Merge pull request #115 from CriticalSolutionsNetwork/Add-QoL-Features

Add qol features
docs: Update help
2024-06-17 09:42:08 -05:00 · 2024-06-16 15:24:02 -05:00 · 2024-06-16 15:20:06 -05:00 · 2024-06-16 14:12:12 -05:00 · 2024-06-16 13:11:43 -05:00 · 2024-06-16 12:48:15 -05:00
31 changed files with 1232 additions and 619 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -15,4 +15,5 @@ output/
 markdownissues.txt
 node_modules
 package-lock.json
-Aligned.xlsx
+Aligned.xlsx
 test-gh1.ps1
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,27 @@ The format is based on and uses the types of changes according to [Keep a Change
 ### Added
 - Added `Export-M365SecurityAuditTable` public function to export applicable audit results to a table format.
 - Added paramter to `Export-M365SecurityAuditTable` to specify output of the original audit results.
 - Added `Remove-RowsWithEmptyCSVStatus` public function to remove rows with empty status from the CSV file.
 - Added `Get-Action` private function to retrieve the action for the test 6.1.2 and 6.1.3 tests.
 - Added output modifications to tests that produce tables to ensure they can be exported with the new `Export-M365SecurityAuditTable` function.
 ## [0.1.11] - 2024-06-14
 ### Added
 - Added Get-MFAStatus function to help with auditing mfa for conditional access controls.
 ### Fixed
 - Fixed 6.1.2/6.1.3 tests to minimize calls to the Graph API.
 - Fixed 2.1.1,2.1.4,2.1.5 to suppress error messages and create a standard object when no e5"
 ## [0.1.10] - 2024-06-12
 ### Added
 - Added condition comments to each test.
 ### Fixed
--- a/README.md
+++ b/README.md
--- a/docs/index.html
+++ b/docs/index.html
--- a/helpers/Build-Help.ps1
+++ b/helpers/Build-Help.ps1
@@ -4,7 +4,7 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1
 <#
-    $ver = "v0.1.9"
+    $ver = "v0.1.11"
    git checkout main
    git pull origin main
    git tag -a $ver -m "Release version $ver refactor Update"
@@ -13,73 +13,3 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1
    git push origin $ver
    # git tag -d $ver
 #>
 # Refresh authentication to ensure the correct scopes
 gh auth refresh -s project,read:project,write:project,repo
 # Create the project
 gh project create --owner CriticalSolutionsNetwork --title "Test Validation Project"
 $repoOwner = "CriticalSolutionsNetwork"
 $repoName = "M365FoundationsCISReport"
 $directoryPath = ".\source\tests"
 $projectName = "Test Validation Project"
 # Function to create GitHub issues
 function Create-GitHubIssue {
    param (
        [string]$title,
        [string]$body,
        [string]$project
    )
    # Create the issue and add it to the specified project
    $issue = gh issue create --repo "$repoOwner/$repoName" --title "$title" --body "$body" --project "$project"
    return $issue
 }
 # Load test definitions from CSV
 $testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
 $testDefinitions = Import-Csv -Path $testDefinitionsPath
 # Iterate over each .ps1 file in the directory
 Get-ChildItem -Path $directoryPath -Filter "*.ps1" | ForEach-Object {
    $fileName = $_.Name
    $testDefinition = $testDefinitions | Where-Object { $_.TestFileName -eq $fileName }
    if ($testDefinition) {
        $rec = $testDefinition.Rec
        $elevel = $testDefinition.ELevel
        $profileLevel = $testDefinition.ProfileLevel
        $ig1 = $testDefinition.IG1
        $ig2 = $testDefinition.IG2
        $ig3 = $testDefinition.IG3
        $connection = $testDefinition.Connection
        $issueTitle = "Rec: $rec - Validate $fileName, ELevel: $elevel, ProfileLevel: $profileLevel, IG1: $ig1, IG2: $ig2, IG3: $ig3, Connection: $connection"
        $issueBody = @"
 # Validation for $fileName
 ## Tasks
 - [ ] Validate test for a pass
  - Description of passing criteria:
 - [ ] Validate test for a fail
  - Description of failing criteria:
 - [ ] Add notes and observations
  - Placeholder for additional notes:
 "@
        # Create the issue using GitHub CLI
        try {
            Create-GitHubIssue -title "$issueTitle" -body "$issueBody" -project "$projectName"
            Write-Output "Created issue for $fileName"
        } catch {
            Write-Error "Failed to create issue for $fileName : $_"
        }
        # Introduce a delay of 2 seconds
        Start-Sleep -Seconds 2
    } else {
        Write-Warning "No matching test definition found for $fileName"
    }
 }
--- a/source/Private/Connect-M365Suite.ps1
+++ b/source/Private/Connect-M365Suite.ps1
@@ -18,7 +18,7 @@ function Connect-M365Suite {
            Write-Host "Successfully connected to Azure Active Directory." -ForegroundColor Green
        }
-        if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
+        if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
            Write-Host "Connecting to Microsoft Graph with scopes: Directory.Read.All, Domain.Read.All, Policy.Read.All, Organization.Read.All" -ForegroundColor Cyan
            try {
                Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome | Out-Null
@@ -31,7 +31,7 @@ function Connect-M365Suite {
            }
        }
-        if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
+        if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
            Write-Host "Connecting to Exchange Online..." -ForegroundColor Cyan
            Connect-ExchangeOnline | Out-Null
            Write-Host "Successfully connected to Exchange Online." -ForegroundColor Green
--- a/source/Private/Format-MissingAction.ps1
+++ b/source/Private/Format-MissingAction.ps1
@@ -1,29 +0,0 @@
 function Format-MissingAction {
    [CmdletBinding()]
    [OutputType([hashtable])]
    param (
        [array]$missingActions
    )
    $actionGroups = @{
        "Admin"    = @()
        "Delegate" = @()
        "Owner"    = @()
    }
    foreach ($action in $missingActions) {
        if ($action -match "(Admin|Delegate|Owner) action '([^']+)' missing") {
            $type = $matches[1]
            $actionName = $matches[2]
            $actionGroups[$type] += $actionName
        }
    }
    $formattedResults = @{
        Admin    = $actionGroups["Admin"] -join ', '
        Delegate = $actionGroups["Delegate"] -join ', '
        Owner    = $actionGroups["Owner"] -join ', '
    }
    return $formattedResults
 }
--- a/source/Private/Get-Action.ps1
+++ b/source/Private/Get-Action.ps1
@@ -0,0 +1,113 @@
 function Get-Action {
    [CmdletBinding(DefaultParameterSetName = "GetDictionaries")]
    param (
        [Parameter(Position = 0, ParameterSetName = "GetDictionaries")]
        [switch]$Dictionaries,
        [Parameter(Position = 0, ParameterSetName = "ConvertActions")]
        [string[]]$Actions,
        [Parameter(Position = 1, Mandatory = $true, ParameterSetName = "ConvertActions")]
        [ValidateSet("Admin", "Delegate", "Owner")]
        [string]$ActionType,
        [Parameter(Position = 0, ParameterSetName = "ReverseActions")]
        [string[]]$AbbreviatedActions,
        [Parameter(Position = 1, Mandatory = $true, ParameterSetName = "ReverseActions")]
        [ValidateSet("Admin", "Delegate", "Owner")]
        [string]$ReverseActionType
    )
    $Dictionary = @{
        AdminActions = @{
            ApplyRecord              = 'AR'
            Copy                     = 'CP'
            Create                   = 'CR'
            FolderBind               = 'FB'
            HardDelete               = 'HD'
            MailItemsAccessed        = 'MIA'
            Move                     = 'MV'
            MoveToDeletedItems       = 'MTDI'
            SendAs                   = 'SA'
            SendOnBehalf             = 'SOB'
            Send                     = 'SD'
            SoftDelete               = 'SD'
            Update                   = 'UP'
            UpdateCalendarDelegation = 'UCD'
            UpdateFolderPermissions  = 'UFP'
            UpdateInboxRules         = 'UIR'
        }
        DelegateActions = @{
            ApplyRecord             = 'AR'
            Create                  = 'CR'
            FolderBind              = 'FB'
            HardDelete              = 'HD'
            MailItemsAccessed       = 'MIA'
            Move                    = 'MV'
            MoveToDeletedItems      = 'MTDI'
            SendAs                  = 'SA'
            SendOnBehalf            = 'SOB'
            SoftDelete              = 'SD'
            Update                  = 'UP'
            UpdateFolderPermissions = 'UFP'
            UpdateInboxRules        = 'UIR'
        }
        OwnerActions = @{
            ApplyRecord              = 'AR'
            Create                   = 'CR'
            HardDelete               = 'HD'
            MailboxLogin             = 'ML'
            MailItemsAccessed        = 'MIA'
            Move                     = 'MV'
            MoveToDeletedItems       = 'MTDI'
            Send                     = 'SD'
            SoftDelete               = 'SD'
            Update                   = 'UP'
            UpdateCalendarDelegation = 'UCD'
            UpdateFolderPermissions  = 'UFP'
            UpdateInboxRules         = 'UIR'
        }
    }
    switch ($PSCmdlet.ParameterSetName) {
        "GetDictionaries" {
            return $Dictionary
        }
        "ConvertActions" {
            $actionDictionary = switch ($ActionType) {
                "Admin"    { $Dictionary.AdminActions }
                "Delegate" { $Dictionary.DelegateActions }
                "Owner"    { $Dictionary.OwnerActions }
            }
            $abbreviatedActions = @()
            foreach ($action in $Actions) {
                if ($actionDictionary.ContainsKey($action)) {
                    $abbreviatedActions += $actionDictionary[$action]
                }
            }
            return $abbreviatedActions
        }
        "ReverseActions" {
            $reverseDictionary = @{}
            $originalDictionary = switch ($ReverseActionType) {
                "Admin"    { $Dictionary.AdminActions }
                "Delegate" { $Dictionary.DelegateActions }
                "Owner"    { $Dictionary.OwnerActions }
            }
            foreach ($key in $originalDictionary.Keys) {
                $reverseDictionary[$originalDictionary[$key]] = $key
            }
            $fullNames = @()
            foreach ($abbrAction in $AbbreviatedActions) {
                if ($reverseDictionary.ContainsKey($abbrAction)) {
                    $fullNames += $reverseDictionary[$abbrAction]
                }
            }
            return $fullNames
        }
    }
 }
--- a/source/Private/Get-ExceededLengthResultDetail.ps1
+++ b/source/Private/Get-ExceededLengthResultDetail.ps1
@@ -0,0 +1,54 @@
 function Get-ExceededLengthResultDetail {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true, ParameterSetName = 'UpdateArray')]
        [Parameter(Mandatory = $true, ParameterSetName = 'ReturnExceedingTests')]
        [object[]]$AuditResults,
        [Parameter(Mandatory = $true, ParameterSetName = 'UpdateArray')]
        [Parameter(Mandatory = $true, ParameterSetName = 'ReturnExceedingTests')]
        [string[]]$TestNumbersToCheck,
        [Parameter(Mandatory = $true, ParameterSetName = 'UpdateArray')]
        [string[]]$ExportedTests,
        [Parameter(Mandatory = $true, ParameterSetName = 'ReturnExceedingTests')]
        [switch]$ReturnExceedingTestsOnly,
        [int]$DetailsLengthLimit = 30000,
        [Parameter(Mandatory = $true, ParameterSetName = 'UpdateArray')]
        [int]$PreviewLineCount = 50
    )
    $exceedingTests = @()
    $updatedResults = @()
    for ($i = 0; $i -lt $AuditResults.Count; $i++) {
        $auditResult = $AuditResults[$i]
        if ($auditResult.Rec -in $TestNumbersToCheck) {
            if ($auditResult.Details.Length -gt $DetailsLengthLimit) {
                if ($ReturnExceedingTestsOnly) {
                    $exceedingTests += $auditResult.Rec
                } else {
                    $previewLines = ($auditResult.Details -split '\r?\n' | Select-Object -First $PreviewLineCount) -join "`n"
                    $message = "The test result is too large to be exported to CSV. Use the audit result and the export function for full output.`n`nPreview:`n$previewLines"
                    if ($ExportedTests -contains $auditResult.Rec) {
                        Write-Information "The test result for $($auditResult.Rec) is too large for CSV and was included in the export. Check the exported files."
