Merge pull request #128 from CriticalSolutionsNetwork/Revert-Export-Table-Change

Revert export table change
docs: Update CHANGELOG
2024-06-28 17:11:11 -05:00 · 2024-06-28 17:09:28 -05:00 · 2024-06-28 17:04:10 -05:00 · 2024-06-28 16:09:13 -05:00 · 2024-06-26 21:41:16 -05:00 · 2024-06-26 21:36:55 -05:00
112 changed files with 6972 additions and 1601 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -15,4 +15,5 @@ output/
 markdownissues.txt
 node_modules
 package-lock.json
-Aligned.xlsx
+Aligned.xlsx
 test-gh1.ps1
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,91 @@ The format is based on and uses the types of changes according to [Keep a Change
 ## [Unreleased]
 ### Fixed
 - Fixed `Get-ExceededLengthResultDetail` function paramter validation for Exported Tests to allow for Null.
 ## [0.1.16] - 2024-06-26
 ### Added
 - Added `Grant-M365SecurityAuditConsent` function to consent to the Microsoft Graph Powershell API for a user.
 ## [0.1.15] - 2024-06-26
 ### Fixed
 - Fixed test 8.6.1 to include all of the following properties in it's checks and output: `ReportJunkToCustomizedAddress`, `ReportNotJunkToCustomizedAddress`, `ReportPhishToCustomizedAddress`,`ReportJunkAddresses`,`ReportNotJunkAddresses`,`ReportPhishAddresses`,`ReportChatMessageEnabled`,`ReportChatMessageToCustomizedAddressEnabled`
 - Fixed help `about_M365FoundationsCISReport` examples.
 - Fixed `Export-M365SecurityAuditTable` to properly export when nested table tests are not included.
 ### Changed
 - Changed output of failure reason and details for 8.5.3 and 8.6.1 to be in line with other tests.
 ## [0.1.14] - 2024-06-23
 ### Fixed
 - Fixed test 1.3.1 to include notification window for password expiration.
 - Fixed 6.1.1 test definition to include the correct connection.
 - Removed banner and warning from EXO and AzureAD connection step.
 - Fixed missing CommentBlock for `Remove-RowsWithEmptyCSVStatus` function.
 - Fixed formatting and color for various Write-Host messages.
 ### Added
 - Added export to excel to `Export-M365SecurityAuditTable` function.
 - `Get-AdminRoleUserLicense` function to get the license of a user with admin roles for 1.1.1.
 - Skip MSOL connection confirmation to `Get-MFAStatus` function.
 - Added `Get-CISMgOutput` function to get the output of the Microsoft Graph API per test.
 - Added `Get-CISExoOutput` function to get the output of the Exchange Online API per test.
 - Added `Get-CISMSTeamsOutput` function to get the output of the Microsoft Teams API per test.
 - Added `Get-CISSPOOutput` function to get the output of the SharePoint Online API per test.
 - Added `Get-TestError` function to get the error output of a test.
 - Updated Microsoft Graph tests to utilize the new output functions ('1.1.1', '1.1.3', '1.2.1', '1.3.1', '5.1.2.3', '5.1.8.1', '6.1.2', '6.1.3')
 - Updated EXO tests to utilize the new output functions ('1.2.2', '1.3.3', '1.3.6', '2.1.1', '2.1.2', '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '8.6.1').
 - Updated MSTeams tests to utilize the new output functions ('8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', '8.5.7', '8.6.1')
 - Updated SPO tests to utilize the new output functions ('7.2.1', '7.2.2', '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.2.10', '7.3.1', '7.3.2', '7.3.4')
 ## [0.1.13] - 2024-06-18
 ### Added
 - Added tenant output to connect function.
 - Added skip tenant connection confirmation to main function.
 ### Fixed
 - Fixed comment examples for `Export-M365SecurityAuditTable`.
 ### Changed
 - Updated `Sync-CISExcelAndCsvData` to be one function.
 ## [0.1.12] - 2024-06-17
 ### Added
 - Added `Export-M365SecurityAuditTable` public function to export applicable audit results to a table format.
 - Added paramter to `Export-M365SecurityAuditTable` to specify output of the original audit results.
 - Added `Remove-RowsWithEmptyCSVStatus` public function to remove rows with empty status from the CSV file.
 - Added `Get-Action` private function to retrieve the action for the test 6.1.2 and 6.1.3 tests.
 - Added output modifications to tests that produce tables to ensure they can be exported with the new `Export-M365SecurityAuditTable` function.
 ## [0.1.11] - 2024-06-14
 ### Added
 - Added Get-MFAStatus function to help with auditing mfa for conditional access controls.
 ### Fixed
 - Fixed 6.1.2/6.1.3 tests to minimize calls to the Graph API.
 - Fixed 2.1.1,2.1.4,2.1.5 to suppress error messages and create a standard object when no e5"
 ## [0.1.10] - 2024-06-12
 ### Added
 - Added condition comments to each test.
--- a/README.md
+++ b/README.md
--- a/docs/index.html
+++ b/docs/index.html
--- a/help/Export-M365SecurityAuditTable.md
+++ b/help/Export-M365SecurityAuditTable.md
@@ -0,0 +1,218 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable
 schema: 2.0.0
 ---
 # Export-M365SecurityAuditTable
 ## SYNOPSIS
 Exports M365 security audit results to a CSV file or outputs a specific test result as an object.
 ## SYNTAX
 ### OutputObjectFromAuditResultsSingle
 ```
 Export-M365SecurityAuditTable [-AuditResults] <CISAuditResult[]> [-OutputTestNumber] <String>
 [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ### ExportAllResultsFromAuditResults
 ```
 Export-M365SecurityAuditTable [-AuditResults] <CISAuditResult[]> [-ExportAllTests] -ExportPath <String>
 [-ExportOriginalTests] [-ExportToExcel] [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ### OutputObjectFromCsvSingle
 ```
 Export-M365SecurityAuditTable [-CsvPath] <String> [-OutputTestNumber] <String>
 [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ### ExportAllResultsFromCsv
 ```
 Export-M365SecurityAuditTable [-CsvPath] <String> [-ExportAllTests] -ExportPath <String> [-ExportOriginalTests]
 [-ExportToExcel] [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ## DESCRIPTION
 This function exports M365 security audit results from either an array of CISAuditResult objects or a CSV file.
 It can export all results to a specified path or output a specific test result as an object.
 ## EXAMPLES
 ### EXAMPLE 1
 ```
 Export-M365SecurityAuditTable -AuditResults $object -OutputTestNumber 6.1.2
 # Output object for a single test number from audit results
 ```
 ### EXAMPLE 2
 ```
 Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp"
 # Export all results from audit results to the specified path
 ```
 ### EXAMPLE 3
 ```
 Export-M365SecurityAuditTable -CsvPath "C:\temp\auditresultstoday1.csv" -OutputTestNumber 6.1.2
 # Output object for a single test number from CSV
 ```
 ### EXAMPLE 4
 ```
 Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp"
 # Export all results from CSV to the specified path
 ```
 ### EXAMPLE 5
 ```
 Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportOriginalTests
 # Export all results from audit results to the specified path along with the original tests
 ```
 ### EXAMPLE 6
 ```
 Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" -ExportOriginalTests
 # Export all results from CSV to the specified path along with the original tests
 ```
 ## PARAMETERS
 ### -AuditResults
 An array of CISAuditResult objects containing the audit results.
 ```yaml
 Type: CISAuditResult[]
 Parameter Sets: OutputObjectFromAuditResultsSingle, ExportAllResultsFromAuditResults
 Aliases:
 Required: True
 Position: 3
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -CsvPath
 The path to a CSV file containing the audit results.
 ```yaml
 Type: String
 Parameter Sets: OutputObjectFromCsvSingle, ExportAllResultsFromCsv
 Aliases:
 Required: True
 Position: 3
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ExportAllTests
 Switch to export all test results.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 Required: True
 Position: 1
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ExportOriginalTests
 Switch to export the original audit results to a CSV file.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ExportPath
 The path where the CSV files will be exported.
 ```yaml
 Type: String
 Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 Required: True
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ExportToExcel
 Switch to export the results to an Excel file.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -OutputTestNumber
 The test number to output as an object.
 Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
 ```yaml
 Type: String
 Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle
 Aliases:
 Required: True
 Position: 2
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ### [CISAuditResult[]], [string]
 ## OUTPUTS
 ### [PSCustomObject]
 ## NOTES
 ## RELATED LINKS
 [https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable)
--- a/help/Get-AdminRoleUserLicense.md
+++ b/help/Get-AdminRoleUserLicense.md
@@ -0,0 +1,89 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense
 schema: 2.0.0
 ---
 # Get-AdminRoleUserLicense
 ## SYNOPSIS
 Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API.
 ## SYNTAX
 ```
 Get-AdminRoleUserLicense [-SkipGraphConnection] [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ## DESCRIPTION
 The Get-AdminRoleUserLicense function connects to Microsoft Graph and retrieves all users who are assigned administrative roles along with their user details and licenses.
 This function is useful for auditing and compliance checks to ensure that administrators have appropriate licenses and role assignments.
 ## EXAMPLES
 ### EXAMPLE 1
 ```
 Get-AdminRoleUserLicense
 ```
 This example retrieves all administrative role users along with their licenses by connecting to Microsoft Graph using the default scopes.
 ### EXAMPLE 2
 ```
 Get-AdminRoleUserLicense -SkipGraphConnection
 ```
 This example retrieves all administrative role users along with their licenses without attempting to connect to Microsoft Graph, assuming that the connection is already established.
 ## PARAMETERS
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SkipGraphConnection
 A switch parameter that, when set, skips the connection to Microsoft Graph if already established.
 This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ### None. You cannot pipe objects to Get-AdminRoleUserLicense.
 ## OUTPUTS
 ### PSCustomObject
 ### Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses.
 ## NOTES
 Creation Date:  2024-04-15
 Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing.
 ## RELATED LINKS
 [https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense)
--- a/help/Get-MFAStatus.md
+++ b/help/Get-MFAStatus.md
@@ -0,0 +1,109 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus
 schema: 2.0.0
 ---
 # Get-MFAStatus
 ## SYNOPSIS
 Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users.
 ## SYNTAX
 ```
 Get-MFAStatus [[-UserId] <String>] [-SkipMSOLConnectionChecks] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]
 ```
 ## DESCRIPTION
 The Get-MFAStatus function connects to Microsoft Online Service and retrieves the MFA status for all Azure Active Directory users, excluding guest accounts.
 Optionally, you can specify a single user by their User Principal Name (UPN) to get their MFA status.
 ## EXAMPLES
 ### EXAMPLE 1
 ```
 Get-MFAStatus
 Retrieves the MFA status for all Azure Active Directory users.
 ```
 ### EXAMPLE 2
 ```
 Get-MFAStatus -UserId "example@domain.com"
 Retrieves the MFA status for the specified user with the UPN "example@domain.com".
 ```
 ## PARAMETERS
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SkipMSOLConnectionChecks
 {{ Fill SkipMSOLConnectionChecks Description }}
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -UserId
 The User Principal Name (UPN) of a specific user to retrieve MFA status for.
 If not provided, the function retrieves MFA status for all users.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ## OUTPUTS
 ### System.Object
 ### Returns a sorted list of custom objects containing the following properties:
 ### - UserPrincipalName
 ### - DisplayName
 ### - MFAState
 ### - MFADefaultMethod
 ### - MFAPhoneNumber
 ### - PrimarySMTP
 ### - Aliases
 ## NOTES
 The function requires the MSOL module to be installed and connected to your tenant.
 Ensure that you have the necessary permissions to read user and MFA status information.
 ## RELATED LINKS
 [https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus)
--- a/help/Grant-M365SecurityAuditConsent.md
+++ b/help/Grant-M365SecurityAuditConsent.md
@@ -0,0 +1,179 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent
 schema: 2.0.0
 ---
 # Grant-M365SecurityAuditConsent
 ## SYNOPSIS
 Grants Microsoft Graph permissions for an auditor.
 ## SYNTAX
 ```
 Grant-M365SecurityAuditConsent [-UserPrincipalNameForConsent] <String> [-SkipGraphConnection]
 [-SkipModuleCheck] [-SuppressRevertOutput] [-DoNotDisconnect] [-ProgressAction <ActionPreference>] [-WhatIf]
 [-Confirm] [<CommonParameters>]
 ```
 ## DESCRIPTION
 This function grants the specified Microsoft Graph permissions to a user, allowing the user to perform audits.
 It connects to Microsoft Graph, checks if a service principal exists for the client application, creates it if it does not exist, and then grants the specified permissions.
 Finally, it assigns the app to the user.
 ## EXAMPLES
 ### EXAMPLE 1
 ```
 Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com
 ```
 Grants Microsoft Graph permissions to user@example.com for the client application with the specified Application ID.
 ### EXAMPLE 2
 ```
 Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com -SkipGraphConnection
 ```
 Grants Microsoft Graph permissions to user@example.com, skipping the connection to Microsoft Graph.
 ## PARAMETERS
 ### -DoNotDisconnect
 If specified, does not disconnect from Microsoft Graph after granting consent.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SkipGraphConnection
 If specified, skips connecting to Microsoft Graph.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SkipModuleCheck
 If specified, skips the check for the Microsoft.Graph module.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SuppressRevertOutput
 If specified, suppresses the output of the revert commands.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -UserPrincipalNameForConsent
 Specify the UPN of the user to grant consent for.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: True
 Position: 1
 Default value: None
 Accept pipeline input: True (ByPropertyName, ByValue)
 Accept wildcard characters: False
 ```
 ### -Confirm
 Prompts you for confirmation before running the cmdlet.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: cf
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -WhatIf
 Shows what would happen if the cmdlet runs.
 The cmdlet is not run.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: wi
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ## OUTPUTS
 ### System.Void
 ## NOTES
 This function requires the Microsoft.Graph module version 2.4.0 or higher.
 ## RELATED LINKS
 [https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent)
--- a/help/Invoke-M365SecurityAudit.md
+++ b/help/Invoke-M365SecurityAudit.md
@@ -0,0 +1,435 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit
 schema: 2.0.0
 ---
 # Invoke-M365SecurityAudit
 ## SYNOPSIS
 Invokes a security audit for Microsoft 365 environments.
 ## SYNTAX
 ### Default (Default)
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-M365DomainForPWPolicyTest <String>] [-DoNotConnect]
 [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-ProgressAction <ActionPreference>] [-WhatIf]
 [-Confirm] [<CommonParameters>]
 ```
 ### ELevelFilter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-M365DomainForPWPolicyTest <String>] -ELevel <String>
 -ProfileLevel <String> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections]
 [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### IG1Filter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-M365DomainForPWPolicyTest <String>] [-IncludeIG1]
 [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections]
 [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### IG2Filter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-M365DomainForPWPolicyTest <String>] [-IncludeIG2]
 [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections]
 [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### IG3Filter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-M365DomainForPWPolicyTest <String>] [-IncludeIG3]
 [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections]
 [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### RecFilter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-M365DomainForPWPolicyTest <String>]
 -IncludeRecommendation <String[]> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck]
 [-DoNotConfirmConnections] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### SkipRecFilter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-M365DomainForPWPolicyTest <String>]
 -SkipRecommendation <String[]> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections]
 [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ## DESCRIPTION
 The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters.
 It allows auditing of various configurations and settings within a Microsoft 365 environment, such as compliance with CIS benchmarks.
 ## EXAMPLES
 ### EXAMPLE 1
 ```
 Invoke-M365SecurityAudit
 ```
 Performs a security audit using default parameters.
 Output:
 Status      : Fail
 ELevel      : E3
 ProfileLevel: L1
 Connection  : Microsoft Graph
 Rec         : 1.1.1
 Result      : False
 Details     : Non-compliant accounts:
                Username        | Roles                  | HybridStatus | Missing Licence
                user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
                user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
 FailureReason: Non-Compliant Accounts: 2
 ### EXAMPLE 2
 ```
 Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -ELevel "E5" -ProfileLevel "L1"
 ```
 Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
 Output:
 Status      : Fail
 ELevel      : E5
 ProfileLevel: L1
 Connection  : Microsoft Graph
 Rec         : 1.1.1
 Result      : False
 Details     : Non-compliant accounts:
                Username        | Roles                  | HybridStatus | Missing Licence
                user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
                user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
 FailureReason: Non-Compliant Accounts: 2
 ### EXAMPLE 3
 ```
 Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -IncludeIG1
 ```
 Performs an audit including all tests where IG1 is true.
 Output:
 Status      : Fail
 ELevel      : E3
 ProfileLevel: L1
 Connection  : Microsoft Graph
 Rec         : 1.1.1
 Result      : False
 Details     : Non-compliant accounts:
                Username        | Roles                  | HybridStatus | Missing Licence
                user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
                user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
 FailureReason: Non-Compliant Accounts: 2
 ### EXAMPLE 4
 ```
 Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
 Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
 Output:
 Status      : Fail
 ELevel      : E3
 ProfileLevel: L1
 Connection  : Microsoft Graph
 Rec         : 1.1.1
 Result      : False
 Details     : Non-compliant accounts:
                Username        | Roles                  | HybridStatus | Missing Licence
                user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
                user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
 FailureReason: Non-Compliant Accounts: 2
 ```
 ### EXAMPLE 5
 ```
 $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com"
 PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
 ```
 Captures the audit results into a variable and exports them to a CSV file.
 Output:
 CISAuditResult\[\]
 auditResults.csv
 ### EXAMPLE 6
 ```
 Invoke-M365SecurityAudit -WhatIf
 ```
 Displays what would happen if the cmdlet is run without actually performing the audit.
 Output:
 What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment".
 ## PARAMETERS
 ### -DoNotConfirmConnections
 If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -DoNotConnect
 If specified, the cmdlet will not establish a connection to Microsoft 365 services.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -DoNotDisconnect
 If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ELevel
 Specifies the E-Level (E3 or E5) for the audit.
 This parameter is optional and can be combined with the ProfileLevel parameter.
 ```yaml
 Type: String
 Parameter Sets: ELevelFilter
 Aliases:
 Required: True
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -IncludeIG1
 If specified, includes tests where IG1 is true.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: IG1Filter
 Aliases:
 Required: True
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -IncludeIG2
 If specified, includes tests where IG2 is true.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: IG2Filter
 Aliases:
 Required: True
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -IncludeIG3
 If specified, includes tests where IG3 is true.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: IG3Filter
 Aliases:
 Required: True
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -IncludeRecommendation
 Specifies specific recommendations to include in the audit.
 Accepts an array of recommendation numbers.
 ```yaml
 Type: String[]
 Parameter Sets: RecFilter
 Aliases:
 Required: True
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -M365DomainForPWPolicyTest
 The domain name of the Microsoft 365 environment to test.
 This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -NoModuleCheck
 If specified, the cmdlet will not check for the presence of required modules.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProfileLevel
 Specifies the profile level (L1 or L2) for the audit.
 This parameter is optional and can be combined with the ELevel parameter.
 ```yaml
 Type: String
 Parameter Sets: ELevelFilter
 Aliases:
 Required: True
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SkipRecommendation
 Specifies specific recommendations to exclude from the audit.
 Accepts an array of recommendation numbers.
 ```yaml
 Type: String[]
 Parameter Sets: SkipRecFilter
 Aliases:
 Required: True
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -TenantAdminUrl
 The URL of the tenant admin.
 If not specified, none of the SharePoint Online tests will run.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -Confirm
 Prompts you for confirmation before running the cmdlet.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: cf
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -WhatIf
 Shows what would happen if the cmdlet runs.
 The cmdlet is not run.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: wi
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ### None. You cannot pipe objects to Invoke-M365SecurityAudit.
 ## OUTPUTS
 ### CISAuditResult[]
 ### The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
 ## NOTES
 - This module is based on CIS benchmarks.
 - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
 - Commercial use is not permitted. This module cannot be sold or used for commercial purposes.
 - Modifications and sharing are allowed under the same license.
 - For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en
 - Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks
 ## RELATED LINKS
 [https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit)
--- a/help/M365FoundationsCISReport.md
+++ b/help/M365FoundationsCISReport.md
@@ -0,0 +1,31 @@
 ---
 Module Name: M365FoundationsCISReport
 Module Guid: 0d064bfb-d1ce-484b-a173-993b55984dc9
 Download Help Link: {{Please enter Link manually}}
 Help Version: 1.0.0.0
 Locale: en-US
 ---
 # M365FoundationsCISReport Module
 ## Description
 The `M365FoundationsCISReport` module provides a set of cmdlets to audit and report on the security compliance of Microsoft 365 environments based on CIS (Center for Internet Security) benchmarks. It enables administrators to generate detailed reports, sync data with CIS Excel sheets, and perform security audits to ensure compliance.
 ## M365FoundationsCISReport Cmdlets
 ### [Export-M365SecurityAuditTable](Export-M365SecurityAuditTable.md)
 Exports M365 security audit results to a CSV file or outputs a specific test result as an object.
 ### [Get-AdminRoleUserLicense](Get-AdminRoleUserLicense.md)
 Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API.
 ### [Get-MFAStatus](Get-MFAStatus.md)
 Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users.
 ### [Invoke-M365SecurityAudit](Invoke-M365SecurityAudit.md)
 Invokes a security audit for Microsoft 365 environments.
 ### [Remove-RowsWithEmptyCSVStatus](Remove-RowsWithEmptyCSVStatus.md)
 Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file.
 ### [Sync-CISExcelAndCsvData](Sync-CISExcelAndCsvData.md)
 Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates.
--- a/help/Remove-RowsWithEmptyCSVStatus.md
+++ b/help/Remove-RowsWithEmptyCSVStatus.md
@@ -0,0 +1,89 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version:
 schema: 2.0.0
 ---
 # Remove-RowsWithEmptyCSVStatus
 ## SYNOPSIS
 Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file.
 ## SYNTAX
 ```
 Remove-RowsWithEmptyCSVStatus [-FilePath] <String> [-WorksheetName] <String>
 [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ## DESCRIPTION
 The Remove-RowsWithEmptyCSVStatus function imports data from a specified worksheet in an Excel file, checks for the presence of the 'CSV_Status' column, and filters out rows where the 'CSV_Status' column is empty.
 The filtered data is then exported to a new Excel file with a '-Filtered' suffix added to the original file name.
 ## EXAMPLES
 ### EXAMPLE 1
 ```
 Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1"
 This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, removes rows where the 'CSV_Status' column is empty, and saves the filtered data to a new file named "Report-Filtered.xlsx" in the same directory.
 ```
 ## PARAMETERS
 ### -FilePath
 The path to the Excel file to be processed.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: True
 Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -WorksheetName
 The name of the worksheet within the Excel file to be processed.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: True
 Position: 2
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ## OUTPUTS
 ## NOTES
 This function requires the ImportExcel module to be installed.
 ## RELATED LINKS
--- a/help/Sync-CISExcelAndCsvData.md
+++ b/help/Sync-CISExcelAndCsvData.md
@@ -0,0 +1,117 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData
 schema: 2.0.0
 ---
 # Sync-CISExcelAndCsvData
 ## SYNOPSIS
 Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates.
 ## SYNTAX
 ```
 Sync-CISExcelAndCsvData [[-ExcelPath] <String>] [[-CsvPath] <String>] [[-SheetName] <String>]
 [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ## DESCRIPTION
 The Sync-CISExcelAndCsvData function merges and updates data in a specified Excel worksheet from a CSV file.
 This includes adding or updating fields for connection status, details, failure reasons, and the date of the update.
 It's designed to ensure that the Excel document maintains a running log of changes over time, ideal for tracking remediation status and audit history.
 ## EXAMPLES
 ### EXAMPLE 1
 ```
 Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "AuditData"
 Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', adding new information and the date of the update.
 ```
 ## PARAMETERS
 ### -CsvPath
 Specifies the path to the CSV file containing new data.
 This parameter is mandatory.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: 2
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ExcelPath
 Specifies the path to the Excel file to be updated.
 This parameter is mandatory.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SheetName
 Specifies the name of the worksheet in the Excel file where data will be merged and updated.
 This parameter is mandatory.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: 3
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ### System.String
 ### The function accepts strings for file paths and worksheet names.
 ## OUTPUTS
 ### None
 ### The function directly updates the Excel file and does not output any objects.
 ## NOTES
 - Ensure that the 'ImportExcel' module is installed and up to date to handle Excel file manipulations.
 - It is recommended to back up the Excel file before running this function to avoid accidental data loss.
 - The CSV file should have columns that match expected headers like 'Connection', 'Details', 'FailureReason', and 'Status' for correct data mapping.
 ## RELATED LINKS
 [https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData](https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData)
--- a/help/about_M365FoundationsCISReport.md
+++ b/help/about_M365FoundationsCISReport.md
@@ -0,0 +1,59 @@
 # M365FoundationsCISReport
 ## about_M365FoundationsCISReport
 # SHORT DESCRIPTION
 The `M365FoundationsCISReport` module provides cmdlets for auditing and reporting on the security compliance of Microsoft 365 environments based on CIS benchmarks.
 # LONG DESCRIPTION
 The `M365FoundationsCISReport` module is designed to help administrators ensure that their Microsoft 365 environments adhere to the security best practices outlined by the Center for Internet Security (CIS). The module includes cmdlets for performing comprehensive security audits, generating detailed reports, and synchronizing audit results with CIS benchmark Excel sheets. It aims to streamline the process of maintaining security compliance and improving the overall security posture of Microsoft 365 environments.
 ## Optional Subtopics
 ### Auditing and Reporting
 The module provides cmdlets that allow for the auditing of various security aspects of Microsoft 365 environments, including user MFA status, administrative role licenses, and more. The results can be exported and analyzed to ensure compliance with CIS benchmarks.
 ### Data Synchronization
 The module includes functionality to synchronize audit results with CIS benchmark data stored in Excel sheets. This ensures that the documentation is always up-to-date with the latest audit findings.
 # EXAMPLES
 ```powershell
 # Example 1: Performing a security audit based on CIS benchmarks
 $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
 # Example 2: Exporting a security audit table to a CSV file
 Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests
 # Example 3: Retrieving licenses for users in administrative roles
 Get-AdminRoleUserLicense
 # Example 4: Getting MFA status of users
 Get-MFAStatus -UserId "user@domain.com"
 # Example 5: Removing rows with empty status values from a CSV file
 Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1"
 # Example 6: Synchronizing CIS benchmark data with audit results
 Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles"
 # Example 7: Granting Microsoft Graph permissions to the auditor
 Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com'
 ```
 # NOTE
 Ensure that you have the necessary permissions and administrative roles in your Microsoft 365 environment to run these cmdlets. Proper configuration and setup are required for accurate audit results.
 # TROUBLESHOOTING NOTE
 If you encounter any issues while using the cmdlets, ensure that your environment meets the module prerequisites. Check for any updates or patches that may address known bugs. For issues related to specific cmdlets, refer to the individual help files for troubleshooting tips.
