add: Version number to test output

Fix: Update Help
Fix: Export-M365SecurityAuditTable function
2025-04-21 11:57:40 -05:00 · 2025-04-21 11:27:41 -05:00 · 2025-04-21 11:19:43 -05:00 · 2025-04-21 11:17:24 -05:00 · 2025-04-21 11:16:50 -05:00 · 2025-04-21 11:16:10 -05:00
112 changed files with 4488 additions and 2392 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@ node_modules
 package-lock.json
 Aligned.xlsx
 test-gh1.ps1
 ModdedModules/*
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,5 +1,6 @@
 {
    "cSpell.words": [
        "Msol"
-    ]
+    ],
    "azureAutomation.directory.basePath": "c:\\Users\\dougrios"
 }
--- a/Book1.csv
+++ b/Book1.csv
@@ -0,0 +1,37 @@
 Product,Command
 SharePoint,Get-SPOTenant
 SharePoint,Get-SPOSite
 SharePoint,Get-SPOTenantSyncClientRestriction
 SharePoint,Get-PnPTenant
 SharePoint,Get-PnPTenantSite
 SharePoint,Get-PnPTenantSyncClientRestriction
 Microsoft Graph,Get-MgDirectoryRole
 Microsoft Graph,Get-MgDirectoryRoleMember
 Microsoft Graph,Get-MgUser
 Microsoft Graph,Get-MgGroup
 Microsoft Graph,Get-MgDomain
 Microsoft Graph,Get-MgOrganization
 Microsoft Graph,Get-MgSubscribedSku
 Microsoft Graph,Get-MgUserLicenseDetail
 Teams,Get-CsTeamsClientConfiguration
 Teams,Get-CsTeamsMeetingPolicy
 Teams,Get-CsTenantFederationConfiguration
 Teams,Get-CsTeamsMessagingPolicy
 Exchange Online,Get-EXOMailbox
 Exchange Online,Get-OrganizationConfig
 Exchange Online,Get-SharingPolicy
 Exchange Online,Get-RoleAssignmentPolicy
 Exchange Online,Get-OwaMailboxPolicy
 Exchange Online,Get-SafeLinksPolicy
 Exchange Online,Get-SafeAttachmentPolicy
 Exchange Online,Get-SafeAttachmentRule
 Exchange Online,Get-MalwareFilterPolicy
 Exchange Online,Get-HostedOutboundSpamFilterPolicy
 Exchange Online,Get-AntiPhishPolicy
 Exchange Online,Get-AntiPhishRule
 Exchange Online,Get-DkimSigningConfig
 Exchange Online,Get-TransportRule
 Exchange Online,Get-ExternalInOutlook
 Exchange Online,Get-AdminAuditLogConfig
 Exchange Online,Get-AtpPolicyForO365
 Exchange Online,Get-ReportSubmissionPolicy
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,108 @@ The format is based on and uses the types of changes according to [Keep a Change
 ### Added
 - TestDefinitions-v4.0.0.csv file to the helper folder for version choices.
 - Link to App Authentication documentation in `New-M365SecurityAuditAuthObject` help file.
 - Test Definition Placeholders
 - Steps to function to account for new logic and create an updated test definition object when version 4.0.0 is selected.
 - Test-AdministrativeAccountCompliance4 function for v4.0.0 rec# 1.1.1 test.
 - Updated Get-CISMgOutput function to include the new test definition case for 1.1.1,1.1.4 and 2.1.7.
 - Updated Get-CISExoOutput function to include the new test definition case for 2.1.7.
 - New public function for generating version specific lists of recommendation numbers.
 - Check in main public function to check for 4.0.0 rec numbers when 3.0.0 is selected as the M365 benchmark version.
 - Rec numbers to include and exclude rec numbers for version 4.0.0 so the 'validate set' works correctly.
 - Get-PhishPolicyCompliance and Get-ScopeOverlap private functions for 2.1.7 v4.
 - Test-PhishPolicyCompliance4 function for 2.1.7 v4.
 - Adds new CSV for PowerShell commands and updates PnP update check handling
 - Introduces a new CSV file listing various PowerShell commands for different Microsoft services.
 - Updates the `Invoke-M365SecurityAudit` script to temporarily disable PnP PowerShell update checks during execution and restores the original setting afterward.
 - Pre-Test cmdlet call to `Get-MgGroup` to load the MgGraph assembly prior to running PnP PowerShell commands when using app authentication.
 - Output Verbosity for test score.
 - Get-TestDefinition private function for v4.0.0 to get the test definition for the test.
 - CIS M365 Foundations version to output object to ensure tests display the version of the benchmark being used and for use in verifying the test definitions needed for the export function.
 ### Fixed
 - Fixed Pnp PowerShell MgGraph assembly load error with workaround to load the MgGraph assembly as soon as it's imported with a call to Get-MgGroup.
 - Phish policy test to return if highest priority policy conforms to the benchmark.
 - Module assertion to check for minimum version of required modules.
 - Module assertion to not import the module if it already exists.
 - Fixed Export-M365SecurityAuditTable to ensure there are only 3 parameter sets: One for specific nested test output, one to export only nested tables, and one to export all tests along with options to export to CSV or Excel.
 ## [v0.1.28] - 2025-01-14
 ### Fixed
 - Get-SPOSite command to return all but voided output for no code runs (Ex: PowerAutomate)
 ## [0.1.27] - 2025-01-13
 ### Added
 - Added additional error handling to connect function to identify problematic steps when they occur.
 - Added new method of verifying spo tenant for Connect-SPOService branch of connect function.
 - Added method to avoid "assembly already loaded" error in PNP Powershell function on first run, subsequent runs in the same session will still throw the error.
 ## [0.1.26] - 2024-08-04
 ### Added
 - Added `New-M365SecurityAuditAuthObject` function to create a new authentication object for the security audit for app-based authentication.
 ### Changed
 - Changed authentication options to include parameter for authenticating with a certificate.
 - Changed verbose output to ensure methods for suppressing all forms of output are available.
 ## [0.1.25] - 2024-07-23
 ### Fixed
 - Fixed test 1.3.1 as notification window for password expiration is no longer required.
 ## [0.1.24] - 2024-07-07
 ### Added
 - New private function `Get-AuditMailboxDetail` for 6.1.2 and 6.1.3 tests to get the action details for the test.
 ### Changed
 - Changed `Get-Action` function to include both dictionaries.
 ### Fixed
 - Fixed Test 1.3.3 to be the simpler version of the test while including output to check for current users sharing calendars.
 - Safe Attachments logic and added `$DomainName` as input to 2.1.4 to test main policy.
 ### Docs
 - Updated `about_M365FoundationsCISReport` help file with new functions and changes.
 - Updated `Invoke-M365SecurityAudit` help file with examples.
 - Updated `Export-M365SecurityAudit` help file with examples.
 ## [0.1.23] - 2024-07-02
 # Fixed
 - SPO tests formatting and output.
 ## [0.1.22] - 2024-07-01
 ### Added
 - Added hash and compress steps to `Export-M365SecurityAuditTable` function.
 ## [0.1.21] - 2024-07-01
 ### Fixed
 - SPO tests formatting and output.
 ## [0.1.22] - 2024-07-01
 ### Added
 - Added hash and compress steps to `Export-M365SecurityAuditTable` function.
 ## [0.1.21] - 2024-07-01
--- a/copy.md
+++ b/copy.md
@@ -1,5 +1,6 @@
 # M365FoundationsCISReport Module
-
+[![PSScriptAnalyzer](https://github.com/CriticalSolutionsNetwork/M365FoundationsCISReport/actions/workflows/powershell.yml/badge.svg)](https://github.com/CriticalSolutionsNetwork/M365FoundationsCISReport/actions/workflows/powershell.yml)
 [![pages-build-deployment](https://github.com/CriticalSolutionsNetwork/M365FoundationsCISReport/actions/workflows/pages/pages-build-deployment/badge.svg)](https://github.com/CriticalSolutionsNetwork/M365FoundationsCISReport/actions/workflows/pages/pages-build-deployment)
 ## License
 This PowerShell module is based on CIS benchmarks and is distributed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. This means:
@@ -11,83 +12,87 @@ This PowerShell module is based on CIS benchmarks and is distributed under the C
 For full license details, please visit [Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en).