                        $auditResult.Details = $message
                    } else {
                        $auditResult.Details = $message
                    }
                }
            }
        }
        $updatedResults += $auditResult
    }
    if ($ReturnExceedingTestsOnly) {
        return $exceedingTests
    } else {
        return $updatedResults
    }
 }
--- a/source/Private/Initialize-LargeTestTable.ps1
+++ b/source/Private/Initialize-LargeTestTable.ps1
@@ -0,0 +1,36 @@
 <#
    .SYNOPSIS
    This function generates a large table with the specified number of lines.
    .DESCRIPTION
    This function generates a large table with the specified number of lines. The table has a header and each line has the same format.
    .EXAMPLE
    Initialize-LargeTestTable -lineCount 1000
    .PARAMETER lineCount
    The number of lines to generate.
    .INPUTS
    System.Int32
    .OUTPUTS
    System.String
    .NOTES
    The function is intended for testing purposes.
 #>
 function Initialize-LargeTestTable {
    [cmdletBinding()]
    [OutputType([string])]
    param(
        [Parameter()]
        [int]$lineCount = 1000 # Number of lines to generate
    )
    process {
        $header = "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing"
        $lineTemplate = "user{0}@contosonorthwind.net|True|FB,CP,MV|FB,MV|ML,MV,CR"
        # Generate the header and lines
        $lines = @($header)
        for ($i = 1; $i -le $lineCount; $i++) {
            $lines += [string]::Format($lineTemplate, $i)
        }
        $output = $lines -join "`n"
        Write-Host "Details character count: $($output.Length)"
        return $output
    }
 }
--- a/source/Public/Export-M365SecurityAuditTable.ps1
+++ b/source/Public/Export-M365SecurityAuditTable.ps1
@@ -0,0 +1,196 @@
 <#
    .SYNOPSIS
    Exports M365 security audit results to a CSV file or outputs a specific test result as an object.
    .DESCRIPTION
    This function exports M365 security audit results from either an array of CISAuditResult objects or a CSV file.
    It can export all results to a specified path or output a specific test result as an object.
    .PARAMETER AuditResults
    An array of CISAuditResult objects containing the audit results.
    .PARAMETER CsvPath
    The path to a CSV file containing the audit results.
    .PARAMETER OutputTestNumber
    The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
    .PARAMETER ExportAllTests
    Switch to export all test results.
    .PARAMETER ExportPath
    The path where the CSV files will be exported.
    .PARAMETER ExportOriginalTests
    Switch to export the original audit results to a CSV file.
    .INPUTS
    [CISAuditResult[]], [string]
    .OUTPUTS
    [PSCustomObject]
    .EXAMPLE
    # Output object for a single test number from audit results
    Export-M365SecurityAuditTable -AuditResults $object -OutputTestNumber 6.1.2
    .EXAMPLE
    # Export all results from audit results to the specified path
    Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp"
    .EXAMPLE
    # Output object for a single test number from CSV
    Export-M365SecurityAuditTable -CsvPath "C:\temp\auditresultstoday1.csv" -OutputTestNumber 6.1.2
    .EXAMPLE
    # Export all results from CSV to the specified path
    Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp"
    .EXAMPLE
    # Export all results from audit results to the specified path along with the original tests
    Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportOriginalTests
    .EXAMPLE
    # Export all results from CSV to the specified path along with the original tests
    Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" -ExportOriginalTests
    .LINK
    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable
 #>
 function Export-M365SecurityAuditTable {
    [CmdletBinding()]
    [OutputType([PSCustomObject])]
    param (
        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $true, Position = 2, ParameterSetName = "OutputObjectFromAuditResultsSingle")]
        [CISAuditResult[]]$AuditResults,
        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "ExportAllResultsFromCsv")]
        [Parameter(Mandatory = $true, Position = 2, ParameterSetName = "OutputObjectFromCsvSingle")]
        [ValidateScript({ (Test-Path $_) -and ((Get-Item $_).PSIsContainer -eq $false) })]
        [string]$CsvPath,
        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "OutputObjectFromAuditResultsSingle")]
        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "OutputObjectFromCsvSingle")]
        [ValidateSet("1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4")]
        [string]$OutputTestNumber,
        [Parameter(Mandatory = $true, Position = 0, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $true, Position = 0, ParameterSetName = "ExportAllResultsFromCsv")]
        [switch]$ExportAllTests,
        [Parameter(Mandatory = $true, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $true, ParameterSetName = "ExportAllResultsFromCsv")]
        [string]$ExportPath,
        [Parameter(Mandatory = $false, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $false, ParameterSetName = "ExportAllResultsFromCsv")]
        [switch]$ExportOriginalTests
    )
    if ($PSCmdlet.ParameterSetName -like "ExportAllResultsFromCsv" -or $PSCmdlet.ParameterSetName -eq "OutputObjectFromCsvSingle") {
        $AuditResults = Import-Csv -Path $CsvPath | ForEach-Object {
            $params = @{
                Rec           = $_.Rec
                Result        = [bool]$_.Result
                Status        = $_.Status
                Details       = $_.Details
                FailureReason = $_.FailureReason
            }
            Initialize-CISAuditResult @params
        }
    }
    if ($ExportAllTests) {
        $TestNumbers = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
    }
    $results = @()
    $testsToProcess = if ($OutputTestNumber) { @($OutputTestNumber) } else { $TestNumbers }
    foreach ($test in $testsToProcess) {
        $auditResult = $AuditResults | Where-Object { $_.Rec -eq $test }
        if (-not $auditResult) {
            Write-Information "No audit results found for the test number $test."
            continue
        }
        switch ($test) {
            "6.1.2" {
                $details = $auditResult.Details
                $csv = $details | ConvertFrom-Csv -Delimiter '|'
                if ($null -ne $csv) {
                    foreach ($row in $csv) {
                        $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }) -join ','
                        $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate | Where-Object { $_ -notin @("MailItemsAccessed") }) -join ','
                        $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }) -join ','
                    }
                    $newObjectDetails = $csv
                }
                else {
                    $newObjectDetails = $details
                }
                $results += [PSCustomObject]@{ TestNumber = $test; Details = $newObjectDetails }
            }
            "6.1.3" {
                $details = $auditResult.Details
                $csv = $details | ConvertFrom-Csv -Delimiter '|'
                if ($null -ne $csv) {
                    foreach ($row in $csv) {
                        $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin) -join ','
                        $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate) -join ','
                        $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner) -join ','
                    }
                    $newObjectDetails = $csv
                }
                else {
                    $newObjectDetails = $details
                }
                $results += [PSCustomObject]@{ TestNumber = $test; Details = $newObjectDetails }
            }
            Default {
                $details = $auditResult.Details
                $csv = $details | ConvertFrom-Csv -Delimiter '|'
                $results += [PSCustomObject]@{ TestNumber = $test; Details = $csv }
            }
        }
    }
    if ($ExportPath) {
        $timestamp = (Get-Date).ToString("yyyy.MM.dd_HH.mm.ss")
        $exportedTests = @()
        foreach ($result in $results) {
            $testDef = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $result.TestNumber }
            if ($testDef) {
                $fileName = "$ExportPath\$($timestamp)_$($result.TestNumber).$($testDef.TestFileName -replace '\.ps1$').csv"
                if ($result.Details.Count -eq 0) {
                    Write-Information "No results found for test number $($result.TestNumber)." -InformationAction Continue
                }
                else {
                    $result.Details | Export-Csv -Path $fileName -NoTypeInformation
                    $exportedTests += $result.TestNumber
                }
            }
        }
        if ($exportedTests.Count -gt 0) {
            Write-Information "The following tests were exported: $($exportedTests -join ', ')" -InformationAction Continue
        }
        else {
            if ($ExportOriginalTests) {
                Write-Information "No specified tests were included in the export other than the full audit results." -InformationAction Continue
            }
            else {
                Write-Information "No specified tests were included in the export." -InformationAction Continue
            }
        }
        if ($ExportOriginalTests) {
            # Define the test numbers to check
            $TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
            # Check for large details and update the AuditResults array
            $updatedAuditResults = Get-ExceededLengthResultDetail -AuditResults $AuditResults -TestNumbersToCheck $TestNumbersToCheck -ExportedTests $exportedTests -DetailsLengthLimit 30000 -PreviewLineCount 25
            $originalFileName = "$ExportPath\$timestamp`_M365FoundationsAudit.csv"
            $updatedAuditResults | Export-Csv -Path $originalFileName -NoTypeInformation
        }
    }
    elseif ($OutputTestNumber) {
        if ($results[0].Details) {
            return $results[0].Details
        }
        else {
            Write-Information "No results found for test number $($OutputTestNumber)." -InformationAction Continue
        }
    }
    else {
        Write-Error "No valid operation specified. Please provide valid parameters."