 # SEE ALSO
 - [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/)
 - [Microsoft 365 Security Documentation](https://docs.microsoft.com/en-us/microsoft-365/security/)
 - [PowerShell Documentation](https://docs.microsoft.com/en-us/powershell/)
 # KEYWORDS
 - Microsoft 365
 - Security Audit
 - CIS Benchmarks
 - Compliance
 - MFA
 - User Licenses
 - Security Reporting
--- a/helpers/Build-Help.ps1
+++ b/helpers/Build-Help.ps1
@@ -4,7 +4,7 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1
 <#
-    $ver = "v0.1.9"
+    $ver = "v0.1.16"
    git checkout main
    git pull origin main
    git tag -a $ver -m "Release version $ver refactor Update"
@@ -14,72 +14,51 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1
    # git tag -d $ver
 #>
-# Refresh authentication to ensure the correct scopes
+$OutputFolder = ".\help"
-gh auth refresh -s project,read:project,write:project,repo
+$parameters = @{
-
+    Module = "M365FoundationsCISReport"
-# Create the project
+    OutputFolder = $OutputFolder
-gh project create --owner CriticalSolutionsNetwork --title "Test Validation Project"
+    AlphabeticParamsOrder = $true
-
+    WithModulePage = $true
-$repoOwner = "CriticalSolutionsNetwork"
+    ExcludeDontShow = $true
-$repoName = "M365FoundationsCISReport"
+    Encoding = [System.Text.Encoding]::UTF8
 $directoryPath = ".\source\tests"
 $projectName = "Test Validation Project"
 # Function to create GitHub issues
 function Create-GitHubIssue {
    param (
        [string]$title,
        [string]$body,
        [string]$project
    )
    # Create the issue and add it to the specified project
    $issue = gh issue create --repo "$repoOwner/$repoName" --title "$title" --body "$body" --project "$project"
    return $issue
 }
 New-MarkdownHelp @parameters
 New-MarkdownAboutHelp -OutputFolder $OutputFolder -AboutName "M365FoundationsCISReport"
 # Load test definitions from CSV
 $testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
 $testDefinitions = Import-Csv -Path $testDefinitionsPath
-# Iterate over each .ps1 file in the directory
+####
-Get-ChildItem -Path $directoryPath -Filter "*.ps1" | ForEach-Object {
+$parameters = @{
-    $fileName = $_.Name
+    Path = ".\help"
-    $testDefinition = $testDefinitions | Where-Object { $_.TestFileName -eq $fileName }
+    RefreshModulePage = $true
-
+    AlphabeticParamsOrder = $true
-    if ($testDefinition) {
+    UpdateInputOutput = $true
-        $rec = $testDefinition.Rec
+    ExcludeDontShow = $true
-        $elevel = $testDefinition.ELevel
+    LogPath = ".\log.txt"
-        $profileLevel = $testDefinition.ProfileLevel
+    Encoding = [System.Text.Encoding]::UTF8
        $ig1 = $testDefinition.IG1
        $ig2 = $testDefinition.IG2
        $ig3 = $testDefinition.IG3
        $connection = $testDefinition.Connection
        $issueTitle = "Rec: $rec - Validate $fileName, ELevel: $elevel, ProfileLevel: $profileLevel, IG1: $ig1, IG2: $ig2, IG3: $ig3, Connection: $connection"
        $issueBody = @"
 # Validation for $fileName
 ## Tasks
 - [ ] Validate test for a pass
  - Description of passing criteria:
 - [ ] Validate test for a fail
  - Description of failing criteria:
 - [ ] Add notes and observations
  - Placeholder for additional notes:
 "@
        # Create the issue using GitHub CLI
        try {
            Create-GitHubIssue -title "$issueTitle" -body "$issueBody" -project "$projectName"
            Write-Output "Created issue for $fileName"
        } catch {
            Write-Error "Failed to create issue for $fileName : $_"
        }
        # Introduce a delay of 2 seconds
        Start-Sleep -Seconds 2
    } else {
        Write-Warning "No matching test definition found for $fileName"
    }
 }
 Update-MarkdownHelpModule @parameters -Force
 Update-MarkdownHelpModule -Path ".\help" -RefreshModulePage -Force
 New-ExternalHelp -Path ".\help" -OutputPath ".\source\en-US" -force
 # Install Secret Management
 Install-Module -Name "Microsoft.PowerShell.SecretManagement", `
 "SecretManagement.JustinGrote.CredMan" -Scope CurrentUser
 # Register Vault
 Register-SecretVault -Name ModuleBuildCreds -ModuleName `
 "SecretManagement.JustinGrote.CredMan" -ErrorAction Stop
 Set-Secret -Name "GalleryApiToken" -Vault ModuleBuildCreds
 Set-Secret -Name "GitHubToken" -Vault ModuleBuildCreds
 $GalleryApiToken = Get-Secret -Name "GalleryApiToken" -Vault ModuleBuildCreds -AsPlainText
 $GitHubToken = Get-Secret -Name "GitHubToken" -Vault ModuleBuildCreds -AsPlainText
 $GalleryApiToken
 $GitHubToken
--- a/source/Private/Assert-ModuleAvailability.ps1
+++ b/source/Private/Assert-ModuleAvailability.ps1
@@ -10,25 +10,25 @@ function Assert-ModuleAvailability {
        $module = Get-Module -ListAvailable -Name $ModuleName | Where-Object { $_.Version -ge [version]$RequiredVersion }
        if ($null -eq $module) {
-            Write-Information "Installing $ModuleName module..." -InformationAction Continue
+            Write-Host "Installing $ModuleName module..." -ForegroundColor Yellow
            Install-Module -Name $ModuleName -RequiredVersion $RequiredVersion -Force -AllowClobber -Scope CurrentUser | Out-Null
        }
        elseif ($module.Version -lt [version]$RequiredVersion) {
-            Write-Information "Updating $ModuleName module to required version..." -InformationAction Continue
+            Write-Host "Updating $ModuleName module to required version..." -ForegroundColor Yellow
            Update-Module -Name $ModuleName -RequiredVersion $RequiredVersion -Force | Out-Null
        }
        else {
-            Write-Information "$ModuleName module is already at required version or newer." -InformationAction Continue
+            Write-Host "$ModuleName module is already at required version or newer." -ForegroundColor Gray
        }
        if ($SubModules.Count -gt 0) {
            foreach ($subModule in $SubModules) {
-                Write-Information "Importing submodule $ModuleName.$subModule..." -InformationAction Continue
+                Write-Host "Importing submodule $ModuleName.$subModule..." -ForegroundColor DarkGray
                Import-Module -Name "$ModuleName.$subModule" -RequiredVersion $RequiredVersion -ErrorAction Stop | Out-Null
            }
        } else {
-            Write-Information "Importing module $ModuleName..." -InformationAction Continue
+            Write-Host "Importing module $ModuleName..." -ForegroundColor DarkGray
-            Import-Module -Name $ModuleName -RequiredVersion $RequiredVersion -ErrorAction Stop | Out-Null
+            Import-Module -Name $ModuleName -RequiredVersion $RequiredVersion -ErrorAction Stop -WarningAction SilentlyContinue | Out-Null
        }
    }
    catch {
--- a/source/Private/Connect-M365Suite.ps1
+++ b/source/Private/Connect-M365Suite.ps1
@@ -2,52 +2,115 @@ function Connect-M365Suite {
    [OutputType([void])]
    [CmdletBinding()]
    param (
-        [Parameter(Mandatory=$false)]
+        [Parameter(Mandatory = $false)]
        [string]$TenantAdminUrl,
        [Parameter(Mandatory)]
-        [string[]]$RequiredConnections
+        [string[]]$RequiredConnections,
        [Parameter(Mandatory = $false)]
        [switch]$SkipConfirmation
    )
    $VerbosePreference = "SilentlyContinue"
    $tenantInfo = @()
    $connectedServices = @()
    try {
        if ($RequiredConnections -contains "AzureAD" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
-            Write-Host "Connecting to Azure Active Directory..." -ForegroundColor Cyan
+            Write-Host "Connecting to Azure Active Directory..." -ForegroundColor Yellow
-            Connect-AzureAD | Out-Null
+            Connect-AzureAD -WarningAction SilentlyContinue | Out-Null
            $tenantDetails = Get-AzureADTenantDetail -WarningAction SilentlyContinue
            $tenantInfo += [PSCustomObject]@{
                Service = "Azure Active Directory"
                TenantName = $tenantDetails.DisplayName
                TenantID = $tenantDetails.ObjectId
            }
            $connectedServices += "AzureAD"
            Write-Host "Successfully connected to Azure Active Directory." -ForegroundColor Green
        }
-        if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
+        if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
-            Write-Host "Connecting to Microsoft Graph with scopes: Directory.Read.All, Domain.Read.All, Policy.Read.All, Organization.Read.All" -ForegroundColor Cyan
+            Write-Host "Connecting to Microsoft Graph with scopes: Directory.Read.All, Domain.Read.All, Policy.Read.All, Organization.Read.All" -ForegroundColor Yellow
            try {
                Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome | Out-Null
                $graphOrgDetails = Get-MgOrganization
                $tenantInfo += [PSCustomObject]@{
                    Service = "Microsoft Graph"
                    TenantName = $graphOrgDetails.DisplayName
                    TenantID = $graphOrgDetails.Id
                }
                $connectedServices += "Microsoft Graph"
                Write-Host "Successfully connected to Microsoft Graph with specified scopes." -ForegroundColor Green
            }
            catch {
                Write-Host "Failed to connect to MgGraph, attempting device auth." -ForegroundColor Yellow
                Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -UseDeviceCode -NoWelcome | Out-Null
                $graphOrgDetails = Get-MgOrganization
                $tenantInfo += [PSCustomObject]@{
                    Service = "Microsoft Graph"
                    TenantName = $graphOrgDetails.DisplayName
                    TenantID = $graphOrgDetails.Id
                }
                $connectedServices += "Microsoft Graph"
                Write-Host "Successfully connected to Microsoft Graph with specified scopes." -ForegroundColor Green
            }
        }
-        if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
+        if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
-            Write-Host "Connecting to Exchange Online..." -ForegroundColor Cyan
+            Write-Host "Connecting to Exchange Online..." -ForegroundColor Yellow
-            Connect-ExchangeOnline | Out-Null
+            Connect-ExchangeOnline -ShowBanner:$false | Out-Null
            $exoTenant = (Get-OrganizationConfig).Identity
            $tenantInfo += [PSCustomObject]@{
                Service = "Exchange Online"
                TenantName = $exoTenant
                TenantID = "N/A"
            }
            $connectedServices += "EXO"
            Write-Host "Successfully connected to Exchange Online." -ForegroundColor Green
        }
        if ($RequiredConnections -contains "SPO") {
-            Write-Host "Connecting to SharePoint Online..." -ForegroundColor Cyan
+            Write-Host "Connecting to SharePoint Online..." -ForegroundColor Yellow
            Connect-SPOService -Url $TenantAdminUrl | Out-Null
            $spoContext = Get-SPOCrossTenantHostUrl
            $tenantName = Get-UrlLine -Output $spoContext
            $tenantInfo += [PSCustomObject]@{
                Service = "SharePoint Online"
                TenantName = $tenantName
            }
            $connectedServices += "SPO"
            Write-Host "Successfully connected to SharePoint Online." -ForegroundColor Green
        }
        if ($RequiredConnections -contains "Microsoft Teams" -or $RequiredConnections -contains "Microsoft Teams | EXO") {
-            Write-Host "Connecting to Microsoft Teams..." -ForegroundColor Cyan
+            Write-Host "Connecting to Microsoft Teams..." -ForegroundColor Yellow
            Connect-MicrosoftTeams | Out-Null
            $teamsTenantDetails = Get-CsTenant
            $tenantInfo += [PSCustomObject]@{
                Service = "Microsoft Teams"
                TenantName = $teamsTenantDetails.DisplayName
                TenantID = $teamsTenantDetails.TenantId
            }
            $connectedServices += "Microsoft Teams"
            Write-Host "Successfully connected to Microsoft Teams." -ForegroundColor Green
        }
        # Display tenant information and confirm with the user
        if (-not $SkipConfirmation) {
            Write-Host "Connected to the following tenants:" -ForegroundColor Yellow
            foreach ($tenant in $tenantInfo) {
                Write-Host "Service: $($tenant.Service)" -ForegroundColor Cyan
                Write-Host "Tenant Context: $($tenant.TenantName)`n" -ForegroundColor Green
                #Write-Host "Tenant ID: $($tenant.TenantID)"
            }
            $confirmation = Read-Host "Do you want to proceed with these connections? (Y/N)"
            if ($confirmation -notlike 'Y') {
                Write-Host "Connection setup aborted by user." -ForegroundColor Red
                Disconnect-M365Suite -RequiredConnections $connectedServices
                throw "User aborted connection setup."
            }
        }
    }
    catch {
        $VerbosePreference = "Continue"
--- a/source/Private/Format-MissingAction.ps1
+++ b/source/Private/Format-MissingAction.ps1
@@ -1,29 +0,0 @@
 function Format-MissingAction {
    [CmdletBinding()]
    [OutputType([hashtable])]
    param (
        [array]$missingActions
    )
    $actionGroups = @{
        "Admin"    = @()
        "Delegate" = @()
        "Owner"    = @()
    }
    foreach ($action in $missingActions) {
        if ($action -match "(Admin|Delegate|Owner) action '([^']+)' missing") {
            $type = $matches[1]
            $actionName = $matches[2]
            $actionGroups[$type] += $actionName
        }
    }
    $formattedResults = @{
        Admin    = $actionGroups["Admin"] -join ', '
        Delegate = $actionGroups["Delegate"] -join ', '
        Owner    = $actionGroups["Owner"] -join ', '
    }
    return $formattedResults
 }
--- a/source/Private/Get-Action.ps1
+++ b/source/Private/Get-Action.ps1
@@ -0,0 +1,113 @@
 function Get-Action {
    [CmdletBinding(DefaultParameterSetName = "GetDictionaries")]
    param (
        [Parameter(Position = 0, ParameterSetName = "GetDictionaries")]
        [switch]$Dictionaries,
        [Parameter(Position = 0, ParameterSetName = "ConvertActions")]
        [string[]]$Actions,
        [Parameter(Position = 1, Mandatory = $true, ParameterSetName = "ConvertActions")]
        [ValidateSet("Admin", "Delegate", "Owner")]
        [string]$ActionType,
        [Parameter(Position = 0, ParameterSetName = "ReverseActions")]
        [string[]]$AbbreviatedActions,
        [Parameter(Position = 1, Mandatory = $true, ParameterSetName = "ReverseActions")]
        [ValidateSet("Admin", "Delegate", "Owner")]
        [string]$ReverseActionType
    )
    $Dictionary = @{
        AdminActions = @{
            ApplyRecord              = 'AR'
            Copy                     = 'CP'
            Create                   = 'CR'
            FolderBind               = 'FB'
            HardDelete               = 'HD'
            MailItemsAccessed        = 'MIA'
            Move                     = 'MV'
            MoveToDeletedItems       = 'MTDI'
            SendAs                   = 'SA'
            SendOnBehalf             = 'SOB'
            Send                     = 'SD'
            SoftDelete               = 'SD'
            Update                   = 'UP'
            UpdateCalendarDelegation = 'UCD'
            UpdateFolderPermissions  = 'UFP'
            UpdateInboxRules         = 'UIR'
        }
        DelegateActions = @{
            ApplyRecord             = 'AR'
            Create                  = 'CR'
            FolderBind              = 'FB'
            HardDelete              = 'HD'
            MailItemsAccessed       = 'MIA'
            Move                    = 'MV'
            MoveToDeletedItems      = 'MTDI'
            SendAs                  = 'SA'
            SendOnBehalf            = 'SOB'
            SoftDelete              = 'SD'
            Update                  = 'UP'
            UpdateFolderPermissions = 'UFP'
            UpdateInboxRules        = 'UIR'
        }
        OwnerActions = @{
            ApplyRecord              = 'AR'
            Create                   = 'CR'
            HardDelete               = 'HD'
            MailboxLogin             = 'ML'
            MailItemsAccessed        = 'MIA'
            Move                     = 'MV'
            MoveToDeletedItems       = 'MTDI'
            Send                     = 'SD'
            SoftDelete               = 'SD'
            Update                   = 'UP'
            UpdateCalendarDelegation = 'UCD'
            UpdateFolderPermissions  = 'UFP'
            UpdateInboxRules         = 'UIR'
        }
    }
    switch ($PSCmdlet.ParameterSetName) {
        "GetDictionaries" {
            return $Dictionary
        }
        "ConvertActions" {
            $actionDictionary = switch ($ActionType) {
                "Admin"    { $Dictionary.AdminActions }
                "Delegate" { $Dictionary.DelegateActions }
                "Owner"    { $Dictionary.OwnerActions }
            }
            $abbreviatedActions = @()
            foreach ($action in $Actions) {
                if ($actionDictionary.ContainsKey($action)) {
                    $abbreviatedActions += $actionDictionary[$action]
                }
            }
            return $abbreviatedActions
        }
        "ReverseActions" {
            $reverseDictionary = @{}
            $originalDictionary = switch ($ReverseActionType) {
                "Admin"    { $Dictionary.AdminActions }
                "Delegate" { $Dictionary.DelegateActions }
                "Owner"    { $Dictionary.OwnerActions }
            }
            foreach ($key in $originalDictionary.Keys) {
                $reverseDictionary[$originalDictionary[$key]] = $key
            }
            $fullNames = @()
            foreach ($abbrAction in $AbbreviatedActions) {
                if ($reverseDictionary.ContainsKey($abbrAction)) {
                    $fullNames += $reverseDictionary[$abbrAction]
                }
            }
            return $fullNames
        }
    }
 }
--- a/source/Private/Get-AdminRoleUserAndAssignment.ps1
+++ b/source/Private/Get-AdminRoleUserAndAssignment.ps1
@@ -0,0 +1,38 @@
 function Get-AdminRoleUserAndAssignment {
    [CmdletBinding()]
    param ()
    $result = @{}
    # Get the DisplayNames of all admin roles
    $adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName
    # Get Admin Roles
    $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne "Directory Synchronization Accounts") }
    foreach ($role in $adminRoles) {
        Write-Verbose "Processing role: $($role.DisplayName)"
        $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
        foreach ($assignment in $roleAssignments) {
            Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)"
            $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
            if ($userDetails) {
                Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)"
                $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
                if (-not $result[$role.DisplayName]) {
                    $result[$role.DisplayName] = @()
                }
                $result[$role.DisplayName] += [PSCustomObject]@{
                    AssignmentId = $assignment.Id
                    UserDetails  = $userDetails
                    Licenses     = $licenses
                }
            }
        }
    }
    return $result
 }
--- a/source/Private/Get-CISAadOutput.ps1
+++ b/source/Private/Get-CISAadOutput.ps1
@@ -0,0 +1,39 @@
 <#
    .SYNOPSIS
        This is a sample Private function only visible within the module.
    .DESCRIPTION
        This sample function is not exported to the module and only return the data passed as parameter.
    .EXAMPLE
        $null = Get-Get-CISAadOutput -PrivateData 'NOTHING TO SEE HERE'
    .PARAMETER PrivateData
        The PrivateData parameter is what will be returned without transformation.
 #>
 function Get-CISAadOutput {
    [cmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [String]$Rec
    )
    begin {
        # Begin Block #
    <#
        # Tests
        1.2.2
        # Test number
        $testNumbers ="1.2.2"
    #>
    }
    process {
        switch ($Rec) {
            '1.2.2' {
                # Test-BlockSharedMailboxSignIn.ps1
                $users = Get-AzureADUser
            }
            default { throw "No match found for test: $Rec" }
        }
    }
    end {
        Write-Verbose "Get-CISAadOutput: Retuning data for Rec: $Rec"
        return $users
    }
 } # end function Get-CISAadOutput
--- a/source/Private/Get-CISExoOutput.ps1
+++ b/source/Private/Get-CISExoOutput.ps1
@@ -0,0 +1,297 @@
 <#
    .SYNOPSIS
        This is a sample Private function only visible within the module.
    .DESCRIPTION
        This sample function is not exported to the module and only return the data passed as parameter.
    .EXAMPLE
        $null = Get-CISExoOutput -PrivateData 'NOTHING TO SEE HERE'
    .PARAMETER PrivateData
        The PrivateData parameter is what will be returned without transformation.
 #>
 function Get-CISExoOutput {
    [cmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [String]$Rec
    )
    begin {
        # Begin Block #
        <#
        # Tests
        1.2.2
        1.3.3
        1.3.6
        2.1.1
        2.1.2
        2.1.3
        2.1.4
        2.1.5
        2.1.6
        2.1.7
        2.1.9
        3.1.1
        6.1.1
        6.1.2
        6.1.3
        6.2.1
        6.2.2
        6.2.3
        6.3.1
        6.5.1
        6.5.2
        6.5.3
        8.6.1
        # Test number array
        $testNumbers = @('1.2.2', '1.3.3', '1.3.6', '2.1.1', '2.1.2', '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '8.6.1')
    #>
    }
    process {
        Write-Verbose "Get-CISExoOutput: Retuning data for Rec: $Rec"
        switch ($Rec) {
            '1.2.2' {
                # Test-BlockSharedMailboxSignIn.ps1
                $MBX = Get-EXOMailbox -RecipientTypeDetails SharedMailbox
                # [object[]]
                return $MBX
            }
            '1.3.3' {
                # Test-ExternalSharingCalendars.ps1
                # Step: Retrieve sharing policies related to calendar sharing
                $sharingPolicies = Get-SharingPolicy | Where-Object { $_.Domains -like '*CalendarSharing*' }
                # [psobject[]]
                return $sharingPolicies
            }
            '1.3.6' {
                # Test-CustomerLockbox.ps1
                # Step: Retrieve the organization configuration (Condition C: Pass/Fail)
                $orgConfig = Get-OrganizationConfig | Select-Object CustomerLockBoxEnabled
                $customerLockboxEnabled = $orgConfig.CustomerLockBoxEnabled
                # [bool]
                return $customerLockboxEnabled
            }
            '2.1.1' {
                # Test-SafeLinksOfficeApps.ps1
                if (Get-Command Get-SafeLinksPolicy -ErrorAction SilentlyContinue) {
                    # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
                    # Retrieve all Safe Links policies
                    $policies = Get-SafeLinksPolicy
                    # Initialize the details collection
                    $misconfiguredDetails = @()
                    foreach ($policy in $policies) {
                        # Get the detailed configuration of each policy
                        $policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
                        # Check each required property and record failures
                        # Condition A: Checking policy settings
                        $failures = @()
                        if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" } # Email: On
                        if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" } # Teams: On
                        if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" } # Office 365 Apps: On
                        if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" } # Click protection settings: On
                        if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" } # Do not track when users click safe links: Off
                        # Only add details for policies that have misconfigurations
                        if ($failures.Count -gt 0) {
                            $misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
                        }
                    }
                    # [object[]]
                    return $misconfiguredDetails
                }
                else {
                    return 1
                }
            }
            '2.1.2' {
                # Test-CommonAttachmentFilter.ps1
                # 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
                # Condition A: The Common Attachment Types Filter is enabled in the Microsoft 365 Security & Compliance Center.
                # Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
                # Retrieve the attachment filter policy
                $attachmentFilter = Get-MalwareFilterPolicy -Identity Default | Select-Object EnableFileFilter
                $result = $attachmentFilter.EnableFileFilter
                # [bool]
                return $result
            }
            '2.1.3' {
                # Test-NotifyMalwareInternal.ps1
                # 2.1.3 Ensure notifications for internal users sending malware is Enabled
                # Retrieve all 'Custom' malware filter policies and check notification settings
                $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' }
                # [object[]]
                return $malwareNotifications
            }
            '2.1.4' {
                # Test-SafeAttachmentsPolicy.ps1
                if (Get-Command Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue) {
                    # Retrieve all Safe Attachment policies where Enable is set to True
                    # Check if ErrorAction needed below
                    $safeAttachmentPolicies = Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue | Where-Object { $_.Enable -eq $true }
                    # [object[]]
                    return $safeAttachmentPolicies
                    else {
                        return 1
                    }
                }
            }
            '2.1.5' {
                # Test-SafeAttachmentsTeams.ps1
                if (Get-Command Get-AtpPolicyForO365 -ErrorAction SilentlyContinue) {
                    # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
                    # Retrieve the ATP policies for Office 365 and check Safe Attachments settings
                    $atpPolicies = Get-AtpPolicyForO365
                    # Check if the required ATP policies are enabled
                    $atpPolicyResult = $atpPolicies | Where-Object {
                        $_.EnableATPForSPOTeamsODB -eq $true -and
                        $_.EnableSafeDocs -eq $true -and
                        $_.AllowSafeDocsOpen -eq $false
                    }
                    # [psobject[]]
                    return $atpPolicyResult
                }
                else {
                    return 1
                }
            }
            '2.1.6' {
                # Test-SpamPolicyAdminNotify.ps1
                # Retrieve the default hosted outbound spam filter policy
                $hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true }
                return $hostedOutboundSpamFilterPolicy
            }
            '2.1.7' {
                # Test-AntiPhishingPolicy.ps1
                # Condition A: Ensure that an anti-phishing policy has been created
                $antiPhishPolicies = Get-AntiPhishPolicy
                return $antiPhishPolicies
            }
            '2.1.9' {
                # Test-EnableDKIM.ps1
                # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
                # Retrieve DKIM configuration for all domains
                $dkimConfig = Get-DkimSigningConfig | Select-Object Domain, Enabled
                # [object[]]
                return $dkimConfig
            }
            '3.1.1' {
                # Test-AuditLogSearch.ps1
                # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
                # Retrieve the audit log configuration
                $auditLogConfig = Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled
                #
                $auditLogResult = $auditLogConfig.UnifiedAuditLogIngestionEnabled
                # [bool]
                return $auditLogResult
            }
            '6.1.1' {
                # Test-AuditDisabledFalse.ps1
                # 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
                # Retrieve the AuditDisabled configuration (Condition B)
                $auditDisabledConfig = Get-OrganizationConfig | Select-Object AuditDisabled
                # [bool]
                $auditNotDisabled = -not $auditDisabledConfig.AuditDisabled
                return $auditNotDisabled
            }
            '6.1.2' {
                # Test-MailboxAuditingE3.ps1
                $mailboxes = Get-EXOMailbox -PropertySets Audit
                # [object[]]
                return $mailboxes
            }
            '6.1.3' {
                # Test-MailboxAuditingE5.ps1
                $mailboxes = Get-EXOMailbox -PropertySets Audit
                # [object[]]
                return $mailboxes
            }
            '6.2.1' {
                # Test-BlockMailForwarding.ps1
                # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
                # Step 1: Retrieve the transport rules that redirect messages
                $transportRules = Get-TransportRule | Where-Object { $null -ne $_.RedirectMessageTo }
                if ($null -eq $transportRules) {
                    $transportRules = 1
                }
                # Step 2: Check all anti-spam outbound policies
                $outboundSpamPolicies = Get-HostedOutboundSpamFilterPolicy
                $nonCompliantSpamPolicies = $outboundSpamPolicies | Where-Object { $_.AutoForwardingMode -ne 'Off' }
                return $transportRules, $nonCompliantSpamPolicies
            }
            '6.2.2' {
                # Test-NoWhitelistDomains.ps1
                # 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
                # Retrieve transport rules that whitelist specific domains
                # Condition A: Checking for transport rules that whitelist specific domains
                # [object[]]
                $whitelistedRules = Get-TransportRule | Where-Object { $_.SetSCL -eq -1 -and $null -ne $_.SenderDomainIs }
                return $whitelistedRules
            }
            '6.2.3' {
                # Test-IdentifyExternalEmail.ps1
                # 6.2.3 (L1) Ensure email from external senders is identified
                # Retrieve external sender tagging configuration
                # [object[]]
                $externalInOutlook = Get-ExternalInOutlook
                return $externalInOutlook
            }
            '6.3.1' {
                # Test-RestrictOutlookAddins.ps1
                # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
                $customPolicyFailures = @()
                # Check all mailboxes for custom policies with unallowed add-ins
                $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy
                if ($roleAssignmentPolicies.RoleAssignmentPolicy) {
                    foreach ($policy in $roleAssignmentPolicies) {
                        if ($policy.RoleAssignmentPolicy) {
                            $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy
                            $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles }
                            # Condition B: Using PowerShell, verify that MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are not assigned to users.
                            if ($foundRoles) {
                                $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')"
                            }
                        }
                    }
                }
                # Check Default Role Assignment Policy
                $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy"
                return $customPolicyFailures, $defaultPolicy
            }
            '6.5.1' {
                # Test-ModernAuthExchangeOnline.ps1
                # Ensuring the ExchangeOnlineManagement module is available
                # 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
                # Check modern authentication setting in Exchange Online configuration (Condition A and B)
                $orgConfig = Get-OrganizationConfig | Select-Object -Property Name, OAuth2ClientProfileEnabled
                return $orgConfig
            }
            '6.5.2' {
                # Test-MailTipsEnabled.ps1
                # 6.5.2 (L2) Ensure MailTips are enabled for end users
                # Retrieve organization configuration for MailTips settings
                # [object]
                $orgConfig = Get-OrganizationConfig | Select-Object MailTipsAllTipsEnabled, MailTipsExternalRecipientsTipsEnabled, MailTipsGroupMetricsEnabled, MailTipsLargeAudienceThreshold
                return $orgConfig
            }
            '6.5.3' {
                # Test-RestrictStorageProvidersOutlook.ps1
                # 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
                # Retrieve all OwaMailbox policies
                # [object[]]
                $owaPolicies = Get-OwaMailboxPolicy
                return $owaPolicies
            }
            '8.6.1' {
                # Test-ReportSecurityInTeams.ps1
                # 8.6.1 (L1) Ensure users can report security concerns in Teams
                # Retrieve the necessary settings for Teams and Exchange Online
                # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
                # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
                $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress,ReportJunkAddresses,ReportNotJunkAddresses,ReportPhishAddresses,ReportChatMessageEnabled,ReportChatMessageToCustomizedAddressEnabled
                return $ReportSubmissionPolicy
            }
            default { throw "No match found for test: $Rec" }
        }
    }
    end {
        Write-Verbose "Retuning data for Rec: $Rec"
    }
 } # end function Get-CISExoOutput
--- a/source/Private/Get-CISMSTeamsOutput.ps1
+++ b/source/Private/Get-CISMSTeamsOutput.ps1
@@ -0,0 +1,275 @@
 <#
    .SYNOPSIS
        This is a sample Private function only visible within the module.
    .DESCRIPTION
        This sample function is not exported to the module and only return the data passed as parameter.
    .EXAMPLE
        $null = Get-CISMSTeamsOutput -PrivateData 'NOTHING TO SEE HERE'
    .PARAMETER PrivateData
        The PrivateData parameter is what will be returned without transformation.
 #>
 function Get-CISMSTeamsOutput {
    [cmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [String]$Rec
    )
    begin {
        # Begin Block #
        <#
            # Tests
            8.1.1
            8.1.2
            8.2.1
            8.5.1
            8.5.2
            8.5.3
            8.5.4
            8.5.5
            8.5.6
            8.5.7
            8.6.1
            # Test number array
            $testNumbers = @('8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', '8.5.7', '8.6.1')
        #>
    }
    process {
        Write-Verbose "Get-CISMSTeamsOutput: Retuning data for Rec: $Rec"
        switch ($Rec) {
            '8.1.1' {
                # Test-TeamsExternalFileSharing.ps1
                # 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
                # Connect to Teams PowerShell using Connect-MicrosoftTeams
                # Condition A: The `AllowDropbox` setting is set to `False`.
                # Condition B: The `AllowBox` setting is set to `False`.
                # Condition C: The `AllowGoogleDrive` setting is set to `False`.
                # Condition D: The `AllowShareFile` setting is set to `False`.
                # Condition E: The `AllowEgnyte` setting is set to `False`.
                # Assuming that 'approvedProviders' is a list of approved cloud storage service names
                # This list must be defined according to your organization's approved cloud storage services
                $clientConfig = Get-CsTeamsClientConfiguration
                return $clientConfig
            }
            '8.1.2' {
                # Test-BlockChannelEmails.ps1
                # 8.1.2 (L1) Ensure users can't send emails to a channel email address
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: The `AllowEmailIntoChannel` setting in Teams is set to `False`.