 [Register for and download CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks)
 # Table of Contents
 1. [Invoke-M365SecurityAudit](#Invoke-M365SecurityAudit)
 2. [Export-M365SecurityAuditTable](#Export-M365SecurityAuditTable)
 3. [Get-AdminRoleUserLicense](#Get-AdminRoleUserLicense)
 4. [Get-MFAStatus](#Get-MFAStatus)
 5. [Grant-M365SecurityAuditConsent](#Grant-M365SecurityAuditConsent)
 6. [New-M365SecurityAuditAuthObject](#New-M365SecurityAuditAuthObject)
 7. [Remove-RowsWithEmptyCSVStatus](#Remove-RowsWithEmptyCSVStatus)
 8. [Sync-CISExcelAndCsvData](#Sync-CISExcelAndCsvData)
 ## Module Dependencies
 The `M365FoundationsCISReport` module relies on several other PowerShell modules to perform its operations. The default run ensures these modules are installed with the specified versions. Use -NoModuleCheck to skip this step if you have installed the required modules previously and would like to suppress any output for automated runs.
 ### Minimum Required Modules for Audit Functions
 Default modules used for audit functions:
 - **ExchangeOnlineManagement**
  - Required Version: `3.3.0`
 - **Microsoft.Graph**
  - Required Version: `2.4.0`
 - **PnP.PowerShell** (Optional, if PnP App authentication is used for SharePoint Online)
  - Required Version: `2.5.0`
 - **Microsoft.Online.SharePoint.PowerShell** (If PnP authentication is not used (Default) )
  - Required Version: `16.0.24009.12000`
 - **MicrosoftTeams**
  - Required Version: `5.5.0`
 - **ImportExcel** (If importing or exporting Excel files)
  - Required Version: `7.8.9`
 # EXAMPLES
 ## Invoke-M365SecurityAudit
 ### Synopsis
 Invokes a security audit for Microsoft 365 environments.
 ### Syntax
 ```powershell
 # Example 1: Performing a security audit based on CIS benchmarks
 $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
 $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com"
 # Suppressed output for automated runs
 $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -NoModuleCheck -NoModuleCheck -DoNotConfirmConnections -Confirm:$false
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
+# Example 2: Exporting a security audit and it's nested tables to zipped CSV files
 Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp"
    # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-ELevel <String>] [-ProfileLevel <String>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
+# Example 3: Retrieving licenses for users in administrative roles
 Get-AdminRoleUserLicense
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG1] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
+# Example 4: Getting MFA status of users
-
+Get-MFAStatus -UserId "user@domain.com"
 Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG2] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
 Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG3] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
 Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeRecommendation <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
 Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-SkipRecommendation <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
 # Example 5: Removing rows with empty status values from a CSV file
 Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1"
 # Example 6: Synchronizing CIS benchmark data with audit results
 Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles"
 # Example 7: Granting Microsoft Graph permissions to the auditor
 Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com'
 # Example 8: (PowerShell 7.x Only) Creating a new authentication object for the security audit for app-based authentication.
 $authParams = New-M365SecurityAuditAuthObject `
  -ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" `
  -ClientId "12345678-1234-1234-1234-123456789012" `
  -TenantId "12345678-1234-1234-1234-123456789012" `
  -OnMicrosoftUrl "yourcompany.onmicrosoft.com" `
  -SpAdminUrl "https://yourcompany-admin.sharepoint.com"
 Invoke-M365SecurityAudit -AuthParams $authParams -TenantAdminUrl "https://yourcompany-admin.sharepoint.com"
 ```
 ### Parameters
 | Name  | Alias  | Description | Required? | Pipeline Input | Default Value |
 | - | - | - | - | - | - |
 | <nobr>TenantAdminUrl</nobr> |  | The URL of the tenant admin. This parameter is mandatory. | true | false |  |
 | <nobr>DomainName</nobr> |  | The domain name of the Microsoft 365 environment. This parameter is mandatory. | true | false |  |
 | <nobr>ELevel</nobr> |  | Specifies the E-Level \(E3 or E5\) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. | false | false |  |
 | <nobr>ProfileLevel</nobr> |  | Specifies the profile level \(L1 or L2\) for the audit. This parameter is optional and can be combined with the ELevel parameter. | false | false |  |
 | <nobr>IncludeIG1</nobr> |  | If specified, includes tests where IG1 is true. | false | false | False |
 | <nobr>IncludeIG2</nobr> |  | If specified, includes tests where IG2 is true. | false | false | False |
 | <nobr>IncludeIG3</nobr> |  | If specified, includes tests where IG3 is true. | false | false | False |
 | <nobr>IncludeRecommendation</nobr> |  | Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers. | false | false |  |
 | <nobr>SkipRecommendation</nobr> |  | Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. | false | false |  |
 | <nobr>DoNotConnect</nobr> |  | If specified, the cmdlet will not establish a connection to Microsoft 365 services. | false | false | False |
 | <nobr>DoNotDisconnect</nobr> |  | If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. | false | false | False |
 | <nobr>NoModuleCheck</nobr> |  | If specified, the cmdlet will not check for the presence of required modules. | false | false | False |
 | <nobr>WhatIf</nobr> | wi |  | false | false |  |
 | <nobr>Confirm</nobr> | cf |  | false | false |  |
 ### Inputs
 - None. You cannot pipe objects to Invoke-M365SecurityAudit.
-### Outputs
+# NOTE
- - CISAuditResult\\[\] The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
+Ensure that you have the necessary permissions and administrative roles in your Microsoft 365 environment to run these cmdlets. Proper configuration and setup are required for accurate audit results.
-### Note
+# TROUBLESHOOTING NOTE
-This module is based on CIS benchmarks and is governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. For more details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en
+If you encounter any issues while using the cmdlets, ensure that your environment meets the module prerequisites. Check for any updates or patches that may address known bugs. For issues related to specific cmdlets, refer to the individual help files for troubleshooting tips.
-### Examples
+# SEE ALSO
-**EXAMPLE 1**
+- [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/)
-```powershell
+- [Microsoft 365 Security Documentation](https://docs.microsoft.com/en-us/microsoft-365/security/)
-Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1"
+- [PowerShell Documentation](https://docs.microsoft.com/en-us/powershell/)
 ```
 Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
 **EXAMPLE 2**
 ```powershell
 Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1
 ```
 Performs an audit including all tests where IG1 is true.
 **EXAMPLE 3**
 ```powershell
 Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
 ```
 Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
 **EXAMPLE 4**
 ```powershell
 $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com"
 PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
 ```
 Captures the audit results into a variable and exports them to a CSV file.
 ### Links
 - [Online Version: [GitHub Repository URL]](#Online Version: [GitHub Repository URL])
--- a/README.md
+++ b/README.md
--- a/docs/index.html
+++ b/docs/index.html
--- a/help/Export-M365SecurityAuditTable.md
+++ b/help/Export-M365SecurityAuditTable.md
@@ -12,29 +12,25 @@ Exports M365 security audit results to a CSV file or outputs a specific test res
 ## SYNTAX
-### OutputObjectFromAuditResultsSingle
+### DefaultExport (Default)
 ```
-Export-M365SecurityAuditTable [-AuditResults] <CISAuditResult[]> [-OutputTestNumber] <String>
+Export-M365SecurityAuditTable -AuditResults <PSObject[]> -ExportPath <String> [-ExportToExcel]
 [-Prefix <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### SingleObject
 ```
 Export-M365SecurityAuditTable -AuditResults <PSObject[]> -OutputTestNumber <String>
 [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### OnlyExportNestedTables
 ```
 Export-M365SecurityAuditTable -AuditResults <PSObject[]> -ExportPath <String> [-ExportToExcel]
 [-Prefix <String>] [-OnlyExportNestedTables] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm]
 [<CommonParameters>]
 ```
 ### ExportAllResultsFromAuditResults
 ```
 Export-M365SecurityAuditTable [-AuditResults] <CISAuditResult[]> [-ExportAllTests] -ExportPath <String>
 [-ExportOriginalTests] [-ExportToExcel] [<CommonParameters>]
 ```
 ### OutputObjectFromCsvSingle
 ```
 Export-M365SecurityAuditTable [-CsvPath] <String> [-OutputTestNumber] <String> [<CommonParameters>]
 ```
 ### ExportAllResultsFromCsv
 ```
 Export-M365SecurityAuditTable [-CsvPath] <String> [-ExportAllTests] -ExportPath <String> [-ExportOriginalTests]
 [-ExportToExcel] [<CommonParameters>]
 ```
 ## DESCRIPTION
 This function exports M365 security audit results from either an array of CISAuditResult objects or a CSV file.
 It can export all results to a specified path or output a specific test result as an object.
@@ -83,69 +79,88 @@ Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoda
 An array of CISAuditResult objects containing the audit results.