    }
 }
--- a/source/Public/Get-AdminRoleUserLicense.ps1
+++ b/source/Public/Get-AdminRoleUserLicense.ps1
@@ -25,7 +25,6 @@
    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense
 #>
 function Get-AdminRoleUserLicense {
    # Set output type to System.Collections.ArrayList
    [OutputType([System.Collections.ArrayList])]
    [CmdletBinding()]
    param (
@@ -42,33 +41,37 @@ function Get-AdminRoleUserLicense {
        $userIds = [System.Collections.ArrayList]::new()
    }
-    Process {
+    process {
-        $adminroles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+        Write-Verbose "Retrieving all admin roles"
        $adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName
-        foreach ($role in $adminroles) {
+        Write-Verbose "Filtering admin roles"
-            $usersInRole = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+        $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne "Directory Synchronization Accounts") }
-            foreach ($user in $usersInRole) {
+        foreach ($role in $adminRoles) {
-                $userDetails = Get-MgUser -UserId $user.PrincipalId -Property "DisplayName, UserPrincipalName, Id, onPremisesSyncEnabled" -ErrorAction SilentlyContinue
+            Write-Verbose "Processing role: $($role.DisplayName)"
            $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
            foreach ($assignment in $roleAssignments) {
                Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)"
                $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
                if ($userDetails) {
-                    [void]($userIds.Add($user.PrincipalId))
+                    Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)"
-                    [void](
+                    [void]($userIds.Add($userDetails.Id))
-                        $adminRoleUsers.Add(
+                    [void]($adminRoleUsers.Add([PSCustomObject]@{
-                            [PSCustomObject]@{
+                        RoleName          = $role.DisplayName
-                                RoleName          = $role.DisplayName
+                        UserName          = $userDetails.DisplayName
-                                UserName          = $userDetails.DisplayName
+                        UserPrincipalName = $userDetails.UserPrincipalName
-                                UserPrincipalName = $userDetails.UserPrincipalName
+                        UserId            = $userDetails.Id
-                                UserId            = $userDetails.Id
+                        HybridUser        = [bool]$userDetails.OnPremisesSyncEnabled
-                                HybridUser        = $userDetails.onPremisesSyncEnabled
+                        Licenses          = $null  # Initialize as $null
-                                Licenses          = $null  # Initialize as $null
+                    }))
                            }
                        )
                    )
                }
            }
        }
        Write-Verbose "Retrieving licenses for admin role users"
        foreach ($userId in $userIds.ToArray() | Select-Object -Unique) {
            $licenses = Get-MgUserLicenseDetail -UserId $userId -ErrorAction SilentlyContinue
            if ($licenses) {
@@ -80,7 +83,7 @@ function Get-AdminRoleUserLicense {
        }
    }
-    End {
+    end {
        Write-Host "Disconnecting from Microsoft Graph..." -ForegroundColor Green
        Disconnect-MgGraph | Out-Null
        return $adminRoleUsers
--- a/source/Public/Get-MFAStatus.ps1
+++ b/source/Public/Get-MFAStatus.ps1
@@ -0,0 +1,103 @@
 <#
    .SYNOPSIS
        Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users.
    .DESCRIPTION
        The Get-MFAStatus function connects to Microsoft Online Service and retrieves the MFA status for all Azure Active Directory users, excluding guest accounts. Optionally, you can specify a single user by their User Principal Name (UPN) to get their MFA status.
    .PARAMETER UserId
        The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users.
    .EXAMPLE
        Get-MFAStatus
        Retrieves the MFA status for all Azure Active Directory users.
    .EXAMPLE
        Get-MFAStatus -UserId "example@domain.com"
        Retrieves the MFA status for the specified user with the UPN "example@domain.com".
    .OUTPUTS
        System.Object
        Returns a sorted list of custom objects containing the following properties:
        - UserPrincipalName
        - DisplayName
        - MFAState
        - MFADefaultMethod
        - MFAPhoneNumber
        - PrimarySMTP
        - Aliases
    .NOTES
        The function requires the MSOL module to be installed and connected to your tenant.
        Ensure that you have the necessary permissions to read user and MFA status information.
    .LINK
    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus
 #>
 function Get-MFAStatus {
    [OutputType([System.Object])]
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $false)]
        [ValidateNotNullOrEmpty()]
        [string]$UserId
    )
    begin {
        # Connect to Microsoft Online service
        Import-Module MSOnline -ErrorAction SilentlyContinue
    }
    process {
        if (Get-Module MSOnline){
            Connect-MsolService
            Write-Host -Object "Finding Azure Active Directory Accounts..."
            # Get all users, excluding guests
            $Users = if ($PSBoundParameters.ContainsKey('UserId')) {
                Get-MsolUser -UserPrincipalName $UserId
            } else {
                Get-MsolUser -All | Where-Object { $_.UserType -ne "Guest" }
            }
            $Report = [System.Collections.Generic.List[Object]]::new() # Create output list
            Write-Host -Object "Processing" $Users.Count "accounts..."
            ForEach ($User in $Users) {
                $MFADefaultMethod = ($User.StrongAuthenticationMethods | Where-Object { $_.IsDefault -eq "True" }).MethodType
                $MFAPhoneNumber = $User.StrongAuthenticationUserDetails.PhoneNumber
                $PrimarySMTP = $User.ProxyAddresses | Where-Object { $_ -clike "SMTP*" } | ForEach-Object { $_ -replace "SMTP:", "" }
                $Aliases = $User.ProxyAddresses | Where-Object { $_ -clike "smtp*" } | ForEach-Object { $_ -replace "smtp:", "" }
                If ($User.StrongAuthenticationRequirements) {
                    $MFAState = $User.StrongAuthenticationRequirements.State
                }
                Else {
                    $MFAState = 'Disabled'
                }
                If ($MFADefaultMethod) {
                    Switch ($MFADefaultMethod) {
                        "OneWaySMS" { $MFADefaultMethod = "Text code authentication phone" }
                        "TwoWayVoiceMobile" { $MFADefaultMethod = "Call authentication phone" }
                        "TwoWayVoiceOffice" { $MFADefaultMethod = "Call office phone" }
                        "PhoneAppOTP" { $MFADefaultMethod = "Authenticator app or hardware token" }
                        "PhoneAppNotification" { $MFADefaultMethod = "Microsoft authenticator app" }
                    }
                }
                Else {
                    $MFADefaultMethod = "Not enabled"
                }
                $ReportLine = [PSCustomObject] @{
                    UserPrincipalName = $User.UserPrincipalName
                    DisplayName       = $User.DisplayName
                    MFAState          = $MFAState
                    MFADefaultMethod  = $MFADefaultMethod
                    MFAPhoneNumber    = $MFAPhoneNumber
                    PrimarySMTP       = ($PrimarySMTP -join ',')
                    Aliases           = ($Aliases -join ',')
                }
                $Report.Add($ReportLine)
            }
            Write-Host -Object "Processing complete."
            return $Report | Select-Object UserPrincipalName, DisplayName, MFAState, MFADefaultMethod, MFAPhoneNumber, PrimarySMTP, Aliases | Sort-Object UserPrincipalName
        }
        else {
            Write-Host -Object "You must first install MSOL using:`nInstall-Module MSOnline -Scope CurrentUser -Force"
        }
    }
 }
--- a/source/Public/Invoke-M365SecurityAudit.ps1
+++ b/source/Public/Invoke-M365SecurityAudit.ps1
@@ -286,6 +286,16 @@ function Invoke-M365SecurityAudit {
            # Call the private function to calculate and display results
            Measure-AuditResult -AllAuditResults $allAuditResults -FailedTests $script:FailedTests
            # Return all collected audit results
            # Define the test numbers to check
            $TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
            # Check for large details in the audit results
            $exceedingTests = Get-ExceededLengthResultDetail -AuditResults $allAuditResults -TestNumbersToCheck $TestNumbersToCheck -ReturnExceedingTestsOnly -DetailsLengthLimit 30000
            if ($exceedingTests.Count -gt 0) {
                Write-Information "The following tests exceeded the details length limit: $($exceedingTests -join ', ')" -InformationAction Continue
                Write-Host "(Assuming the results were instantiated. Ex: `$object = invoke-M365SecurityAudit) Use the following command and adjust as neccesary to view the full details of the test results:" -ForegroundColor DarkCyan
                Write-Host "Export-M365SecurityAuditTable -ExportAllTests -AuditResults `$object -ExportPath `"C:\temp`" -ExportOriginalTests" -ForegroundColor Green
            }
            return $allAuditResults.ToArray() | Sort-Object -Property Rec
        }
    }
--- a/source/Public/Remove-RowsWithEmptyCSVStatus.ps1
+++ b/source/Public/Remove-RowsWithEmptyCSVStatus.ps1
@@ -0,0 +1,34 @@
 function Remove-RowsWithEmptyCSVStatus {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string]$FilePath,
        [Parameter(Mandatory = $true)]
        [string]$WorksheetName
    )
    # Import the Excel file
    $ExcelData = Import-Excel -Path $FilePath -WorksheetName $WorksheetName
    # Check if CSV_Status column exists
    if (-not $ExcelData.PSObject.Properties.Match("CSV_Status")) {
        throw "CSV_Status column not found in the worksheet."