                #   - Condition B: The setting `Users can send emails to a channel email address` is set to `Off` in the Teams admin center.
                #   - Condition C: Verification using PowerShell confirms that the `AllowEmailIntoChannel` setting is disabled.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: The `AllowEmailIntoChannel` setting in Teams is not set to `False`.
                #   - Condition B: The setting `Users can send emails to a channel email address` is not set to `Off` in the Teams admin center.
                #   - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled.
                # Retrieve Teams client configuration
                $teamsClientConfig = Get-CsTeamsClientConfiguration -Identity Global
                return $teamsClientConfig
            }
            '8.2.1' {
                # Test-TeamsExternalAccess.ps1
                # 8.2.1 (L1) Ensure 'external access' is restricted in the Teams admin center
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: The `AllowTeamsConsumer` setting is `False`.
                #   - Condition B: The `AllowPublicUsers` setting is `False`.
                #   - Condition C: The `AllowFederatedUsers` setting is `False` or, if `True`, the `AllowedDomains` contains only authorized domain names.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: The `AllowTeamsConsumer` setting is not `False`.
                #   - Condition B: The `AllowPublicUsers` setting is not `False`.
                #   - Condition C: The `AllowFederatedUsers` setting is `True` and the `AllowedDomains` contains unauthorized domain names or is not configured correctly.
                # Connect to Teams PowerShell using Connect-MicrosoftTeams
                $externalAccessConfig = Get-CsTenantFederationConfiguration
                return $externalAccessConfig
            }
            '8.5.1' {
                # Test-NoAnonymousMeetingJoin.ps1
                # 8.5.1 (L2) Ensure anonymous users can't join a meeting
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: `AllowAnonymousUsersToJoinMeeting` is set to `False`.
                #   - Condition B: Verification using the UI confirms that `Anonymous users can join a meeting` is set to `Off` in the Global meeting policy.
                #   - Condition C: PowerShell command output indicates that anonymous users are not allowed to join meetings.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: `AllowAnonymousUsersToJoinMeeting` is not set to `False`.
                #   - Condition B: Verification using the UI shows that `Anonymous users can join a meeting` is not set to `Off` in the Global meeting policy.
                #   - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings.
                # Connect to Teams PowerShell using Connect-MicrosoftTeams
                $teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global
                return $teamsMeetingPolicy
            }
            '8.5.2' {
                # Test-NoAnonymousMeetingStart.ps1
                # 8.5.2 (L1) Ensure anonymous users and dial-in callers can't start a meeting
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: The `AllowAnonymousUsersToStartMeeting` setting in the Teams admin center is set to `False`.
                #   - Condition B: The setting for anonymous users and dial-in callers starting a meeting is configured to ensure they must wait in the lobby.
                #   - Condition C: Verification using the UI confirms that the setting `Anonymous users and dial-in callers can start a meeting` is set to `Off`.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: The `AllowAnonymousUsersToStartMeeting` setting in the Teams admin center is not set to `False`.
                #   - Condition B: The setting for anonymous users and dial-in callers starting a meeting allows them to bypass the lobby.
                #   - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`.
                # Connect to Teams PowerShell using Connect-MicrosoftTeams
                # Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings
                $CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting
                return $CsTeamsMeetingPolicyAnonymous
            }
            '8.5.3' {
                # Test-OrgOnlyBypassLobby.ps1
                # 8.5.3 (L1) Ensure only people in my org can bypass the lobby
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is set to `EveryoneInCompanyExcludingGuests`.
                #   - Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI.
                #   - Condition C: Verification using the Microsoft Teams admin center confirms that the meeting join & lobby settings are configured as recommended.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
                #   - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI.
                #   - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
                # Connect to Teams PowerShell using Connect-MicrosoftTeams
                # Retrieve the Teams meeting policy for lobby bypass settings
                $CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers
                return $CsTeamsMeetingPolicyLobby
            }
            '8.5.4' {
                # Test-DialInBypassLobby.ps1
                # 8.5.4 (L1) Ensure users dialing in can't bypass the lobby
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: The `AllowPSTNUsersToBypassLobby` setting in the Global Teams meeting policy is set to `False`.
                #   - Condition B: Verification using the UI in the Microsoft Teams admin center confirms that "People dialing in can't bypass the lobby" is set to `Off`.
                #   - Condition C: Ensure that individuals who dial in by phone must wait in the lobby until admitted by a meeting organizer, co-organizer, or presenter.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: The `AllowPSTNUsersToBypassLobby` setting in the Global Teams meeting policy is not set to `False`.
                #   - Condition B: Verification using the UI in the Microsoft Teams admin center shows that "People dialing in can't bypass the lobby" is not set to `Off`.
                #   - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby.
                # Retrieve Teams meeting policy for PSTN users
                $CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby
                return $CsTeamsMeetingPolicyPSTN
            }
            '8.5.5' {
                # Test-MeetingChatNoAnonymous.ps1
                # 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: The `MeetingChatEnabledType` setting in Teams is set to `EnabledExceptAnonymous`.
                #   - Condition B: The setting for meeting chat is configured to allow chat for everyone except anonymous users.
                #   - Condition C: Verification using the Teams Admin Center confirms that the meeting chat settings are configured as recommended.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: The `MeetingChatEnabledType` setting in Teams is not set to `EnabledExceptAnonymous`.
                #   - Condition B: The setting for meeting chat allows chat for anonymous users.
                #   - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended.
                # Retrieve the Teams meeting policy for meeting chat
                $CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType
                return $CsTeamsMeetingPolicyChat
            }
            '8.5.6' {
                # Test-OrganizersPresent.ps1
                # 8.5.6 (L2) Ensure only organizers and co-organizers can present
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is set to `OrganizerOnlyUserOverride`.
                #   - Condition B: Verification using the Teams admin center confirms that the setting "Who can present" is configured to "Only organizers and co-organizers".
                #   - Condition C: Verification using PowerShell confirms that the `DesignatedPresenterRoleMode` is set to `OrganizerOnlyUserOverride`.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is not set to `OrganizerOnlyUserOverride`.
                #   - Condition B: Verification using the Teams admin center indicates that the setting "Who can present" is not configured to "Only organizers and co-organizers".
                #   - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`.
                # Retrieve the Teams meeting policy for presenters
                $CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode
                return $CsTeamsMeetingPolicyPresenters
            }
            '8.5.7' {
                # Test-ExternalNoControl.ps1
                # 8.5.7 (L1) Ensure external participants can't give or request control
                #
                # Validate test for a pass:
                # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
                # - Specific conditions to check:
                #   - Condition A: Ensure the `AllowExternalParticipantGiveRequestControl` setting in Teams is set to `False`.
                #   - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
                #   - Condition C: Verification using the UI confirms that external participants are unable to give or request control.
                #
                # Validate test for a fail:
                # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
                # - Specific conditions to check:
                #   - Condition A: The `AllowExternalParticipantGiveRequestControl` setting in Teams is not set to `False`.
                #   - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
                #   - Condition C: Verification using the UI indicates that external participants can give or request control.
                # Retrieve Teams meeting policy for external participant control
                $CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl
                return $CsTeamsMeetingPolicyControl
            }
            '8.6.1' {
                # Test-ReportSecurityInTeams.ps1
                # 8.6.1 (L1) Ensure users can report security concerns in Teams
                # Retrieve the necessary settings for Teams and Exchange Online
                # Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
                $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
                return $CsTeamsMessagingPolicy
            }
            default { throw "No match found for test: $Rec" }
        }
    }
    end {
        Write-Verbose "Retuning data for Rec: $Rec"
    }
 } # end function Get-CISMSTeamsOutput
--- a/source/Private/Get-CISMgOutput.ps1
+++ b/source/Private/Get-CISMgOutput.ps1
@@ -0,0 +1,110 @@
 function Get-CISMgOutput {
    <#
    .SYNOPSIS
    This is a sample Private function only visible within the module.
    .DESCRIPTION
    This sample function is not exported to the module and only return the data passed as parameter.
    .EXAMPLE
    $null = Get-CISMgOutput -PrivateData 'NOTHING TO SEE HERE'
    .PARAMETER PrivateData
    The PrivateData parameter is what will be returned without transformation.
 #>
    [cmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [String]$Rec,
        [Parameter(Mandatory = $false)]
        [String]$DomainName
    )
    begin {
        # Begin Block #
        # Tests
        <#
            1.1.1
            1.1.3
            1.2.1
            1.3.1
            5.1.2.3
            5.1.8.1
            6.1.2
            6.1.3
            # Test number array
            $testNumbers = @('1.1.1', '1.1.3', '1.2.1', '1.3.1', '5.1.2.3', '5.1.8.1', '6.1.2', '6.1.3')
        #>
    }
    process {
        Write-Verbose "Get-CISMgOutput: Retuning data for Rec: $Rec"
        switch ($rec) {
            '1.1.1' {
                # 1.1.1
                $AdminRoleAssignmentsAndUsers = Get-AdminRoleUserAndAssignment
                return $AdminRoleAssignmentsAndUsers
            }
            '1.1.3' {
                # Step: Retrieve global admin role
                $globalAdminRole = Get-MgDirectoryRole -Filter "RoleTemplateId eq '62e90394-69f5-4237-9190-012177145e10'"
                # Step: Retrieve global admin members
                $globalAdmins = Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRole.Id
                return $globalAdmins
            }
            '1.2.1' {
                $allGroups = Get-MgGroup -All | Where-Object { $_.Visibility -eq "Public" } | Select-Object DisplayName, Visibility
                return $allGroups
            }
            '1.3.1' {
                # Test-PasswordNeverExpirePolicy.ps1
                $domains = if ($DomainName) {
                    Get-MgDomain -DomainId $DomainName
                }
                else {
                    Get-MgDomain
                }
                return $domains
            }
            '5.1.2.3' {
                # Retrieve the tenant creation policy
                $tenantCreationPolicy = (Get-MgPolicyAuthorizationPolicy).DefaultUserRolePermissions | Select-Object AllowedToCreateTenants
                return $tenantCreationPolicy
            }
            '5.1.8.1' {
                # Retrieve password hash sync status (Condition A and C)
                $passwordHashSync = Get-MgOrganization | Select-Object -ExpandProperty OnPremisesSyncEnabled
                return $passwordHashSync
            }
            '6.1.2' {
                $tenantSkus = Get-MgSubscribedSku -All
                $e3SkuPartNumber = "SPE_E3"
                $founde3Sku = $tenantSkus | Where-Object { $_.SkuPartNumber -eq $e3SkuPartNumber }
                if ($founde3Sku.Count -ne 0) {
                    $allE3Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde3Sku.SkuId) )" -All
                    return $allE3Users
                }
                else {
                    return $null
                }
            }
            '6.1.3' {
                $tenantSkus = Get-MgSubscribedSku -All
                $e5SkuPartNumber = "SPE_E5"
                $founde5Sku = $tenantSkus | Where-Object { $_.SkuPartNumber -eq $e5SkuPartNumber }
                if ($founde5Sku.Count -ne 0) {
                    $allE5Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde5Sku.SkuId) )" -All
                    return $allE5Users
                }
                else {
                    return $null
                }
            }
            default { throw "No match found for test: $Rec" }
        }
    }
    end {
        Write-Verbose "Retuning data for Rec: $Rec"
    }
 } # end function Get-CISMgOutput
--- a/source/Private/Get-CISSpoOutput.ps1
+++ b/source/Private/Get-CISSpoOutput.ps1
@@ -0,0 +1,119 @@
 <#
    .SYNOPSIS
        This is a sample Private function only visible within the module.
    .DESCRIPTION
        This sample function is not exported to the module and only return the data passed as parameter.
    .EXAMPLE
        $null = Get-CISSpoOutput -PrivateData 'NOTHING TO SEE HERE'
    .PARAMETER PrivateData
        The PrivateData parameter is what will be returned without transformation.
 #>
 function Get-CISSpoOutput {
    [cmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [String]$Rec
    )
    begin {
        # Begin Block #
        <#
            # Tests
            7.2.1
            7.2.2
            7.2.3
            7.2.4
            7.2.5
            7.2.6
            7.2.7
            7.2.9
            7.2.10
            7.3.1
            7.3.2
            7.3.4
            # Test number array
            $testNumbers = @('7.2.1', '7.2.2', '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.2.10', '7.3.1', '7.3.2', '7.3.4')
        #>
    }
    process {
        Write-Verbose "Retuning data for Rec: $Rec"
        switch ($Rec) {
            '7.2.1' {
                # Test-ModernAuthSharePoint.ps1
                $SPOTenant = Get-SPOTenant | Select-Object -Property LegacyAuthProtocolsEnabled
                return $SPOTenant
            }
            '7.2.2' {
                # Test-SharePointAADB2B.ps1
                # 7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
                $SPOTenantAzureADB2B = Get-SPOTenant | Select-Object EnableAzureADB2BIntegration
                return $SPOTenantAzureADB2B
            }
            '7.2.3' {
                # Test-RestrictExternalSharing.ps1
                # 7.2.3 (L1) Ensure external content sharing is restricted
                # Retrieve the SharingCapability setting for the SharePoint tenant
                $SPOTenantSharingCapability = Get-SPOTenant | Select-Object SharingCapability
                return $SPOTenantSharingCapability
            }
            '7.2.4' {
                # Test-OneDriveContentRestrictions.ps1
                $SPOTenant = Get-SPOTenant | Select-Object OneDriveSharingCapability
                return $SPOTenant
            }
            '7.2.5' {
                # Test-SharePointGuestsItemSharing.ps1
                # 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
                $SPOTenant = Get-SPOTenant | Select-Object PreventExternalUsersFromResharing
                return $SPOTenant
            }
            '7.2.6' {
                # Test-SharePointExternalSharingDomains.ps1
                # 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
                $SPOTenant = Get-SPOTenant | Select-Object SharingDomainRestrictionMode, SharingAllowedDomainList
                return $SPOTenant
            }
            '7.2.7' {
                # Test-LinkSharingRestrictions.ps1
                # Retrieve link sharing configuration for SharePoint and OneDrive
                $SPOTenantLinkSharing = Get-SPOTenant | Select-Object DefaultSharingLinkType
                return $SPOTenantLinkSharing
            }
            '7.2.9' {
                # Test-GuestAccessExpiration.ps1
                # Retrieve SharePoint tenant settings related to guest access expiration
                $SPOTenantGuestAccess = Get-SPOTenant | Select-Object ExternalUserExpirationRequired, ExternalUserExpireInDays
                return $SPOTenantGuestAccess
            }
            '7.2.10' {
                # Test-ReauthWithCode.ps1
                # 7.2.10 (L1) Ensure reauthentication with verification code is restricted
                # Retrieve reauthentication settings for SharePoint Online
                $SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays
                return $SPOTenantReauthentication
            }
            '7.3.1' {
                # Test-DisallowInfectedFilesDownload.ps1
                # Retrieve the SharePoint tenant configuration
                $SPOTenantDisallowInfectedFileDownload = Get-SPOTenant | Select-Object DisallowInfectedFileDownload
                return $SPOTenantDisallowInfectedFileDownload
            }
            '7.3.2' {
                # Test-OneDriveSyncRestrictions.ps1
                # Retrieve OneDrive sync client restriction settings
                $SPOTenantSyncClientRestriction = Get-SPOTenantSyncClientRestriction | Select-Object TenantRestrictionEnabled, AllowedDomainList
                return $SPOTenantSyncClientRestriction
            }
            '7.3.4' {
                # Test-RestrictCustomScripts.ps1
                # Retrieve all site collections and select necessary properties
                $SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages
                return $SPOSitesCustomScript
            }
            default { throw "No match found for test: $Rec" }
        }
    }
    end {
        Write-Verbose "Retuning data for Rec: $Rec"
    }
 } # end function Get-CISMSTeamsOutput
--- a/source/Private/Get-ExceededLengthResultDetail.ps1
+++ b/source/Private/Get-ExceededLengthResultDetail.ps1
@@ -0,0 +1,54 @@
 function Get-ExceededLengthResultDetail {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true, ParameterSetName = 'UpdateArray')]
        [Parameter(Mandatory = $true, ParameterSetName = 'ReturnExceedingTests')]
        [object[]]$AuditResults,
        [Parameter(Mandatory = $true, ParameterSetName = 'UpdateArray')]
        [Parameter(Mandatory = $true, ParameterSetName = 'ReturnExceedingTests')]
        [string[]]$TestNumbersToCheck,
        [Parameter(Mandatory = $false, ParameterSetName = 'UpdateArray')]
        [string[]]$ExportedTests,
        [Parameter(Mandatory = $true, ParameterSetName = 'ReturnExceedingTests')]
        [switch]$ReturnExceedingTestsOnly,
        [int]$DetailsLengthLimit = 30000,
        [Parameter(Mandatory = $true, ParameterSetName = 'UpdateArray')]
        [int]$PreviewLineCount = 50
    )
    $exceedingTests = @()
    $updatedResults = @()
    for ($i = 0; $i -lt $AuditResults.Count; $i++) {
        $auditResult = $AuditResults[$i]
        if ($auditResult.Rec -in $TestNumbersToCheck) {
            if ($auditResult.Details.Length -gt $DetailsLengthLimit) {
                if ($ReturnExceedingTestsOnly) {
                    $exceedingTests += $auditResult.Rec
                } else {
                    $previewLines = ($auditResult.Details -split '\r?\n' | Select-Object -First $PreviewLineCount) -join "`n"
                    $message = "The test result is too large to be exported to CSV. Use the audit result and the export function for full output.`n`nPreview:`n$previewLines"
                    if ($ExportedTests -contains $auditResult.Rec) {
                        Write-Information "The test result for $($auditResult.Rec) is too large for CSV and was included in the export. Check the exported files."
                        $auditResult.Details = $message
                    } else {
                        $auditResult.Details = $message
                    }
                }
            }
        }
        $updatedResults += $auditResult
    }
    if ($ReturnExceedingTestsOnly) {
        return $exceedingTests
    } else {
        return $updatedResults
    }
 }
--- a/source/Private/Get-TestError.ps1
+++ b/source/Private/Get-TestError.ps1
@@ -0,0 +1,33 @@
 <#
    .SYNOPSIS
    This is a sample Private function only visible within the module.
    .DESCRIPTION
    This sample function is not exported to the module and only return the data passed as parameter.
    .EXAMPLE
    $null = Get-TestError -PrivateData 'NOTHING TO SEE HERE'
    .PARAMETER PrivateData
    The PrivateData parameter is what will be returned without transformation.
 #>
 function Get-TestError {
    [cmdletBinding()]
    param (
        $LastError,
        $recnum
    )
    # Retrieve the description from the test definitions
    $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
    $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
    $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $LastError })
    # Call Initialize-CISAuditResult with error parameters
    $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
    Write-Verbose "An error occurred during the test: `n$LastError" -Verbose
    return $auditResult
 }
--- a/source/Private/Get-UrlLine.ps1
+++ b/source/Private/Get-UrlLine.ps1
@@ -0,0 +1,32 @@
 <#
    .SYNOPSIS
        This is a sample Private function only visible within the module.
    .DESCRIPTION
        This sample function is not exported to the module and only return the data passed as parameter.
    .EXAMPLE
        $null = Get-UrlLine -PrivateData 'NOTHING TO SEE HERE'
    .PARAMETER PrivateData
        The PrivateData parameter is what will be returned without transformation.
 #>
 function Get-UrlLine {
    [cmdletBinding()]
    [OutputType([string])]
        param (
            [Parameter(Mandatory=$true)]
            [string]$Output
        )
        # Split the output into lines
        $Lines = $Output -split "`n"
        # Iterate over each line
        foreach ($Line in $Lines) {
            # If the line starts with 'https', return it
            if ($Line.StartsWith('https')) {
                return $Line.Trim()
            }
        }
        # If no line starts with 'https', return an empty string
        return $null
    }
--- a/source/Private/Initialize-LargeTestTable.ps1
+++ b/source/Private/Initialize-LargeTestTable.ps1
@@ -0,0 +1,36 @@
 <#
    .SYNOPSIS
    This function generates a large table with the specified number of lines.
    .DESCRIPTION
    This function generates a large table with the specified number of lines. The table has a header and each line has the same format.
    .EXAMPLE
    Initialize-LargeTestTable -lineCount 1000
    .PARAMETER lineCount
    The number of lines to generate.
    .INPUTS
    System.Int32
    .OUTPUTS
    System.String
    .NOTES
    The function is intended for testing purposes.
 #>
 function Initialize-LargeTestTable {
    [cmdletBinding()]
    [OutputType([string])]
    param(
        [Parameter()]
        [int]$lineCount = 1000 # Number of lines to generate
    )
    process {
        $header = "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing"
        $lineTemplate = "user{0}@contosonorthwind.net|True|FB,CP,MV|FB,MV|ML,MV,CR"
        # Generate the header and lines
        $lines = @($header)
        for ($i = 1; $i -le $lineCount; $i++) {
            $lines += [string]::Format($lineTemplate, $i)
        }
        $output = $lines -join "`n"
        Write-Host "Details character count: $($output.Length)"
        return $output
    }
 }
--- a/source/Private/Measure-AuditResult.ps1
+++ b/source/Private/Measure-AuditResult.ps1
@@ -19,7 +19,7 @@ function Measure-AuditResult {
    # Display the pass percentage to the user
    Write-Host "Audit completed. $passedTests out of $totalTests tests passed." -ForegroundColor Cyan
-    Write-Host "Your passing percentage is $passPercentage%."
+    Write-Host "Your passing percentage is $passPercentage%." -ForegroundColor Magenta
    # Display details of failed tests
    if ($FailedTests.Count -gt 0) {
--- a/source/Private/Merge-CISExcelAndCsvData.ps1
+++ b/source/Private/Merge-CISExcelAndCsvData.ps1
@@ -1,42 +0,0 @@
 function Merge-CISExcelAndCsvData {
    [CmdletBinding(DefaultParameterSetName = 'CsvInput')]
    [OutputType([PSCustomObject[]])]
    param (
        [Parameter(Mandatory = $true)]
        [string]$ExcelPath,
        [Parameter(Mandatory = $true)]
        [string]$WorksheetName,
        [Parameter(Mandatory = $true, ParameterSetName = 'CsvInput')]
        [string]$CsvPath,
        [Parameter(Mandatory = $true, ParameterSetName = 'ObjectInput')]
        [CISAuditResult[]]$AuditResults
    )
    process {
        # Import data from Excel
        $import = Import-Excel -Path $ExcelPath -WorksheetName $WorksheetName
        # Import data from CSV or use provided object
        $csvData = if ($PSCmdlet.ParameterSetName -eq 'CsvInput') {
            Import-Csv -Path $CsvPath
        } else {
            $AuditResults
        }
        # Iterate over each item in the imported Excel object and merge with CSV data or audit results
        $mergedData = foreach ($item in $import) {
            $csvRow = $csvData | Where-Object { $_.Rec -eq $item.'recommendation #' }
            if ($csvRow) {
                New-MergedObject -ExcelItem $item -CsvRow $csvRow
            } else {
                New-MergedObject -ExcelItem $item -CsvRow ([PSCustomObject]@{Connection=$null;Status=$null; Details=$null; FailureReason=$null })
            }
        }
        # Return the merged data
        return $mergedData
    }
 }
--- a/source/Private/New-MergedObject.ps1
+++ b/source/Private/New-MergedObject.ps1
@@ -1,22 +0,0 @@
 function New-MergedObject {
    [CmdletBinding()]
    [OutputType([PSCustomObject])]
    param (
        [Parameter(Mandatory = $true)]
        [psobject]$ExcelItem,
        [Parameter(Mandatory = $true)]
        [psobject]$CsvRow
    )
    $newObject = New-Object PSObject
    foreach ($property in $ExcelItem.PSObject.Properties) {
        $newObject | Add-Member -MemberType NoteProperty -Name $property.Name -Value $property.Value
    }
    $newObject | Add-Member -MemberType NoteProperty -Name 'CSV_Connection' -Value $CsvRow.Connection
    $newObject | Add-Member -MemberType NoteProperty -Name 'CSV_Status' -Value $CsvRow.Status
    $newObject | Add-Member -MemberType NoteProperty -Name 'CSV_Details' -Value $CsvRow.Details
    $newObject | Add-Member -MemberType NoteProperty -Name 'CSV_FailureReason' -Value $CsvRow.FailureReason
    return $newObject
 }
--- a/source/Private/Update-CISExcelWorksheet.ps1
+++ b/source/Private/Update-CISExcelWorksheet.ps1
@@ -1,34 +0,0 @@
 function Update-CISExcelWorksheet {
    [OutputType([void])]
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string]$ExcelPath,
        [Parameter(Mandatory = $true)]
        [string]$WorksheetName,
        [Parameter(Mandatory = $true)]
        [psobject[]]$Data,
        [Parameter(Mandatory = $false)]
        [int]$StartingRowIndex = 2 # Default starting row index, assuming row 1 has headers
    )
    process {
        # Load the existing Excel sheet
        $excelPackage = Open-ExcelPackage -Path $ExcelPath
        $worksheet = $excelPackage.Workbook.Worksheets[$WorksheetName]
        if (-not $worksheet) {
            throw "Worksheet '$WorksheetName' not found in '$ExcelPath'"
        }
        # Update the worksheet with the provided data
        Update-WorksheetCell -Worksheet $worksheet -Data $Data -StartingRowIndex $StartingRowIndex
        # Save and close the Excel package
        Close-ExcelPackage $excelPackage
    }
 }
--- a/source/Private/Update-WorksheetCell.ps1
+++ b/source/Private/Update-WorksheetCell.ps1
@@ -1,29 +0,0 @@
 function Update-WorksheetCell {
    [OutputType([void])]
    param (
        $Worksheet,
        $Data,
        $StartingRowIndex
    )
    # Check and set headers
    $firstItem = $Data[0]
    $colIndex = 1
    foreach ($property in $firstItem.PSObject.Properties) {
        if ($StartingRowIndex -eq 2 -and $Worksheet.Cells[1, $colIndex].Value -eq $null) {
            $Worksheet.Cells[1, $colIndex].Value = $property.Name
        }
        $colIndex++
    }
    # Iterate over each row in the data and update cells
    $rowIndex = $StartingRowIndex
    foreach ($item in $Data) {
        $colIndex = 1
        foreach ($property in $item.PSObject.Properties) {
            $Worksheet.Cells[$rowIndex, $colIndex].Value = $property.Value
            $colIndex++
        }
        $rowIndex++
    }
 }
--- a/source/Public/Export-M365SecurityAuditTable.ps1
+++ b/source/Public/Export-M365SecurityAuditTable.ps1
@@ -0,0 +1,228 @@
 <#
    .SYNOPSIS
    Exports M365 security audit results to a CSV file or outputs a specific test result as an object.
    .DESCRIPTION
    This function exports M365 security audit results from either an array of CISAuditResult objects or a CSV file.
    It can export all results to a specified path or output a specific test result as an object.
    .PARAMETER AuditResults
    An array of CISAuditResult objects containing the audit results.
    .PARAMETER CsvPath
    The path to a CSV file containing the audit results.
    .PARAMETER OutputTestNumber
    The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
    .PARAMETER ExportAllTests
    Switch to export all test results.
    .PARAMETER ExportPath
    The path where the CSV files will be exported.
    .PARAMETER ExportOriginalTests
    Switch to export the original audit results to a CSV file.
    .PARAMETER ExportToExcel
    Switch to export the results to an Excel file.