 ```yaml
-Type: CISAuditResult[]
+Type: PSObject[]
-Parameter Sets: OutputObjectFromAuditResultsSingle, ExportAllResultsFromAuditResults
+Parameter Sets: (All)
 Aliases:
 Required: True
-Position: 3
+Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
-### -CsvPath
+### -ExportPath
-The path to a CSV file containing the audit results.
+The path where the CSV files will be exported.
 ```yaml
 Type: String
-Parameter Sets: OutputObjectFromCsvSingle, ExportAllResultsFromCsv
+Parameter Sets: DefaultExport, OnlyExportNestedTables
 Aliases:
 Required: True
-Position: 3
+Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ExportToExcel
 Switch to export the results to an Excel file.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: DefaultExport, OnlyExportNestedTables
 Aliases:
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -Prefix
 Add Prefix to filename after date when outputting to excel or csv.
 Validate that the count of letters in the prefix is less than 5.
 ```yaml
 Type: String
 Parameter Sets: DefaultExport, OnlyExportNestedTables
 Aliases:
 Required: False
 Position: Named
 Default value: Corp
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -OnlyExportNestedTables
 ───────────────────────────────────────────────────────────────────────────
 2) OnlyExportNestedTables: nested tables only into ZIP
    -AuditResults, -ExportPath, -OnlyExportNestedTables
 ───────────────────────────────────────────────────────────────────────────
 ```yaml
 Type: SwitchParameter
 Parameter Sets: OnlyExportNestedTables
 Aliases:
 Required: True
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -OutputTestNumber
 The test number to output as an object.
 Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
 ```yaml
 Type: String
-Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle
+Parameter Sets: SingleObject
 Aliases:
 Required: True
 Position: 2
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ExportAllTests
 Switch to export all test results.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 Required: False
 Position: 1
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ExportPath
 The path where the CSV files will be exported.
 ```yaml
 Type: String
 Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 Required: True
@@ -155,32 +170,47 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
-### -ExportOriginalTests
+### -WhatIf
-Switch to export the original audit results to a CSV file.
+Shows what would happen if the cmdlet runs. The cmdlet is not run.
 ```yaml
 Type: SwitchParameter
-Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
+Parameter Sets: (All)
-Aliases:
+Aliases: wi
-Required: True
+Required: False
 Position: Named
-Default value: False
+Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
-### -ExportToExcel
+### -Confirm
-Switch to export the results to an Excel file.
+Prompts you for confirmation before running the cmdlet.
 ```yaml
 Type: SwitchParameter
-Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
+Parameter Sets: (All)
-Aliases:
+Aliases: cf
 Required: False
 Position: Named
-Default value: False
+Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
--- a/help/Get-AdminRoleUserLicense.md
+++ b/help/Get-AdminRoleUserLicense.md
@@ -1,4 +1,4 @@
---
+---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense
@@ -13,7 +13,7 @@ Retrieves user licenses and roles for administrative accounts from Microsoft 365
 ## SYNTAX
 ```
-Get-AdminRoleUserLicense [-SkipGraphConnection] [<CommonParameters>]
+Get-AdminRoleUserLicense [-SkipGraphConnection] [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ## DESCRIPTION
@@ -54,6 +54,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
--- a/help/Get-M365SecurityAuditRecNumberList.md
+++ b/help/Get-M365SecurityAuditRecNumberList.md
@@ -0,0 +1,61 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version:
 schema: 2.0.0
 ---
 # Get-M365SecurityAuditRecNumberList
 ## SYNOPSIS
 {{ Fill in the Synopsis }}
 ## SYNTAX
 ```
 Get-M365SecurityAuditRecNumberList [[-Version] <String>] [<CommonParameters>]
 ```
 ## DESCRIPTION
 {{ Fill in the Description }}
 ## EXAMPLES
 ### Example 1
 ```powershell
 PS C:\> {{ Add example code here }}
 ```
 {{ Add example description here }}
 ## PARAMETERS
 ### -Version
 {{ Fill Version Description }}
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Accepted values: 3.0.0, 4.0.0
 Required: False
 Position: 0
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ### None
 ## OUTPUTS
 ### System.Object
 ## NOTES
 ## RELATED LINKS
--- a/help/Get-MFAStatus.md
+++ b/help/Get-MFAStatus.md
@@ -13,7 +13,8 @@ Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Director
 ## SYNTAX
 ```
-Get-MFAStatus [[-UserId] <String>] [-SkipMSOLConnectionChecks] [<CommonParameters>]
+Get-MFAStatus [[-UserId] <String>] [-SkipMSOLConnectionChecks] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]
 ```
 ## DESCRIPTION
@@ -67,6 +68,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
--- a/help/Grant-M365SecurityAuditConsent.md
+++ b/help/Grant-M365SecurityAuditConsent.md
@@ -14,7 +14,8 @@ Grants Microsoft Graph permissions for an auditor.
 ```
 Grant-M365SecurityAuditConsent [-UserPrincipalNameForConsent] <String> [-SkipGraphConnection]
- [-SkipModuleCheck] [-SuppressRevertOutput] [-DoNotDisconnect] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-SkipModuleCheck] [-SuppressRevertOutput] [-DoNotDisconnect] [-ProgressAction <ActionPreference>] [-WhatIf]
 [-Confirm] [<CommonParameters>]
 ```
 ## DESCRIPTION
@@ -146,6 +147,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
--- a/help/Invoke-M365SecurityAudit.md
+++ b/help/Invoke-M365SecurityAudit.md
@@ -16,50 +16,57 @@ Invokes a security audit for Microsoft 365 environments.
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>]
 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
- [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
 [-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### ELevelFilter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -ELevel <String>
 -ProfileLevel <String> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>]
- [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm]
+ [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections]
- [<CommonParameters>]
+ [-AuthParams <CISAuthenticationParameters>] [-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf]
 [-Confirm] [<CommonParameters>]
 ```
 ### IG1Filter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG1]
 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
- [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
 [-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### IG2Filter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG2]
 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
- [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
 [-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### IG3Filter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG3]
 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
- [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
 [-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### RecFilter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeRecommendation <String[]>
 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
- [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
 [-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ### SkipRecFilter
 ```
 Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -SkipRecommendation <String[]>
 [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
- [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-AuthParams <CISAuthenticationParameters>]
 [-Version <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 ## DESCRIPTION
@@ -395,6 +402,36 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -AuthParams
 Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services.
 ```yaml
 Type: CISAuthenticationParameters
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -Version
 Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0".
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: False
 Position: Named
 Default value: 4.0.0
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -WhatIf
 Shows what would happen if the cmdlet runs.
 The cmdlet is not run.
@@ -426,6 +463,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
--- a/help/M365FoundationsCISReport.md
+++ b/help/M365FoundationsCISReport.md
@@ -1,4 +1,4 @@
---
+---
 Module Name: M365FoundationsCISReport
 Module Guid: 0d064bfb-d1ce-484b-a173-993b55984dc9
 Download Help Link: {{Please enter Link manually}}
@@ -11,24 +11,30 @@ Locale: en-US
 The `M365FoundationsCISReport` module provides a set of cmdlets to audit and report on the security compliance of Microsoft 365 environments based on CIS (Center for Internet Security) benchmarks. It enables administrators to generate detailed reports, sync data with CIS Excel sheets, and perform security audits to ensure compliance.
 ## M365FoundationsCISReport Cmdlets
-### [Export-M365SecurityAuditTable](Export-M365SecurityAuditTable)
+### [Export-M365SecurityAuditTable](Export-M365SecurityAuditTable.md)
 Exports M365 security audit results to a CSV file or outputs a specific test result as an object.
-### [Get-AdminRoleUserLicense](Get-AdminRoleUserLicense)
+### [Get-AdminRoleUserLicense](Get-AdminRoleUserLicense.md)
 Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API.
-### [Get-MFAStatus](Get-MFAStatus)
+### [Get-M365SecurityAuditRecNumberList](Get-M365SecurityAuditRecNumberList.md)
 {{ Fill in the Synopsis }}
 ### [Get-MFAStatus](Get-MFAStatus.md)
 Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users.
-### [Grant-M365SecurityAuditConsent](Grant-M365SecurityAuditConsent)
+### [Grant-M365SecurityAuditConsent](Grant-M365SecurityAuditConsent.md)
 Grants Microsoft Graph permissions for an auditor.
-### [Invoke-M365SecurityAudit](Invoke-M365SecurityAudit)
+### [Invoke-M365SecurityAudit](Invoke-M365SecurityAudit.md)
 Invokes a security audit for Microsoft 365 environments.
-### [Remove-RowsWithEmptyCSVStatus](Remove-RowsWithEmptyCSVStatus)
+### [New-M365SecurityAuditAuthObject](New-M365SecurityAuditAuthObject.md)
 Creates a new CISAuthenticationParameters object for Microsoft 365 authentication.