    }
    # Filter rows where CSV_Status is not empty
    $FilteredData = $ExcelData | Where-Object { $null -ne $_.CSV_Status -and $_.CSV_Status -ne '' }
    # Get the original file name and directory
    $OriginalFileName = [System.IO.Path]::GetFileNameWithoutExtension($FilePath)
    $Directory = [System.IO.Path]::GetDirectoryName($FilePath)
    # Create a new file name for the filtered data
    $NewFileName = "$OriginalFileName-Filtered.xlsx"
    $NewFilePath = Join-Path -Path $Directory -ChildPath $NewFileName
    # Export the filtered data to a new Excel file
    $FilteredData | Export-Excel -Path $NewFilePath -WorksheetName $WorksheetName -Show
    Write-Output "Filtered Excel file created at $NewFilePath"
 }
--- a/source/helper/TestDefinitions.csv
+++ b/source/helper/TestDefinitions.csv
@@ -18,8 +18,8 @@
 17,Test-RestrictTenantCreation.ps1,5.1.2.3,Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes',E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,Microsoft Graph
 18,Test-PasswordHashSync.ps1,5.1.8.1,Ensure password hash sync is enabled for hybrid deployments,E3,L1,6.7,Centralize Access Control,FALSE,TRUE,TRUE,TRUE,Microsoft Graph
 19,Test-AuditDisabledFalse.ps1,6.1.1,Ensure 'AuditDisabled' organizationally is set to 'False',E3,L1,8.2,Collect Audit Logs,TRUE,TRUE,TRUE,TRUE,Microsoft Graph
-20,Test-MailboxAuditingE3.ps1,6.1.2,Ensure mailbox auditing for Office E3 users is Enabled,E3,L1,8.2,Collect audit logs.,TRUE,TRUE,TRUE,TRUE,AzureAD | EXO | Microsoft Graph
+20,Test-MailboxAuditingE3.ps1,6.1.2,Ensure mailbox auditing for Office E3 users is Enabled,E3,L1,8.2,Collect audit logs.,TRUE,TRUE,TRUE,TRUE,EXO | Microsoft Graph
-21,Test-MailboxAuditingE5.ps1,6.1.3,Ensure mailbox auditing for Office E5 users is Enabled,E5,L1,8.2,Collect audit logs.,TRUE,TRUE,TRUE,TRUE,AzureAD | EXO | Microsoft Graph
+21,Test-MailboxAuditingE5.ps1,6.1.3,Ensure mailbox auditing for Office E5 users is Enabled,E5,L1,8.2,Collect audit logs.,TRUE,TRUE,TRUE,TRUE,EXO | Microsoft Graph
 22,Test-BlockMailForwarding.ps1,6.2.1,Ensure all forms of mail forwarding are blocked and/or disabled,E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,EXO
 23,Test-NoWhitelistDomains.ps1,6.2.2,Ensure mail transport rules do not whitelist specific domains,E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,EXO
 24,Test-IdentifyExternalEmail.ps1,6.2.3,Ensure email from external senders is identified,E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,EXO
--- a/source/tests/Test-AdministrativeAccountCompliance.ps1
+++ b/source/tests/Test-AdministrativeAccountCompliance.ps1
@@ -20,7 +20,12 @@ function Test-AdministrativeAccountCompliance {
        try {
            # Retrieve all admin roles
            Write-Verbose "Retrieving all admin roles"
-            $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+            # Get the DisplayNames of all admin roles
            $adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName
            # Use the DisplayNames to filter the roles in Get-MgRoleManagementDirectoryRoleDefinition
            $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne "Directory Synchronization Accounts")}
            $adminRoleUsers = @()
            # Loop through each admin role to get role assignments and user details
@@ -47,9 +52,10 @@ function Test-AdministrativeAccountCompliance {
                        # Condition C: Check if the account has no other licenses
                        $hasInvalidLicense = $licenses.SkuPartNumber | ForEach-Object { $validLicenses -notcontains $_ }
                        $invalidLicenses = $licenses.SkuPartNumber | Where-Object { $validLicenses -notcontains $_ }
                        $applicationAssignmentStatus = if ($hasInvalidLicense) { "Fail" } else { "Pass" }
-                        Write-Verbose "User: $($userDetails.UserPrincipalName), Cloud-Only: $cloudOnlyStatus, Valid Licenses: $validLicensesStatus, Other Applications Assigned: $applicationAssignmentStatus"
+                        Write-Verbose "User: $($userDetails.UserPrincipalName), Cloud-Only: $cloudOnlyStatus, Valid Licenses: $validLicensesStatus, Invalid Licenses: $($invalidLicenses -join ', ')"
                        # Collect user information
                        $adminRoleUsers += [PSCustomObject]@{
@@ -95,13 +101,14 @@ function Test-AdministrativeAccountCompliance {
            $failureReasons = $failureReasons -join "`n"
            $failureReason = if ($nonCompliantUsers) {
                "Non-Compliant Accounts: $($nonCompliantUsers.Count)"
-            } else {
+            }
            else {
                "Compliant Accounts: $($uniqueAdminRoleUsers.Count)"
            }
            $result = $nonCompliantUsers.Count -eq 0
            $status = if ($result) { 'Pass' } else { 'Fail' }
-            $details = if ($nonCompliantUsers) { "Non-compliant accounts: `nUsername | Roles | Cloud-Only Status | Entra ID License Status | Other Applications Assigned Status`n$failureReasons" } else { "N/A" }
+            $details = if ($nonCompliantUsers) { "Username | Roles | Cloud-Only Status | EntraID P1/P2 License Status | Other Applications Assigned Status`n$failureReasons" } else { "N/A" }
            Write-Verbose "Assessment completed. Result: $status"
--- a/source/tests/Test-BlockMailForwarding.ps1
+++ b/source/tests/Test-BlockMailForwarding.ps1
@@ -64,7 +64,7 @@ function Test-BlockMailForwarding {
            if ($nonCompliantSpamPoliciesArray.Count -gt 0) {
                # Fail Condition B
                $failureReasons += "Outbound spam policies allowing automatic forwarding found."
-                $details += "Outbound Spam Policies Details:`nPolicy|AutoForwardingMode"
+                $details += "Policy|AutoForwardingMode"
                $details += $nonCompliantSpamPoliciesArray | ForEach-Object {
                    "$($_.Name)|$($_.AutoForwardingMode)"
                }
--- a/source/tests/Test-MailboxAuditingE3.ps1
+++ b/source/tests/Test-MailboxAuditingE3.ps1
@@ -29,105 +29,124 @@ function Test-MailboxAuditingE3 {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
-        $e3SkuPartNumbers = @("ENTERPRISEPACK", "OFFICESUBSCRIPTION")
+        $e3SkuPartNumber = "SPE_E3"
-        $AdminActions = @("ApplyRecord", "Copy", "Create", "FolderBind", "HardDelete", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules")
+
-        $DelegateActions = @("ApplyRecord", "Create", "FolderBind", "HardDelete", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateInboxRules")
+        $actionDictionaries = Get-Action -Dictionaries
-        $OwnerActions = @("ApplyRecord", "Create", "HardDelete", "MailboxLogin", "Move", "MoveToDeletedItems", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules")
+        # E3 specific actions
        $AdminActions = $actionDictionaries.AdminActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
        $DelegateActions = $actionDictionaries.DelegateActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed") }
        $OwnerActions = $actionDictionaries.OwnerActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
        $allFailures = @()
-        $allUsers = Get-AzureADUser -All $true
+        $founde3Sku = Get-MgSubscribedSku -All | Where-Object { $_.SkuPartNumber -eq $e3SkuPartNumber }
        $processedUsers = @{}  # Dictionary to track processed users
        $recnum = "6.1.2"
    }
    process {
-        try {
+        if ($founde3Sku.Count -ne 0) {
-            foreach ($user in $allUsers) {
+            $allUsers = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde3Sku.SkuId) )" -All
-                if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
+            $mailboxes = Get-EXOMailbox -PropertySets Audit
-                    Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
+            try {
-                    continue
+                foreach ($user in $allUsers) {
-                }
+                    if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
                        Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
                        continue
                    }
                $licenseDetails = Get-MgUserLicenseDetail -UserId $user.UserPrincipalName
                $hasOfficeE3 = ($licenseDetails | Where-Object { $_.SkuPartNumber -in $e3SkuPartNumbers }).Count -gt 0
                Write-Verbose "Evaluating user $($user.UserPrincipalName) for Office E3 license."
                if ($hasOfficeE3) {
                    $userUPN = $user.UserPrincipalName
-                    $mailbox = Get-EXOMailbox -Identity $userUPN -PropertySets Audit
+                    $mailbox = $mailboxes | Where-Object { $_.UserPrincipalName -eq $user.UserPrincipalName }
                    $missingAdminActions = @()
                    $missingDelegateActions = @()
                    $missingOwnerActions = @()
                    $missingActions = @()
                    if ($mailbox.AuditEnabled) {
                        foreach ($action in $AdminActions) {
-                            # Condition B: Checking if the `AuditAdmin` actions include required actions
+                            if ($mailbox.AuditAdmin -notcontains $action) {
-                            if ($mailbox.AuditAdmin -notcontains $action) { $missingActions += "Admin action '$action' missing" }
+                                $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin")
                            }
                        }
                        foreach ($action in $DelegateActions) {
-                            # Condition C: Checking if the `AuditDelegate` actions include required actions
+                            if ($mailbox.AuditDelegate -notcontains $action) {
-                            if ($mailbox.AuditDelegate -notcontains $action) { $missingActions += "Delegate action '$action' missing" }
+                                $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate")
                            }
                        }
                        foreach ($action in $OwnerActions) {
-                            # Condition D: Checking if the `AuditOwner` actions include required actions
+                            if ($mailbox.AuditOwner -notcontains $action) {
-                            if ($mailbox.AuditOwner -notcontains $action) { $missingActions += "Owner action '$action' missing" }
+                                $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner")
                            }
                        }
-                        if ($missingActions.Count -gt 0) {
+                        if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
-                            $formattedActions = Format-MissingAction -missingActions $missingActions
+                            $allFailures += "$userUPN|True|$($missingAdminActions -join ',')|$($missingDelegateActions -join ',')|$($missingOwnerActions -join ',')"
                            $allFailures += "$userUPN|True|$($formattedActions.Admin)|$($formattedActions.Delegate)|$($formattedActions.Owner)"
                        }
                    }
                    else {
-                        # Condition A: Checking if mailbox audit logging is enabled
+                        $allFailures += "$userUPN|False|||" # Condition A for fail
                        $allFailures += "$userUPN|False|||"
                    }
                    # Mark the user as processed
                    $processedUsers[$user.UserPrincipalName] = $true
                }
            }
-            # Prepare failure reasons and details based on compliance
+                # Prepare failure reasons and details based on compliance
-            $failureReasons = if ($allFailures.Count -eq 0) { "N/A" } else { "Audit issues detected." }
+                if ($allFailures.Count -eq 0) {
-            $details = if ($allFailures.Count -eq 0) {
+                    $failureReasons = "N/A"
-                "All Office E3 users have correct mailbox audit settings."