    .INPUTS
    [CISAuditResult[]], [string]
    .OUTPUTS
    [PSCustomObject]
    .EXAMPLE
    Export-M365SecurityAuditTable -AuditResults $object -OutputTestNumber 6.1.2
    # Output object for a single test number from audit results
    .EXAMPLE
    Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp"
    # Export all results from audit results to the specified path
    .EXAMPLE
    Export-M365SecurityAuditTable -CsvPath "C:\temp\auditresultstoday1.csv" -OutputTestNumber 6.1.2
    # Output object for a single test number from CSV
    .EXAMPLE
    Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp"
    # Export all results from CSV to the specified path
    .EXAMPLE
    Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportOriginalTests
    # Export all results from audit results to the specified path along with the original tests
    .EXAMPLE
    Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" -ExportOriginalTests
    # Export all results from CSV to the specified path along with the original tests
    .LINK
    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable
 #>
 function Export-M365SecurityAuditTable {
    [CmdletBinding()]
    [OutputType([PSCustomObject])]
    param (
        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $true, Position = 2, ParameterSetName = "OutputObjectFromAuditResultsSingle")]
        [CISAuditResult[]]$AuditResults,
        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "ExportAllResultsFromCsv")]
        [Parameter(Mandatory = $true, Position = 2, ParameterSetName = "OutputObjectFromCsvSingle")]
        [ValidateScript({ (Test-Path $_) -and ((Get-Item $_).PSIsContainer -eq $false) })]
        [string]$CsvPath,
        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "OutputObjectFromAuditResultsSingle")]
        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "OutputObjectFromCsvSingle")]
        [ValidateSet("1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4")]
        [string]$OutputTestNumber,
        [Parameter(Mandatory = $false, Position = 0, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $false, Position = 0, ParameterSetName = "ExportAllResultsFromCsv")]
        [switch]$ExportAllTests,
        [Parameter(Mandatory = $true, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $true, ParameterSetName = "ExportAllResultsFromCsv")]
        [string]$ExportPath,
        [Parameter(Mandatory = $false, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $false, ParameterSetName = "ExportAllResultsFromCsv")]
        [switch]$ExportOriginalTests,
        [Parameter(Mandatory = $false, ParameterSetName = "ExportAllResultsFromAuditResults")]
        [Parameter(Mandatory = $false, ParameterSetName = "ExportAllResultsFromCsv")]
        [switch]$ExportToExcel
    )
    if ($ExportToExcel) {
        Assert-ModuleAvailability -ModuleName ImportExcel -RequiredVersion "7.8.9"
    }
    if ($PSCmdlet.ParameterSetName -like "ExportAllResultsFromCsv" -or $PSCmdlet.ParameterSetName -eq "OutputObjectFromCsvSingle") {
        $AuditResults = Import-Csv -Path $CsvPath | ForEach-Object {
            $params = @{
                Rec           = $_.Rec
                Result        = [bool]$_.Result
                Status        = $_.Status
                Details       = $_.Details
                FailureReason = $_.FailureReason
            }
            Initialize-CISAuditResult @params
        }
    }
    if ($ExportAllTests) {
        $TestNumbers = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
    }
    $results = @()
    $testsToProcess = if ($OutputTestNumber) { @($OutputTestNumber) } else { $TestNumbers }
    foreach ($test in $testsToProcess) {
        $auditResult = $AuditResults | Where-Object { $_.Rec -eq $test }
        if (-not $auditResult) {
            Write-Information "No audit results found for the test number $test."
            continue
        }
        switch ($test) {
            "6.1.2" {
                $details = $auditResult.Details
                if ($details -ne "No M365 E3 licenses found.") {
                    $csv = $details | ConvertFrom-Csv -Delimiter '|'
                }
                else {
                    $csv = $null
                }
                if ($null -ne $csv) {
                    foreach ($row in $csv) {
                        $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }) -join ','
                        $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate | Where-Object { $_ -notin @("MailItemsAccessed") }) -join ','
                        $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }) -join ','
                    }
                    $newObjectDetails = $csv
                }
                else {
                    $newObjectDetails = $details
                }
                $results += [PSCustomObject]@{ TestNumber = $test; Details = $newObjectDetails }
            }
            "6.1.3" {
                $details = $auditResult.Details
                if ($details -ne "No M365 E5 licenses found.") {
                    $csv = $details | ConvertFrom-Csv -Delimiter '|'
                }
                else {
                    $csv = $null
                }
                if ($null -ne $csv) {
                    foreach ($row in $csv) {
                        $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin) -join ','
                        $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate) -join ','
                        $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner) -join ','
                    }
                    $newObjectDetails = $csv
                }
                else {
                    $newObjectDetails = $details
                }
                $results += [PSCustomObject]@{ TestNumber = $test; Details = $newObjectDetails }
            }
            Default {
                $details = $auditResult.Details
                $csv = $details | ConvertFrom-Csv -Delimiter '|'
                $results += [PSCustomObject]@{ TestNumber = $test; Details = $csv }
            }
        }
    }
    if ($ExportPath) {
        $timestamp = (Get-Date).ToString("yyyy.MM.dd_HH.mm.ss")
        $exportedTests = @()
        foreach ($result in $results) {
            $testDef = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $result.TestNumber }
            if ($testDef) {
                $fileName = "$ExportPath\$($timestamp)_$($result.TestNumber).$($testDef.TestFileName -replace '\.ps1$').csv"
                if ($result.Details.Count -eq 0) {
                    Write-Information "No results found for test number $($result.TestNumber)." -InformationAction Continue
                }
                else {
                    if (($result.Details -ne "No M365 E3 licenses found.") -and ($result.Details -ne "No M365 E5 licenses found.")) {
                        if ($ExportToExcel) {
                            $xlsxPath = [System.IO.Path]::ChangeExtension($fileName, '.xlsx')
                            $result.Details | Export-Excel -Path $xlsxPath -WorksheetName Table -TableName Table -AutoSize -TableStyle Medium2
                        }
                        else {
                            $result.Details | Export-Csv -Path $fileName -NoTypeInformation
                        }
                        $exportedTests += $result.TestNumber
                    }
                }
            }
        }
        if ($exportedTests.Count -gt 0) {
            Write-Information "The following tests were exported: $($exportedTests -join ', ')" -InformationAction Continue
        }
        else {
            if ($ExportOriginalTests) {
                Write-Information "Full audit results exported however, none of the following tests had exports: `n1.1.1, 1.3.1, 6.1.2, 6.1.3, 7.3.4" -InformationAction Continue
            }
            else {
                Write-Information "No specified tests were included in the export." -InformationAction Continue
            }
        }
        if ($ExportOriginalTests) {
            # Define the test numbers to check
            $TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
            # Check for large details and update the AuditResults array
            $updatedAuditResults = Get-ExceededLengthResultDetail -AuditResults $AuditResults -TestNumbersToCheck $TestNumbersToCheck -ExportedTests $exportedTests -DetailsLengthLimit 30000 -PreviewLineCount 25
            $originalFileName = "$ExportPath\$timestamp`_M365FoundationsAudit.csv"
            if ($ExportToExcel) {
                $xlsxPath = [System.IO.Path]::ChangeExtension($originalFileName, '.xlsx')
                $updatedAuditResults | Export-Excel -Path $xlsxPath -WorksheetName Table -TableName Table -AutoSize -TableStyle Medium2
            }
            else {
            $updatedAuditResults | Export-Csv -Path $originalFileName -NoTypeInformation
            }
        }
    }
    elseif ($OutputTestNumber) {
        if ($results[0].Details) {
            return $results[0].Details
        }
        else {
            Write-Information "No results found for test number $($OutputTestNumber)." -InformationAction Continue
        }
    }
    else {
        Write-Error "No valid operation specified. Please provide valid parameters."
    }
 }
--- a/source/Public/Get-AdminRoleUserLicense.ps1
+++ b/source/Public/Get-AdminRoleUserLicense.ps1
@@ -25,7 +25,6 @@
    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense
 #>
 function Get-AdminRoleUserLicense {
    # Set output type to System.Collections.ArrayList
    [OutputType([System.Collections.ArrayList])]
    [CmdletBinding()]
    param (
@@ -42,33 +41,37 @@ function Get-AdminRoleUserLicense {
        $userIds = [System.Collections.ArrayList]::new()
    }
-    Process {
+    process {
-        $adminroles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+        Write-Verbose "Retrieving all admin roles"
        $adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName
-        foreach ($role in $adminroles) {
+        Write-Verbose "Filtering admin roles"
-            $usersInRole = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+        $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne "Directory Synchronization Accounts") }
-            foreach ($user in $usersInRole) {
+        foreach ($role in $adminRoles) {
-                $userDetails = Get-MgUser -UserId $user.PrincipalId -Property "DisplayName, UserPrincipalName, Id, onPremisesSyncEnabled" -ErrorAction SilentlyContinue
+            Write-Verbose "Processing role: $($role.DisplayName)"
            $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
            foreach ($assignment in $roleAssignments) {
                Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)"
                $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
                if ($userDetails) {
-                    [void]($userIds.Add($user.PrincipalId))
+                    Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)"
-                    [void](
+                    [void]($userIds.Add($userDetails.Id))
-                        $adminRoleUsers.Add(
+                    [void]($adminRoleUsers.Add([PSCustomObject]@{
-                            [PSCustomObject]@{
+                        RoleName          = $role.DisplayName
-                                RoleName          = $role.DisplayName
+                        UserName          = $userDetails.DisplayName
-                                UserName          = $userDetails.DisplayName
+                        UserPrincipalName = $userDetails.UserPrincipalName
-                                UserPrincipalName = $userDetails.UserPrincipalName
+                        UserId            = $userDetails.Id
-                                UserId            = $userDetails.Id
+                        HybridUser        = [bool]$userDetails.OnPremisesSyncEnabled
-                                HybridUser        = $userDetails.onPremisesSyncEnabled
+                        Licenses          = $null  # Initialize as $null
-                                Licenses          = $null  # Initialize as $null
+                    }))
                            }
                        )
                    )
                }
            }
        }
        Write-Verbose "Retrieving licenses for admin role users"
        foreach ($userId in $userIds.ToArray() | Select-Object -Unique) {
            $licenses = Get-MgUserLicenseDetail -UserId $userId -ErrorAction SilentlyContinue
            if ($licenses) {
@@ -80,7 +83,7 @@ function Get-AdminRoleUserLicense {
        }
    }
-    End {
+    end {
        Write-Host "Disconnecting from Microsoft Graph..." -ForegroundColor Green
        Disconnect-MgGraph | Out-Null
        return $adminRoleUsers
--- a/source/Public/Get-MFAStatus.ps1
+++ b/source/Public/Get-MFAStatus.ps1
@@ -0,0 +1,107 @@
 <#
    .SYNOPSIS
        Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users.
    .DESCRIPTION
        The Get-MFAStatus function connects to Microsoft Online Service and retrieves the MFA status for all Azure Active Directory users, excluding guest accounts. Optionally, you can specify a single user by their User Principal Name (UPN) to get their MFA status.
    .PARAMETER UserId
        The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users.
    .EXAMPLE
        Get-MFAStatus
        Retrieves the MFA status for all Azure Active Directory users.
    .EXAMPLE
        Get-MFAStatus -UserId "example@domain.com"
        Retrieves the MFA status for the specified user with the UPN "example@domain.com".
    .OUTPUTS
        System.Object
        Returns a sorted list of custom objects containing the following properties:
        - UserPrincipalName
        - DisplayName
        - MFAState
        - MFADefaultMethod
        - MFAPhoneNumber
        - PrimarySMTP
        - Aliases
    .NOTES
        The function requires the MSOL module to be installed and connected to your tenant.
        Ensure that you have the necessary permissions to read user and MFA status information.
    .LINK
    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus
 #>
 function Get-MFAStatus {
    [OutputType([System.Object])]
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $false)]
        [ValidateNotNullOrEmpty()]
        [string]$UserId,
        [switch]$SkipMSOLConnectionChecks
    )
    begin {
        # Connect to Microsoft Online service
        Import-Module MSOnline -ErrorAction SilentlyContinue
    }
    process {
        if (Get-Module MSOnline){
            if (-not $SkipMSOLConnectionChecks) {
                Connect-MsolService
            }
            Write-Host "Finding Azure Active Directory Accounts..."
            # Get all users, excluding guests
            $Users = if ($PSBoundParameters.ContainsKey('UserId')) {
                Get-MsolUser -UserPrincipalName $UserId
            } else {
                Get-MsolUser -All | Where-Object { $_.UserType -ne "Guest" }
            }
            $Report = [System.Collections.Generic.List[Object]]::new() # Create output list
            Write-Host "Processing $($Users.Count) accounts..."
            ForEach ($User in $Users) {
                $MFADefaultMethod = ($User.StrongAuthenticationMethods | Where-Object { $_.IsDefault -eq "True" }).MethodType
                $MFAPhoneNumber = $User.StrongAuthenticationUserDetails.PhoneNumber
                $PrimarySMTP = $User.ProxyAddresses | Where-Object { $_ -clike "SMTP*" } | ForEach-Object { $_ -replace "SMTP:", "" }
                $Aliases = $User.ProxyAddresses | Where-Object { $_ -clike "smtp*" } | ForEach-Object { $_ -replace "smtp:", "" }
                If ($User.StrongAuthenticationRequirements) {
                    $MFAState = $User.StrongAuthenticationRequirements.State
                }
                Else {
                    $MFAState = 'Disabled'
                }
                If ($MFADefaultMethod) {
                    Switch ($MFADefaultMethod) {
                        "OneWaySMS" { $MFADefaultMethod = "Text code authentication phone" }
                        "TwoWayVoiceMobile" { $MFADefaultMethod = "Call authentication phone" }
                        "TwoWayVoiceOffice" { $MFADefaultMethod = "Call office phone" }
                        "PhoneAppOTP" { $MFADefaultMethod = "Authenticator app or hardware token" }
                        "PhoneAppNotification" { $MFADefaultMethod = "Microsoft authenticator app" }
                    }
                }
                Else {
                    $MFADefaultMethod = "Not enabled"
                }
                $ReportLine = [PSCustomObject] @{
                    UserPrincipalName = $User.UserPrincipalName
                    DisplayName       = $User.DisplayName
                    MFAState          = $MFAState
                    MFADefaultMethod  = $MFADefaultMethod
                    MFAPhoneNumber    = $MFAPhoneNumber
                    PrimarySMTP       = ($PrimarySMTP -join ',')
                    Aliases           = ($Aliases -join ',')
                    isLicensed        = $User.isLicensed
                }
                $Report.Add($ReportLine)
            }
            Write-Host "Processing complete."
            Write-Host "To disconnect from the MsolService close the powershell session or wait for the session to expire."
            return $Report | Select-Object UserPrincipalName, DisplayName, MFAState, MFADefaultMethod, MFAPhoneNumber, PrimarySMTP, Aliases, isLicensed | Sort-Object UserPrincipalName
        }
        else {
            Write-Host "You must first install MSOL using:`nInstall-Module MSOnline -Scope CurrentUser -Force"
        }
    }
 }
--- a/source/Public/Grant-M365SecurityAuditConsent.ps1
+++ b/source/Public/Grant-M365SecurityAuditConsent.ps1
@@ -0,0 +1,182 @@
 <#
    .SYNOPSIS
    Grants Microsoft Graph permissions for an auditor.
    .DESCRIPTION
        This function grants the specified Microsoft Graph permissions to a user, allowing the user to perform audits. It connects to Microsoft Graph, checks if a service principal exists for the client application, creates it if it does not exist, and then grants the specified permissions. Finally, it assigns the app to the user.
    .PARAMETER UserPrincipalNameForConsent
        The UPN or ID of the user to grant consent for.
    .PARAMETER SkipGraphConnection
        If specified, skips connecting to Microsoft Graph.
    .PARAMETER DoNotDisconnect
        If specified, does not disconnect from Microsoft Graph after granting consent.
    .PARAMETER SkipModuleCheck
        If specified, skips the check for the Microsoft.Graph module.
    .PARAMETER SuppressRevertOutput
        If specified, suppresses the output of the revert commands.
    .EXAMPLE
        Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com
        Grants Microsoft Graph permissions to user@example.com for the client application with the specified Application ID.
    .EXAMPLE
        Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com -SkipGraphConnection
        Grants Microsoft Graph permissions to user@example.com, skipping the connection to Microsoft Graph.
    .NOTES
        This function requires the Microsoft.Graph module version 2.4.0 or higher.
    .LINK
        https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent
 #>
 function Grant-M365SecurityAuditConsent {
    [CmdletBinding(
        SupportsShouldProcess = $true,
        ConfirmImpact = 'High'
    )]
    [OutputType([void])]
    param (
        [Parameter(
            Mandatory = $true,
            Position = 0,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            HelpMessage = 'Specify the UPN of the user to grant consent for.'
        )]
        [ValidatePattern('^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$')]
        [String]$UserPrincipalNameForConsent,
        [Parameter(
            Mandatory = $false,
            HelpMessage = 'Skip connecting to Microsoft Graph.'
        )]
        [switch]$SkipGraphConnection,
        [Parameter(
            Mandatory = $false,
            HelpMessage = 'Skip the check for the Microsoft.Graph module.'
        )]
        [switch]$SkipModuleCheck,
        [Parameter(
            Mandatory = $false,
            HelpMessage = 'Suppress the output of the revert commands.'
        )]
        [switch]$SuppressRevertOutput,
        [Parameter(
            Mandatory = $false,
            HelpMessage = 'Do not disconnect from Microsoft Graph after granting consent.'
        )]
        [switch]$DoNotDisconnect
    )
    begin {
        if (!($SkipModuleCheck)) {
            Assert-ModuleAvailability -ModuleName Microsoft.Graph -RequiredVersion "2.4.0"
        }
        # Adjusted from: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-consent-single-user?pivots=msgraph-powershell
        # Needed: A user account with a Privileged Role Administrator, Application Administrator, or Cloud Application Administrator
        # The app for which consent is being granted.
        $clientAppId = "14d82eec-204b-4c2f-b7e8-296a70dab67e" # Microsoft Graph PowerShell
        # The API to which access will be granted. Microsoft Graph PowerShell makes API
        # requests to the Microsoft Graph API, so we'll use that here.
        $resourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph API
        # The permissions to grant.
        $permissions = @("Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All")
        # The user on behalf of whom access will be granted. The app will be able to access
        # the API on behalf of this user.
        $userUpnOrId = $UserPrincipalNameForConsent
    }
    process {
        try {
            if (-not $SkipGraphConnection -and $PSCmdlet.ShouldProcess("Scopes: User.ReadBasic.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, AppRoleAssignment.ReadWrite.All", "Connect-MgGraph")) {
                # Step 0. Connect to Microsoft Graph PowerShell. We need User.ReadBasic.All to get
                #    users' IDs, Application.ReadWrite.All to list and create service principals,
                #    DelegatedPermissionGrant.ReadWrite.All to create delegated permission grants,
                #    and AppRoleAssignment.ReadWrite.All to assign an app role.
                #    WARNING: These are high-privilege permissions!
                Write-Host "Connecting to Microsoft Graph with scopes: User.ReadBasic.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, AppRoleAssignment.ReadWrite.All" -ForegroundColor Yellow
                Connect-MgGraph -Scopes ("User.ReadBasic.All Application.ReadWrite.All " + "DelegatedPermissionGrant.ReadWrite.All " + "AppRoleAssignment.ReadWrite.All") -NoWelcome
                $context = Get-MgContext
                Write-Host "Connected to Microsoft Graph with user: $(($context.Account)) with the authtype `"$($context.AuthType)`" for the `"$($context.Environment)`" environment." -ForegroundColor Green
            }
        }
        catch {
            throw "Connection execution aborted: $_"
            break
        }
        try {
            if ($PSCmdlet.ShouldProcess("Create Microsoft Graph API service princial if not found", "New-MgServicePrincipal")) {
                # Step 1. Check if a service principal exists for the client application.
                #     If one doesn't exist, create it.
                $clientSp = Get-MgServicePrincipal -Filter "appId eq '$($clientAppId)'" -ErrorAction SilentlyContinue
                if (-not $clientSp) {
                    Write-Host "Client service principal not found. Creating one." -ForegroundColor Yellow
                    $clientSp = New-MgServicePrincipal -AppId $clientAppId
                }
                $user = Get-MgUser -UserId $userUpnOrId
                if (!($user)) {
                    throw "User with UPN or ID `"$userUpnOrId`" not found."
                }
                Write-Verbose "User: $($user.UserPrincipalName) Found!"
                $resourceSp = Get-MgServicePrincipal -Filter "appId eq '$($resourceAppId)'"
                $scopeToGrant = $permissions -join " "
                $existingGrant = Get-MgOauth2PermissionGrant -Filter "clientId eq '$($clientSp.Id)' and principalId eq '$($user.Id)' and resourceId eq '$($resourceSp.Id)'"
            }
            if (-not $existingGrant -and $PSCmdlet.ShouldProcess("User: $userUpnOrId for Microsoft Graph PowerShell Scopes: $($permissions -join ', ')", "New-MgOauth2PermissionGrant: Granting Consent")) {
                # Step 2. Create a delegated permission that grants the client app access to the
                #     API, on behalf of the user.
                $grant = New-MgOauth2PermissionGrant -ResourceId $resourceSp.Id -Scope $scopeToGrant -ClientId $clientSp.Id -ConsentType "Principal" -PrincipalId $user.Id
                Write-Host "Consent granted to user $($user.UserPrincipalName) for Microsoft Graph API with scopes: $((($grant.Scope) -split ' ') -join ', ')" -ForegroundColor Green
            }
            if ($existingGrant -and $PSCmdlet.ShouldProcess("Update existing Microsoft Graph permissions for user $userUpnOrId", "Update-MgOauth2PermissionGrant")) {
                # Step 2. Update the existing permission grant with the new scopes.
                Write-Host "Updating existing permission grant for user $($user.UserPrincipalName)." -ForegroundColor Yellow
                $updatedGrant = Update-MgOauth2PermissionGrant -PermissionGrantId $existingGrant.Id -Scope $scopeToGrant -Confirm:$false
                Write-Host "Updated permission grant with ID $($updatedGrant.Id) for scopes: $scopeToGrant" -ForegroundColor Green
            }
            if ($PSCmdlet.ShouldProcess("Assigning app to user $userUpnOrId", "New-MgServicePrincipalAppRoleAssignedTo")) {
                # Step 3. Assign the app to the user. This ensures that the user can sign in if assignment
                #     is required, and ensures that the app shows up under the user's My Apps portal.
                if ($clientSp.AppRoles | Where-Object { $_.AllowedMemberTypes -contains "User" }) {
                    Write-Warning "A default app role assignment cannot be created because the client application exposes user-assignable app roles. You must assign the user a specific app role for the app to be listed in the user's My Apps access panel."
                }
                else {
                    # The app role ID 00000000-0000-0000-0000-000000000000 is the default app role
                    # indicating that the app is assigned to the user, but not for any specific
                    # app role.
                    $assignment = New-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $clientSp.Id -ResourceId $clientSp.Id -PrincipalId $user.Id -AppRoleId "00000000-0000-0000-0000-000000000000"
                    # $assignments = Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $assignment.ResourceId -All -WhatIf
                }
            }
        }
        catch {
            throw "An error occurred while granting consent:`n$_"
        }
        finally {
            if (!($DoNotDisconnect) -and $PSCmdlet.ShouldProcess("Disconnect from Microsoft Graph", "Disconnect")) {
                # Clean up sessions
                Write-Host "Disconnecting from Microsoft Graph." -ForegroundColor Yellow
                Disconnect-MgGraph | Out-Null
            }
        }
    }
    end {
        if (-not $SuppressRevertOutput -and $PSCmdlet.ShouldProcess("Instructions to undo this change", "Generate Revert Commands")) {
            <#
                # Instructions to revert the changes made by this script
                $resourceAppId = "00000003-0000-0000-c000-000000000000"
                $clientAppId = "14d82eec-204b-4c2f-b7e8-296a70dab67e"
                # Get the user object
                #$user = Get-MgUser -UserId "user@example.com"
                $resourceSp = Get-MgServicePrincipal -Filter "appId eq '$($resourceAppId)'"
                # Get the service principal using $clientAppId
                $clientSp = Get-MgServicePrincipal -Filter "appId eq '$($clientAppId)'"
                $existingGrant = Get-MgOauth2PermissionGrant -Filter "clientId eq '$($clientSp.Id)' and principalId eq '$($user.Id)' and resourceId eq '$($resourceSp.Id)'"
                # Get all app role assignments for the service principal
                $appRoleAssignments = Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $clientSp.Id -All
                # At index of desired user assignment
                Remove-MgServicePrincipalAppRoleAssignedTo -AppRoleAssignmentId $appRoleAssignments[1].Id -ServicePrincipalId $clientSp.Id
                Remove-MgOAuth2PermissionGrant -OAuth2PermissionGrantId  $existingGrant.Id
            #>
            Write-Host "App assigned to user $($assignment.PrincipalDisplayName) for $($assignment.ResourceDisplayName) at $($assignment.CreatedDateTime)." -ForegroundColor Green
            Write-Host "If you made a mistake and would like to remove the assignement for `"$($user.UserPrincipalName)`", you can run the following:`n" -ForegroundColor Yellow
            Write-Host "Connect-MgGraph -Scopes (`"User.ReadBasic.All Application.ReadWrite.All `" + `"DelegatedPermissionGrant.ReadWrite.All `" + `"AppRoleAssignment.ReadWrite.All`")" -ForegroundColor Cyan
            Write-Host "Remove-MgServicePrincipalAppRoleAssignedTo -AppRoleAssignmentId `"$($assignment.Id)`" -ServicePrincipalId `"$($assignment.ResourceId)`"" -ForegroundColor Cyan
            Write-Host "Remove-MgOAuth2PermissionGrant -OAuth2PermissionGrantId `"$($grant.Id)`"" -ForegroundColor Cyan
        }
    }
 }
--- a/source/Public/Invoke-M365SecurityAudit.ps1
+++ b/source/Public/Invoke-M365SecurityAudit.ps1
@@ -1,118 +1,125 @@
 <#
    .SYNOPSIS
-    Invokes a security audit for Microsoft 365 environments.
+        Invokes a security audit for Microsoft 365 environments.
    .DESCRIPTION
-    The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters. It allows auditing of various configurations and settings within a Microsoft 365 environment, such as compliance with CIS benchmarks.
+        The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters. It allows auditing of various configurations and settings within a Microsoft 365 environment, such as compliance with CIS benchmarks.
    .PARAMETER TenantAdminUrl
-    The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+        The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
    .PARAMETER M365DomainForPWPolicyTest
-    The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
+        The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
    .PARAMETER ELevel
-    Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter.
+        Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter.
    .PARAMETER ProfileLevel
-    Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter.
+        Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter.
    .PARAMETER IncludeIG1
-    If specified, includes tests where IG1 is true.
+        If specified, includes tests where IG1 is true.
    .PARAMETER IncludeIG2
-    If specified, includes tests where IG2 is true.
+        If specified, includes tests where IG2 is true.
    .PARAMETER IncludeIG3
-    If specified, includes tests where IG3 is true.
+        If specified, includes tests where IG3 is true.
    .PARAMETER IncludeRecommendation
-    Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.
+        Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.
    .PARAMETER SkipRecommendation
-    Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.
+        Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.
    .PARAMETER DoNotConnect
-    If specified, the cmdlet will not establish a connection to Microsoft 365 services.
+        If specified, the cmdlet will not establish a connection to Microsoft 365 services.
    .PARAMETER DoNotDisconnect
-    If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
+        If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
    .PARAMETER NoModuleCheck
-    If specified, the cmdlet will not check for the presence of required modules.
+        If specified, the cmdlet will not check for the presence of required modules.
    .PARAMETER DoNotConfirmConnections
        If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
    .EXAMPLE
-    PS> Invoke-M365SecurityAudit
+        PS> Invoke-M365SecurityAudit
-    Performs a security audit using default parameters.
+
-    Output:
+        Performs a security audit using default parameters.
-    Status      : Fail
+        Output:
-    ELevel      : E3
+        Status      : Fail
-    ProfileLevel: L1
+        ELevel      : E3
-    Connection  : Microsoft Graph
+        ProfileLevel: L1
-    Rec         : 1.1.1
+        Connection  : Microsoft Graph
-    Result      : False
+        Rec         : 1.1.1
-    Details     : Non-compliant accounts:
+        Result      : False
-                Username        | Roles                  | HybridStatus | Missing Licence
+        Details     : Non-compliant accounts:
-                user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
+                        Username        | Roles                  | HybridStatus | Missing Licence
-                user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
+                        user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
-    FailureReason: Non-Compliant Accounts: 2
+                        user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
        FailureReason: Non-Compliant Accounts: 2
    .EXAMPLE
-    PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -ELevel "E5" -ProfileLevel "L1"
+        PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -ELevel "E5" -ProfileLevel "L1"
-    Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
+
-    Output:
+        Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
-    Status      : Fail
+        Output:
-    ELevel      : E5
+        Status      : Fail
-    ProfileLevel: L1
+        ELevel      : E5
-    Connection  : Microsoft Graph
+        ProfileLevel: L1
-    Rec         : 1.1.1
+        Connection  : Microsoft Graph
-    Result      : False
+        Rec         : 1.1.1
-    Details     : Non-compliant accounts:
+        Result      : False
-                Username        | Roles                  | HybridStatus | Missing Licence
+        Details     : Non-compliant accounts:
-                user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
+                        Username        | Roles                  | HybridStatus | Missing Licence
-                user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
+                        user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
-    FailureReason: Non-Compliant Accounts: 2
+                        user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
        FailureReason: Non-Compliant Accounts: 2
    .EXAMPLE
-    PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -IncludeIG1
+        PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -IncludeIG1
-    Performs an audit including all tests where IG1 is true.
+
-    Output:
+        Performs an audit including all tests where IG1 is true.