 ### [Remove-RowsWithEmptyCSVStatus](Remove-RowsWithEmptyCSVStatus.md)
 Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file.
-### [Sync-CISExcelAndCsvData](Sync-CISExcelAndCsvData)
+### [Sync-CISExcelAndCsvData](Sync-CISExcelAndCsvData.md)
 Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates.
--- a/help/New-M365SecurityAuditAuthObject.md
+++ b/help/New-M365SecurityAuditAuthObject.md
@@ -0,0 +1,149 @@
 ---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version:
 schema: 2.0.0
 ---
 # New-M365SecurityAuditAuthObject
 ## SYNOPSIS
 Creates a new CISAuthenticationParameters object for Microsoft 365 authentication.
 ## SYNTAX
 ```
 New-M365SecurityAuditAuthObject [-ClientCertThumbPrint] <String> [-ClientId] <String> [-TenantId] <String>
 [-OnMicrosoftUrl] <String> [-SpAdminUrl] <String> [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ## DESCRIPTION
 The New-M365SecurityAuditAuthObject function constructs a new CISAuthenticationParameters object
 containing the necessary credentials and URLs for authenticating to various Microsoft 365 services.
 It validates input parameters to ensure they conform to expected formats and length requirements.
 An app registration in Azure AD with the required permissions to EXO, SPO, MSTeams and MgGraph is needed.
 ## EXAMPLES
 ### EXAMPLE 1
 ```
 $authParams = New-M365SecurityAuditAuthObject -ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" `
                                                    -ClientId "12345678-1234-1234-1234-123456789012" `
                                                    -TenantId "12345678-1234-1234-1234-123456789012" `
                                                    -OnMicrosoftUrl "yourcompany.onmicrosoft.com" `
                                                    -SpAdminUrl "https://yourcompany-admin.sharepoint.com"
 Creates a new CISAuthenticationParameters object with the specified credentials and URLs, validating each parameter's format and length.
 ```
 ## PARAMETERS
 ### -ClientCertThumbPrint
 The thumbprint of the client certificate used for authentication.
 It must be a 40-character hexadecimal string.
 This certificate is used to authenticate the application in Azure AD.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: True
 Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ClientId
 The Client ID (Application ID) of the Azure AD application.
 It must be a valid GUID format.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: True
 Position: 2
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -TenantId
 The Tenant ID of the Azure AD directory.
 It must be a valid GUID format representing your Microsoft 365 tenant.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: True
 Position: 3
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -OnMicrosoftUrl
 The URL of your onmicrosoft.com domain.
 It should be in the format 'example.onmicrosoft.com'.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: True
 Position: 4
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SpAdminUrl
 The SharePoint admin URL, which should end with '-admin.sharepoint.com'.
 This URL is used for connecting to SharePoint Online.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 Required: True
 Position: 5
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 ## INPUTS
 ### None. You cannot pipe objects to this function.
 ## OUTPUTS
 ### CISAuthenticationParameters
 ### The function returns an instance of the CISAuthenticationParameters class containing the authentication details.
 ## NOTES
 Requires PowerShell 7.0 or later.
 ## RELATED LINKS
--- a/help/Remove-RowsWithEmptyCSVStatus.md
+++ b/help/Remove-RowsWithEmptyCSVStatus.md
@@ -1,4 +1,4 @@
---
+---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version:
@@ -13,7 +13,8 @@ Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and
 ## SYNTAX
 ```
-Remove-RowsWithEmptyCSVStatus [-FilePath] <String> [-WorksheetName] <String> [<CommonParameters>]
+Remove-RowsWithEmptyCSVStatus [-FilePath] <String> [-WorksheetName] <String>
 [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ## DESCRIPTION
@@ -60,6 +61,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
--- a/help/Sync-CISExcelAndCsvData.md
+++ b/help/Sync-CISExcelAndCsvData.md
@@ -14,7 +14,7 @@ Synchronizes and updates data in an Excel worksheet with new information from a
 ```
 Sync-CISExcelAndCsvData [[-ExcelPath] <String>] [[-CsvPath] <String>] [[-SheetName] <String>]
- [<CommonParameters>]
+ [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 ## DESCRIPTION
@@ -80,6 +80,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 ```yaml
 Type: ActionPreference
 Parameter Sets: (All)
 Aliases: proga
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
--- a/help/about_M365FoundationsCISReport.md
+++ b/help/about_M365FoundationsCISReport.md
@@ -18,9 +18,11 @@ The module includes functionality to synchronize audit results with CIS benchmar
 ```powershell
 # Example 1: Performing a security audit based on CIS benchmarks
 $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
 $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com"
-# Example 2: Exporting a security audit table to a CSV file
+# Example 2: Exporting a security audit and it's nested tables to zipped CSV files
-Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests
+Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp"
    # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
 # Example 3: Retrieving licenses for users in administrative roles
 Get-AdminRoleUserLicense
@@ -36,6 +38,14 @@ Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.c
 # Example 7: Granting Microsoft Graph permissions to the auditor
 Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com'
 # Example 8: (PowerShell 7.x Only) Creating a new authentication object for the security audit for app-based authentication.
 $authParams = New-M365SecurityAuditAuthObject -ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" `
                                                            -ClientId "12345678-1234-1234-1234-123456789012" `
                                                            -TenantId "12345678-1234-1234-1234-123456789012" `
                                                            -OnMicrosoftUrl "yourcompany.onmicrosoft.com" `
                                                            -SpAdminUrl "https://yourcompany-admin.sharepoint.com"
 Invoke-M365SecurityAudit -AuthParams $authParams -TenantAdminUrl "https://yourcompany-admin.sharepoint.com"
 ```
 # NOTE
--- a/helpers/Build-Help.ps1
+++ b/helpers/Build-Help.ps1
@@ -1,13 +1,14 @@
 Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1
 . .\source\Classes\CISAuditResult.ps1
 .\helpers\psDoc-master\src\psDoc.ps1 -moduleName M365FoundationsCISReport -outputDir docs -template ".\helpers\psDoc-master\src\out-html-template.ps1"
 .\helpers\psDoc-master\src\psDoc.ps1 -moduleName M365FoundationsCISReport -outputDir ".\" -template ".\helpers\psDoc-master\src\out-markdown-template.ps1" -fileName ".\README.md"
 <#
-    $ver = "v0.1.22"
+    $ver = "v0.1.28"
    git checkout main
    git pull origin main
-    git tag -a $ver -m "Release version $ver refactor Update"
+    git tag -a $ver -m "Release version $ver bugfix Update"
    git push origin $ver
    "Fix: PR #37"
    git push origin $ver
@@ -52,8 +53,8 @@ Register-SecretVault -Name ModuleBuildCreds -ModuleName `
 "SecretManagement.JustinGrote.CredMan" -ErrorAction Stop
-Set-Secret -Name "GalleryApiToken" -Vault ModuleBuildCreds
+#Set-Secret -Name "GalleryApiToken" -Vault ModuleBuildCreds
-Set-Secret -Name "GitHubToken" -Vault ModuleBuildCreds
+#Set-Secret -Name "GitHubToken" -Vault ModuleBuildCreds
 $GalleryApiToken = Get-Secret -Name "GalleryApiToken" -Vault ModuleBuildCreds -AsPlainText
--- a/source/Classes/CISAuditResult.ps1
+++ b/source/Classes/CISAuditResult.ps1
@@ -1,4 +1,5 @@
 class CISAuditResult {
    [string]$M365AuditVersion
    [string]$Status
    [string]$ELevel
    [string]$ProfileLevel
--- a/source/Classes/CISAuthenticationParameters.ps1
+++ b/source/Classes/CISAuthenticationParameters.ps1
@@ -0,0 +1,43 @@
 class CISAuthenticationParameters {
    [string]$ClientCertThumbPrint
    [string]$ClientId
    [string]$TenantId
    [string]$OnMicrosoftUrl
    [string]$SpAdminUrl
    # Constructor with validation
    CISAuthenticationParameters(
        [string]$ClientCertThumbPrint,
        [string]$ClientId,
        [string]$TenantId,
        [string]$OnMicrosoftUrl,
        [string]$SpAdminUrl
    ) {
        # Validate ClientCertThumbPrint
        if (-not $ClientCertThumbPrint -or $ClientCertThumbPrint.Length -ne 40 -or $ClientCertThumbPrint -notmatch '^[0-9a-fA-F]{40}$') {
            throw [ArgumentException]::new("ClientCertThumbPrint must be a 40-character hexadecimal string.")