+                }
-            }
+                else {
-            else {
+                    $failureReasons = "Audit issues detected."
-                "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n")
+                }
-            }
+                $details = if ($allFailures.Count -eq 0) {
                    "All Office E3 users have correct mailbox audit settings."
                }
                else {
                    "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n")
                }
-            # Populate the audit result
+                # Populate the audit result
                $params = @{
                    Rec           = $recnum
                    Result        = $allFailures.Count -eq 0
                    Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
                    Details       = $details
                    FailureReason = $failureReasons
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
                # Retrieve the description from the test definitions
                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
        }
        else {
            $params = @{
                Rec           = $recnum
-                Result        = $allFailures.Count -eq 0
+                Result        = $false
-                Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No M365 E3 licenses found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit is for M365 E3 licenses, but no such licenses were found."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
        #$verbosePreference = 'Continue'
        $detailsLength = $details.Length
        Write-Verbose "Character count of the details: $detailsLength"
        if ($detailsLength -gt 32767) {
            Write-Verbose "Warning: The character count exceeds the limit for Excel cells."
        }
-        #$verbosePreference = 'SilentlyContinue'
+
        return $auditResult
    }
 }
--- a/source/tests/Test-MailboxAuditingE5.ps1
+++ b/source/tests/Test-MailboxAuditingE5.ps1
@@ -27,104 +27,126 @@ function Test-MailboxAuditingE5 {
        #   - Condition C: AuditDelegate actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, SendAs, SendOnBehalf, SoftDelete, Update, UpdateFolderPermissions, UpdateInboxRules.
        #   - Condition D: AuditOwner actions do not include all of the following: ApplyRecord, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules.
-        $e5SkuPartNumbers = @("SPE_E5", "ENTERPRISEPREMIUM", "OFFICEE5")
+        $e5SkuPartNumber = "SPE_E5"
-        $AdminActions = @("ApplyRecord", "Copy", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "Send", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules")
+        $founde5Sku = Get-MgSubscribedSku -All | Where-Object { $_.SkuPartNumber -eq $e5SkuPartNumber }
-        $DelegateActions = @("ApplyRecord", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateInboxRules")
+
-        $OwnerActions = @("ApplyRecord", "Create", "HardDelete", "MailboxLogin", "Move", "MailItemsAccessed", "MoveToDeletedItems", "Send", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules")
+        $actionDictionaries = Get-Action -Dictionaries
        $AdminActions = $actionDictionaries.AdminActions.Keys
        $DelegateActions = $actionDictionaries.DelegateActions.Keys
        $OwnerActions = $actionDictionaries.OwnerActions.Keys
        $allFailures = @()
-        $allUsers = Get-AzureADUser -All $true
+        $processedUsers = @{}
        $processedUsers = @{}  # Dictionary to track processed users
        $recnum = "6.1.3"
    }
    process {
-        try {
+        if (($founde5Sku.count) -ne 0) {
-            foreach ($user in $allUsers) {
+            $allUsers = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde5Sku.SkuId) )" -All
-                if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
+            $mailboxes = Get-EXOMailbox -PropertySets Audit
-                    Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
+            try {
-                    continue
+                foreach ($user in $allUsers) {
-                }
+                    if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
                        Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
                        continue
                    }
-                $licenseDetails = Get-MgUserLicenseDetail -UserId $user.UserPrincipalName
+                    $mailbox = $mailboxes | Where-Object { $_.UserPrincipalName -eq $user.UserPrincipalName }
                $hasOfficeE5 = ($licenseDetails | Where-Object { $_.SkuPartNumber -in $e5SkuPartNumbers }).Count -gt 0
                Write-Verbose "Evaluating user $($user.UserPrincipalName) for Office E5 license."
                if ($hasOfficeE5) {
                    $userUPN = $user.UserPrincipalName
                    $mailbox = Get-EXOMailbox -Identity $userUPN -PropertySets Audit
-                    $missingActions = @()
+                    $missingAdminActions = @()
                    $missingDelegateActions = @()
                    $missingOwnerActions = @()
                    if ($mailbox.AuditEnabled) {
                        # Validate Admin actions
                        foreach ($action in $AdminActions) {
-                            if ($mailbox.AuditAdmin -notcontains $action) { $missingActions += "Admin action '$action' missing" } # Condition B
+                            if ($mailbox.AuditAdmin -notcontains $action) {
                                $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin") # Condition B
                            }
                        }
                        # Validate Delegate actions
                        foreach ($action in $DelegateActions) {
-                            if ($mailbox.AuditDelegate -notcontains $action) { $missingActions += "Delegate action '$action' missing" } # Condition C
+                            if ($mailbox.AuditDelegate -notcontains $action) {
                                $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate") # Condition C
                            }
                        }
                        # Validate Owner actions
                        foreach ($action in $OwnerActions) {
-                            if ($mailbox.AuditOwner -notcontains $action) { $missingActions += "Owner action '$action' missing" } # Condition D
+                            if ($mailbox.AuditOwner -notcontains $action) {
                                $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner") # Condition D
                            }
                        }
-                        if ($missingActions.Count -gt 0) {
+                        if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
-                            $formattedActions = Format-MissingAction -missingActions $missingActions
+                            $allFailures += "$userUPN|True|$($missingAdminActions -join ',')|$($missingDelegateActions -join ',')|$($missingOwnerActions -join ',')"
                            $allFailures += "$userUPN|True|$($formattedActions.Admin)|$($formattedActions.Delegate)|$($formattedActions.Owner)"
                        }
                    }
                    else {
-                        $allFailures += "$userUPN|False|||"
+                        $allFailures += "$userUPN|False|||" # Condition A for fail
                    }
                    # Mark the user as processed
                    $processedUsers[$user.UserPrincipalName] = $true
                }
            }
-            # Prepare failure reasons and details based on compliance
+                # Prepare failure reasons and details based on compliance
-            $failureReasons = if ($allFailures.Count -eq 0) { "N/A" } else { "Audit issues detected." }
+                if ($allFailures.Count -eq 0) {
-            $details = if ($allFailures.Count -eq 0) {
+                    $failureReasons = "N/A"
-                "All Office E5 users have correct mailbox audit settings." # Condition A for pass
+                }
-            }
+                else {
-            else {
+                    $failureReasons = "Audit issues detected."
-                "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n") # Condition A for fail
+                }
                $details = if ($allFailures.Count -eq 0) {
                    "All Office E5 users have correct mailbox audit settings." # Condition A for pass
                }
                else {
                    "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n") # Condition A for fail
                }
                # $details = Initialize-LargeTestTable -lineCount 3000 # Adjust the lineCount to exceed 32,000 characters
                # Populate the audit result
                $params = @{
                    Rec           = $recnum
                    Result        = $allFailures.Count -eq 0
                    Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
                    Details       = $details
                    FailureReason = $failureReasons
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
-            # Populate the audit result
+                # Retrieve the description from the test definitions
                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
        }
        else {
            $params = @{
                Rec           = $recnum
-                Result        = $allFailures.Count -eq 0
+                Result        = $false
-                Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No M365 E5 licenses found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit is for M365 E5 licenses, but no such licenses were found."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
        #$verbosePreference = 'Continue'
        $detailsLength = $details.Length
        Write-Verbose "Character count of the details: $detailsLength"
        if ($detailsLength -gt 32767) {
            Write-Verbose "Warning: The character count exceeds the limit for Excel cells."
        }
-        #$verbosePreference = 'SilentlyContinue'
+
        return $auditResult
    }
-}
+}
--- a/source/tests/Test-SafeAttachmentsPolicy.ps1
+++ b/source/tests/Test-SafeAttachmentsPolicy.ps1
@@ -1,19 +1,12 @@
 function Test-SafeAttachmentsPolicy {
    [CmdletBinding()]
    [OutputType([CISAuditResult])]
-    param (
+    param ()
        # Aligned
        # Parameters can be added if needed
    )
    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
        $recnum = "2.1.4"
-    <#
+        <#
        Conditions for 2.1.4 (L2) Ensure Safe Attachments policy is enabled
        Validate test for a pass:
@@ -31,58 +24,88 @@ function Test-SafeAttachmentsPolicy {
          - Condition B: The policy does not cover all recipients within the organization.
          - Condition C: The policy action is not set to "Dynamic Delivery" or "Quarantine".
          - Condition D: The policy is disabled.
-    #>
+        #>
    }
    process {
-        try {
+        if (Get-Command Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue) {
-            # 2.1.4 (L2) Ensure Safe Attachments policy is enabled
+            try {
                # Retrieve all Safe Attachment policies where Enable is set to True
                $safeAttachmentPolicies = Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue | Where-Object { $_.Enable -eq $true }
                # Check if any Safe Attachments policy is enabled (Condition A)
                $result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0
-            # Retrieve all Safe Attachment policies where Enable is set to True
+                # Initialize details and failure reasons
-            $safeAttachmentPolicies = Get-SafeAttachmentPolicy | Where-Object { $_.Enable -eq $true }
+                $details = @()
                $failureReasons = @()
-            # Condition A: Check if any Safe Attachments policy is enabled
+                foreach ($policy in $safeAttachmentPolicies) {
-            $result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0
+                    # Initialize policy detail and failed status
                    $failed = $false
-            # Condition B, C, D: Additional checks can be added here if more detailed policy attributes are required
+                    # Check if the policy action is set to "Dynamic Delivery" or "Quarantine" (Condition C)
                    if ($policy.Action -notin @("DynamicDelivery", "Quarantine")) {
                        $failureReasons += "Policy '$($policy.Name)' action is not set to 'Dynamic Delivery' or 'Quarantine'."