-    Status      : Fail
+        Output:
-    ELevel      : E3
+        Status      : Fail
-    ProfileLevel: L1
+        ELevel      : E3
-    Connection  : Microsoft Graph
+        ProfileLevel: L1
-    Rec         : 1.1.1
+        Connection  : Microsoft Graph
-    Result      : False
+        Rec         : 1.1.1
-    Details     : Non-compliant accounts:
+        Result      : False
-                Username        | Roles                  | HybridStatus | Missing Licence
+        Details     : Non-compliant accounts:
-                user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
+                        Username        | Roles                  | HybridStatus | Missing Licence
-                user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
+                        user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
-    FailureReason: Non-Compliant Accounts: 2
+                        user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
        FailureReason: Non-Compliant Accounts: 2
    .EXAMPLE
-    PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
+        PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
-    Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
+        Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
-    Output:
+        Output:
-    Status      : Fail
+        Status      : Fail
-    ELevel      : E3
+        ELevel      : E3
-    ProfileLevel: L1
+        ProfileLevel: L1
-    Connection  : Microsoft Graph
+        Connection  : Microsoft Graph
-    Rec         : 1.1.1
+        Rec         : 1.1.1
-    Result      : False
+        Result      : False
-    Details     : Non-compliant accounts:
+        Details     : Non-compliant accounts:
-                Username        | Roles                  | HybridStatus | Missing Licence
+                        Username        | Roles                  | HybridStatus | Missing Licence
-                user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
+                        user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
-                user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
+                        user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
-    FailureReason: Non-Compliant Accounts: 2
+        FailureReason: Non-Compliant Accounts: 2
    .EXAMPLE
-    PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com"
+        PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com"
-    PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
+        PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
-    Captures the audit results into a variable and exports them to a CSV file.
+
-    Output:
+        Captures the audit results into a variable and exports them to a CSV file.
-    CISAuditResult[]
+        Output:
-    auditResults.csv
+        CISAuditResult[]
        auditResults.csv
    .EXAMPLE
-    PS> Invoke-M365SecurityAudit -WhatIf
+        PS> Invoke-M365SecurityAudit -WhatIf
-    Displays what would happen if the cmdlet is run without actually performing the audit.
+
-    Output:
+        Displays what would happen if the cmdlet is run without actually performing the audit.
-    What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment".
+        Output:
        What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment".
    .INPUTS
-    None. You cannot pipe objects to Invoke-M365SecurityAudit.
+        None. You cannot pipe objects to Invoke-M365SecurityAudit.
    .OUTPUTS
-    CISAuditResult[]
+        CISAuditResult[]
-    The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
+        The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
    .NOTES
-    - This module is based on CIS benchmarks.
+        - This module is based on CIS benchmarks.
-    - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+        - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-    - Commercial use is not permitted. This module cannot be sold or used for commercial purposes.
+        - Commercial use is not permitted. This module cannot be sold or used for commercial purposes.
-    - Modifications and sharing are allowed under the same license.
+        - Modifications and sharing are allowed under the same license.
-    - For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en
+        - For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en
-    - Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks
+        - Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks
    .LINK
-    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit
+        https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit
 #>
 function Invoke-M365SecurityAudit {
    [CmdletBinding(SupportsShouldProcess = $true, DefaultParameterSetName = 'Default')]
@@ -174,7 +181,8 @@ function Invoke-M365SecurityAudit {
        # Common parameters for all parameter sets
        [switch]$DoNotConnect,
        [switch]$DoNotDisconnect,
-        [switch]$NoModuleCheck
+        [switch]$NoModuleCheck,
        [switch]$DoNotConfirmConnections
    )
    Begin {
@@ -189,6 +197,7 @@ function Invoke-M365SecurityAudit {
        # Check and install required modules if necessary
        if (!($NoModuleCheck) -and $PSCmdlet.ShouldProcess("Check for required modules: $requiredModulesFormatted", "Check")) {
            Write-Host "Checking for and installing required modules..." -ForegroundColor DarkMagenta
            foreach ($module in $requiredModules) {
                Assert-ModuleAvailability -ModuleName $module.ModuleName -RequiredVersion $module.RequiredVersion -SubModules $module.SubModules
            }
@@ -240,54 +249,80 @@ function Invoke-M365SecurityAudit {
        $currentTestIndex = 0
        # Establishing connections if required
-        $actualUniqueConnections = Get-UniqueConnection -Connections $requiredConnections
+        try {
-        if (!($DoNotConnect) -and $PSCmdlet.ShouldProcess("Establish connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')", "Connect")) {
+            $actualUniqueConnections = Get-UniqueConnection -Connections $requiredConnections
-            Write-Information "Establishing connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')" -InformationAction Continue
+            if (!($DoNotConnect) -and $PSCmdlet.ShouldProcess("Establish connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')", "Connect")) {
-            Connect-M365Suite -TenantAdminUrl $TenantAdminUrl -RequiredConnections $requiredConnections
+                Write-Host "Establishing connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')" -ForegroundColor DarkMagenta
                Connect-M365Suite -TenantAdminUrl $TenantAdminUrl -RequiredConnections $requiredConnections -SkipConfirmation:$DoNotConfirmConnections
            }
        }
        catch {
            Write-Host "Connection execution aborted: $_" -ForegroundColor Red
            break
        }
-        Write-Information "A total of $($totalTests) tests were selected to run..." -InformationAction Continue
+        try {
-        # Import the test functions
+            Write-Host "A total of $($totalTests) tests were selected to run..." -ForegroundColor DarkMagenta
-        $testFiles | ForEach-Object {
+            # Import the test functions
-            $currentTestIndex++
+            $testFiles | ForEach-Object {
-            Write-Progress -Activity "Loading Test Scripts" -Status "Loading $($currentTestIndex) of $($totalTests): $($_.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
+                $currentTestIndex++
-            Try {
+                Write-Progress -Activity "Loading Test Scripts" -Status "Loading $($currentTestIndex) of $($totalTests): $($_.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
-                # Dot source the test function
+                Try {
-                . $_.FullName
+                    # Dot source the test function
                    . $_.FullName
                }
                Catch {
                    # Log the error and add the test to the failed tests collection
                    Write-Verbose "Failed to load test function $($_.Name): $_" -Verbose
                    $script:FailedTests.Add([PSCustomObject]@{ Test = $_.Name; Error = $_ })
                }
            }
-            Catch {
+
-                # Log the error and add the test to the failed tests collection
+            $currentTestIndex = 0
-                Write-Error "Failed to load test function $($_.Name): $_"
+            # Execute each test function from the prepared list
-                $script:FailedTests.Add([PSCustomObject]@{ Test = $_.Name; Error = $_ })
+            foreach ($testFunction in $testFiles) {
                $currentTestIndex++
                Write-Progress -Activity "Executing Tests" -Status "Executing $($currentTestIndex) of $($totalTests): $($testFunction.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
                $functionName = $testFunction.BaseName
                if ($PSCmdlet.ShouldProcess($functionName, "Execute test")) {
                    $auditResult = Invoke-TestFunction -FunctionFile $testFunction -DomainName $M365DomainForPWPolicyTest
                    # Add the result to the collection
                    [void]$allAuditResults.Add($auditResult)
                }
            }
        }
-
+        catch {
-        $currentTestIndex = 0
+            # Log the error and add the test to the failed tests collection
-        # Execute each test function from the prepared list
+            Write-Verbose "Invoke-M365SecurityAudit: Failed to load test function $($_.Name): $_" -Verbose
-        foreach ($testFunction in $testFiles) {
+            $script:FailedTests.Add([PSCustomObject]@{ Test = $_.Name; Error = $_ })
-            $currentTestIndex++
+        }
-            Write-Progress -Activity "Executing Tests" -Status "Executing $($currentTestIndex) of $($totalTests): $($testFunction.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
+        finally {
-            $functionName = $testFunction.BaseName
+            if (!($DoNotDisconnect) -and $PSCmdlet.ShouldProcess("Disconnect from Microsoft 365 services: $($actualUniqueConnections -join ', ')", "Disconnect")) {
-            if ($PSCmdlet.ShouldProcess($functionName, "Execute test")) {
+                # Clean up sessions
-                $auditResult = Invoke-TestFunction -FunctionFile $testFunction -DomainName $M365DomainForPWPolicyTest
+                Disconnect-M365Suite -RequiredConnections $requiredConnections
                # Add the result to the collection
                [void]$allAuditResults.Add($auditResult)
            }
        }
    }
    End {
        if (!($DoNotDisconnect) -and $PSCmdlet.ShouldProcess("Disconnect from Microsoft 365 services: $($actualUniqueConnections -join ', ')", "Disconnect")) {
            # Clean up sessions
            Disconnect-M365Suite -RequiredConnections $requiredConnections
        }
        if ($PSCmdlet.ShouldProcess("Measure and display audit results for $($totalTests) tests", "Measure")) {
            # Call the private function to calculate and display results
            Measure-AuditResult -AllAuditResults $allAuditResults -FailedTests $script:FailedTests
            # Return all collected audit results
            # Define the test numbers to check
            $TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
            # Check for large details in the audit results
            $exceedingTests = Get-ExceededLengthResultDetail -AuditResults $allAuditResults -TestNumbersToCheck $TestNumbersToCheck -ReturnExceedingTestsOnly -DetailsLengthLimit 30000
            if ($exceedingTests.Count -gt 0) {
                Write-Information "The following tests exceeded the details length limit: $($exceedingTests -join ', ')" -InformationAction Continue
                Write-Host "(Assuming the results were instantiated. Ex: `$object = invoke-M365SecurityAudit) Use the following command and adjust as neccesary to view the full details of the test results:" -ForegroundColor DarkCyan
                Write-Host "Export-M365SecurityAuditTable -ExportAllTests -AuditResults `$object -ExportPath `"C:\temp`" -ExportOriginalTests" -ForegroundColor Green
            }
            return $allAuditResults.ToArray() | Sort-Object -Property Rec
        }
    }
 }
--- a/source/Public/Remove-RowsWithEmptyCSVStatus.ps1
+++ b/source/Public/Remove-RowsWithEmptyCSVStatus.ps1
@@ -0,0 +1,49 @@
 <#
    .SYNOPSIS
        Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file.
    .DESCRIPTION
        The Remove-RowsWithEmptyCSVStatus function imports data from a specified worksheet in an Excel file, checks for the presence of the 'CSV_Status' column, and filters out rows where the 'CSV_Status' column is empty. The filtered data is then exported to a new Excel file with a '-Filtered' suffix added to the original file name.
    .PARAMETER FilePath
        The path to the Excel file to be processed.
    .PARAMETER WorksheetName
        The name of the worksheet within the Excel file to be processed.
    .EXAMPLE
        PS C:\> Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1"
        This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, removes rows where the 'CSV_Status' column is empty, and saves the filtered data to a new file named "Report-Filtered.xlsx" in the same directory.
    .NOTES
        This function requires the ImportExcel module to be installed.
 #>
 function Remove-RowsWithEmptyCSVStatus {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string]$FilePath,
        [Parameter(Mandatory = $true)]
        [string]$WorksheetName
    )
    # Import the Excel file
    $ExcelData = Import-Excel -Path $FilePath -WorksheetName $WorksheetName
    # Check if CSV_Status column exists
    if (-not $ExcelData.PSObject.Properties.Match("CSV_Status")) {
        throw "CSV_Status column not found in the worksheet."
    }
    # Filter rows where CSV_Status is not empty
    $FilteredData = $ExcelData | Where-Object { $null -ne $_.CSV_Status -and $_.CSV_Status -ne '' }
    # Get the original file name and directory
    $OriginalFileName = [System.IO.Path]::GetFileNameWithoutExtension($FilePath)
    $Directory = [System.IO.Path]::GetDirectoryName($FilePath)
    # Create a new file name for the filtered data
    $NewFileName = "$OriginalFileName-Filtered.xlsx"
    $NewFilePath = Join-Path -Path $Directory -ChildPath $NewFileName
    # Export the filtered data to a new Excel file
    $FilteredData | Export-Excel -Path $NewFilePath -WorksheetName $WorksheetName -Show
    Write-Output "Filtered Excel file created at $NewFilePath"
 }
--- a/source/Public/Sync-CISExcelAndCsvData.ps1
+++ b/source/Public/Sync-CISExcelAndCsvData.ps1
@@ -1,90 +1,102 @@
 <#
-.SYNOPSIS
+    .SYNOPSIS
-Synchronizes data between an Excel file and either a CSV file or an output object from Invoke-M365SecurityAudit, and optionally updates the Excel worksheet.
+    Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates.
-.DESCRIPTION
+    .DESCRIPTION
-The Sync-CISExcelAndCsvData function merges data from a specified Excel file with data from either a CSV file or an output object from Invoke-M365SecurityAudit based on a common key. It can also update the Excel worksheet with the merged data. This function is particularly useful for updating Excel records with additional data from a CSV file or audit results while preserving the original formatting and structure of the Excel worksheet.
+    The Sync-CISExcelAndCsvData function merges and updates data in a specified Excel worksheet from a CSV file. This includes adding or updating fields for connection status, details, failure reasons, and the date of the update. It's designed to ensure that the Excel document maintains a running log of changes over time, ideal for tracking remediation status and audit history.
-.PARAMETER ExcelPath
+    .PARAMETER ExcelPath
-The path to the Excel file that contains the original data. This parameter is mandatory.
+    Specifies the path to the Excel file to be updated. This parameter is mandatory.
-.PARAMETER WorksheetName
+    .PARAMETER CsvPath
-The name of the worksheet within the Excel file that contains the data to be synchronized. This parameter is mandatory.
+    Specifies the path to the CSV file containing new data. This parameter is mandatory.
-.PARAMETER CsvPath
+    .PARAMETER SheetName
-The path to the CSV file containing data to be merged with the Excel data. This parameter is mandatory when using the CsvInput parameter set.
+    Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory.
-.PARAMETER AuditResults
+    .EXAMPLE
-An array of CISAuditResult objects from Invoke-M365SecurityAudit to be merged with the Excel data. This parameter is mandatory when using the ObjectInput parameter set. It can also accept pipeline input.
+    PS> Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "AuditData"
-.PARAMETER SkipUpdate
+    Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', adding new information and the date of the update.
-If specified, the function will return the merged data object without updating the Excel worksheet. This is useful for previewing the merged data.
+    .INPUTS
-.EXAMPLE
+    System.String
-PS> Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -CsvPath "path\to\data.csv"
+    The function accepts strings for file paths and worksheet names.
-Merges data from 'data.csv' into 'excel.xlsx' on the 'DataSheet' worksheet and updates the worksheet with the merged data.
+    .OUTPUTS
-.EXAMPLE
+    None
-PS> $mergedData = Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -CsvPath "path\to\data.csv" -SkipUpdate
+    The function directly updates the Excel file and does not output any objects.
-Retrieves the merged data object for preview without updating the Excel worksheet.
+    .NOTES
-.EXAMPLE
+    - Ensure that the 'ImportExcel' module is installed and up to date to handle Excel file manipulations.
-PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://tenant-admin.url" -DomainName "example.com"
+    - It is recommended to back up the Excel file before running this function to avoid accidental data loss.
-PS> Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -AuditResults $auditResults
+    - The CSV file should have columns that match expected headers like 'Connection', 'Details', 'FailureReason', and 'Status' for correct data mapping.
-Merges data from the audit results into 'excel.xlsx' on the 'DataSheet' worksheet and updates the worksheet with the merged data.
+    .LINK
-.EXAMPLE
+    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData
 PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://tenant-admin.url" -DomainName "example.com"
 PS> $mergedData = Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -AuditResults $auditResults -SkipUpdate
 Retrieves the merged data object for preview without updating the Excel worksheet.
 .EXAMPLE
 PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://tenant-admin.url" -DomainName "example.com" | Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet"
 Pipes the audit results into Sync-CISExcelAndCsvData to merge data into 'excel.xlsx' on the 'DataSheet' worksheet and updates the worksheet with the merged data.
 .INPUTS
 System.String, CISAuditResult[]
 You can pipe CISAuditResult objects to Sync-CISExcelAndCsvData.
 .OUTPUTS
 Object[]
 If the SkipUpdate switch is used, the function returns an array of custom objects representing the merged data.
 .NOTES
 - Ensure that the 'ImportExcel' module is installed and up to date.
 - It is recommended to backup the Excel file before running this script to prevent accidental data loss.
 - This function is part of the CIS Excel and CSV Data Management Toolkit.
 .LINK
 https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData
 #>
 function Sync-CISExcelAndCsvData {
-    [OutputType([void], [PSCustomObject[]])]
+    [OutputType([void])]
-    [CmdletBinding(DefaultParameterSetName = 'CsvInput')]
+    [CmdletBinding()]
-    param (
+    param(
        [Parameter(Mandatory = $true)]
        [ValidateScript({ Test-Path $_ })]
        [string]$ExcelPath,
        [Parameter(Mandatory = $true)]
        [string]$WorksheetName,
        [Parameter(Mandatory = $true, ParameterSetName = 'CsvInput')]
        [ValidateScript({ Test-Path $_ })]
        [string]$CsvPath,
-
+        [string]$SheetName
        [Parameter(Mandatory = $true, ParameterSetName = 'ObjectInput', ValueFromPipeline = $true)]
        [CISAuditResult[]]$AuditResults,
        [Parameter(Mandatory = $false)]
        [switch]$SkipUpdate
    )
-    process {
+    # Import the CSV file
-        # Verify ImportExcel module is available
+    $csvData = Import-Csv -Path $CsvPath
        $requiredModules = Get-RequiredModule -SyncFunction
        foreach ($module in $requiredModules) {
            Assert-ModuleAvailability -ModuleName $module.ModuleName -RequiredVersion $module.RequiredVersion -SubModuleName $module.SubModuleName
        }
-        # Merge Excel and CSV data or Audit Results
+    # Get the current date in the specified format
-        if ($PSCmdlet.ParameterSetName -eq 'CsvInput') {
+    $currentDate = Get-Date -Format "yyyy-MM-ddTHH:mm:ss"
            $mergedData = Merge-CISExcelAndCsvData -ExcelPath $ExcelPath -WorksheetName $WorksheetName -CsvPath $CsvPath
        } else {
            $mergedData = Merge-CISExcelAndCsvData -ExcelPath $ExcelPath -WorksheetName $WorksheetName -AuditResults $AuditResults
        }
-        # Output the merged data if the user chooses to skip the update
+    # Load the Excel workbook
-        if ($SkipUpdate) {
+    $excelPackage = Open-ExcelPackage -Path $ExcelPath
-            return $mergedData
+    $worksheet = $excelPackage.Workbook.Worksheets[$SheetName]
-        } else {
+
-            # Update the Excel worksheet with the merged data
+    # Define and check new headers, including the date header
-            Update-CISExcelWorksheet -ExcelPath $ExcelPath -WorksheetName $WorksheetName -Data $mergedData
+    $lastCol = $worksheet.Dimension.End.Column
    $newHeaders = @("CSV_Connection", "CSV_Status", "CSV_Date", "CSV_Details", "CSV_FailureReason")
    $existingHeaders = $worksheet.Cells[1, 1, 1, $lastCol].Value
    # Add new headers if they do not exist
    foreach ($header in $newHeaders) {
        if ($header -notin $existingHeaders) {
            $lastCol++
            $worksheet.Cells[1, $lastCol].Value = $header
        }
    }
-}
+
    # Save changes made to add headers
    $excelPackage.Save()
    # Update the worksheet variable to include possible new columns
    $worksheet = $excelPackage.Workbook.Worksheets[$SheetName]
    # Mapping the headers to their corresponding column numbers
    $headerMap = @{}
    for ($col = 1; $col -le $worksheet.Dimension.End.Column; $col++) {
        $headerMap[$worksheet.Cells[1, $col].Text] = $col
    }
    # For each record in CSV, find the matching row and update/add data
    foreach ($row in $csvData) {
        # Find the matching recommendation # row
        $matchRow = $null
        for ($i = 2; $i -le $worksheet.Dimension.End.Row; $i++) {
            if ($worksheet.Cells[$i, $headerMap['Recommendation #']].Text -eq $row.rec) {
                $matchRow = $i
                break
            }
        }
        # Update values if a matching row is found
        if ($matchRow) {
            foreach ($header in $newHeaders) {
                if ($header -eq 'CSV_Date') {
                    $columnIndex = $headerMap[$header]
                    $worksheet.Cells[$matchRow, $columnIndex].Value = $currentDate
                } else {
                    $csvKey = $header -replace 'CSV_', ''
                    $columnIndex = $headerMap[$header]
                    $worksheet.Cells[$matchRow, $columnIndex].Value = $row.$csvKey
                }
            }
        }
    }
    # Save the updated Excel file
    $excelPackage.Save()
    $excelPackage.Dispose()
 }
--- a/source/en-US/M365FoundationsCISReport-help.xml
+++ b/source/en-US/M365FoundationsCISReport-help.xml
--- a/source/en-US/about_M365FoundationsCISReport.help.txt
+++ b/source/en-US/about_M365FoundationsCISReport.help.txt
@@ -1,24 +1,79 @@
-TOPIC
+TOPIC
-    about_M365FoundationsCISReport
+    about_m365foundationscisreport
 SHORT DESCRIPTION
-    Automated assessment of 50 CIS 365 Foundations v3.0.0 benchmark.
+    The `M365FoundationsCISReport` module provides cmdlets for auditing and
    reporting on the security compliance of Microsoft 365 environments based on
    CIS benchmarks.
 LONG DESCRIPTION
-    Automated assessment of 50 CIS 365 Foundations v3.0.0 benchmark.
+    The `M365FoundationsCISReport` module is designed to help administrators
    ensure that their Microsoft 365 environments adhere to the security best
    practices outlined by the Center for Internet Security (CIS). The module
    includes cmdlets for performing comprehensive security audits, generating
    detailed reports, and synchronizing audit results with CIS benchmark Excel
    sheets. It aims to streamline the process of maintaining security compliance
    and improving the overall security posture of Microsoft 365 environments.
 Optional Subtopics
    AUDITING AND REPORTING
    The module provides cmdlets that allow for the auditing of various security
    aspects of Microsoft 365 environments, including user MFA status,
    administrative role licenses, and more. The results can be exported and
    analyzed to ensure compliance with CIS benchmarks.
    DATA SYNCHRONIZATION
    The module includes functionality to synchronize audit results with CIS
    benchmark data stored in Excel sheets. This ensures that the documentation
    is always up-to-date with the latest audit findings.
 EXAMPLES
-    PS C:\> {{ add examples here }}
+    # Example 1: Performing a security audit based on CIS benchmarks
    $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
    # Example 2: Exporting a security audit table to a CSV file
    Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests
    # Example 3: Retrieving licenses for users in administrative roles
    Get-AdminRoleUserLicense
    # Example 4: Getting MFA status of users
    Get-MFAStatus -UserId "user@domain.com"
    # Example 5: Removing rows with empty status values from a CSV file
    Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1"
    # Example 6: Synchronizing CIS benchmark data with audit results
    Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles"
    # Example 7: Granting Microsoft Graph permissions to the auditor
    Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com'
-NOTE:
+NOTE
-    Thank you to all those who contributed to this module, by writing code, sharing opinions, and provided feedback.
+    Ensure that you have the necessary permissions and administrative roles in
    your Microsoft 365 environment to run these cmdlets. Proper configuration
    and setup are required for accurate audit results.
-TROUBLESHOOTING NOTE:
+TROUBLESHOOTING NOTE
-    Look out on the Github repository for issues and new releases.
+    If you encounter any issues while using the cmdlets, ensure that your
    environment meets the module prerequisites. Check for any updates or patches
    that may address known bugs. For issues related to specific cmdlets, refer
    to the individual help files for troubleshooting tips.
 SEE ALSO
-    - {{ Please add Project URI such as github }}}
+    -
    CIS Benchmarks
    -
    Microsoft 365 Security Documentation
    -
    PowerShell Documentation
 KEYWORDS
-    {{ Add comma separated keywords here }}
+    - Microsoft 365
    - Security Audit
    - CIS Benchmarks
    - Compliance
    - MFA
    - User Licenses
    - Security Reporting
--- a/source/helper/TestDefinitions.csv
+++ b/source/helper/TestDefinitions.csv
@@ -17,9 +17,9 @@
 16,Test-AuditLogSearch.ps1,3.1.1,Ensure Microsoft 365 audit log search is Enabled,E3,L1,8.2,Collect Audit Logs,TRUE,TRUE,TRUE,TRUE,EXO
 17,Test-RestrictTenantCreation.ps1,5.1.2.3,Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes',E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,Microsoft Graph
 18,Test-PasswordHashSync.ps1,5.1.8.1,Ensure password hash sync is enabled for hybrid deployments,E3,L1,6.7,Centralize Access Control,FALSE,TRUE,TRUE,TRUE,Microsoft Graph
-19,Test-AuditDisabledFalse.ps1,6.1.1,Ensure 'AuditDisabled' organizationally is set to 'False',E3,L1,8.2,Collect Audit Logs,TRUE,TRUE,TRUE,TRUE,Microsoft Graph
+19,Test-AuditDisabledFalse.ps1,6.1.1,Ensure 'AuditDisabled' organizationally is set to 'False',E3,L1,8.2,Collect Audit Logs,TRUE,TRUE,TRUE,TRUE,EXO
-20,Test-MailboxAuditingE3.ps1,6.1.2,Ensure mailbox auditing for Office E3 users is Enabled,E3,L1,8.2,Collect audit logs.,TRUE,TRUE,TRUE,TRUE,AzureAD | EXO | Microsoft Graph
+20,Test-MailboxAuditingE3.ps1,6.1.2,Ensure mailbox auditing for Office E3 users is Enabled,E3,L1,8.2,Collect audit logs.,TRUE,TRUE,TRUE,TRUE,EXO | Microsoft Graph
-21,Test-MailboxAuditingE5.ps1,6.1.3,Ensure mailbox auditing for Office E5 users is Enabled,E5,L1,8.2,Collect audit logs.,TRUE,TRUE,TRUE,TRUE,AzureAD | EXO | Microsoft Graph
+21,Test-MailboxAuditingE5.ps1,6.1.3,Ensure mailbox auditing for Office E5 users is Enabled,E5,L1,8.2,Collect audit logs.,TRUE,TRUE,TRUE,TRUE,EXO | Microsoft Graph
 22,Test-BlockMailForwarding.ps1,6.2.1,Ensure all forms of mail forwarding are blocked and/or disabled,E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,EXO
 23,Test-NoWhitelistDomains.ps1,6.2.2,Ensure mail transport rules do not whitelist specific domains,E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,EXO
 24,Test-IdentifyExternalEmail.ps1,6.2.3,Ensure email from external senders is identified,E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,EXO
--- a/source/tests/Test-AdministrativeAccountCompliance.ps1
+++ b/source/tests/Test-AdministrativeAccountCompliance.ps1
@@ -1,70 +1,59 @@
 function Test-AdministrativeAccountCompliance {
    [CmdletBinding()]
-    param (
+    param ()
        # Aligned
        # Parameters can be added if needed
    )