        }
        # Validate ClientId
        if (-not $ClientId -or $ClientId -notmatch '^[0-9a-fA-F\-]{36}$') {
            throw [ArgumentException]::new("ClientId must be a valid GUID in the format 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'.")
        }
        # Validate TenantId
        if (-not $TenantId -or $TenantId -notmatch '^[0-9a-fA-F\-]{36}$') {
            throw [ArgumentException]::new("TenantId must be a valid GUID in the format 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'.")
        }
        # Validate OnMicrosoftUrl
        if (-not $OnMicrosoftUrl -or $OnMicrosoftUrl -notmatch '^[a-zA-Z0-9]+\.onmicrosoft\.com$') {
            throw [ArgumentException]::new("OnMicrosoftUrl must be in the format 'example.onmicrosoft.com'.")
        }
        # Validate SpAdminUrl
        if (-not $SpAdminUrl -or $SpAdminUrl -notmatch '^https:\/\/[a-zA-Z0-9\-]+\-admin\.sharepoint\.com$') {
            throw [ArgumentException]::new("SpAdminUrl must be in the format 'https://[name]-admin.sharepoint.com'.")
        }
        # Assign validated properties
        $this.ClientCertThumbPrint = $ClientCertThumbPrint
        $this.ClientId = $ClientId
        $this.TenantId = $TenantId
        $this.OnMicrosoftUrl = $OnMicrosoftUrl
        $this.SpAdminUrl = $SpAdminUrl
    }
 }
--- a/source/M365FoundationsCISReport.psd1
+++ b/source/M365FoundationsCISReport.psd1
@@ -33,7 +33,7 @@ Copyright = '(c) 2024 Douglas S. Rios (DrIOSx). All rights reserved.'
 Description = 'Automated assessment of 50 CIS 365 Foundations v3.0.0 benchmark.'
 # Minimum version of the Windows PowerShell engine required by this module
-PowerShellVersion = '5.0'
+# PowerShellVersion = '5.1'
 # Name of the Windows PowerShell host required by this module
 # PowerShellHostName = ''
@@ -51,7 +51,7 @@ PowerShellVersion = '5.0'
 # ProcessorArchitecture = ''
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @()
+# RequiredModules = @()
 # Assemblies that must be loaded prior to importing this module
 # RequiredAssemblies = @()
--- a/source/Private/Assert-ModuleAvailability.ps1
+++ b/source/Private/Assert-ModuleAvailability.ps1
@@ -1,37 +1,69 @@
 function Assert-ModuleAvailability {
    [CmdletBinding()]
    [OutputType([void]) ]
    param(
        [string]$ModuleName,
        [string]$RequiredVersion,
        [string[]]$SubModules = @()
    )
-
+    process {
-    try {
+        # If $script:PnpAuth = $true, check for powershell version 7.x or higher or throw error
-        $module = Get-Module -ListAvailable -Name $ModuleName | Where-Object { $_.Version -ge [version]$RequiredVersion }
+        if ($script:PnpAuth -and $PSVersionTable.PSVersion.Major -lt 7) {
-
+            throw 'PnP.PowerShell module requires PowerShell 7.x or higher.'
        if ($null -eq $module) {
            Write-Host "Installing $ModuleName module..." -ForegroundColor Yellow
            Install-Module -Name $ModuleName -RequiredVersion $RequiredVersion -Force -AllowClobber -Scope CurrentUser | Out-Null
        }
-        elseif ($module.Version -lt [version]$RequiredVersion) {
+        try {
-            Write-Host "Updating $ModuleName module to required version..." -ForegroundColor Yellow
+            switch ($ModuleName) {
-            Update-Module -Name $ModuleName -RequiredVersion $RequiredVersion -Force | Out-Null
+                'Microsoft.Graph' {
                    if ($SubModules.Count -eq 0) { throw 'SubModules cannot be empty for Microsoft.Graph module.' }
                    try {
                        foreach ($subModule in $SubModules) {
                            if (Get-Module -Name "$ModuleName.$subModule" -ListAvailable -ErrorAction SilentlyContinue) {
                                Write-Verbose "Submodule $ModuleName.$subModule already loaded."
                            }
                            else {
-            Write-Host "$ModuleName module is already at required version or newer." -ForegroundColor Gray
+                                Write-Verbose "Importing submodule $ModuleName.$subModule..."
                                Import-Module "$ModuleName.$subModule" -MinimumVersion $RequiredVersion -ErrorAction Stop | Out-Null
                            }
-
+                        }
-        if ($SubModules.Count -gt 0) {
+                        # Loading assembly to avoid conflict with other modules
                        Get-MgGroup -Top 1 -ErrorAction SilentlyContinue | Out-Null
                    }
                    catch [System.IO.FileNotFoundException] {
                        # Write the error class in verbose
                        Write-Verbose "Error importing submodule $ModuleName.$subModule`: $($_.Exception.GetType().FullName)"
                        Write-Verbose "Submodule $ModuleName.$subModule not found. Installing the module..."
                        foreach ($subModule in $SubModules) {
-                Write-Host "Importing submodule $ModuleName.$subModule..." -ForegroundColor DarkGray
+                            Write-Verbose "Installing submodule $ModuleName.$subModule..."
-                Import-Module -Name "$ModuleName.$subModule" -RequiredVersion $RequiredVersion -ErrorAction Stop | Out-Null
+                            Install-Module -Name "$ModuleName.$subModule" -MinimumVersion $RequiredVersion -Force -AllowClobber -Scope CurrentUser | Out-Null
                            Write-Verbose "Successfully installed $ModuleName.$subModule module."
                        }
                        # Loading assembly to avoid conflict with other modules
                        Get-MgGroup -Top 1 -ErrorAction SilentlyContinue | Out-Null
                    }
                }
                default {
                    if (Get-Module -Name $ModuleName -ListAvailable -ErrorAction SilentlyContinue) {
                        Write-Verbose "$ModuleName module already loaded."
                        return
                    }
                    $module = Import-Module $ModuleName -PassThru -ErrorAction SilentlyContinue | Where-Object { $_.Version -ge $RequiredVersion }
                    if ($null -eq $module) {
                        Write-Verbose "Installing $ModuleName module..."
                        Install-Module -Name $ModuleName -MinimumVersion $RequiredVersion -Force -AllowClobber -Scope CurrentUser | Out-Null
                    }
                    elseif ($module.Version -lt $RequiredVersion) {
                        Write-Verbose "Updating $ModuleName module to required version..."
                        Update-Module -Name $ModuleName -MinimumVersion $RequiredVersion -Force | Out-Null
                    }
                    else {
                        Write-Verbose "$ModuleName module is already at required version or newer."
                    }
                }
        } else {
            Write-Host "Importing module $ModuleName..." -ForegroundColor DarkGray
            Import-Module -Name $ModuleName -RequiredVersion $RequiredVersion -ErrorAction Stop -WarningAction SilentlyContinue | Out-Null
            }
        }
        catch {
-        Write-Warning "An error occurred with module $ModuleName`: $_"
+            Write-Verbose 'Assert-ModuleAvailability Error:'
            throw $_.Exception.Message
        }
    }
 }
--- a/source/Private/Connect-M365Suite.ps1
+++ b/source/Private/Connect-M365Suite.ps1
@@ -3,120 +3,143 @@ function Connect-M365Suite {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $false)]
-        [string]$TenantAdminUrl,
+        [string]
-
+        $TenantAdminUrl,
        [Parameter(Mandatory)]
        [string[]]$RequiredConnections,
        [Parameter(Mandatory = $false)]
-        [switch]$SkipConfirmation
+        [CISAuthenticationParameters]
        $AuthParams,
        [Parameter(Mandatory)]
        [string[]]
        $RequiredConnections,
        [Parameter(Mandatory = $false)]
        [switch]
        $SkipConfirmation
    )
-
+    $VerbosePreference = if ($SkipConfirmation) { 'SilentlyContinue' } else { 'Continue' }
    $VerbosePreference = "SilentlyContinue"
    $tenantInfo = @()
    $connectedServices = @()
    try {
-        if ($RequiredConnections -contains "AzureAD" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
+        if ($RequiredConnections -contains 'Microsoft Graph' -or $RequiredConnections -contains 'EXO | Microsoft Graph') {
            Write-Host "Connecting to Azure Active Directory..." -ForegroundColor Yellow
            Connect-AzureAD -WarningAction SilentlyContinue | Out-Null
            $tenantDetails = Get-AzureADTenantDetail -WarningAction SilentlyContinue
            $tenantInfo += [PSCustomObject]@{
                Service = "Azure Active Directory"
                TenantName = $tenantDetails.DisplayName
                TenantID = $tenantDetails.ObjectId
            }
            $connectedServices += "AzureAD"
            Write-Host "Successfully connected to Azure Active Directory." -ForegroundColor Green
        }
        if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
            Write-Host "Connecting to Microsoft Graph with scopes: Directory.Read.All, Domain.Read.All, Policy.Read.All, Organization.Read.All" -ForegroundColor Yellow
            try {
-                Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome | Out-Null
+                Write-Verbose 'Connecting to Microsoft Graph...'
