumber] &lt;String&gt; [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]] -ExportPath &lt;String&gt; [-ExportOriginalTests] [-ExportToExcel] [-Prefix &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
Export-M365SecurityAuditTable -AuditResults &lt;PSObject[]&gt; -ExportPath &lt;String&gt; [-ExportToExcel] [-Prefix &lt;String&gt;] -OnlyExportNestedTables [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
</div>
</div>
<div>
@@ -153,30 +152,6 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-CsvPath</nobr></td>
<td class="visible-lg visible-md"></td>
<td>The path to a CSV file containing the audit results. This parameter is mandatory when exporting from a CSV file.</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-OutputTestNumber</nobr></td>
<td class="visible-lg visible-md"></td>
<td>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". This parameter is used to output a specific test result.</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-ExportNestedTables</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Switch to export all test results. When specified, all test results are exported to the specified path.</td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg">False</td>
</tr>
<tr>
<td><nobr>-ExportPath</nobr></td>
<td class="visible-lg visible-md"></td>
@@ -185,14 +160,6 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-ExportOriginalTests</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Switch to export the original audit results to a CSV file. When specified, the original test results are exported along with the processed results.</td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg">False</td>
</tr>
<tr>
<td><nobr>-ExportToExcel</nobr></td>
<td class="visible-lg visible-md"></td>
@@ -204,11 +171,27 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
<tr>
<td><nobr>-Prefix</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Add Prefix to filename after date when outputting to excel or csv.<br>Validate that the count of letters in the prefix is less than 5.</td>
<td></td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg">Corp</td>
</tr>
<tr>
<td><nobr>-OnlyExportNestedTables</nobr></td>
<td class="visible-lg visible-md"></td>
<td>───────────────────────────────────────────────────────────────────────────<br> 2) OnlyExportNestedTables: nested tables only into ZIP<br> -AuditResults, -ExportPath, -OnlyExportNestedTables<br>───────────────────────────────────────────────────────────────────────────</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg">False</td>
</tr>
<tr>
<td><nobr>-OutputTestNumber</nobr></td>
<td class="visible-lg visible-md"></td>
<td>The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". This parameter is used to output a specific test result.</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-WhatIf</nobr></td>
<td class="visible-lg visible-md">wi</td>
@@ -364,6 +347,36 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
</div>
</div>
</div>
<div id="Get-M365SecurityAuditRecNumberList" class="toggle_container">
<div class="page-header">
<h2> Get-M365SecurityAuditRecNumberList </h2>
</div>
<div>
<h3> Parameters </h3>
<table class="table table-striped table-bordered table-condensed visible-on">
<thead>
<tr>
<th>Name</th>
<th class="visible-lg visible-md">Alias</th>
<th>Description</th>
<th class="visible-lg visible-md">Required?</th>
<th class="visible-lg">Pipeline Input</th>
<th class="visible-lg">Default Value</th>
</tr>
</thead>
<tbody>
<tr>
<td><nobr>-Version</nobr></td>
<td class="visible-lg visible-md">None</td>
<td></td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
</tbody>
</table>
</div>
</div>
<div id="Get-MFAStatus" class="toggle_container">
<div class="page-header">
<h2> Get-MFAStatus </h2>
@@ -581,26 +594,26 @@ Export-M365SecurityAuditTable [-CsvPath] &lt;String&gt; [[-ExportNestedTables]]
<div class="page-header">
<h2> Invoke-M365SecurityAudit </h2>
<p>Invokes a security audit for Microsoft 365 environments.</p>
<p>The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters.<br>It allows auditing of various configurations and settings within a Microsoft 365 environment in alignment with CIS benchmarks designated "Automatic".</p>
<p>The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters.<br>It allows auditing of various configurations and settings within a Microsoft 365 environment in alignment with CIS benchmarks designated "Automatic".<br>Supports selection of CIS benchmark definitions version (default is 4.0.0).</p>
</div>
<div>
<h3> Syntax </h3>
</div>
<div class="panel panel-default">
<div class='panel-body'>
<pre class="brush: ps">Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
<pre class="brush: ps">Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -ELevel &lt;String&gt; -ProfileLevel &lt;String&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -ELevel &lt;String&gt; -ProfileLevel &lt;String&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG1 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG1 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG2 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG2 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG3 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeIG3 [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeRecommendation &lt;String[]&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -IncludeRecommendation &lt;String[]&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -SkipRecommendation &lt;String[]&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;String&gt;] -SkipRecommendation &lt;String[]&gt; [-ApprovedCloudStorageProviders &lt;String[]&gt;] [-ApprovedFederatedDomains &lt;String[]&gt;] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams &lt;CISAuthenticationParameters&gt;] [-Version &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
</div>
</div>
<div>
@@ -644,7 +657,7 @@ Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;Strin
<tr>
<td><nobr>-ProfileLevel</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Specifies the profile level (L1 or L2) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise it is not required.</td>
<td>Specifies the profile level (L1 or L2) for the audit. This parameter is mandatory, but only when ELevel is selected. Otherwise, it is not required.</td>
<td class="visible-lg visible-md">true</td>
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
@@ -745,6 +758,14 @@ Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;Strin
<td class="visible-lg">false</td>
<td class="visible-lg"></td>
</tr>
<tr>
<td><nobr>-Version</nobr></td>
<td class="visible-lg visible-md"></td>
<td>Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".</td>
<td class="visible-lg visible-md">false</td>
<td class="visible-lg">false</td>
<td class="visible-lg">4.0.0</td>
</tr>
<tr>
<td><nobr>-WhatIf</nobr></td>
<td class="visible-lg visible-md">wi</td>
@@ -808,10 +829,14 @@ Invoke-M365SecurityAudit [-TenantAdminUrl &lt;String&gt;] [-DomainName &lt;Strin
# Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.</pre>
<div></div>
<strong>EXAMPLE 5</strong>
<pre class="brush: ps">Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -Version "3.0.0"
# Performs a security audit using the CIS benchmark definitions version 3.0.0.</pre>
<div></div>
<strong>EXAMPLE 6</strong>
<pre class="brush: ps">$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com"
PS&gt; Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests</pre>
<div></div>
<strong>EXAMPLE 6</strong>
<strong>EXAMPLE 7</strong>
<pre class="brush: ps"># (PowerShell 7.x Only) Creating a new authentication object for the security audit for app-based authentication.
PS&gt; $authParams = New-M365SecurityAuditAuthObject `
-ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" `
@@ -827,7 +852,7 @@ PS&gt; $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
CISAuditResult[]
auditResults.csv</pre>
<div></div>
<strong>EXAMPLE 7</strong>
<strong>EXAMPLE 8</strong>
<pre class="brush: ps">Invoke-M365SecurityAudit -WhatIf
Displays what would happen if the cmdlet is run without actually performing the audit.
Output:
@@ -931,7 +956,8 @@ PS&gt; $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
<div class='panel-heading'>
<h3 class='panel-title'> Note </h3>
</div>
<div class='panel-body'>Requires PowerShell 7.0 or later.</div>
<div class='panel-body'>Requires PowerShell 7.0 or later.
https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps</div>
</div>
<div>
<h3> Examples </h3>