    begin {
        # The following conditions are checked:
        # Condition A: The administrative account is cloud-only (not synced).
        # Condition B: The account is assigned a valid license (e.g., Microsoft Entra ID P1 or P2).
        # Condition C: The administrative account does not have any other application assignments (only valid licenses).
        $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
        $recnum = "1.1.1"
        Write-Verbose "Starting Test-AdministrativeAccountCompliance with Rec: $recnum"
    }
    process {
        try {
-            # Retrieve all admin roles
+            # Retrieve admin roles, assignments, and user details including licenses
-            Write-Verbose "Retrieving all admin roles"
+            Write-Verbose "Retrieving admin roles, assignments, and user details including licenses"
-            $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+            $adminRoleAssignments = Get-CISMgOutput -Rec $recnum
            $adminRoleUsers = @()
-            # Loop through each admin role to get role assignments and user details
+            foreach ($roleName in $adminRoleAssignments.Keys) {
-            foreach ($role in $adminRoles) {
+                $assignments = $adminRoleAssignments[$roleName]
-                Write-Verbose "Processing role: $($role.DisplayName)"
+                foreach ($assignment in $assignments) {
-                $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+                    $userDetails = $assignment.UserDetails
                    $userId = $userDetails.Id
                    $userPrincipalName = $userDetails.UserPrincipalName
                    $licenses = $assignment.Licenses
                    $licenseString = if ($licenses) { ($licenses.SkuPartNumber -join '|') } else { "No Licenses Found" }
-                foreach ($assignment in $roleAssignments) {
+                    # Condition A: Check if the account is cloud-only
-                    Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)"
+                    $cloudOnlyStatus = if ($userDetails.OnPremisesSyncEnabled) { "Fail" } else { "Pass" }
                    # Get user details for each principal ID
                    $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
                    if ($userDetails) {
                        Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)"
                        # Get user license details
                        $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
                        $licenseString = if ($licenses) { ($licenses.SkuPartNumber -join '|') } else { "No Licenses Found" }
-                        # Condition A: Check if the account is cloud-only
+                    # Condition B: Check if the account has valid licenses
-                        $cloudOnlyStatus = if ($userDetails.OnPremisesSyncEnabled) { "Fail" } else { "Pass" }
+                    $hasValidLicense = $licenses.SkuPartNumber | ForEach-Object { $validLicenses -contains $_ }
                    $validLicensesStatus = if ($hasValidLicense) { "Pass" } else { "Fail" }
-                        # Condition B: Check if the account has valid licenses
+                    # Condition C: Check if the account has no other licenses
-                        $hasValidLicense = $licenses.SkuPartNumber | ForEach-Object { $validLicenses -contains $_ }
+                    $hasInvalidLicense = $licenses.SkuPartNumber | ForEach-Object { $validLicenses -notcontains $_ }
-                        $validLicensesStatus = if ($hasValidLicense) { "Pass" } else { "Fail" }
+                    $invalidLicenses = $licenses.SkuPartNumber | Where-Object { $validLicenses -notcontains $_ }
                    $applicationAssignmentStatus = if ($hasInvalidLicense) { "Fail" } else { "Pass" }
-                        # Condition C: Check if the account has no other licenses
+                    Write-Verbose "User: $userPrincipalName, Cloud-Only: $cloudOnlyStatus, Valid Licenses: $validLicensesStatus, Invalid Licenses: $($invalidLicenses -join ', ')"
                        $hasInvalidLicense = $licenses.SkuPartNumber | ForEach-Object { $validLicenses -notcontains $_ }
                        $applicationAssignmentStatus = if ($hasInvalidLicense) { "Fail" } else { "Pass" }
-                        Write-Verbose "User: $($userDetails.UserPrincipalName), Cloud-Only: $cloudOnlyStatus, Valid Licenses: $validLicensesStatus, Other Applications Assigned: $applicationAssignmentStatus"
+                    # Collect user information
-
+                    $adminRoleUsers += [PSCustomObject]@{
-                        # Collect user information
+                        UserName                    = $userPrincipalName
-                        $adminRoleUsers += [PSCustomObject]@{
+                        RoleName                    = $roleName
-                            UserName                    = $userDetails.UserPrincipalName
+                        UserId                      = $userId
-                            RoleName                    = $role.DisplayName
+                        HybridUser                  = $userDetails.OnPremisesSyncEnabled
-                            UserId                      = $userDetails.Id
+                        Licenses                    = $licenseString
-                            HybridUser                  = $userDetails.OnPremisesSyncEnabled
+                        CloudOnlyStatus             = $cloudOnlyStatus
-                            Licenses                    = $licenseString
+                        ValidLicensesStatus         = $validLicensesStatus
-                            CloudOnlyStatus             = $cloudOnlyStatus
+                        ApplicationAssignmentStatus = $applicationAssignmentStatus
                            ValidLicensesStatus         = $validLicensesStatus
                            ApplicationAssignmentStatus = $applicationAssignmentStatus
                        }
                    }
                    else {
                        Write-Verbose "No user details found for principal ID: $($assignment.PrincipalId)"
                    }
                }
            }
@@ -95,13 +84,14 @@ function Test-AdministrativeAccountCompliance {
            $failureReasons = $failureReasons -join "`n"
            $failureReason = if ($nonCompliantUsers) {
                "Non-Compliant Accounts: $($nonCompliantUsers.Count)"
-            } else {
+            }
            else {
                "Compliant Accounts: $($uniqueAdminRoleUsers.Count)"
            }
            $result = $nonCompliantUsers.Count -eq 0
            $status = if ($result) { 'Pass' } else { 'Fail' }
-            $details = if ($nonCompliantUsers) { "Non-compliant accounts: `nUsername | Roles | Cloud-Only Status | Entra ID License Status | Other Applications Assigned Status`n$failureReasons" } else { "N/A" }
+            $details = if ($nonCompliantUsers) { "Username | Roles | Cloud-Only Status | EntraID P1/P2 License Status | Other Applications Assigned Status`n$failureReasons" } else { "N/A" }
            Write-Verbose "Assessment completed. Result: $status"
@@ -117,15 +107,8 @@ function Test-AdministrativeAccountCompliance {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Handle the error and create a failure result
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-AntiPhishingPolicy.ps1
+++ b/source/tests/Test-AntiPhishingPolicy.ps1
@@ -34,7 +34,7 @@ function Test-AntiPhishingPolicy {
        try {
            # Condition A: Ensure that an anti-phishing policy has been created
-            $antiPhishPolicies = Get-AntiPhishPolicy
+            $antiPhishPolicies = Get-CISExoOutput -Rec $recnum
            # Condition B: Verify the anti-phishing policy settings using PowerShell
            $validatedPolicies = $antiPhishPolicies | Where-Object {
@@ -92,16 +92,8 @@ function Test-AntiPhishingPolicy {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-AuditDisabledFalse.ps1
+++ b/source/tests/Test-AuditDisabledFalse.ps1
@@ -35,8 +35,7 @@ function Test-AuditDisabledFalse {
            # 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
            # Retrieve the AuditDisabled configuration (Condition B)
-            $auditDisabledConfig = Get-OrganizationConfig | Select-Object AuditDisabled
+            $auditNotDisabled = Get-CISExoOutput -Rec $recnum
            $auditNotDisabled = -not $auditDisabledConfig.AuditDisabled
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $auditNotDisabled) {
@@ -64,16 +63,8 @@ function Test-AuditDisabledFalse {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-AuditLogSearch.ps1
+++ b/source/tests/Test-AuditLogSearch.ps1
@@ -36,9 +36,7 @@ function Test-AuditLogSearch {
        try {
            # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
-            # Retrieve the audit log configuration
+            $auditLogResult = Get-CISExoOutput -Rec $recnum
            $auditLogConfig = Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled
            $auditLogResult = $auditLogConfig.UnifiedAuditLogIngestionEnabled
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $auditLogResult) {
@@ -68,16 +66,8 @@ function Test-AuditLogSearch {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-BlockChannelEmails.ps1
+++ b/source/tests/Test-BlockChannelEmails.ps1
@@ -33,7 +33,7 @@ function Test-BlockChannelEmails {
            #   - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled.
            # Retrieve Teams client configuration
-            $teamsClientConfig = Get-CsTeamsClientConfiguration -Identity Global
+            $teamsClientConfig = Get-CISMSTeamsOutput -Rec $recnum
            $allowEmailIntoChannel = $teamsClientConfig.AllowEmailIntoChannel
            # Prepare failure reasons and details based on compliance
@@ -62,16 +62,8 @@ function Test-BlockChannelEmails {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-BlockMailForwarding.ps1
+++ b/source/tests/Test-BlockMailForwarding.ps1
@@ -35,12 +35,10 @@ function Test-BlockMailForwarding {
            # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
            # Step 1: Retrieve the transport rules that redirect messages
-            $transportRules = Get-TransportRule | Where-Object { $null -ne $_.RedirectMessageTo }
+            $transportRules,$nonCompliantSpamPolicies = Get-CISExoOutput -Rec $recnum
            $transportForwardingBlocked = $transportRules.Count -eq 0
            # Step 2: Check all anti-spam outbound policies
            $outboundSpamPolicies = Get-HostedOutboundSpamFilterPolicy
            $nonCompliantSpamPolicies = $outboundSpamPolicies | Where-Object { $_.AutoForwardingMode -ne 'Off' }
            $nonCompliantSpamPoliciesArray = @($nonCompliantSpamPolicies)
            $spamForwardingBlocked = $nonCompliantSpamPoliciesArray.Count -eq 0
@@ -51,7 +49,7 @@ function Test-BlockMailForwarding {
            $failureReasons = @()
            $details = @()
-            if ($transportRules.Count -gt 0) {
+            if ($transportRules -ne 1) {
                # Fail Condition A
                $failureReasons += "Mail forwarding rules found: $($transportRules.Name -join ', ')"
                $details += "Transport Rules Details:`nRule Name|Redirects To"
@@ -64,7 +62,7 @@ function Test-BlockMailForwarding {
            if ($nonCompliantSpamPoliciesArray.Count -gt 0) {
                # Fail Condition B
                $failureReasons += "Outbound spam policies allowing automatic forwarding found."
-                $details += "Outbound Spam Policies Details:`nPolicy|AutoForwardingMode"
+                $details += "Policy|AutoForwardingMode"
                $details += $nonCompliantSpamPoliciesArray | ForEach-Object {
                    "$($_.Name)|$($_.AutoForwardingMode)"
                }
@@ -90,16 +88,8 @@ function Test-BlockMailForwarding {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-BlockSharedMailboxSignIn.ps1
+++ b/source/tests/Test-BlockSharedMailboxSignIn.ps1
@@ -30,10 +30,11 @@ function Test-BlockSharedMailboxSignIn {
    process {
        try {
            # Step: Retrieve shared mailbox details
-            $MBX = Get-EXOMailbox -RecipientTypeDetails SharedMailbox
+            $MBX = Get-CISExoOutput -Rec $recnum
-
+            $objectids = $MBX.ExternalDirectoryObjectId
            $users = Get-CISAadOutput -Rec $recnum
            # Step: Retrieve details of shared mailboxes from Azure AD (Condition B: Pass/Fail)
-            $sharedMailboxDetails = $MBX | ForEach-Object { Get-AzureADUser -ObjectId $_.ExternalDirectoryObjectId }
+            $sharedMailboxDetails = $users | Where-Object {$_.objectid -in $objectids}
            # Step: Identify enabled mailboxes (Condition B: Pass/Fail)
            $enabledMailboxes = $sharedMailboxDetails | Where-Object { $_.AccountEnabled } | ForEach-Object { $_.DisplayName }
@@ -66,16 +67,8 @@ function Test-BlockSharedMailboxSignIn {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-CommonAttachmentFilter.ps1
+++ b/source/tests/Test-CommonAttachmentFilter.ps1
@@ -38,8 +38,7 @@ function Test-CommonAttachmentFilter {
            # Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
            # Retrieve the attachment filter policy
-            $attachmentFilter = Get-MalwareFilterPolicy -Identity Default | Select-Object EnableFileFilter
+            $result = Get-CISExoOutput -Rec $recnum
            $result = $attachmentFilter.EnableFileFilter
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $result) {
@@ -69,16 +68,8 @@ function Test-CommonAttachmentFilter {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-CustomerLockbox.ps1
+++ b/source/tests/Test-CustomerLockbox.ps1
@@ -33,8 +33,7 @@ function Test-CustomerLockbox {
    process {
        try {
            # Step: Retrieve the organization configuration (Condition C: Pass/Fail)
-            $orgConfig = Get-OrganizationConfig | Select-Object CustomerLockBoxEnabled
+            $customerLockboxEnabled = Get-CISExoOutput -Rec $recnum
            $customerLockboxEnabled = $orgConfig.CustomerLockBoxEnabled
            # Step: Prepare failure reasons and details based on compliance (Condition A, B, & C: Fail)
            $failureReasons = if (-not $customerLockboxEnabled) {
@@ -63,16 +62,8 @@ function Test-CustomerLockbox {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-DialInBypassLobby.ps1
+++ b/source/tests/Test-DialInBypassLobby.ps1
@@ -33,7 +33,7 @@ function Test-DialInBypassLobby {
            #   - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby.
            # Retrieve Teams meeting policy for PSTN users
-            $CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby
+            $CsTeamsMeetingPolicyPSTN = Get-CISMSTeamsOutput -Rec $recnum
            $PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby
            # Prepare failure reasons and details based on compliance
@@ -62,16 +62,8 @@ function Test-DialInBypassLobby {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-DisallowInfectedFilesDownload.ps1
+++ b/source/tests/Test-DisallowInfectedFilesDownload.ps1
@@ -34,7 +34,7 @@ function Test-DisallowInfectedFilesDownload {
            #   - Condition C: Verification using the PowerShell command indicates that the setting is incorrectly configured.
            # Retrieve the SharePoint tenant configuration
-            $SPOTenantDisallowInfectedFileDownload = Get-SPOTenant | Select-Object DisallowInfectedFileDownload
+            $SPOTenantDisallowInfectedFileDownload = Get-CISSpoOutput -Rec $recnum
            # Condition A: The `DisallowInfectedFileDownload` setting is set to `True`
            $isDisallowInfectedFileDownloadEnabled = $SPOTenantDisallowInfectedFileDownload.DisallowInfectedFileDownload
@@ -65,16 +65,8 @@ function Test-DisallowInfectedFilesDownload {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-EnableDKIM.ps1
+++ b/source/tests/Test-EnableDKIM.ps1
@@ -36,7 +36,7 @@ function Test-EnableDKIM {
            # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
            # Retrieve DKIM configuration for all domains
-            $dkimConfig = Get-DkimSigningConfig | Select-Object Domain, Enabled
+            $dkimConfig = Get-CISExoOutput -Rec $recnum
            $dkimResult = ($dkimConfig | ForEach-Object { $_.Enabled }) -notcontains $false
            $dkimFailedDomains = $dkimConfig | Where-Object { -not $_.Enabled } | ForEach-Object { $_.Domain }
@@ -66,16 +66,8 @@ function Test-EnableDKIM {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-ExternalNoControl.ps1
+++ b/source/tests/Test-ExternalNoControl.ps1
@@ -34,7 +34,8 @@ function Test-ExternalNoControl {
            #   - Condition C: Verification using the UI indicates that external participants can give or request control.
            # Retrieve Teams meeting policy for external participant control
-            $CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl
+            $CsTeamsMeetingPolicyControl = Get-CISMSTeamsOutput -Rec $recnum
            # Check if external participants can give or request control
            $externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl
            # Prepare failure reasons and details based on compliance
@@ -63,16 +64,8 @@ function Test-ExternalNoControl {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-ExternalSharingCalendars.ps1
+++ b/source/tests/Test-ExternalSharingCalendars.ps1
@@ -31,7 +31,7 @@ function Test-ExternalSharingCalendars {
    process {
        try {
            # Step: Retrieve sharing policies related to calendar sharing
-            $sharingPolicies = Get-SharingPolicy | Where-Object { $_.Domains -like '*CalendarSharing*' }
+            $sharingPolicies = Get-CISExoOutput -Rec $recnum
            # Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies
            $isExternalSharingDisabled = $true
@@ -70,16 +70,8 @@ function Test-ExternalSharingCalendars {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-GlobalAdminsCount.ps1
+++ b/source/tests/Test-GlobalAdminsCount.ps1
@@ -30,11 +30,7 @@ function Test-GlobalAdminsCount {
    process {
        try {
-            # Step: Retrieve global admin role
+            $globalAdmins = Get-CISMgOutput -Rec $recnum
            $globalAdminRole = Get-MgDirectoryRole -Filter "RoleTemplateId eq '62e90394-69f5-4237-9190-012177145e10'"
            # Step: Retrieve global admin members
            $globalAdmins = Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRole.Id
            # Step: Count the number of global admins
            $globalAdminCount = $globalAdmins.Count
@@ -69,16 +65,8 @@ function Test-GlobalAdminsCount {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-GuestAccessExpiration.ps1
+++ b/source/tests/Test-GuestAccessExpiration.ps1
@@ -34,7 +34,7 @@ function Test-GuestAccessExpiration {
            #   - Condition C: Verification using the SharePoint Admin Center indicates that guest access is not set to expire automatically after the specified number of days.
            # Retrieve SharePoint tenant settings related to guest access expiration
-            $SPOTenantGuestAccess = Get-SPOTenant | Select-Object ExternalUserExpirationRequired, ExternalUserExpireInDays
+            $SPOTenantGuestAccess = Get-CISSpoOutput -Rec $recnum
            $isGuestAccessExpirationConfiguredCorrectly = $SPOTenantGuestAccess.ExternalUserExpirationRequired -and $SPOTenantGuestAccess.ExternalUserExpireInDays -le 30
            # Prepare failure reasons and details based on compliance
@@ -58,16 +58,8 @@ function Test-GuestAccessExpiration {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-GuestUsersBiweeklyReview.ps1
+++ b/source/tests/Test-GuestUsersBiweeklyReview.ps1
@@ -50,16 +50,8 @@ function Test-GuestUsersBiweeklyReview {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-IdentifyExternalEmail.ps1
+++ b/source/tests/Test-IdentifyExternalEmail.ps1
@@ -36,7 +36,7 @@ function Test-IdentifyExternalEmail {
            # 6.2.3 (L1) Ensure email from external senders is identified
            # Retrieve external sender tagging configuration
-            $externalInOutlook = Get-ExternalInOutlook
+            $externalInOutlook = Get-CISExoOutput -Rec $recnum
            $externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
            # Prepare failure reasons and details based on compliance
@@ -62,16 +62,8 @@ function Test-IdentifyExternalEmail {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-LinkSharingRestrictions.ps1
+++ b/source/tests/Test-LinkSharingRestrictions.ps1
@@ -33,7 +33,7 @@ function Test-LinkSharingRestrictions {
            #   - Condition C: Verification using the UI indicates that the link sharing settings are not configured as recommended.
            # Retrieve link sharing configuration for SharePoint and OneDrive
-            $SPOTenantLinkSharing = Get-SPOTenant | Select-Object DefaultSharingLinkType
+            $SPOTenantLinkSharing = Get-CISSpoOutput -Rec $recnum
            $isLinkSharingRestricted = $SPOTenantLinkSharing.DefaultSharingLinkType -eq 'Direct'  # Or 'SpecificPeople' as per the recommendation
            # Prepare failure reasons and details based on compliance
@@ -58,16 +58,8 @@ function Test-LinkSharingRestrictions {
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-MailTipsEnabled.ps1
+++ b/source/tests/Test-MailTipsEnabled.ps1
@@ -38,7 +38,7 @@ function Test-MailTipsEnabled {
            # 6.5.2 (L2) Ensure MailTips are enabled for end users
            # Retrieve organization configuration for MailTips settings
-            $orgConfig = Get-OrganizationConfig | Select-Object MailTipsAllTipsEnabled, MailTipsExternalRecipientsTipsEnabled, MailTipsGroupMetricsEnabled, MailTipsLargeAudienceThreshold
+            $orgConfig = Get-CISExoOutput -Rec $recnum
            # Check the MailTips settings (Conditions A, B, C, D)
            $allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25
@@ -70,16 +70,8 @@ function Test-MailTipsEnabled {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-MailboxAuditingE3.ps1
+++ b/source/tests/Test-MailboxAuditingE3.ps1
@@ -29,105 +29,123 @@ function Test-MailboxAuditingE3 {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
-        $e3SkuPartNumbers = @("ENTERPRISEPACK", "OFFICESUBSCRIPTION")
+
-        $AdminActions = @("ApplyRecord", "Copy", "Create", "FolderBind", "HardDelete", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules")
+        $actionDictionaries = Get-Action -Dictionaries
-        $DelegateActions = @("ApplyRecord", "Create", "FolderBind", "HardDelete", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateInboxRules")
+        # E3 specific actions
-        $OwnerActions = @("ApplyRecord", "Create", "HardDelete", "MailboxLogin", "Move", "MoveToDeletedItems", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules")
+        $AdminActions = $actionDictionaries.AdminActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
        $DelegateActions = $actionDictionaries.DelegateActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed") }
        $OwnerActions = $actionDictionaries.OwnerActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
        $allFailures = @()
        $allUsers = Get-AzureADUser -All $true
        $processedUsers = @{}  # Dictionary to track processed users
        $recnum = "6.1.2"
        $allUsers = Get-CISMgOutput -Rec $recnum
        $processedUsers = @{}  # Dictionary to track processed users
    }
    process {
-        try {
+        if ($null -ne $allUsers) {
-            foreach ($user in $allUsers) {
+            $mailboxes = Get-CISExoOutput -Rec $recnum
-                if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
+            try {
-                    Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
+                foreach ($user in $allUsers) {
-                    continue
+                    if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
-                }
+                        Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
                        continue
                    }
                $licenseDetails = Get-MgUserLicenseDetail -UserId $user.UserPrincipalName
                $hasOfficeE3 = ($licenseDetails | Where-Object { $_.SkuPartNumber -in $e3SkuPartNumbers }).Count -gt 0
                Write-Verbose "Evaluating user $($user.UserPrincipalName) for Office E3 license."
                if ($hasOfficeE3) {
                    $userUPN = $user.UserPrincipalName
-                    $mailbox = Get-EXOMailbox -Identity $userUPN -PropertySets Audit
+                    $mailbox = $mailboxes | Where-Object { $_.UserPrincipalName -eq $user.UserPrincipalName }
                    $missingAdminActions = @()
                    $missingDelegateActions = @()
                    $missingOwnerActions = @()
                    $missingActions = @()
                    if ($mailbox.AuditEnabled) {
                        foreach ($action in $AdminActions) {
-                            # Condition B: Checking if the `AuditAdmin` actions include required actions
+                            if ($mailbox.AuditAdmin -notcontains $action) {
-                            if ($mailbox.AuditAdmin -notcontains $action) { $missingActions += "Admin action '$action' missing" }
+                                $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin")
                            }
                        }
                        foreach ($action in $DelegateActions) {
-                            # Condition C: Checking if the `AuditDelegate` actions include required actions
+                            if ($mailbox.AuditDelegate -notcontains $action) {
-                            if ($mailbox.AuditDelegate -notcontains $action) { $missingActions += "Delegate action '$action' missing" }
+                                $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate")
                            }
                        }
                        foreach ($action in $OwnerActions) {
-                            # Condition D: Checking if the `AuditOwner` actions include required actions
+                            if ($mailbox.AuditOwner -notcontains $action) {
-                            if ($mailbox.AuditOwner -notcontains $action) { $missingActions += "Owner action '$action' missing" }
+                                $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner")
                            }
                        }
-                        if ($missingActions.Count -gt 0) {
+                        if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
-                            $formattedActions = Format-MissingAction -missingActions $missingActions
+                            $allFailures += "$userUPN|True|$($missingAdminActions -join ',')|$($missingDelegateActions -join ',')|$($missingOwnerActions -join ',')"
                            $allFailures += "$userUPN|True|$($formattedActions.Admin)|$($formattedActions.Delegate)|$($formattedActions.Owner)"
                        }
                    }
                    else {
-                        # Condition A: Checking if mailbox audit logging is enabled
+                        $allFailures += "$userUPN|False|||" # Condition A for fail
                        $allFailures += "$userUPN|False|||"
                    }
                    # Mark the user as processed
                    $processedUsers[$user.UserPrincipalName] = $true
                }
            }
-            # Prepare failure reasons and details based on compliance
+                # Prepare failure reasons and details based on compliance
-            $failureReasons = if ($allFailures.Count -eq 0) { "N/A" } else { "Audit issues detected." }
+                if ($allFailures.Count -eq 0) {
-            $details = if ($allFailures.Count -eq 0) {
+                    $failureReasons = "N/A"
-                "All Office E3 users have correct mailbox audit settings."
+                }
-            }
+                else {
-            else {
+                    $failureReasons = "Audit issues detected."
-                "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n")
+                }
-            }
+                $details = if ($allFailures.Count -eq 0) {
                    "All Office E3 users have correct mailbox audit settings."
                }
                else {
                    "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n")
                }
-            # Populate the audit result
+                # Populate the audit result
                $params = @{
                    Rec           = $recnum
                    Result        = $allFailures.Count -eq 0
                    Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
                    Details       = $details
                    FailureReason = $failureReasons
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
                # Retrieve the description from the test definitions
                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
        }
        else {
            $params = @{
                Rec           = $recnum
-                Result        = $allFailures.Count -eq 0
+                Result        = $false
-                Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No M365 E3 licenses found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit is for M365 E3 licenses, but no such licenses were found."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
        #$verbosePreference = 'Continue'
        $detailsLength = $details.Length
        Write-Verbose "Character count of the details: $detailsLength"
        if ($detailsLength -gt 32767) {
            Write-Verbose "Warning: The character count exceeds the limit for Excel cells."
        }
-        #$verbosePreference = 'SilentlyContinue'
+
        return $auditResult
    }
 }
--- a/source/tests/Test-MailboxAuditingE5.ps1
+++ b/source/tests/Test-MailboxAuditingE5.ps1
@@ -27,104 +27,123 @@ function Test-MailboxAuditingE5 {
        #   - Condition C: AuditDelegate actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, SendAs, SendOnBehalf, SoftDelete, Update, UpdateFolderPermissions, UpdateInboxRules.
        #   - Condition D: AuditOwner actions do not include all of the following: ApplyRecord, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules.
-        $e5SkuPartNumbers = @("SPE_E5", "ENTERPRISEPREMIUM", "OFFICEE5")
+        $actionDictionaries = Get-Action -Dictionaries
-        $AdminActions = @("ApplyRecord", "Copy", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "Send", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules")
+        $AdminActions = $actionDictionaries.AdminActions.Keys
-        $DelegateActions = @("ApplyRecord", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateInboxRules")
+        $DelegateActions = $actionDictionaries.DelegateActions.Keys
-        $OwnerActions = @("ApplyRecord", "Create", "HardDelete", "MailboxLogin", "Move", "MailItemsAccessed", "MoveToDeletedItems", "Send", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules")
+        $OwnerActions = $actionDictionaries.OwnerActions.Keys
        $allFailures = @()
-        $allUsers = Get-AzureADUser -All $true
+        $processedUsers = @{}
        $processedUsers = @{}  # Dictionary to track processed users
        $recnum = "6.1.3"
        $allUsers = Get-CISMgOutput -Rec $recnum
    }
    process {
-        try {
+        if ($null -ne $allUsers) {
-            foreach ($user in $allUsers) {
+            $mailboxes = Get-CISExoOutput -Rec $recnum
-                if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
+            try {
-                    Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
+                foreach ($user in $allUsers) {
-                    continue
+                    if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
-                }
+                        Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
                        continue
                    }
-                $licenseDetails = Get-MgUserLicenseDetail -UserId $user.UserPrincipalName
+                    $mailbox = $mailboxes | Where-Object { $_.UserPrincipalName -eq $user.UserPrincipalName }
                $hasOfficeE5 = ($licenseDetails | Where-Object { $_.SkuPartNumber -in $e5SkuPartNumbers }).Count -gt 0
                Write-Verbose "Evaluating user $($user.UserPrincipalName) for Office E5 license."
                if ($hasOfficeE5) {
                    $userUPN = $user.UserPrincipalName
                    $mailbox = Get-EXOMailbox -Identity $userUPN -PropertySets Audit
-                    $missingActions = @()
+                    $missingAdminActions = @()
                    $missingDelegateActions = @()
                    $missingOwnerActions = @()
                    if ($mailbox.AuditEnabled) {
                        # Validate Admin actions
                        foreach ($action in $AdminActions) {
-                            if ($mailbox.AuditAdmin -notcontains $action) { $missingActions += "Admin action '$action' missing" } # Condition B
+                            if ($mailbox.AuditAdmin -notcontains $action) {
                                $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin") # Condition B
                            }
                        }
                        # Validate Delegate actions
                        foreach ($action in $DelegateActions) {
-                            if ($mailbox.AuditDelegate -notcontains $action) { $missingActions += "Delegate action '$action' missing" } # Condition C
+                            if ($mailbox.AuditDelegate -notcontains $action) {
                                $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate") # Condition C
                            }
                        }
                        # Validate Owner actions
                        foreach ($action in $OwnerActions) {
-                            if ($mailbox.AuditOwner -notcontains $action) { $missingActions += "Owner action '$action' missing" } # Condition D
+                            if ($mailbox.AuditOwner -notcontains $action) {
                                $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner") # Condition D
                            }
                        }
-                        if ($missingActions.Count -gt 0) {
+                        if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
-                            $formattedActions = Format-MissingAction -missingActions $missingActions
+                            $allFailures += "$userUPN|True|$($missingAdminActions -join ',')|$($missingDelegateActions -join ',')|$($missingOwnerActions -join ',')"
                            $allFailures += "$userUPN|True|$($formattedActions.Admin)|$($formattedActions.Delegate)|$($formattedActions.Owner)"
                        }
                    }
                    else {
-                        $allFailures += "$userUPN|False|||"
+                        $allFailures += "$userUPN|False|||" # Condition A for fail
                    }
                    # Mark the user as processed
                    $processedUsers[$user.UserPrincipalName] = $true
                }
            }
-            # Prepare failure reasons and details based on compliance
+                # Prepare failure reasons and details based on compliance
-            $failureReasons = if ($allFailures.Count -eq 0) { "N/A" } else { "Audit issues detected." }
+                if ($allFailures.Count -eq 0) {
-            $details = if ($allFailures.Count -eq 0) {
+                    $failureReasons = "N/A"
-                "All Office E5 users have correct mailbox audit settings." # Condition A for pass
+                }
-            }
+                else {
-            else {
+                    $failureReasons = "Audit issues detected."
-                "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n") # Condition A for fail
+                }
                $details = if ($allFailures.Count -eq 0) {
                    "All Office E5 users have correct mailbox audit settings." # Condition A for pass
                }
                else {
                    "UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n") # Condition A for fail
                }
                # $details = Initialize-LargeTestTable -lineCount 3000 # Adjust the lineCount to exceed 32,000 characters
                # Populate the audit result
                $params = @{
                    Rec           = $recnum
                    Result        = $allFailures.Count -eq 0
                    Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
                    Details       = $details
                    FailureReason = $failureReasons
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
-            # Populate the audit result
+                # Retrieve the description from the test definitions
                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
        }
        else {
            $params = @{
                Rec           = $recnum
-                Result        = $allFailures.Count -eq 0
+                Result        = $false
-                Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No M365 E5 licenses found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit is for M365 E5 licenses, but no such licenses were found."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
        #$verbosePreference = 'Continue'
        $detailsLength = $details.Length
        Write-Verbose "Character count of the details: $detailsLength"
        if ($detailsLength -gt 32767) {
            Write-Verbose "Warning: The character count exceeds the limit for Excel cells."