                if ($AuthParams) {
                    Connect-MgGraph -CertificateThumbprint $AuthParams.ClientCertThumbPrint -AppId $AuthParams.ClientId -TenantId $AuthParams.TenantId -NoWelcome | Out-Null
                }
                else {
                    Connect-MgGraph -Scopes 'Directory.Read.All', 'Domain.Read.All', 'Policy.Read.All', 'Organization.Read.All' -NoWelcome | Out-Null
                }
                $graphOrgDetails = Get-MgOrganization
                $tenantInfo += [PSCustomObject]@{
-                    Service = "Microsoft Graph"
+                    Service    = 'Microsoft Graph'
                    TenantName = $graphOrgDetails.DisplayName
                    TenantID   = $graphOrgDetails.Id
                }
-                $connectedServices += "Microsoft Graph"
+                $connectedServices += 'Microsoft Graph'
-                Write-Host "Successfully connected to Microsoft Graph with specified scopes." -ForegroundColor Green
+                Write-Verbose 'Successfully connected to Microsoft Graph.'
            }
            catch {
-                Write-Host "Failed to connect to MgGraph, attempting device auth." -ForegroundColor Yellow
+                throw "Failed to connect to Microsoft Graph: $($_.Exception.Message)"
                Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -UseDeviceCode -NoWelcome | Out-Null
                $graphOrgDetails = Get-MgOrganization
                $tenantInfo += [PSCustomObject]@{
                    Service = "Microsoft Graph"
                    TenantName = $graphOrgDetails.DisplayName
                    TenantID = $graphOrgDetails.Id
                }
                $connectedServices += "Microsoft Graph"
                Write-Host "Successfully connected to Microsoft Graph with specified scopes." -ForegroundColor Green
            }
        }
-
+        if ($RequiredConnections -contains 'EXO' -or $RequiredConnections -contains 'AzureAD | EXO' -or $RequiredConnections -contains 'Microsoft Teams | EXO' -or $RequiredConnections -contains 'EXO | Microsoft Graph') {
-        if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
+            try {
-            Write-Host "Connecting to Exchange Online..." -ForegroundColor Yellow
+                Write-Verbose 'Connecting to Exchange Online...'
                if ($AuthParams) {
                    Connect-ExchangeOnline -AppId $AuthParams.ClientId -CertificateThumbprint $AuthParams.ClientCertThumbPrint -Organization $AuthParams.OnMicrosoftUrl -ShowBanner:$false | Out-Null
                }
                else {
                    Connect-ExchangeOnline -ShowBanner:$false | Out-Null
                }
                $exoTenant = (Get-OrganizationConfig).Identity
                $tenantInfo += [PSCustomObject]@{
-                Service = "Exchange Online"
+                    Service    = 'Exchange Online'
                    TenantName = $exoTenant
-                TenantID = "N/A"
+                    TenantID   = 'N/A'
                }
-            $connectedServices += "EXO"
+                $connectedServices += 'EXO'
-            Write-Host "Successfully connected to Exchange Online." -ForegroundColor Green
+                Write-Verbose 'Successfully connected to Exchange Online.'
            }
-
+            catch {
-        if ($RequiredConnections -contains "SPO") {
+                throw "Failed to connect to Exchange Online: $($_.Exception.Message)"
-            Write-Host "Connecting to SharePoint Online..." -ForegroundColor Yellow
+            }
        }
        if ($RequiredConnections -contains 'SPO') {
            try {
                Write-Verbose 'Connecting to SharePoint Online...'
                if ($AuthParams) {
                    Connect-PnPOnline -Url $AuthParams.SpAdminUrl -ClientId $AuthParams.ClientId -Tenant $AuthParams.OnMicrosoftUrl -Thumbprint $AuthParams.ClientCertThumbPrint | Out-Null
                }
                else {
                    Connect-SPOService -Url $TenantAdminUrl | Out-Null
-            $spoContext = Get-SPOCrossTenantHostUrl
+                }
-            $tenantName = Get-UrlLine -Output $spoContext
+                $tenantName = if ($AuthParams) {
                    (Get-PnPSite).Url
                }
                else {
                    # Returns the first site base URL from the tenant
                    # Suppress output from Get-SPOSite for powerautomate to avoid errors
                    [void]($sites =  Get-SPOSite -Limit All)
                    # Get the URL from the first site collection
                    $url = $sites[0].Url
                    # Use regex to extract the base URL up to the .com portion
                    $baseUrl = [regex]::Match($url, 'https://[^/]+.com').Value
                    # Output the base URL
                    $baseUrl
                }
                $tenantInfo += [PSCustomObject]@{
-                Service = "SharePoint Online"
+                    Service    = 'SharePoint Online'
                    TenantName = $tenantName
                }
-            $connectedServices += "SPO"
+                $connectedServices += 'SPO'
-            Write-Host "Successfully connected to SharePoint Online." -ForegroundColor Green
+                Write-Verbose 'Successfully connected to SharePoint Online.'
            }
-
+            catch {
-        if ($RequiredConnections -contains "Microsoft Teams" -or $RequiredConnections -contains "Microsoft Teams | EXO") {
+                throw "Failed to connect to SharePoint Online: $($_.Exception.Message)"
-            Write-Host "Connecting to Microsoft Teams..." -ForegroundColor Yellow
+            }
        }
        if ($RequiredConnections -contains 'Microsoft Teams' -or $RequiredConnections -contains 'Microsoft Teams | EXO') {
            try {
                Write-Verbose 'Connecting to Microsoft Teams...'
                if ($AuthParams) {
                    Connect-MicrosoftTeams -TenantId $AuthParams.TenantId -CertificateThumbprint $AuthParams.ClientCertThumbPrint -ApplicationId $AuthParams.ClientId | Out-Null
                }
                else {
                    Connect-MicrosoftTeams | Out-Null
                }
                $teamsTenantDetails = Get-CsTenant
                $tenantInfo += [PSCustomObject]@{
-                Service = "Microsoft Teams"
+                    Service    = 'Microsoft Teams'
                    TenantName = $teamsTenantDetails.DisplayName
                    TenantID   = $teamsTenantDetails.TenantId
                }
-            $connectedServices += "Microsoft Teams"
+                $connectedServices += 'Microsoft Teams'
-            Write-Host "Successfully connected to Microsoft Teams." -ForegroundColor Green
+                Write-Verbose 'Successfully connected to Microsoft Teams.'
            }
            catch {
                throw "Failed to connect to Microsoft Teams: $($_.Exception.Message)"
            }
        }
        # Display tenant information and confirm with the user
        if (-not $SkipConfirmation) {
-            Write-Host "Connected to the following tenants:" -ForegroundColor Yellow
+            Write-Verbose 'Connected to the following tenants:'
            foreach ($tenant in $tenantInfo) {
-                Write-Host "Service: $($tenant.Service)" -ForegroundColor Cyan
+                Write-Verbose "Service: $($tenant.Service) | Tenant: $($tenant.TenantName)"
-                Write-Host "Tenant Context: $($tenant.TenantName)`n" -ForegroundColor Green
+            }
-                #Write-Host "Tenant ID: $($tenant.TenantID)"
+            if ($script:PnpAuth) {
                Write-Warning "`n!!!!!!!!!!!!Important!!!!!!!!!!!!!!`nIf you use the auth object, you may need to kill the current session before subsequent runs`nas the PNP.Powershell module has conflicts with MgGraph authentication modules!`n!!!!!!!!!!!!Important!!!!!!!!!!!!!!"
            }
            $confirmation = Read-Host "Do you want to proceed with these connections? (Y/N)"
-            if ($confirmation -notlike 'Y') {
+            if ($confirmation -notLike 'Y') {
-                Write-Host "Connection setup aborted by user." -ForegroundColor Red
+                Write-Verbose "Connection setup aborted by user."
                Disconnect-M365Suite -RequiredConnections $connectedServices
-                throw "User aborted connection setup."
+                throw 'User aborted connection setup.'