                        $failed = $true
                    }
-            # Determine details and failure reasons based on the presence of enabled policies
+                    # Check if the policy is not disabled (Condition D)
-            $details = if ($result) {
+                    if (-not $policy.Enable) {
-                "Enabled Safe Attachments Policies: $($safeAttachmentPolicies.Name -join ', ')"
+                        $failureReasons += "Policy '$($policy.Name)' is disabled."
-            }
+                        $failed = $true
-            else {
+                    }
-                "No Safe Attachments Policies are enabled."
+
                    # Add policy details to the details array
                    $details += [PSCustomObject]@{
                        Policy  = $policy.Name
                        Enabled = $policy.Enable
                        Action  = $policy.Action
                        Failed  = $failed
                    }
                }
                # The result is a pass if there are no failure reasons
                $result = $failureReasons.Count -eq 0
                # Format details for output manually
                $detailsString = "Policy|Enabled|Action|Failed`n" + ($details |
                    ForEach-Object {"$($_.Policy)|$($_.Enabled)|$($_.Action)|$($_.Failed)`n"}
                )
                $failureReasonsString = ($failureReasons | ForEach-Object { $_ }) -join ' '
                # Create and populate the CISAuditResult object
                $params = @{
                    Rec           = $recnum
                    Result        = $result
                    Status        = if ($result) { "Pass" } else { "Fail" }
                    Details       = $detailsString
                    FailureReason = if ($result) { "N/A" } else { $failureReasonsString }
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
-            $failureReasons = if ($result) {
+                # Retrieve the description from the test definitions
-                "N/A"
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
-            }
+                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            else {
                "Safe Attachments policy is not enabled."
            }
-            # Create and populate the CISAuditResult object
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
        }
        else {
            $params = @{
                Rec           = $recnum
-                Result        = $result
+                Result        = $false
-                Status        = if ($result) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No Safe Attachments policies found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit needs Safe Attachment features available or required EXO commands will not be available otherwise."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
@@ -90,4 +113,3 @@ function Test-SafeAttachmentsPolicy {
        return $auditResult
    }
 }
--- a/source/tests/Test-SafeAttachmentsTeams.ps1
+++ b/source/tests/Test-SafeAttachmentsTeams.ps1
@@ -31,61 +31,71 @@ function Test-SafeAttachmentsTeams {
    }
    process {
-        try {
+        if (Get-Command Get-AtpPolicyForO365 -ErrorAction SilentlyContinue) {
-            # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
+            try {
                # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
                # Retrieve the ATP policies for Office 365 and check Safe Attachments settings
                $atpPolicies = Get-AtpPolicyForO365
                # Check if the required ATP policies are enabled
                $atpPolicyResult = $atpPolicies | Where-Object {
                    $_.EnableATPForSPOTeamsODB -eq $true -and
                    $_.EnableSafeDocs -eq $true -and
                    $_.AllowSafeDocsOpen -eq $false
                }
-            # Retrieve the ATP policies for Office 365 and check Safe Attachments settings
+                # Condition A: Check Safe Attachments for SharePoint
-            $atpPolicies = Get-AtpPolicyForO365
+                # Condition B: Check Safe Attachments for OneDrive
                # Condition C: Check Safe Attachments for Microsoft Teams
-            # Check if the required ATP policies are enabled
+                # Determine the result based on the ATP policy settings
-            $atpPolicyResult = $atpPolicies | Where-Object {
+                $result = $null -ne $atpPolicyResult
-                $_.EnableATPForSPOTeamsODB -eq $true -and
+                $details = if ($result) {
-                $_.EnableSafeDocs -eq $true -and
+                    "ATP for SharePoint, OneDrive, and Teams is enabled with correct settings."
-                $_.AllowSafeDocsOpen -eq $false
+                }
                else {
                    "ATP for SharePoint, OneDrive, and Teams is not enabled with correct settings."
                }
                $failureReasons = if ($result) {
                    "N/A"
                }
                else {
                    "ATP policy for SharePoint, OneDrive, and Microsoft Teams is not correctly configured."
                }
                # Create and populate the CISAuditResult object
                $params = @{
                    Rec           = $recnum
                    Result        = $result
                    Status        = if ($result) { "Pass" } else { "Fail" }
                    Details       = $details
                    FailureReason = $failureReasons
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
-            # Condition A: Check Safe Attachments for SharePoint
+                # Retrieve the description from the test definitions
-            # Condition B: Check Safe Attachments for OneDrive
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
-            # Condition C: Check Safe Attachments for Microsoft Teams
+                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
-            # Determine the result based on the ATP policy settings
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            $result = $null -ne $atpPolicyResult
            $details = if ($result) {
                "ATP for SharePoint, OneDrive, and Teams is enabled with correct settings."
            }
            else {
                "ATP for SharePoint, OneDrive, and Teams is not enabled with correct settings."
            }
-            $failureReasons = if ($result) {
+                # Call Initialize-CISAuditResult with error parameters
-                "N/A"
+                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
-            else {
+        }
-                "ATP policy for SharePoint, OneDrive, and Microsoft Teams is not correctly configured."
+        else {
            }
            # Create and populate the CISAuditResult object
            $params = @{
                Rec           = $recnum
-                Result        = $result
+                Result        = $false
-                Status        = if ($result) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No M365 E5 licenses found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit is for M365 E5 licenses and the required EXO commands will not be available otherwise."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
--- a/source/tests/Test-SafeLinksOfficeApps.ps1
+++ b/source/tests/Test-SafeLinksOfficeApps.ps1
@@ -40,62 +40,72 @@ function Test-SafeLinksOfficeApps {
    }
    process {
-        try {
+        if (Get-Command Get-SafeLinksPolicy -ErrorAction SilentlyContinue) {
-            # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
+            try {
                # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
                # Retrieve all Safe Links policies
                $policies = Get-SafeLinksPolicy
                # Initialize the details collection
                $misconfiguredDetails = @()
-            # Retrieve all Safe Links policies
+                foreach ($policy in $policies) {
-            $policies = Get-SafeLinksPolicy
+                    # Get the detailed configuration of each policy
                    $policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
-            # Initialize the details collection
+                    # Check each required property and record failures
-            $misconfiguredDetails = @()
+                    # Condition A: Checking policy settings
                    $failures = @()
                    if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" } # Email: On
                    if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" } # Teams: On
                    if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" } # Office 365 Apps: On
                    if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" } # Click protection settings: On
                    if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" } # Do not track when users click safe links: Off
-            foreach ($policy in $policies) {
+                    # Only add details for policies that have misconfigurations
-                # Get the detailed configuration of each policy
+                    if ($failures.Count -gt 0) {
-                $policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
+                        $misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
-
+                    }
                # Check each required property and record failures
                # Condition A: Checking policy settings
                $failures = @()
                if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" } # Email: On
                if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" } # Teams: On
                if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" } # Office 365 Apps: On
                if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" } # Click protection settings: On
                if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" } # Do not track when users click safe links: Off
                # Only add details for policies that have misconfigurations
                if ($failures.Count -gt 0) {
                    $misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
                }
                # Prepare the final result
                # Condition B: Ensuring no misconfigurations
                $result = $misconfiguredDetails.Count -eq 0
                $details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join ' | ' }
                $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
                # Create and populate the CISAuditResult object
                $params = @{
                    Rec           = $recnum
                    Result        = $result
                    Status        = if ($result) { "Pass" } else { "Fail" }
                    Details       = $details
                    FailureReason = $failureReasons
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
-            # Prepare the final result
+                # Retrieve the description from the test definitions
-            # Condition B: Ensuring no misconfigurations
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
-            $result = $misconfiguredDetails.Count -eq 0
+                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join ' | ' }
            $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
-            # Create and populate the CISAuditResult object
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
        }
        else {
            $params = @{
                Rec           = $recnum
-                Result        = $result
+                Result        = $false
-                Status        = if ($result) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No M365 E5 licenses found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit is for M365 E5 licenses and the required EXO commands will not be available otherwise."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
--- a/test-gh.ps1
+++ b/test-gh.ps1
@@ -1,212 +0,0 @@
 $repoOwner = "CriticalSolutionsNetwork"
 $repoName = "M365FoundationsCISReport"
 $directoryPath = ".\source\tests"
 $projectName = "Test Validation Project"
 # Function to create GitHub issues
 function Create-GitHubIssue {
    param (
        [string]$title,
        [string]$body,
        [string]$project
    )
    # Create the issue and add it to the specified project
    $issue = gh issue create --repo "$repoOwner/$repoName" --title "$title" --body "$body" --project "$project"
    return $issue
 }
 # Load test definitions from CSV
 $testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
 $testDefinitions = Import-Csv -Path $testDefinitionsPath
 # Iterate over each .ps1 file in the directory
 Get-ChildItem -Path $directoryPath -Filter "*.ps1" | ForEach-Object {
    $fileName = $_.Name
    $testDefinition = $testDefinitions | Where-Object { $_.TestFileName -eq $fileName }
    if ($testDefinition) {
        $rec = $testDefinition.Rec
        $elevel = $testDefinition.ELevel
        $profileLevel = $testDefinition.ProfileLevel
        $ig1 = $testDefinition.IG1
        $ig2 = $testDefinition.IG2
        $ig3 = $testDefinition.IG3
        $connection = $testDefinition.Connection
        $issueTitle = "Rec: $rec - Validate $fileName, ELevel: $elevel, ProfileLevel: $profileLevel, IG1: $ig1, IG2: $ig2, IG3: $ig3, Connection: $connection"
        $issueBody = @"
 # Validation for $fileName
 ## Tasks
 - [ ] Validate test for a pass
  - Description of passing criteria:
 - [ ] Validate test for a fail
  - Description of failing criteria:
 - [ ] Add notes and observations
  - Placeholder for additional notes:
 "@
        # Create the issue using GitHub CLI
        try {
            Create-GitHubIssue -title "$issueTitle" -body "$issueBody" -project "$projectName"
            Write-Output "Created issue for $fileName"
        }
        catch {
            Write-Error "Failed to create issue for $fileName`: $_"
        }
        # Introduce a delay of 2 seconds
        Start-Sleep -Seconds 2
    }
    else {
        Write-Warning "No matching test definition found for $fileName"
    }
 }
 ######################################
 $repoOwner = "CriticalSolutionsNetwork"
 $repoName = "M365FoundationsCISReport"
 # Function to update GitHub issue
 function Update-GitHubTIssue {
    param (
        [int]$issueNumber,
        [string]$title,
        [string]$body,
        [string]$owner,
        [string]$repositoryName
    )
    # Update the issue using Set-GitHubIssue
    Set-GitHubIssue -OwnerName $owner -RepositoryName $repositoryName -Issue $issueNumber -Title $title -Body $body -Label @("documentation", "help wanted", "question") -Confirm:$false
 }
 # Load test definitions from CSV
 $testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
 $testDefinitions = Import-Csv -Path $testDefinitionsPath
 # Fetch existing issues that start with "Rec:"
 $existingIssues = Get-GitHubIssue -OwnerName 'CriticalSolutionsNetwork' -RepositoryName 'M365FoundationsCISReport'
 # Create a list to hold matched issues
 $matchedIssues = @()
 $warnings = @()
 # Iterate over each existing issue
 $existingIssues | ForEach-Object {
    $issueNumber = $_.Number
    $issueTitle = $_.Title
    $issueBody = $_.Body
    # Extract the rec number from the issue title
    if ($issueTitle -match "Rec: (\d+\.\d+\.\d+)") {
        $rec = $matches[1]
        # Find the matching test definition based on rec number
        $testDefinition = $testDefinitions | Where-Object { $_.Rec -eq $rec }
        if ($testDefinition) {
            # Create the new issue body
            $newIssueBody = @"
 # Validation for $($testDefinition.TestFileName)
 ## Recommendation Details
 - **Recommendation**: $($testDefinition.Rec)
 - **Description**: $($testDefinition.RecDescription)
 - **ELevel**: $($testDefinition.ELevel)
 - **Profile Level**: $($testDefinition.ProfileLevel)
 - **CIS Control**: $($testDefinition.CISControl)
 - **CIS Description**: $($testDefinition.CISDescription)
 - **Implementation Group 1**: $($testDefinition.IG1)
 - **Implementation Group 2**: $($testDefinition.IG2)
 - **Implementation Group 3**: $($testDefinition.IG3)
 - **Automated**: $($testDefinition.Automated)
 - **Connection**: $($testDefinition.Connection)
 ## [$($testDefinition.TestFileName)](https://github.com/CriticalSolutionsNetwork/M365FoundationsCISReport/blob/main/source/tests/$($testDefinition.TestFileName))
 ## Tasks
 ### Validate recommendation details
 - [ ] Confirm that the recommendation details are accurate and complete as per the CIS benchmark.