        }
-        #$verbosePreference = 'SilentlyContinue'
+
        return $auditResult
    }
-}
+}
--- a/source/tests/Test-ManagedApprovedPublicGroups.ps1
+++ b/source/tests/Test-ManagedApprovedPublicGroups.ps1
@@ -30,7 +30,7 @@ function Test-ManagedApprovedPublicGroups {
    process {
        try {
            # Step: Retrieve all groups with visibility set to 'Public'
-            $allGroups = Get-MgGroup -All | Where-Object { $_.Visibility -eq "Public" } | Select-Object DisplayName, Visibility
+            $allGroups = Get-CISMgOutput -Rec $recnum
            # Step: Determine failure reasons based on the presence of public groups
            $failureReasons = if ($null -ne $allGroups -and $allGroups.Count -gt 0) {
@@ -60,16 +60,8 @@ function Test-ManagedApprovedPublicGroups {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-MeetingChatNoAnonymous.ps1
+++ b/source/tests/Test-MeetingChatNoAnonymous.ps1
@@ -32,7 +32,7 @@ function Test-MeetingChatNoAnonymous {
            #   - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended.
            # Retrieve the Teams meeting policy for meeting chat
-            $CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType
+            $CsTeamsMeetingPolicyChat = Get-CISMSTeamsOutput -Rec $recnum
            # Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous'
            $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous'
@@ -57,16 +57,8 @@ function Test-MeetingChatNoAnonymous {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-ModernAuthExchangeOnline.ps1
+++ b/source/tests/Test-ModernAuthExchangeOnline.ps1
@@ -31,12 +31,10 @@ function Test-ModernAuthExchangeOnline {
    process {
        try {
            # Ensuring the ExchangeOnlineManagement module is available
            # 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
            # Check modern authentication setting in Exchange Online configuration (Condition A and B)
-            $orgConfig = Get-OrganizationConfig | Select-Object -Property Name, OAuth2ClientProfileEnabled
+            $orgConfig = Get-CISExoOutput -Rec $recnum
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) {
@@ -61,16 +59,8 @@ function Test-ModernAuthExchangeOnline {
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-ModernAuthSharePoint.ps1
+++ b/source/tests/Test-ModernAuthSharePoint.ps1
@@ -33,7 +33,7 @@ function Test-ModernAuthSharePoint {
    process {
        try {
            # 7.2.1 (L1) Ensure modern authentication for SharePoint applications is required
-            $SPOTenant = Get-SPOTenant | Select-Object -Property LegacyAuthProtocolsEnabled
+            $SPOTenant = Get-CISSpoOutput -Rec $recnum
            $modernAuthForSPRequired = -not $SPOTenant.LegacyAuthProtocolsEnabled
            # Prepare failure reasons and details based on compliance
@@ -57,16 +57,8 @@ function Test-ModernAuthSharePoint {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-NoAnonymousMeetingJoin.ps1
+++ b/source/tests/Test-NoAnonymousMeetingJoin.ps1
@@ -33,7 +33,7 @@ function Test-NoAnonymousMeetingJoin {
            # Connect to Teams PowerShell using Connect-MicrosoftTeams
-            $teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global
+            $teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum
            $allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting
            # Prepare failure reasons and details based on compliance
@@ -57,16 +57,8 @@ function Test-NoAnonymousMeetingJoin {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-NoAnonymousMeetingStart.ps1
+++ b/source/tests/Test-NoAnonymousMeetingStart.ps1
@@ -34,7 +34,7 @@ function Test-NoAnonymousMeetingStart {
            # Connect to Teams PowerShell using Connect-MicrosoftTeams
            # Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings
-            $CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting
+            $CsTeamsMeetingPolicyAnonymous = Get-CISMSTeamsOutput -Rec $recnum
            $anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting
            # Prepare failure reasons and details based on compliance
@@ -58,16 +58,8 @@ function Test-NoAnonymousMeetingStart {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-NoWhitelistDomains.ps1
+++ b/source/tests/Test-NoWhitelistDomains.ps1
@@ -38,8 +38,7 @@ function Test-NoWhitelistDomains {
            # Retrieve transport rules that whitelist specific domains
            # Condition A: Checking for transport rules that whitelist specific domains
-            $whitelistedRules = Get-TransportRule | Where-Object { $_.SetSCL -eq -1 -and $null -ne $_.SenderDomainIs }
+            $whitelistedRules = Get-CISExoOutput -Rec $recnum
            # Prepare failure reasons and details based on compliance
            # Condition B: Prepare failure reasons based on the presence of whitelisted rules
            $failureReasons = if ($whitelistedRules) {
@@ -69,16 +68,8 @@ function Test-NoWhitelistDomains {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-NotifyMalwareInternal.ps1
+++ b/source/tests/Test-NotifyMalwareInternal.ps1
@@ -34,7 +34,7 @@ function Test-NotifyMalwareInternal {
            # 2.1.3 Ensure notifications for internal users sending malware is Enabled
            # Retrieve all 'Custom' malware filter policies and check notification settings
-            $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' }
+            $malwareNotifications = Get-CISExoOutput -Rec $recnum
            # Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications.
            $policiesToReport = @()
@@ -74,16 +74,8 @@ function Test-NotifyMalwareInternal {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-OneDriveContentRestrictions.ps1
+++ b/source/tests/Test-OneDriveContentRestrictions.ps1
@@ -34,7 +34,7 @@ function Test-OneDriveContentRestrictions {
            # 7.2.4 (L2) Ensure OneDrive content sharing is restricted
            # Retrieve OneDrive sharing capability settings
-            $SPOTenant = Get-SPOTenant | Select-Object OneDriveSharingCapability
+            $SPOTenant = Get-CISSpoOutput -Rec $recnum
            $isOneDriveSharingRestricted = $SPOTenant.OneDriveSharingCapability -eq 'Disabled'
            # Prepare failure reasons and details based on compliance
@@ -63,16 +63,8 @@ function Test-OneDriveContentRestrictions {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-OneDriveSyncRestrictions.ps1
+++ b/source/tests/Test-OneDriveSyncRestrictions.ps1
@@ -32,7 +32,7 @@ function Test-OneDriveSyncRestrictions {
            #   - Condition C: "AllowedDomainList" does not contain the trusted domain GUIDs from the on-premises environment.
            # Retrieve OneDrive sync client restriction settings
-            $SPOTenantSyncClientRestriction = Get-SPOTenantSyncClientRestriction | Select-Object TenantRestrictionEnabled, AllowedDomainList
+            $SPOTenantSyncClientRestriction = Get-CISSpoOutput -Rec $recnum
            $isSyncRestricted = $SPOTenantSyncClientRestriction.TenantRestrictionEnabled -and $SPOTenantSyncClientRestriction.AllowedDomainList
            # Condition A: Check if TenantRestrictionEnabled is True
@@ -63,16 +63,8 @@ function Test-OneDriveSyncRestrictions {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-OrgOnlyBypassLobby.ps1
+++ b/source/tests/Test-OrgOnlyBypassLobby.ps1
@@ -34,27 +34,25 @@ function Test-OrgOnlyBypassLobby {
            # Connect to Teams PowerShell using Connect-MicrosoftTeams
            # Retrieve the Teams meeting policy for lobby bypass settings
-            $CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers
+            $CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $recnum
            $lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests'
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $lobbyBypassRestricted) {
-                # Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
+                # Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
-                "External participants can bypass the lobby"
+                "AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)"
-            }
+
-            else {
+            }else {
                "N/A"
            }
            $details = if ($lobbyBypassRestricted) {
                # Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI.
                "Only people in the organization can bypass the lobby."
            }else {
                # Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
                "External participants can bypass the lobby"
            }
            else {
                # Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
                "AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)"
            }
            # Create and populate the CISAuditResult object
            $params = @{
                Rec           = $recnum
@@ -66,16 +64,8 @@ function Test-OrgOnlyBypassLobby {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-OrganizersPresent.ps1
+++ b/source/tests/Test-OrganizersPresent.ps1
@@ -32,7 +32,7 @@ function Test-OrganizersPresent {
            #   - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`.
            # Retrieve the Teams meeting policy for presenters
-            $CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode
+            $CsTeamsMeetingPolicyPresenters = Get-CISMSTeamsOutput -Rec $recnum
            $presenterRoleRestricted = $CsTeamsMeetingPolicyPresenters.DesignatedPresenterRoleMode -eq 'OrganizerOnlyUserOverride'
            # Prepare failure reasons and details based on compliance
@@ -61,16 +61,8 @@ function Test-OrganizersPresent {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-PasswordHashSync.ps1
+++ b/source/tests/Test-PasswordHashSync.ps1
@@ -34,7 +34,7 @@ function Test-PasswordHashSync {
            # 5.1.8.1 (L1) Ensure password hash sync is enabled for hybrid deployments
            # Retrieve password hash sync status (Condition A and C)
-            $passwordHashSync = Get-MgOrganization | Select-Object -ExpandProperty OnPremisesSyncEnabled
+            $passwordHashSync = Get-CISMgOutput -Rec $recnum
            $hashSyncResult = $passwordHashSync
            # Prepare failure reasons and details based on compliance
@@ -58,16 +58,8 @@ function Test-PasswordHashSync {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-PasswordNeverExpirePolicy.ps1
+++ b/source/tests/Test-PasswordNeverExpirePolicy.ps1
@@ -17,7 +17,7 @@ function Test-PasswordNeverExpirePolicy {
        $failureReasonsList = @()
        # Add headers for the details
-        $detailsList += "Domain|Validity Period|IsDefault"
+        $detailsList += "Domain|Validity Period|Notification Window|IsDefault"
        # Conditions for 1.3.1 (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'
        #
@@ -26,41 +26,41 @@ function Test-PasswordNeverExpirePolicy {
        # - Specific conditions to check:
        #   - Condition A: Password expiration policy is set to "Set passwords to never expire" in the Microsoft 365 admin center.
        #   - Condition B: Using Microsoft Graph PowerShell, the `PasswordPolicies` property for all users is set to `DisablePasswordExpiration`.
        #   - Condition C: Notification window for password expiration is set to 30 days.
        #
        # Validate test for a fail:
        # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
        # - Specific conditions to check:
        #   - Condition A: Password expiration policy is not set to "Set passwords to never expire" in the Microsoft 365 admin center.
        #   - Condition B: Using Microsoft Graph PowerShell, the `PasswordPolicies` property for one or more users is not set to `DisablePasswordExpiration`.
        #   - Condition C: Notification window for password expiration is not set to 30 days.
    }
    process {
        try {
            # Step: Retrieve all domains or a specific domain
-            $domains = if ($DomainName) {
+            $domains = Get-CISMgOutput -Rec $recnum -DomainName $DomainName
                Get-MgDomain -DomainId $DomainName
            } else {
                Get-MgDomain
            }
            foreach ($domain in $domains) {
                $domainName = $domain.Id
                $isDefault = $domain.IsDefault
                # Step (Condition C): Determine if the notification window is set to 30 days
                $notificationWindow = $domain.PasswordNotificationWindowInDays
                $notificationPolIsCompliant = $notificationWindow -eq 30
                # Step (Condition A): Retrieve password expiration policy
                $passwordPolicy = $domain.PasswordValidityPeriodInDays
-
+                $pwPolIsCompliant = $passwordPolicy -eq 2147483647
                # Step (Condition A & B): Determine if the policy is compliant
-                $isCompliant = $passwordPolicy -eq 0
+                $overallResult = $overallResult -and $notificationPolIsCompliant -and $pwPolIsCompliant
                $overallResult = $overallResult -and $isCompliant
                # Step (Condition A & B): Prepare failure reasons and details based on compliance
-                $failureReasons = if ($isCompliant) {
+                $failureReasons = if ($notificationPolIsCompliant -and $pwPolIsCompliant) {
                    "N/A"
-                } else {
+                }
-                    "Password expiration is not set to never expire for domain $domainName. Run the following command to remediate: `nUpdate-MgDomain -DomainId $domainName -PasswordValidityPeriodInDays 2147483647 -PasswordNotificationWindowInDays 30`n"
+                else {
                    "Password expiration is not set to never expire or notification window is not set to 30 days for domain $domainName. Run the following command to remediate: `nUpdate-MgDomain -DomainId $domainName -PasswordValidityPeriodInDays 2147483647 -PasswordNotificationWindowInDays 30`n"
                }
-                $details = "$domainName|$passwordPolicy days|$isDefault"
+                $details = "$domainName|$passwordPolicy days|$notificationWindow days|$isDefault"
                # Add details and failure reasons to the lists
                $detailsList += $details
@@ -82,16 +82,8 @@ function Test-PasswordNeverExpirePolicy {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-ReauthWithCode.ps1
+++ b/source/tests/Test-ReauthWithCode.ps1
@@ -34,7 +34,7 @@ function Test-ReauthWithCode {
            # 7.2.10 (L1) Ensure reauthentication with verification code is restricted
            # Retrieve reauthentication settings for SharePoint Online
-            $SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays
+            $SPOTenantReauthentication = Get-CISSpoOutput -Rec $recnum
            $isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15
            # Prepare failure reasons and details based on compliance
@@ -58,16 +58,8 @@ function Test-ReauthWithCode {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-ReportSecurityInTeams.ps1
+++ b/source/tests/Test-ReportSecurityInTeams.ps1
@@ -16,36 +16,65 @@ function Test-ReportSecurityInTeams {
    process {
        try {
            # Test-ReportSecurityInTeams.ps1
            # 8.6.1 (L1) Ensure users can report security concerns in Teams
            # Retrieve the necessary settings for Teams and Exchange Online
            # Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
-            $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
+            $CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $recnum
            # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
            # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
-            $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportChatMessageToCustomizedAddressEnabled
+            $ReportSubmissionPolicy = Get-CISExoOutput -Rec $recnum
            # Check if all the required settings are enabled
            $securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and
            $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
            $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress -and
            $ReportSubmissionPolicy.ReportPhishToCustomizedAddress -and
-            $ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled
+            $null -ne $ReportSubmissionPolicy.ReportJunkAddresses -and
            $null -ne $ReportSubmissionPolicy.ReportNotJunkAddresses -and
            $null -ne $ReportSubmissionPolicy.ReportPhishAddresses -and
            $ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled -and
            -not $ReportSubmissionPolicy.ReportChatMessageEnabled
            $detailsString = @"
 The following settings are required for users to report security concerns in Teams:
 MS Teams:
 AllowSecurityEndUserReporting: True
 EXO:
 ReportJunkToCustomizedAddress: True
 ReportNotJunkToCustomizedAddress: True
 ReportPhishToCustomizedAddress: True
 ReportJunkAddresses: <security@contoso.com>
 ReportNotJunkAddresses: <security@contoso.com>
 ReportPhishAddresses: <security@contoso.com>
 ReportChatMessageEnabled: False
 ReportChatMessageToCustomizedAddressEnabled: True
 "@
            $faildetailstring = "Users cannot report security concerns in Teams due to one or more  of the found incorrect settings:`n`n" +
            "MSTeams: `nAllowSecurityEndUserReporting: $($CsTeamsMessagingPolicy.AllowSecurityEndUserReporting); `n`n" +
            "EXO: `nReportJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportJunkToCustomizedAddress); `n" +
            "ReportNotJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress); `n" +
            "ReportPhishToCustomizedAddress: $($ReportSubmissionPolicy.ReportPhishToCustomizedAddress); `n" +
            "ReportJunkAddresses: $($ReportSubmissionPolicy.ReportJunkAddresses -join ', '); `n" +
            "ReportNotJunkAddresses: $($ReportSubmissionPolicy.ReportNotJunkAddresses -join ', '); `n" +
            "ReportPhishAddresses: $($ReportSubmissionPolicy.ReportPhishAddresses -join ', '); `n" +
            "ReportChatMessageEnabled: $($ReportSubmissionPolicy.ReportChatMessageEnabled); `n" +
            "ReportChatMessageToCustomizedAddressEnabled: $($ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled); "
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $securityReportEnabled) {
-                "Users cannot report security concerns in Teams due to one or more incorrect settings"
+                $detailsString
            }
            else {
                "N/A"
            }
-
+            $details = if ($securityReportEnabled) {
-            $details = "AllowSecurityEndUserReporting: $($CsTeamsMessagingPolicy.AllowSecurityEndUserReporting); " +
+                "Users can report security concerns in Teams."
-            "ReportJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportJunkToCustomizedAddress); " +
+            }
-            "ReportNotJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress); " +
+            else {
-            "ReportPhishToCustomizedAddress: $($ReportSubmissionPolicy.ReportPhishToCustomizedAddress); " +
+                $faildetailstring
-            "ReportChatMessageToCustomizedAddressEnabled: $($ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled)"
+            }
            # Create and populate the CISAuditResult object
            $params = @{
@@ -58,16 +87,8 @@ function Test-ReportSecurityInTeams {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-RestrictCustomScripts.ps1
+++ b/source/tests/Test-RestrictCustomScripts.ps1
@@ -32,7 +32,7 @@ function Test-RestrictCustomScripts {
            #   - Condition C: Verification using the SharePoint Admin Center indicates that the `DenyAddAndCustomizePages` setting is not enforced.
            # Retrieve all site collections and select necessary properties
-            $SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages
+            $SPOSitesCustomScript = Get-CISSpoOutput -Rec $recnum
            # Process URLs to replace 'sharepoint.com' with '<SPUrl>'
            $processedUrls = $SPOSitesCustomScript | ForEach-Object {
@@ -111,16 +111,8 @@ function Test-RestrictCustomScripts {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-RestrictExternalSharing.ps1
+++ b/source/tests/Test-RestrictExternalSharing.ps1
@@ -36,7 +36,7 @@ function Test-RestrictExternalSharing {
            # 7.2.3 (L1) Ensure external content sharing is restricted
            # Retrieve the SharingCapability setting for the SharePoint tenant
-            $SPOTenantSharingCapability = Get-SPOTenant | Select-Object SharingCapability
+            $SPOTenantSharingCapability = Get-CISSpoOutput -Rec $recnum
            $isRestricted = $SPOTenantSharingCapability.SharingCapability -in @('ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly', 'Disabled')
            # Prepare failure reasons and details based on compliance
@@ -63,16 +63,8 @@ function Test-RestrictExternalSharing {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-RestrictOutlookAddins.ps1
+++ b/source/tests/Test-RestrictOutlookAddins.ps1
@@ -11,7 +11,6 @@ function Test-RestrictOutlookAddins {
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code
        $customPolicyFailures = @()
        $defaultPolicyFailureDetails = @()
        $relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps')
        $recnum = "6.3.1"
@@ -36,24 +35,8 @@ function Test-RestrictOutlookAddins {
            # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
            # Check all mailboxes for custom policies with unallowed add-ins
            $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy
            if ($roleAssignmentPolicies.RoleAssignmentPolicy) {
                foreach ($policy in $roleAssignmentPolicies) {
                    if ($policy.RoleAssignmentPolicy) {
                        $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy
                        $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles }
                        # Condition B: Using PowerShell, verify that MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are not assigned to users.
                        if ($foundRoles) {
                            $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')"
                        }
                    }
                }
            }
            # Check Default Role Assignment Policy
-            $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy"
+            $customPolicyFailures, $defaultPolicy = Get-CISExoOutput -Rec $recnum
            $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
            # Condition A: Verify that the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are unchecked under Other roles.
@@ -93,16 +76,8 @@ function Test-RestrictOutlookAddins {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-RestrictStorageProvidersOutlook.ps1
+++ b/source/tests/Test-RestrictStorageProvidersOutlook.ps1
@@ -34,7 +34,7 @@ function Test-RestrictStorageProvidersOutlook {
            # 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
            # Retrieve all OwaMailbox policies
-            $owaPolicies = Get-OwaMailboxPolicy
+            $owaPolicies = Get-CISExoOutput -Rec $recnum
            # Condition A: Check if AdditionalStorageProvidersAvailable is set to False
            $nonCompliantPolicies = $owaPolicies | Where-Object { $_.AdditionalStorageProvidersAvailable }
@@ -67,16 +67,8 @@ function Test-RestrictStorageProvidersOutlook {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-RestrictTenantCreation.ps1
+++ b/source/tests/Test-RestrictTenantCreation.ps1
@@ -35,7 +35,7 @@ function Test-RestrictTenantCreation {
            # 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
            # Retrieve the tenant creation policy
-            $tenantCreationPolicy = (Get-MgPolicyAuthorizationPolicy).DefaultUserRolePermissions | Select-Object AllowedToCreateTenants
+            $tenantCreationPolicy = Get-CISMgOutput -Rec $recnum
            $tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants
            # Prepare failure reasons and details based on compliance
@@ -59,16 +59,8 @@ function Test-RestrictTenantCreation {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-SafeAttachmentsPolicy.ps1
+++ b/source/tests/Test-SafeAttachmentsPolicy.ps1
@@ -1,19 +1,12 @@
 function Test-SafeAttachmentsPolicy {
    [CmdletBinding()]
    [OutputType([CISAuditResult])]
-    param (
+    param ()
        # Aligned
        # Parameters can be added if needed
    )
    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
        $recnum = "2.1.4"
-    <#
+        <#
        Conditions for 2.1.4 (L2) Ensure Safe Attachments policy is enabled
        Validate test for a pass:
@@ -31,58 +24,87 @@ function Test-SafeAttachmentsPolicy {
          - Condition B: The policy does not cover all recipients within the organization.
          - Condition C: The policy action is not set to "Dynamic Delivery" or "Quarantine".
          - Condition D: The policy is disabled.
-    #>
+        #>
    }
    process {
-        try {
+        $safeAttachmentPolicies = Get-CISExoOutput -Rec $recnum
-            # 2.1.4 (L2) Ensure Safe Attachments policy is enabled
+        if ($safeAttachmentPolicies -ne 1) {
            try {
                # Check if any Safe Attachments policy is enabled (Condition A)
                $result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0
-            # Retrieve all Safe Attachment policies where Enable is set to True
+                # Initialize details and failure reasons
-            $safeAttachmentPolicies = Get-SafeAttachmentPolicy | Where-Object { $_.Enable -eq $true }
+                $details = @()
                $failureReasons = @()
-            # Condition A: Check if any Safe Attachments policy is enabled
+                foreach ($policy in $safeAttachmentPolicies) {
-            $result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0
+                    # Initialize policy detail and failed status
                    $failed = $false
-            # Condition B, C, D: Additional checks can be added here if more detailed policy attributes are required
+                    # Check if the policy action is set to "Dynamic Delivery" or "Quarantine" (Condition C)
                    if ($policy.Action -notin @("DynamicDelivery", "Quarantine")) {
                        $failureReasons += "Policy '$($policy.Name)' action is not set to 'Dynamic Delivery' or 'Quarantine'."
                        $failed = $true
                    }
-            # Determine details and failure reasons based on the presence of enabled policies
+                    # Check if the policy is not disabled (Condition D)
-            $details = if ($result) {
+                    if (-not $policy.Enable) {
-                "Enabled Safe Attachments Policies: $($safeAttachmentPolicies.Name -join ', ')"
+                        $failureReasons += "Policy '$($policy.Name)' is disabled."
-            }
+                        $failed = $true
-            else {
+                    }
-                "No Safe Attachments Policies are enabled."
+
                    # Add policy details to the details array
                    $details += [PSCustomObject]@{
                        Policy  = $policy.Name
                        Enabled = $policy.Enable
                        Action  = $policy.Action
                        Failed  = $failed
                    }
                }
                # The result is a pass if there are no failure reasons
                $result = $failureReasons.Count -eq 0
                # Format details for output manually
                $detailsString = "Policy|Enabled|Action|Failed`n" + ($details |
                    ForEach-Object {"$($_.Policy)|$($_.Enabled)|$($_.Action)|$($_.Failed)`n"}
                )
                $failureReasonsString = ($failureReasons | ForEach-Object { $_ }) -join ' '
                # Create and populate the CISAuditResult object
                $params = @{
                    Rec           = $recnum
                    Result        = $result
                    Status        = if ($result) { "Pass" } else { "Fail" }
                    Details       = $detailsString
                    FailureReason = if ($result) { "N/A" } else { $failureReasonsString }
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
-            $failureReasons = if ($result) {
+                # Retrieve the description from the test definitions
-                "N/A"
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
-            }
+                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            else {
                "Safe Attachments policy is not enabled."
            }
-            # Create and populate the CISAuditResult object
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
        }
        else {
            $params = @{
                Rec           = $recnum
-                Result        = $result
+                Result        = $false
-                Status        = if ($result) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No Safe Attachments policies found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit needs Safe Attachment features available or required EXO commands will not be available otherwise."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
@@ -90,4 +112,3 @@ function Test-SafeAttachmentsPolicy {
        return $auditResult
    }
 }
--- a/source/tests/Test-SafeAttachmentsTeams.ps1
+++ b/source/tests/Test-SafeAttachmentsTeams.ps1
@@ -31,61 +31,62 @@ function Test-SafeAttachmentsTeams {
    }
    process {
-        try {
+        $atpPolicyResult = Get-CISExoOutput -Rec $recnum
-            # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
+        if ($atpPolicyResult -ne 1) {
            try {
                # Condition A: Check Safe Attachments for SharePoint
                # Condition B: Check Safe Attachments for OneDrive
                # Condition C: Check Safe Attachments for Microsoft Teams
-            # Retrieve the ATP policies for Office 365 and check Safe Attachments settings
+                # Determine the result based on the ATP policy settings
-            $atpPolicies = Get-AtpPolicyForO365
+                $result = $null -ne $atpPolicyResult
                $details = if ($result) {
                    "ATP for SharePoint, OneDrive, and Teams is enabled with correct settings."
                }
                else {
                    "ATP for SharePoint, OneDrive, and Teams is not enabled with correct settings."
                }
-            # Check if the required ATP policies are enabled
+                $failureReasons = if ($result) {
-            $atpPolicyResult = $atpPolicies | Where-Object {
+                    "N/A"
-                $_.EnableATPForSPOTeamsODB -eq $true -and
+                }
-                $_.EnableSafeDocs -eq $true -and
+                else {
-                $_.AllowSafeDocsOpen -eq $false
+                    "ATP policy for SharePoint, OneDrive, and Microsoft Teams is not correctly configured."
                }
                # Create and populate the CISAuditResult object
                $params = @{
                    Rec           = $recnum
                    Result        = $result
                    Status        = if ($result) { "Pass" } else { "Fail" }
                    Details       = $details
                    FailureReason = $failureReasons
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
-            # Condition A: Check Safe Attachments for SharePoint
+                # Retrieve the description from the test definitions
-            # Condition B: Check Safe Attachments for OneDrive
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
-            # Condition C: Check Safe Attachments for Microsoft Teams
+                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
-            # Determine the result based on the ATP policy settings
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            $result = $null -ne $atpPolicyResult
            $details = if ($result) {
                "ATP for SharePoint, OneDrive, and Teams is enabled with correct settings."
            }
            else {
                "ATP for SharePoint, OneDrive, and Teams is not enabled with correct settings."
            }
-            $failureReasons = if ($result) {
+                # Call Initialize-CISAuditResult with error parameters
-                "N/A"
+                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
-            else {
+        }
-                "ATP policy for SharePoint, OneDrive, and Microsoft Teams is not correctly configured."
+        else {
            }
            # Create and populate the CISAuditResult object
            $params = @{
                Rec           = $recnum
-                Result        = $result
+                Result        = $false
-                Status        = if ($result) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No M365 E5 licenses found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit is for M365 E5 licenses and the required EXO commands will not be available otherwise."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
--- a/source/tests/Test-SafeLinksOfficeApps.ps1
+++ b/source/tests/Test-SafeLinksOfficeApps.ps1
@@ -40,62 +40,51 @@ function Test-SafeLinksOfficeApps {
    }
    process {
-        try {
+        # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
-            # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
+        # Retrieve all Safe Links policies
        $misconfiguredDetails = Get-CISExoOutput -Rec $recnum
        # Misconfigured details returns 1 if EXO Commands needed for the test are not available
        if ($misconfiguredDetails -ne 1) {
            try {
                # Prepare the final result
                # Condition B: Ensuring no misconfigurations
                $result = $misconfiguredDetails.Count -eq 0
                $details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join ' | ' }
                $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
-            # Retrieve all Safe Links policies
+                # Create and populate the CISAuditResult object
-            $policies = Get-SafeLinksPolicy
+                $params = @{
-
+                    Rec           = $recnum
-            # Initialize the details collection
+                    Result        = $result
-            $misconfiguredDetails = @()
+                    Status        = if ($result) { "Pass" } else { "Fail" }
-
+                    Details       = $details
-            foreach ($policy in $policies) {
+                    FailureReason = $failureReasons
                # Get the detailed configuration of each policy
                $policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
                # Check each required property and record failures
                # Condition A: Checking policy settings
                $failures = @()
                if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" } # Email: On
                if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" } # Teams: On
                if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" } # Office 365 Apps: On
                if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" } # Click protection settings: On
                if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" } # Do not track when users click safe links: Off
                # Only add details for policies that have misconfigurations
                if ($failures.Count -gt 0) {
                    $misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
                }
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
                Write-Error "An error occurred during the test: $_"
-            # Prepare the final result
+                # Retrieve the description from the test definitions
-            # Condition B: Ensuring no misconfigurations
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
-            $result = $misconfiguredDetails.Count -eq 0
+                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join ' | ' }
            $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
-            # Create and populate the CISAuditResult object
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
            }
        }
        else {
            $params = @{
                Rec           = $recnum
-                Result        = $result
+                Result        = $false
-                Status        = if ($result) { "Pass" } else { "Fail" }
+                Status        = "Fail"
-                Details       = $details
+                Details       = "No M365 E5 licenses found."