            }
        }
    }
    catch {
-        $VerbosePreference = "Continue"
+        $VerbosePreference = 'Continue'
-        Write-Host "There was an error establishing one or more connections: $_" -ForegroundColor Red
+        throw "Connection failed: $($_.Exception.Message)"
-        throw $_
+    }
    finally {
        $VerbosePreference = 'Continue'
    }
    $VerbosePreference = "Continue"
 }
--- a/source/Private/Disconnect-M365Suite.ps1
+++ b/source/Private/Disconnect-M365Suite.ps1
@@ -8,7 +8,7 @@ function Disconnect-M365Suite {
    # Clean up sessions
    try {
        if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO") {
-            Write-Host "Disconnecting from Exchange Online..." -ForegroundColor Green
+            Write-Verbose "Disconnecting from Exchange Online..."
            Disconnect-ExchangeOnline -Confirm:$false | Out-Null
        }
    }
@@ -18,7 +18,7 @@ function Disconnect-M365Suite {
    try {
        if ($RequiredConnections -contains "AzureAD" -or $RequiredConnections -contains "AzureAD | EXO") {
-            Write-Host "Disconnecting from Azure AD..." -ForegroundColor Green
+            Write-Verbose "Disconnecting from Azure AD..."
            Disconnect-AzureAD | Out-Null
        }
    }
@@ -28,7 +28,7 @@ function Disconnect-M365Suite {
    try {
        if ($RequiredConnections -contains "Microsoft Graph") {
-            Write-Host "Disconnecting from Microsoft Graph..." -ForegroundColor Green
+            Write-Verbose "Disconnecting from Microsoft Graph..."
            Disconnect-MgGraph | Out-Null
        }
    }
@@ -38,23 +38,28 @@ function Disconnect-M365Suite {
    try {
        if ($RequiredConnections -contains "SPO") {
-            Write-Host "Disconnecting from SharePoint Online..." -ForegroundColor Green
+            if (($script:PnpAuth)) {
                Write-Verbose "Disconnecting from PnPOnline..."
                Disconnect-PnPOnline | Out-Null
            }
            else {
                Write-Verbose "Disconnecting from SharePoint Online..."
                Disconnect-SPOService | Out-Null
            }
        }
    }
    catch {
        Write-Warning "Failed to disconnect from SharePoint Online: $_"
    }
    try {
        if ($RequiredConnections -contains "Microsoft Teams" -or $RequiredConnections -contains "Microsoft Teams | EXO") {
-            Write-Host "Disconnecting from Microsoft Teams..." -ForegroundColor Green
+            Write-Verbose "Disconnecting from Microsoft Teams..."
            Disconnect-MicrosoftTeams | Out-Null
        }
    }
    catch {
        Write-Warning "Failed to disconnect from Microsoft Teams: $_"
    }
-
+    Write-Verbose "All necessary sessions have been disconnected."
    Write-Host "All necessary sessions have been disconnected." -ForegroundColor Green
 }
--- a/source/Private/Get-Action.ps1
+++ b/source/Private/Get-Action.ps1
@@ -11,6 +11,12 @@ function Get-Action {
        [ValidateSet("Admin", "Delegate", "Owner")]
        [string]$ActionType,
        [Parameter(Position = 2, Mandatory = $true, ParameterSetName = "ConvertActions")]
        [Parameter(Position = 2, Mandatory = $true, ParameterSetName = "ReverseActions")]
        [Parameter(Position = 1, Mandatory = $true, ParameterSetName = "GetDictionaries")]
        [ValidateSet("6.1.2", "6.1.3")]
        [string]$Version = "6.1.2",
        [Parameter(Position = 0, ParameterSetName = "ReverseActions")]
        [string[]]$AbbreviatedActions,
@@ -20,6 +26,52 @@ function Get-Action {
    )
    $Dictionary = @{
        "6.1.2" = @{
            AdminActions = @{
                ApplyRecord              = 'AR'
                Copy                     = 'CP'
                Create                   = 'CR'
                FolderBind               = 'FB'
                HardDelete               = 'HD'
                Move                     = 'MV'
                MoveToDeletedItems       = 'MTDI'
                SendAs                   = 'SA'
                SendOnBehalf             = 'SOB'
                SoftDelete               = 'SD'
                Update                   = 'UP'
                UpdateCalendarDelegation = 'UCD'
                UpdateFolderPermissions  = 'UFP'
                UpdateInboxRules         = 'UIR'
            }
            DelegateActions = @{
                ApplyRecord             = 'AR'
                Create                  = 'CR'
                FolderBind              = 'FB'
                HardDelete              = 'HD'
                Move                    = 'MV'
                MoveToDeletedItems      = 'MTDI'
                SendAs                  = 'SA'
                SendOnBehalf            = 'SOB'
                SoftDelete              = 'SD'
                Update                  = 'UP'
                UpdateFolderPermissions = 'UFP'
                UpdateInboxRules        = 'UIR'
            }
            OwnerActions = @{
                ApplyRecord              = 'AR'
                Create                   = 'CR'
                HardDelete               = 'HD'
                MailboxLogin             = 'ML'
                Move                     = 'MV'
                MoveToDeletedItems       = 'MTDI'
                SoftDelete               = 'SD'
                Update                   = 'UP'
                UpdateCalendarDelegation = 'UCD'
                UpdateFolderPermissions  = 'UFP'
                UpdateInboxRules         = 'UIR'
            }
        }
        "6.1.3" = @{
            AdminActions = @{
                ApplyRecord              = 'AR'
                Copy                     = 'CP'
@@ -69,12 +121,15 @@ function Get-Action {
                UpdateInboxRules         = 'UIR'
            }
        }
    }
    switch ($PSCmdlet.ParameterSetName) {
        "GetDictionaries" {
-            return $Dictionary
+            return $Dictionary[$Version]
        }
        "ConvertActions" {
            try {
                $Dictionary = $Dictionary[$Version]
                $actionDictionary = switch ($ActionType) {
                    "Admin"    { $Dictionary.AdminActions }
                    "Delegate" { $Dictionary.DelegateActions }
@@ -89,18 +144,23 @@ function Get-Action {
                }
                return $abbreviatedActions
            }
            catch {
                throw $_
            }
        }
        "ReverseActions" {
            try {
                $Dictionary = $Dictionary[$Version]
                $reverseDictionary = @{}
                $originalDictionary = switch ($ReverseActionType) {
                    "Admin"    { $Dictionary.AdminActions }
                    "Delegate" { $Dictionary.DelegateActions }
                    "Owner"    { $Dictionary.OwnerActions }
                }
                foreach ($key in $originalDictionary.Keys) {
                    $reverseDictionary[$originalDictionary[$key]] = $key
                }
                $fullNames = @()
                foreach ($abbrAction in $AbbreviatedActions) {
                    if ($reverseDictionary.ContainsKey($abbrAction)) {
@@ -109,5 +169,9 @@ function Get-Action {
                }
                return $fullNames
            }
            catch {
                throw $_
            }
        }
    }
 }
--- a/source/Private/Get-AdminRoleUserAndAssignment.ps1
+++ b/source/Private/Get-AdminRoleUserAndAssignment.ps1
@@ -1,27 +1,20 @@
 function Get-AdminRoleUserAndAssignment {
    [CmdletBinding()]
    param ()
    $result = @{}
    # Get the DisplayNames of all admin roles
    $adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName
    # Get Admin Roles
-    $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne "Directory Synchronization Accounts") }
+    $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne 'Directory Synchronization Accounts') }
    foreach ($role in $adminRoles) {
        Write-Verbose "Processing role: $($role.DisplayName)"
        $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
        foreach ($assignment in $roleAssignments) {
            Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)"
-            $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
+            $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property 'DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled' -ErrorAction SilentlyContinue
            if ($userDetails) {
                Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)"
                $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
                if (-not $result[$role.DisplayName]) {
                    $result[$role.DisplayName] = @()
                }
@@ -33,6 +26,5 @@ function Get-AdminRoleUserAndAssignment {
            }
        }
    }
    return $result
 }
--- a/source/Private/Get-AuditMailboxDetail.ps1
+++ b/source/Private/Get-AuditMailboxDetail.ps1
@@ -0,0 +1,33 @@
 function Get-AuditMailboxDetail {
    [cmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [String]$Details,
        [Parameter(Mandatory = $true)]
        [String]$Version
    )
    process {
        switch ($Version) {
            "6.1.2" { [string]$VersionText = "No M365 E3 licenses found."}
            "6.1.3" { [string]$VersionText = "No M365 E5 licenses found."}
        }
        if ($details -ne $VersionText ) {
            $csv = $details | ConvertFrom-Csv -Delimiter '|'
        }
        else {
            $csv = $null
        }
        if ($null -ne $csv) {
            foreach ($row in $csv) {
                $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin -Version $Version) -join ','
                $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate -Version $Version ) -join ','
                $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner -Version $Version ) -join ','