 ### Validate test for a pass
 - [ ] Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
  - Specific conditions to check:
    - Condition A: (Detail about what constitutes Condition A)
    - Condition B: (Detail about what constitutes Condition B)
    - Condition C: (Detail about what constitutes Condition C)
 ### Validate test for a fail
 - [ ] Confirm that the failure conditions in the automated test are consistent with the manual audit results.
  - Specific conditions to check:
    - Condition A: (Detail about what constitutes Condition A)
    - Condition B: (Detail about what constitutes Condition B)
    - Condition C: (Detail about what constitutes Condition C)
 ### Add notes and observations
 - [ ] Compare the automated audit results with the manual audit steps and provide detailed observations.
  - Automated audit produced info consistent with the manual audit test results? (Yes/No)
  - Without disclosing any sensitive information, document any discrepancies between the actual output and the expected output.
  - Document any error messages, removing any sensitive information before submitting.
  - Identify the specific function, line, or section of the script that failed, if known.
  - Provide any additional context or observations that might help in troubleshooting.
 If needed, the helpers folder in .\source\helpers contains a CSV to assist with locating the test definition.
 "@
            # Add to matched issues list
            $matchedIssues += [PSCustomObject]@{
                IssueNumber = $issueNumber
                Title = $issueTitle
                NewBody = $newIssueBody
            }
        } else {
            $warnings += "No matching test definition found for Rec: $rec"
        }
    } else {
        $warnings += "No matching rec number found in issue title #$issueNumber"
    }
 }
 # Display matched issues for confirmation
 if ($matchedIssues.Count -gt 0) {
    Write-Output "Matched Issues:"
    $matchedIssues | ForEach-Object {
        Write-Output $_.Title
    }
    $confirmation = Read-Host "Do you want to proceed with updating these issues? (yes/no)"
    if ($confirmation -eq 'yes') {
        # Update the issues
        $matchedIssues | ForEach-Object {
            try {
                Update-GitHubTIssue -issueNumber $_.IssueNumber -title $_.Title -body $_.NewBody -owner $repoOwner -repositoryName $repoName
                Write-Output "Updated issue #$($_.IssueNumber)"
            } catch {
                Write-Error "Failed to update issue #$($_.IssueNumber): $_"
            }
            # Introduce a delay of 2 seconds
            Start-Sleep -Seconds 2
        }
    } else {
        Write-Output "Update canceled by user."
    }
 } else {
    Write-Output "No matched issues found to update."
 }
 # Display any warnings that were captured
 if ($warnings.Count -gt 0) {
    Write-Output "Warnings:"
    $warnings | ForEach-Object {
        Write-Output $_
    }
 }
 # Test command to verify GitHub access
 Get-GitHubRepository -OwnerName 'CriticalSolutionsNetwork' -RepositoryName 'M365FoundationsCISReport'
--- a/tests/Unit/Private/Get-Action.tests.ps1
+++ b/tests/Unit/Private/Get-Action.tests.ps1
@@ -0,0 +1,27 @@
 $ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path
 $ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{
        ($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and
        $(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } )
    }).BaseName
 Import-Module $ProjectName
 InModuleScope $ProjectName {
    Describe Get-PrivateFunction {
        Context 'Default' {
            BeforeEach {
                $return = Get-PrivateFunction -PrivateData 'string'
            }
            It 'Returns a single object' {
                ($return | Measure-Object).Count | Should -Be 1
            }
            It 'Returns a string based on the parameter PrivateData' {
                $return | Should -Be 'string'
            }
        }
    }
 }
--- a/tests/Unit/Private/Get-ExceededLengthResultDetail.tests.ps1
+++ b/tests/Unit/Private/Get-ExceededLengthResultDetail.tests.ps1
@@ -0,0 +1,27 @@
 $ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path
 $ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{
        ($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and
        $(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } )
    }).BaseName
 Import-Module $ProjectName
 InModuleScope $ProjectName {
    Describe Get-PrivateFunction {
        Context 'Default' {
            BeforeEach {
                $return = Get-PrivateFunction -PrivateData 'string'
            }
            It 'Returns a single object' {
                ($return | Measure-Object).Count | Should -Be 1
            }
            It 'Returns a string based on the parameter PrivateData' {
                $return | Should -Be 'string'
            }
        }
    }
 }
--- a/tests/Unit/Private/Get-PrivateFunction.tests.ps1
+++ b/tests/Unit/Private/Get-PrivateFunction.tests.ps1
@@ -1,31 +0,0 @@
 BeforeAll {
    $script:dscModuleName = 'M365FoundationsCISReport'
    Import-Module -Name $script:dscModuleName
 }
 AfterAll {
    # Unload the module being tested so that it doesn't impact any other tests.
    Get-Module -Name $script:dscModuleName -All | Remove-Module -Force
 }
 Describe Get-PrivateFunction {
    Context 'When calling the function with string value' {
        It 'Should return a single object' {
            InModuleScope -ModuleName $dscModuleName {
                $return = Get-PrivateFunction -PrivateData 'string'
                ($return | Measure-Object).Count | Should -Be 1
            }
        }
        It 'Should return a string based on the parameter PrivateData' {
            InModuleScope -ModuleName $dscModuleName {
                $return = Get-PrivateFunction -PrivateData 'string'
                $return | Should -Be 'string'
            }
        }
    }
 }
--- a/tests/Unit/Private/Initialize-LargeTestTable.tests.ps1
+++ b/tests/Unit/Private/Initialize-LargeTestTable.tests.ps1
@@ -0,0 +1,27 @@
 $ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path
 $ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{
        ($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and
        $(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } )
    }).BaseName
 Import-Module $ProjectName
 InModuleScope $ProjectName {
    Describe Get-PrivateFunction {
        Context 'Default' {
            BeforeEach {
                $return = Get-PrivateFunction -PrivateData 'string'
            }
            It 'Returns a single object' {
                ($return | Measure-Object).Count | Should -Be 1
            }
            It 'Returns a string based on the parameter PrivateData' {
                $return | Should -Be 'string'
            }
        }
    }
 }
--- a/tests/Unit/Public/Export-M365SecurityAuditTable.tests.ps1
+++ b/tests/Unit/Public/Export-M365SecurityAuditTable.tests.ps1
@@ -0,0 +1,71 @@
 BeforeAll {
    $script:moduleName = '<% $PLASTER_PARAM_ModuleName %>'
    # If the module is not found, run the build task 'noop'.
    if (-not (Get-Module -Name $script:moduleName -ListAvailable))