-                FailureReason = $failureReasons
+                FailureReason = "The audit is for M365 E5 licenses and the required EXO commands will not be available otherwise."
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            Write-Error "An error occurred during the test: $_"
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
    end {
--- a/source/tests/Test-SharePointAADB2B.ps1
+++ b/source/tests/Test-SharePointAADB2B.ps1
@@ -33,7 +33,7 @@ function Test-SharePointAADB2B {
    process {
        try {
            # 7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
-            $SPOTenantAzureADB2B = Get-SPOTenant | Select-Object EnableAzureADB2BIntegration
+            $SPOTenantAzureADB2B = Get-CISSpoOutput -Rec $recnum
            # Populate the auditResult object with the required properties
            $params = @{
@@ -46,16 +46,8 @@ function Test-SharePointAADB2B {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-SharePointExternalSharingDomains.ps1
+++ b/source/tests/Test-SharePointExternalSharingDomains.ps1
@@ -33,7 +33,7 @@ function Test-SharePointExternalSharingDomains {
    process {
        try {
            # 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
-            $SPOTenant = Get-SPOTenant | Select-Object SharingDomainRestrictionMode, SharingAllowedDomainList
+            $SPOTenant = Get-CISSpoOutput -Rec $recnum
            $isDomainRestrictionConfigured = $SPOTenant.SharingDomainRestrictionMode -eq 'AllowList'
            # Populate the auditResult object with the required properties
@@ -47,16 +47,8 @@ function Test-SharePointExternalSharingDomains {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-SharePointGuestsItemSharing.ps1
+++ b/source/tests/Test-SharePointGuestsItemSharing.ps1
@@ -33,7 +33,7 @@ function Test-SharePointGuestsItemSharing {
    process {
        try {
            # 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
-            $SPOTenant = Get-SPOTenant | Select-Object PreventExternalUsersFromResharing
+            $SPOTenant = Get-CISSpoOutput -Rec $recnum
            $isGuestResharingPrevented = $SPOTenant.PreventExternalUsersFromResharing
            # Populate the auditResult object with the required properties
@@ -47,16 +47,8 @@ function Test-SharePointGuestsItemSharing {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-SpamPolicyAdminNotify.ps1
+++ b/source/tests/Test-SpamPolicyAdminNotify.ps1
@@ -38,7 +38,7 @@ function Test-SpamPolicyAdminNotify {
            # 2.1.6 Ensure Exchange Online Spam Policies are set to notify administrators
            # Retrieve the default hosted outbound spam filter policy
-            $hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true }
+            $hostedOutboundSpamFilterPolicy = Get-CISExoOutput -Rec $recnum
            # Check if both settings are enabled (Condition A and Condition B for pass)
            $bccSuspiciousOutboundMailEnabled = $hostedOutboundSpamFilterPolicy.BccSuspiciousOutboundMail
@@ -65,16 +65,8 @@ function Test-SpamPolicyAdminNotify {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-TeamsExternalAccess.ps1
+++ b/source/tests/Test-TeamsExternalAccess.ps1
@@ -10,8 +10,6 @@ function Test-TeamsExternalAccess {
        # Dot source the class script if necessary
        # . .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
        $auditResult = [CISAuditResult]::new()
        $recnum = "8.2.1"
    }
@@ -35,7 +33,7 @@ function Test-TeamsExternalAccess {
            # Connect to Teams PowerShell using Connect-MicrosoftTeams
-            $externalAccessConfig = Get-CsTenantFederationConfiguration
+            $externalAccessConfig = Get-CISMSTeamsOutput -Rec $recnum
            $allowedDomainsLimited = $false
            if ($externalAccessConfig.AllowFederatedUsers -and $externalAccessConfig.AllowedDomains -and $externalAccessConfig.AllowedDomains.AllowedDomain.Count -gt 0) {
@@ -56,16 +54,8 @@ function Test-TeamsExternalAccess {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/source/tests/Test-TeamsExternalFileSharing.ps1
+++ b/source/tests/Test-TeamsExternalFileSharing.ps1
@@ -26,9 +26,8 @@ function Test-TeamsExternalFileSharing {
            # Assuming that 'approvedProviders' is a list of approved cloud storage service names
            # This list must be defined according to your organization's approved cloud storage services
            $clientConfig = Get-CISMSTeamsOutput -Rec $recnum
            $approvedProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte")
            $clientConfig = Get-CsTeamsClientConfiguration
            $isCompliant = $true
            $nonCompliantProviders = @()
@@ -50,16 +49,8 @@ function Test-TeamsExternalFileSharing {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            $LastError = $_
-
+            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
            # Retrieve the description from the test definitions
            $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
            $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
            $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
            # Call Initialize-CISAuditResult with error parameters
            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
    }
--- a/test-gh.ps1
+++ b/test-gh.ps1
@@ -1,212 +0,0 @@
 $repoOwner = "CriticalSolutionsNetwork"
 $repoName = "M365FoundationsCISReport"
 $directoryPath = ".\source\tests"
 $projectName = "Test Validation Project"
 # Function to create GitHub issues
 function Create-GitHubIssue {
    param (
        [string]$title,
        [string]$body,
        [string]$project
    )
    # Create the issue and add it to the specified project
    $issue = gh issue create --repo "$repoOwner/$repoName" --title "$title" --body "$body" --project "$project"
    return $issue
 }
 # Load test definitions from CSV
 $testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
 $testDefinitions = Import-Csv -Path $testDefinitionsPath
 # Iterate over each .ps1 file in the directory
 Get-ChildItem -Path $directoryPath -Filter "*.ps1" | ForEach-Object {
    $fileName = $_.Name
    $testDefinition = $testDefinitions | Where-Object { $_.TestFileName -eq $fileName }
    if ($testDefinition) {
        $rec = $testDefinition.Rec
        $elevel = $testDefinition.ELevel
        $profileLevel = $testDefinition.ProfileLevel
        $ig1 = $testDefinition.IG1
        $ig2 = $testDefinition.IG2
        $ig3 = $testDefinition.IG3
        $connection = $testDefinition.Connection
        $issueTitle = "Rec: $rec - Validate $fileName, ELevel: $elevel, ProfileLevel: $profileLevel, IG1: $ig1, IG2: $ig2, IG3: $ig3, Connection: $connection"
        $issueBody = @"
 # Validation for $fileName
 ## Tasks
 - [ ] Validate test for a pass
  - Description of passing criteria:
 - [ ] Validate test for a fail
  - Description of failing criteria:
 - [ ] Add notes and observations
  - Placeholder for additional notes:
 "@
        # Create the issue using GitHub CLI
        try {
            Create-GitHubIssue -title "$issueTitle" -body "$issueBody" -project "$projectName"
            Write-Output "Created issue for $fileName"
        }
        catch {
            Write-Error "Failed to create issue for $fileName`: $_"
        }
        # Introduce a delay of 2 seconds
        Start-Sleep -Seconds 2
    }
    else {
        Write-Warning "No matching test definition found for $fileName"
    }
 }
 ######################################
 $repoOwner = "CriticalSolutionsNetwork"
 $repoName = "M365FoundationsCISReport"
 # Function to update GitHub issue
 function Update-GitHubTIssue {
    param (
        [int]$issueNumber,
        [string]$title,
        [string]$body,
        [string]$owner,
        [string]$repositoryName
    )
    # Update the issue using Set-GitHubIssue
    Set-GitHubIssue -OwnerName $owner -RepositoryName $repositoryName -Issue $issueNumber -Title $title -Body $body -Label @("documentation", "help wanted", "question") -Confirm:$false
 }
 # Load test definitions from CSV
 $testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
 $testDefinitions = Import-Csv -Path $testDefinitionsPath
 # Fetch existing issues that start with "Rec:"
 $existingIssues = Get-GitHubIssue -OwnerName 'CriticalSolutionsNetwork' -RepositoryName 'M365FoundationsCISReport'
 # Create a list to hold matched issues
 $matchedIssues = @()
 $warnings = @()
 # Iterate over each existing issue
 $existingIssues | ForEach-Object {
    $issueNumber = $_.Number
    $issueTitle = $_.Title
    $issueBody = $_.Body
    # Extract the rec number from the issue title
    if ($issueTitle -match "Rec: (\d+\.\d+\.\d+)") {
        $rec = $matches[1]
        # Find the matching test definition based on rec number
        $testDefinition = $testDefinitions | Where-Object { $_.Rec -eq $rec }
        if ($testDefinition) {
            # Create the new issue body
            $newIssueBody = @"
 # Validation for $($testDefinition.TestFileName)
 ## Recommendation Details
 - **Recommendation**: $($testDefinition.Rec)
 - **Description**: $($testDefinition.RecDescription)
 - **ELevel**: $($testDefinition.ELevel)
 - **Profile Level**: $($testDefinition.ProfileLevel)
 - **CIS Control**: $($testDefinition.CISControl)
 - **CIS Description**: $($testDefinition.CISDescription)
 - **Implementation Group 1**: $($testDefinition.IG1)
 - **Implementation Group 2**: $($testDefinition.IG2)
 - **Implementation Group 3**: $($testDefinition.IG3)
 - **Automated**: $($testDefinition.Automated)
 - **Connection**: $($testDefinition.Connection)
 ## [$($testDefinition.TestFileName)](https://github.com/CriticalSolutionsNetwork/M365FoundationsCISReport/blob/main/source/tests/$($testDefinition.TestFileName))
 ## Tasks
 ### Validate recommendation details
 - [ ] Confirm that the recommendation details are accurate and complete as per the CIS benchmark.
 ### Validate test for a pass
 - [ ] Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
  - Specific conditions to check:
    - Condition A: (Detail about what constitutes Condition A)
    - Condition B: (Detail about what constitutes Condition B)
    - Condition C: (Detail about what constitutes Condition C)
 ### Validate test for a fail
 - [ ] Confirm that the failure conditions in the automated test are consistent with the manual audit results.
  - Specific conditions to check:
    - Condition A: (Detail about what constitutes Condition A)
    - Condition B: (Detail about what constitutes Condition B)
    - Condition C: (Detail about what constitutes Condition C)
 ### Add notes and observations
 - [ ] Compare the automated audit results with the manual audit steps and provide detailed observations.
  - Automated audit produced info consistent with the manual audit test results? (Yes/No)
  - Without disclosing any sensitive information, document any discrepancies between the actual output and the expected output.
  - Document any error messages, removing any sensitive information before submitting.
  - Identify the specific function, line, or section of the script that failed, if known.
  - Provide any additional context or observations that might help in troubleshooting.
 If needed, the helpers folder in .\source\helpers contains a CSV to assist with locating the test definition.
 "@
            # Add to matched issues list
            $matchedIssues += [PSCustomObject]@{
                IssueNumber = $issueNumber
                Title = $issueTitle
                NewBody = $newIssueBody
            }
        } else {
            $warnings += "No matching test definition found for Rec: $rec"
        }
    } else {
        $warnings += "No matching rec number found in issue title #$issueNumber"
    }
 }
 # Display matched issues for confirmation
 if ($matchedIssues.Count -gt 0) {
    Write-Output "Matched Issues:"
    $matchedIssues | ForEach-Object {
        Write-Output $_.Title
    }
    $confirmation = Read-Host "Do you want to proceed with updating these issues? (yes/no)"
    if ($confirmation -eq 'yes') {
        # Update the issues
        $matchedIssues | ForEach-Object {
            try {
                Update-GitHubTIssue -issueNumber $_.IssueNumber -title $_.Title -body $_.NewBody -owner $repoOwner -repositoryName $repoName
                Write-Output "Updated issue #$($_.IssueNumber)"
            } catch {
                Write-Error "Failed to update issue #$($_.IssueNumber): $_"
            }
            # Introduce a delay of 2 seconds
            Start-Sleep -Seconds 2
        }
    } else {
        Write-Output "Update canceled by user."
    }
 } else {
    Write-Output "No matched issues found to update."
 }
 # Display any warnings that were captured
 if ($warnings.Count -gt 0) {
    Write-Output "Warnings:"
    $warnings | ForEach-Object {
        Write-Output $_
    }
 }
 # Test command to verify GitHub access
 Get-GitHubRepository -OwnerName 'CriticalSolutionsNetwork' -RepositoryName 'M365FoundationsCISReport'
--- a/tests/Unit/Private/New-MergedObject.tests.ps1
+++ b/tests/Unit/Private/New-MergedObject.tests.ps1
--- a/tests/Unit/Private/Get-AdminRoleUserAndAssignment.tests.ps1
+++ b/tests/Unit/Private/Get-AdminRoleUserAndAssignment.tests.ps1
@@ -0,0 +1,27 @@
 $ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path
 $ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{
        ($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and
        $(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } )
    }).BaseName
 Import-Module $ProjectName
 InModuleScope $ProjectName {
    Describe Get-PrivateFunction {
        Context 'Default' {
            BeforeEach {
                $return = Get-PrivateFunction -PrivateData 'string'
            }
            It 'Returns a single object' {
                ($return | Measure-Object).Count | Should -Be 1
            }
            It 'Returns a string based on the parameter PrivateData' {
                $return | Should -Be 'string'
            }
        }
    }
 }
--- a/tests/Unit/Private/Get-CISAadOutput.tests.ps1
+++ b/tests/Unit/Private/Get-CISAadOutput.tests.ps1
@@ -0,0 +1,27 @@
 $ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path
 $ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{
        ($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and
        $(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } )
    }).BaseName
 Import-Module $ProjectName
 InModuleScope $ProjectName {
    Describe Get-PrivateFunction {
        Context 'Default' {
            BeforeEach {
                $return = Get-PrivateFunction -PrivateData 'string'
            }
            It 'Returns a single object' {
                ($return | Measure-Object).Count | Should -Be 1
            }
            It 'Returns a string based on the parameter PrivateData' {
                $return | Should -Be 'string'
            }
        }
    }
 }
--- a/tests/Unit/Private/Get-CISExoOutput.tests.ps1
+++ b/tests/Unit/Private/Get-CISExoOutput.tests.ps1
@@ -0,0 +1,27 @@
 $ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path
 $ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{
        ($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and
        $(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } )
    }).BaseName
 Import-Module $ProjectName
 InModuleScope $ProjectName {
    Describe Get-PrivateFunction {
        Context 'Default' {
            BeforeEach {
                $return = Get-PrivateFunction -PrivateData 'string'
            }
            It 'Returns a single object' {
                ($return | Measure-Object).Count | Should -Be 1
            }
            It 'Returns a string based on the parameter PrivateData' {
                $return | Should -Be 'string'
            }
        }
    }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Doug Rios	170217752f	Merge pull request #128 from CriticalSolutionsNetwork/Revert-Export-Table-Change Revert export table change	2024-06-28 17:11:11 -05:00
DrIOS	1fbf321449	docs: Update CHANGELOG	2024-06-28 17:09:28 -05:00
DrIOS	5909f8d3b4	fix: Get-ExceededLengthResultDetail parameter validation	2024-06-28 17:04:10 -05:00
DrIOS	8c8445c9d9	fix: Export Table Changes Reverted	2024-06-28 16:09:13 -05:00
Doug Rios	95eb18ccf4	Merge pull request #127 from CriticalSolutionsNetwork/Add-Microsoft-Graph-Consent-for-user-function Add microsoft graph consent for user function	2024-06-26 21:41:16 -05:00
DrIOS	05a6d76fb7	docs: Update HELP docs	2024-06-26 21:36:55 -05:00
DrIOS	0465c3a41d	docs: Update CHANGELOG	2024-06-26 21:31:05 -05:00
DrIOS	d4632c0a6f	add: Added Grant-M365SecurityAuditConsent function to consent to the Microsoft Graph Powershell API for a user.	2024-06-26 21:30:41 -05:00
DrIOS	0ea5aa2581	docs: Update helper to retrieve keys	2024-06-26 16:19:17 -05:00
Doug Rios	9402fde503	Merge pull request #123 from CriticalSolutionsNetwork/Test-8.5.3,8.6.1-logic Test 8.5.3,8.6.1 logic	2024-06-26 09:09:30 -05:00
DrIOS	6ed0e239b7	docs: Update CHANGELOG	2024-06-26 09:06:58 -05:00
DrIOS	168cc38679	docs: Update CHANGELOG	2024-06-26 09:00:39 -05:00
DrIOS	59278f4a27	Fix: Export when tests with nested tables not included.	2024-06-26 08:54:57 -05:00
DrIOS	51f662ff58	Fix: 8.6.1 output and formatting in line with recommendation	2024-06-26 08:54:32 -05:00
DrIOS	c4bbf25e8b	docs: Update CHANGELOG	2024-06-24 19:24:15 -05:00
DrIOS	143ee69fb5	fix: 8.6.1 test logic and output	2024-06-24 19:22:17 -05:00
DrIOS	fd53384f8e	docs: Update CHANGELOG	2024-06-24 19:19:29 -05:00
DrIOS	73bce280eb	docs: Update Help	2024-06-24 19:15:15 -05:00
DrIOS	0a92100bb6	fix: 8.6.1 test logic and output	2024-06-24 19:14:43 -05:00
DrIOS	18287169c3	docs: swap details / fr in 8.5.3	2024-06-24 18:27:48 -05:00
DrIOS	abe18f1942	docs: Add wiki help docs	2024-06-24 15:06:04 -05:00
DrIOS	95da5a3822	docs: Update CHANGELOG and WIKI	2024-06-24 12:11:24 -05:00
Doug Rios	9d12defb7f	Merge pull request #119 from CriticalSolutionsNetwork/MFA-Status-Enhancement Gereral testing enhancements.	2024-06-23 19:38:53 -05:00
DrIOS	e6cdae32a1	docs: Update CHANGELOG	2024-06-23 19:34:53 -05:00
DrIOS	e0436686b8	docs: formatting	2024-06-23 19:31:09 -05:00
DrIOS	5c852679d9	add: finally block to always disconnect	2024-06-23 19:06:59 -05:00
DrIOS	8b91a8c06e	add: finally block to always disconnect	2024-06-23 18:41:47 -05:00
DrIOS	968e589860	add: finally block to always disconnect	2024-06-23 18:40:27 -05:00
DrIOS	6dc52f5b89	docs: Formatting Invoke-M365SecurityAudit	2024-06-23 18:16:56 -05:00
DrIOS	e81395bb4c	fix: Connect host output	2024-06-23 18:16:19 -05:00
DrIOS	4e0b20fc14	fix: Test-Error verbose call and Get-CISMgOutput Parameter	2024-06-23 17:58:27 -05:00
DrIOS	ca1734381f	docs: Update CHANGELOG and Help Uri	2024-06-23 17:28:01 -05:00
DrIOS	82df16623e	docs: Update CommentBlock for Remove-RowsWithEmptyCSVStatus	2024-06-23 17:22:08 -05:00
DrIOS	011f91cdde	docs: Update CHANGELOG	2024-06-23 17:15:29 -05:00
DrIOS	a141380f3f	add: simplified error handling with Get-TestError	2024-06-23 17:14:37 -05:00
DrIOS	1e75fbd335	add: DomainName paramter to get-mggraph and test 1.3.1	2024-06-23 17:11:04 -05:00
DrIOS	defcf56c82	add: DomainName paramter to get-mggraph and test 1.3.1	2024-06-23 17:00:12 -05:00
DrIOS	be68c1d0d7	fix: Remove output type for output functions. Add Later	2024-06-23 16:59:26 -05:00
DrIOS	e60c9855e3	fix: output functions verbosity	2024-06-23 16:51:57 -05:00
DrIOS	6b94ee72a5	add: Get-CISAadOutput function and updated respective tests	2024-06-23 16:42:59 -05:00
DrIOS	0601996a68	docs: Update CHANGELOG	2024-06-23 16:08:49 -05:00
DrIOS	bad103f0cf	add: Get-CISSpoOutput function and updated respective tests	2024-06-23 16:06:31 -05:00
DrIOS	4dd65a0140	add: Error handling to output functions	2024-06-23 16:06:02 -05:00
DrIOS	b6423c8a7d	Update output for Connect-SPOService	2024-06-23 15:51:00 -05:00
DrIOS	6b135c2e31	docs: Update CHANGELOG	2024-06-23 15:29:51 -05:00
DrIOS	917833b186	add: Get-CISMSTeamsOutput function and updated respective tests	2024-06-23 15:27:25 -05:00
DrIOS	a874836b8b	fix: Update formatting	2024-06-23 15:26:45 -05:00
DrIOS	7e98f77424	docs: Update CHANGELOG	2024-06-23 14:46:02 -05:00
DrIOS	e9bac2fe1c	changed name of output functions with prefix 'CIS'	2024-06-23 14:44:25 -05:00
DrIOS	a90df5bef4	docs: Update Formatting	2024-06-23 14:34:26 -05:00
DrIOS	9a299d4bac	docs: Update CHANGELOG	2024-06-23 14:30:27 -05:00
DrIOS	381b8ebeb8	add: Get-ExoOutput function and updated tests	2024-06-23 14:28:51 -05:00
DrIOS	90c5b95f35	fix: missing output type comments for switches	2024-06-23 12:43:52 -05:00
DrIOS	c5780450e7	docs: Update CHANGELOG	2024-06-23 12:34:15 -05:00
DrIOS	736997fbbe	add: Get-ExoOutput function and modified tests: '1.2.2', '1.3.3', '1.3.6', '2.1.1'	2024-06-23 12:33:57 -05:00
DrIOS	b564458ed1	fix: Removed banner fix and included AzureAD	2024-06-23 12:31:35 -05:00
DrIOS	5ff2396218	fix: Removed banner from EXO connection step	2024-06-23 11:46:00 -05:00
DrIOS	39ba3c3ad7	add: New process for collecting MgGraph output to make pester testing easier	2024-06-23 11:39:14 -05:00
DrIOS	84c16ac16e	fix 6.1.1 test definition so it uses EXO	2024-06-23 10:06:05 -05:00
DrIOS	f5f6d39c73	add: skip msol connnection for Get-MFAStatus	2024-06-23 10:03:37 -05:00
DrIOS	0f3587ab15	docs: Update README and Help	2024-06-20 13:16:12 -05:00
DrIOS	1d462572c1	docs: Update CHANGELOG	2024-06-20 13:13:42 -05:00
DrIOS	ab0ef53bbd	add: Export to excel option for table exports	2024-06-20 13:12:01 -05:00
DrIOS	359d2890f8	docs: Update CHANGELOG	2024-06-20 12:19:48 -05:00
DrIOS	b18780d52e	fix: Update 1.3.1 output and test logic to include notification window.	2024-06-20 12:17:22 -05:00
Doug Rios	91bb61b317	Merge pull request #117 from CriticalSolutionsNetwork/6.1.5/3-Exports Fix: MFA STATUS Function	2024-06-18 17:40:58 -05:00
DrIOS	3ecd8bb8af	docs: Update README and HTML Help	2024-06-18 14:08:15 -05:00
DrIOS	a6720dbc5e	docs: Deleted tests for functions that no longer exist	2024-06-18 14:06:02 -05:00
DrIOS	b2eaee54e1	docs: Update Changelog	2024-06-18 14:04:52 -05:00
DrIOS	0125d4261d	add: Comment based help to new sync function and output type added	2024-06-18 14:03:37 -05:00
DrIOS	0c28009498	fix: Refactor sync function to one simple function	2024-06-18 13:16:01 -05:00
DrIOS	b78cb17bc1	fix: Fixed overwrite of manual audit rows	2024-06-18 10:10:22 -05:00
DrIOS	3e5f9b3ac5	fix: Fixed merging and added date to columns without a status	2024-06-18 09:44:50 -05:00
DrIOS	07bd30a27f	fix: Fixed merging and added dateto columns without a status	2024-06-17 20:10:59 -05:00
DrIOS	b07344bb71	fix: Fixed merging and added date:	2024-06-17 19:57:31 -05:00
DrIOS	d6c500f953	fix: Fix merging csv when data present	2024-06-17 19:19:07 -05:00
DrIOS	aa76de6649	docs: Update CHANGELOG	2024-06-17 13:53:31 -05:00
DrIOS	daadad391e	docs: Update Export function help	2024-06-17 13:51:29 -05:00
DrIOS	a97eda1662	add: Added DoNotConfirmConnections Switch to main function	2024-06-17 13:51:10 -05:00
DrIOS	99933f7655	add: option to disconnect with tenant notification	2024-06-17 13:45:56 -05:00
DrIOS	411ee5d36f	Fix: 6.1.2/3 csv output when no test was run	2024-06-17 11:36:51 -05:00
DrIOS	4dc996b2fb	Fix: MFA STATUS Function	2024-06-17 11:09:04 -05:00
Doug Rios	5e25d6ee1b	Merge pull request #115 from CriticalSolutionsNetwork/Add-QoL-Features Add qol features	2024-06-17 09:42:08 -05:00
DrIOS	a88535e258	docs: Update help	2024-06-16 15:24:02 -05:00
DrIOS	a43485f05e	fix: 2.1.4 output	2024-06-16 15:20:06 -05:00
DrIOS	486e053dfb	fix: 1.1.1 admin pull	2024-06-16 14:12:12 -05:00
DrIOS	6bace63c62	docs: finalize error handling standard	2024-06-16 13:11:43 -05:00
DrIOS	46d71900ce	docs: finalize error handling standard	2024-06-16 12:48:15 -05:00
DrIOS	51edc331ab	docs: reset comment	2024-06-16 12:24:42 -05:00
DrIOS	04e63f72fc	add: error handling for tests that produce large output	2024-06-16 12:23:39 -05:00
DrIOS	9b624680fd	add: test function	2024-06-16 11:01:16 -05:00
DrIOS	bbc74494c3	fix: Export original when cell is too large.	2024-06-16 10:51:18 -05:00
DrIOS	54a369bde3	fix: Write-Information if not auiditresult.	2024-06-16 10:09:26 -05:00
DrIOS	06cdb4d0d1	add: helper function for testing.	2024-06-16 09:58:25 -05:00
DrIOS	2d4593f207	fix: error handling and informative output	2024-06-16 09:22:07 -05:00
DrIOS	949a2aaa43	fix: formatting	2024-06-15 22:12:45 -05:00
DrIOS	3aef8a0ca3	fix: If details are empty	2024-06-15 22:11:38 -05:00
DrIOS	14d33493b0	docs: remove test code	2024-06-15 21:35:22 -05:00
DrIOS	234f0cdd31	docs: Update CHANGELOG	2024-06-15 21:34:37 -05:00
DrIOS	e1cc2a3da7	fix: export audit switch added to export	2024-06-15 21:33:35 -05:00
DrIOS	848438c33f	fix: export working	2024-06-15 21:15:28 -05:00
DrIOS	f981e59b43	docs: formatting and cleanup	2024-06-15 16:27:41 -05:00
Doug Rios	919d6cdd08	Delete test-gh.ps1	2024-06-15 16:16:31 -05:00
DrIOS	3211ebc089	docs: Update tests	2024-06-15 16:13:19 -05:00
DrIOS	7b37621917	add new function for exporting nested tables	2024-06-15 16:12:24 -05:00
DrIOS	6752e56be9	add new function for exporting nested tables	2024-06-15 14:49:13 -05:00
DrIOS	c4b2427539	add: Function to remove test rows with no results	2024-06-14 13:37:38 -05:00
Doug Rios	c2cc980a91	Merge pull request #111 from CriticalSolutionsNetwork/6.1.2/6.1.3-refactor 6.1.2/6.1.3 refactor Added Added Get-MFAStatus function to help with auditing mfa for conditional access controls. Fixed Fixed 6.1.2/6.1.3 tests to minimize calls to the Graph API. Fixed 2.1.1,2.1.4,2.1.5 to suppress error messages and create a standard object when no e5"	2024-06-14 11:06:00 -05:00
DrIOS	4b3e448e48	fix: write-host in public function due to code scanning alert	2024-06-14 11:02:51 -05:00
DrIOS	342d0ac4a9	fix: Module check for Get-MFAStatus	2024-06-14 10:54:58 -05:00
DrIOS	d4252a1839	docs: update help link for get-mfastatus	2024-06-14 10:51:02 -05:00
DrIOS	1fde9947e0	docs: Update CHANGELOG	2024-06-14 10:48:38 -05:00
DrIOS	da856b96e4	update help	2024-06-14 10:47:26 -05:00
DrIOS	8835ddfbfd	add: public function to check mfa status	2024-06-14 10:45:17 -05:00
DrIOS	9a7de2f549	fix: error handling for 6.1.2/6.1.3	2024-06-14 10:44:53 -05:00
DrIOS	c9940c2a09	docs: update changelog	2024-06-14 09:24:07 -05:00
DrIOS	83332207b4	docs: test scripts	2024-06-14 09:23:53 -05:00
DrIOS	ccacf76e6c	fix: 2.1.1,2.1.4,2.1.5 surpress error messages and create a standard object when no e5	2024-06-14 09:23:03 -05:00
DrIOS	273630839e	fix: 2.1.1,2.1.4,2.1.5 surpress error messages and create a standard object when no e5	2024-06-14 08:40:44 -05:00
DrIOS	3ca779650e	docs: 6.1.2,6.1.3 refactored	2024-06-13 10:34:37 -05:00
DrIOS	0cde0ae5e2	docs: 6.1.2,6.1.3 refactored	2024-06-13 10:22:38 -05:00