    {
        # Redirect all streams to $null, except the error stream (stream 2)
        & "$PSScriptRoot/../../build.ps1" -Tasks 'noop' 2>&1 4>&1 5>&1 6>&1 > $null
    }
    # Re-import the module using force to get any code changes between runs.
    Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop'
    $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Mock:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Should:ModuleName'] = $script:moduleName
 }
 AfterAll {
    $PSDefaultParameterValues.Remove('Mock:ModuleName')
    $PSDefaultParameterValues.Remove('InModuleScope:ModuleName')
    $PSDefaultParameterValues.Remove('Should:ModuleName')
    Remove-Module -Name $script:moduleName
 }
 Describe Get-Something {
    Context 'Return values' {
        BeforeEach {
            $return = Get-Something -Data 'value'
        }
        It 'Returns a single object' {
            ($return | Measure-Object).Count | Should -Be 1
        }
    }
    Context 'Pipeline' {
        It 'Accepts values from the pipeline by value' {
            $return = 'value1', 'value2' | Get-Something
            $return[0] | Should -Be 'value1'
            $return[1] | Should -Be 'value2'
        }
        It 'Accepts value from the pipeline by property name' {
            $return = 'value1', 'value2' | ForEach-Object {
                [PSCustomObject]@{
                    Data = $_
                    OtherProperty = 'other'
                }
            } | Get-Something
            $return[0] | Should -Be 'value1'
            $return[1] | Should -Be 'value2'
        }
    }
    Context 'ShouldProcess' {
        It 'Supports WhatIf' {
            (Get-Command Get-Something).Parameters.ContainsKey('WhatIf') | Should -Be $true
            { Get-Something -Data 'value' -WhatIf } | Should -Not -Throw
        }
    }
 }
--- a/tests/Unit/Public/Get-MFAStatus.tests.ps1
+++ b/tests/Unit/Public/Get-MFAStatus.tests.ps1
@@ -0,0 +1,71 @@
 BeforeAll {
    $script:moduleName = '<% $PLASTER_PARAM_ModuleName %>'
    # If the module is not found, run the build task 'noop'.
    if (-not (Get-Module -Name $script:moduleName -ListAvailable))
    {
        # Redirect all streams to $null, except the error stream (stream 2)
        & "$PSScriptRoot/../../build.ps1" -Tasks 'noop' 2>&1 4>&1 5>&1 6>&1 > $null
    }
    # Re-import the module using force to get any code changes between runs.
    Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop'
    $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Mock:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Should:ModuleName'] = $script:moduleName
 }
 AfterAll {
    $PSDefaultParameterValues.Remove('Mock:ModuleName')
    $PSDefaultParameterValues.Remove('InModuleScope:ModuleName')
    $PSDefaultParameterValues.Remove('Should:ModuleName')
    Remove-Module -Name $script:moduleName
 }
 Describe Get-Something {
    Context 'Return values' {
        BeforeEach {
            $return = Get-Something -Data 'value'
        }
        It 'Returns a single object' {
            ($return | Measure-Object).Count | Should -Be 1
        }
    }
    Context 'Pipeline' {
        It 'Accepts values from the pipeline by value' {
            $return = 'value1', 'value2' | Get-Something
            $return[0] | Should -Be 'value1'
            $return[1] | Should -Be 'value2'
        }
        It 'Accepts value from the pipeline by property name' {
            $return = 'value1', 'value2' | ForEach-Object {
                [PSCustomObject]@{
                    Data = $_
                    OtherProperty = 'other'
                }
            } | Get-Something
            $return[0] | Should -Be 'value1'
            $return[1] | Should -Be 'value2'
        }
    }
    Context 'ShouldProcess' {
        It 'Supports WhatIf' {
            (Get-Command Get-Something).Parameters.ContainsKey('WhatIf') | Should -Be $true
            { Get-Something -Data 'value' -WhatIf } | Should -Not -Throw
        }
    }
 }
--- a/tests/Unit/Public/Remove-RowsWithEmptyCSVStatus.tests.ps1
+++ b/tests/Unit/Public/Remove-RowsWithEmptyCSVStatus.tests.ps1
@@ -0,0 +1,71 @@
 BeforeAll {
    $script:moduleName = '<% $PLASTER_PARAM_ModuleName %>'
    # If the module is not found, run the build task 'noop'.
    if (-not (Get-Module -Name $script:moduleName -ListAvailable))
    {
        # Redirect all streams to $null, except the error stream (stream 2)
        & "$PSScriptRoot/../../build.ps1" -Tasks 'noop' 2>&1 4>&1 5>&1 6>&1 > $null
    }
    # Re-import the module using force to get any code changes between runs.
    Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop'
    $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Mock:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Should:ModuleName'] = $script:moduleName
 }
 AfterAll {
    $PSDefaultParameterValues.Remove('Mock:ModuleName')
    $PSDefaultParameterValues.Remove('InModuleScope:ModuleName')
    $PSDefaultParameterValues.Remove('Should:ModuleName')
    Remove-Module -Name $script:moduleName
 }
 Describe Get-Something {
    Context 'Return values' {
        BeforeEach {
            $return = Get-Something -Data 'value'
        }
        It 'Returns a single object' {
            ($return | Measure-Object).Count | Should -Be 1
        }
    }
    Context 'Pipeline' {
        It 'Accepts values from the pipeline by value' {
            $return = 'value1', 'value2' | Get-Something
            $return[0] | Should -Be 'value1'
            $return[1] | Should -Be 'value2'
        }
        It 'Accepts value from the pipeline by property name' {
            $return = 'value1', 'value2' | ForEach-Object {
                [PSCustomObject]@{
                    Data = $_
                    OtherProperty = 'other'
                }
            } | Get-Something
            $return[0] | Should -Be 'value1'
            $return[1] | Should -Be 'value2'
        }
    }
    Context 'ShouldProcess' {
        It 'Supports WhatIf' {
            (Get-Command Get-Something).Parameters.ContainsKey('WhatIf') | Should -Be $true
            { Get-Something -Data 'value' -WhatIf } | Should -Not -Throw
        }
    }
 }
Author	SHA1	Message	Date
Doug Rios	5e25d6ee1b	Merge pull request #115 from CriticalSolutionsNetwork/Add-QoL-Features Add qol features	2024-06-17 09:42:08 -05:00
DrIOS	a88535e258	docs: Update help	2024-06-16 15:24:02 -05:00
DrIOS	a43485f05e	fix: 2.1.4 output	2024-06-16 15:20:06 -05:00
DrIOS	486e053dfb	fix: 1.1.1 admin pull	2024-06-16 14:12:12 -05:00
DrIOS	6bace63c62	docs: finalize error handling standard	2024-06-16 13:11:43 -05:00
DrIOS	46d71900ce	docs: finalize error handling standard	2024-06-16 12:48:15 -05:00
DrIOS	51edc331ab	docs: reset comment	2024-06-16 12:24:42 -05:00
DrIOS	04e63f72fc	add: error handling for tests that produce large output	2024-06-16 12:23:39 -05:00
DrIOS	9b624680fd	add: test function	2024-06-16 11:01:16 -05:00
DrIOS	bbc74494c3	fix: Export original when cell is too large.	2024-06-16 10:51:18 -05:00
DrIOS	54a369bde3	fix: Write-Information if not auiditresult.	2024-06-16 10:09:26 -05:00
DrIOS	06cdb4d0d1	add: helper function for testing.	2024-06-16 09:58:25 -05:00
DrIOS	2d4593f207	fix: error handling and informative output	2024-06-16 09:22:07 -05:00
DrIOS	949a2aaa43	fix: formatting	2024-06-15 22:12:45 -05:00
DrIOS	3aef8a0ca3	fix: If details are empty	2024-06-15 22:11:38 -05:00
DrIOS	14d33493b0	docs: remove test code	2024-06-15 21:35:22 -05:00
DrIOS	234f0cdd31	docs: Update CHANGELOG	2024-06-15 21:34:37 -05:00
DrIOS	e1cc2a3da7	fix: export audit switch added to export	2024-06-15 21:33:35 -05:00
DrIOS	848438c33f	fix: export working	2024-06-15 21:15:28 -05:00
DrIOS	f981e59b43	docs: formatting and cleanup	2024-06-15 16:27:41 -05:00
Doug Rios	919d6cdd08	Delete test-gh.ps1	2024-06-15 16:16:31 -05:00
DrIOS	3211ebc089	docs: Update tests	2024-06-15 16:13:19 -05:00
DrIOS	7b37621917	add new function for exporting nested tables	2024-06-15 16:12:24 -05:00
DrIOS	6752e56be9	add new function for exporting nested tables	2024-06-15 14:49:13 -05:00
DrIOS	c4b2427539	add: Function to remove test rows with no results	2024-06-14 13:37:38 -05:00
Doug Rios	c2cc980a91	Merge pull request #111 from CriticalSolutionsNetwork/6.1.2/6.1.3-refactor 6.1.2/6.1.3 refactor Added Added Get-MFAStatus function to help with auditing mfa for conditional access controls. Fixed Fixed 6.1.2/6.1.3 tests to minimize calls to the Graph API. Fixed 2.1.1,2.1.4,2.1.5 to suppress error messages and create a standard object when no e5"	2024-06-14 11:06:00 -05:00
DrIOS	4b3e448e48	fix: write-host in public function due to code scanning alert	2024-06-14 11:02:51 -05:00
DrIOS	342d0ac4a9	fix: Module check for Get-MFAStatus	2024-06-14 10:54:58 -05:00
DrIOS	d4252a1839	docs: update help link for get-mfastatus	2024-06-14 10:51:02 -05:00
DrIOS	1fde9947e0	docs: Update CHANGELOG	2024-06-14 10:48:38 -05:00
DrIOS	da856b96e4	update help	2024-06-14 10:47:26 -05:00
DrIOS	8835ddfbfd	add: public function to check mfa status	2024-06-14 10:45:17 -05:00
DrIOS	9a7de2f549	fix: error handling for 6.1.2/6.1.3	2024-06-14 10:44:53 -05:00
DrIOS	c9940c2a09	docs: update changelog	2024-06-14 09:24:07 -05:00
DrIOS	83332207b4	docs: test scripts	2024-06-14 09:23:53 -05:00
DrIOS	ccacf76e6c	fix: 2.1.1,2.1.4,2.1.5 surpress error messages and create a standard object when no e5	2024-06-14 09:23:03 -05:00
DrIOS	273630839e	fix: 2.1.1,2.1.4,2.1.5 surpress error messages and create a standard object when no e5	2024-06-14 08:40:44 -05:00
DrIOS	3ca779650e	docs: 6.1.2,6.1.3 refactored	2024-06-13 10:34:37 -05:00
DrIOS	0cde0ae5e2	docs: 6.1.2,6.1.3 refactored	2024-06-13 10:22:38 -05:00