            }
            $newObjectDetails = $csv
        }
        else {
            $newObjectDetails = $details
        }
        return $newObjectDetails
    }
 }
--- a/source/Private/Get-CISExoOutput.ps1
+++ b/source/Private/Get-CISExoOutput.ps1
@@ -46,6 +46,7 @@ function Get-CISExoOutput {
    #>
    }
    process {
        try {
            Write-Verbose "Get-CISExoOutput: Retuning data for Rec: $Rec"
            switch ($Rec) {
                '1.2.2' {
@@ -87,60 +88,6 @@ function Get-CISExoOutput {
                    # [psobject[]]
                    return $sharingPolicies
                }
            '1.3.3b' {
                # $mailboxes Mock Object
                <#
                    $mailboxes = @(
                        [PSCustomObject]@{
                            UserPrincipalName = "SMBuser1@domain.com"
                            ExternalDirectoryObjectId = "123e4567-e89b-12d3-a456-426614174000"
                            PrimarySmtpAddress = "SMBuser1@domain.com"
                            PublishEnabled       = $False
                            PublishedCalendarUrl = "https://example.com/calendar/smbuser1"
                        },
                        [PSCustomObject]@{
                            UserPrincipalName = "SMBuser2@domain.com"
                            ExternalDirectoryObjectId = "987e6543-21ba-12d3-a456-426614174000"
                            PrimarySmtpAddress = "SMBuser2@domain.com"
                            PublishEnabled       = $False
                            PublishedCalendarUrl = "https://example.com/calendar/smbuser2"
                        },
                        [PSCustomObject]@{
                            UserPrincipalName = "SMBuser3@domain.com"
                            ExternalDirectoryObjectId = "abcddcba-98fe-76dc-a456-426614174000"
                            PrimarySmtpAddress = "SMBuser3@domain.com"
                            PublishEnabled       = $False
                            PublishedCalendarUrl = "https://example.com/calendar/smbuser3"
                        }
                    )
                #>
                $mailboxes = Get-Mailbox -ResultSize Unlimited
                $results = foreach ($mailbox in $mailboxes) {
                    # Get the name of the default calendar folder (depends on the mailbox's language)
                    # Return single string Ex: return "Calendar" x 3 in array
                    $calendarFolder = [string](Get-EXOMailboxFolderStatistics $mailbox.PrimarySmtpAddress -Folderscope Calendar | Where-Object { $_.FolderType -eq 'Calendar' }).Name
                    Write-Verbose "Calendar folder for $($mailbox.PrimarySmtpAddress): $calendarFolder"
                    # Get users calendar folder settings for their default Calendar folder
                    # calendar has the format identity:\<calendar folder name>
                    $calendar = Get-MailboxCalendarFolder -Identity "$($mailbox.PrimarySmtpAddress):\$calendarFolder"
                    #Write-Host "Calendar object for $($mailbox.PrimarySmtpAddress): $calendar"
                    Write-Verbose "Calendar publishing enabled: $($calendar.PublishEnabled)"
                    # Check if calendar publishing is enabled and create a custom object
                    if ($calendar.PublishEnabled) {
                        [PSCustomObject]@{
                            PrimarySmtpAddress   = $mailbox.PrimarySmtpAddress
                            CalendarFolder       = $calendarFolder
                            PublishEnabled       = $calendar.PublishEnabled
                            PublishedCalendarUrl = $calendar.PublishedCalendarUrl
                        }
                    }
                }
                $calendarDetails = @()
                foreach ($calendar in $results) {
                    $calendarDetails += "Calendar: $($calendar.PrimarySmtpAddress); URL: $($calendar.PublishedCalendarUrl)"
                }
                return $calendarDetails
            }
                '1.3.6' {
                    # Test-CustomerLockbox.ps1
                    # Step: Retrieve the organization configuration (Condition C: Pass/Fail)
@@ -199,11 +146,11 @@ function Get-CISExoOutput {
                            # Check each required property and record failures
                            # Condition A: Checking policy settings
                            $failures = @()
-                        if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" } # Email: On
+                            if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += 'EnableSafeLinksForEmail: False' } # Email: On
-                        if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" } # Teams: On
+                            if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += 'EnableSafeLinksForTeams: False' } # Teams: On
-                        if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" } # Office 365 Apps: On
+                            if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += 'EnableSafeLinksForOffice: False' } # Office 365 Apps: On
-                        if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" } # Click protection settings: On
+                            if ($policyDetails.TrackClicks -ne $true) { $failures += 'TrackClicks: False' } # Click protection settings: On
-                        if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" } # Do not track when users click safe links: Off
+                            if ($policyDetails.AllowClickThrough -ne $false) { $failures += 'AllowClickThrough: True' } # Do not track when users click safe links: Off
                            # Only add details for policies that have misconfigurations
                            if ($failures.Count -gt 0) {
                                $misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
@@ -274,10 +221,11 @@ function Get-CISExoOutput {
                            )
                        #>
                        $safeAttachmentPolicies = Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue | Where-Object { $_.Enable -eq $true }
                        $safeAttachmentRules = Get-SafeAttachmentRule
                        # [object[]]
-                    return $safeAttachmentPolicies
+                        return $safeAttachmentPolicies, $safeAttachmentRules
                        else {
-                        return 1
+                            return 1, 1
                        }
                    }
                }
@@ -314,7 +262,6 @@ function Get-CISExoOutput {
                '2.1.6' {
                    # Test-SpamPolicyAdminNotify.ps1
                    # Retrieve the hosted outbound spam filter policies
                # $spamPolicies Mock Object:
                    <#
                        # Mock data representing multiple spam filter policies
                        $spamPolicies = @(
@@ -348,6 +295,7 @@ function Get-CISExoOutput {
                    return $spamPolicies
                }
                '2.1.7' {
                    # v4 needs same info.
                    # Test-AntiPhishingPolicy.ps1
                    <#
                        $antiPhishPolicies = @(
@@ -390,8 +338,15 @@ function Get-CISExoOutput {
                        )
                    #>
                    $antiPhishPolicies = Get-AntiPhishPolicy
                    if ($script:Version400) {
                        Write-Verbose 'Retrieving associated AntiPhishRules...'
                        $antiPhishRules = Get-AntiPhishRule
                        return $antiPhishPolicies, $antiPhishRules
                    }
                    else {
                        return $antiPhishPolicies
                    }
                }
                '2.1.9' {
                    # Test-EnableDKIM.ps1
                    # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
@@ -400,6 +355,49 @@ function Get-CISExoOutput {
                    # [object[]]
                    return $dkimConfig
                }
                '2.1.11' {
                    # Test-CommonAttachmentFilter.ps1 for Comprehensive Attachment Filtering
                    Write-Verbose 'Retrieving Malware Filter Policies, Rules, and Extensions for 2.1.11...'
                    # Retrieve all malware filter policies
                    $malwarePolicies = Get-MalwareFilterPolicy
                    # Retrieve all malware filter rules
                    $malwareRules = Get-MalwareFilterRule
                    # Predefined list of L2 extensions from the benchmark
                    $L2Extensions = @(
                        '7z', 'a3x', 'ace', 'ade', 'adp', 'ani', 'app', 'appinstaller',
                        'applescript', 'application', 'appref-ms', 'appx', 'appxbundle', 'arj',
                        'asd', 'asx', 'bas', 'bat', 'bgi', 'bz2', 'cab', 'chm', 'cmd', 'com',
                        'cpl', 'crt', 'cs', 'csh', 'daa', 'dbf', 'dcr', 'deb',
                        'desktopthemepackfile', 'dex', 'diagcab', 'dif', 'dir', 'dll', 'dmg',
                        'doc', 'docm', 'dot', 'dotm', 'elf', 'eml', 'exe', 'fxp', 'gadget', 'gz',
                        'hlp', 'hta', 'htc', 'htm', 'htm', 'html', 'html', 'hwpx', 'ics', 'img',
                        'inf', 'ins', 'iqy', 'iso', 'isp', 'jar', 'jnlp', 'js', 'jse', 'kext',
                        'ksh', 'lha', 'lib', 'library-ms', 'lnk', 'lzh', 'macho', 'mam', 'mda',
                        'mdb', 'mde', 'mdt', 'mdw', 'mdz', 'mht', 'mhtml', 'mof', 'msc', 'msi',
                        'msix', 'msp', 'msrcincident', 'mst', 'ocx', 'odt', 'ops', 'oxps', 'pcd',
                        'pif', 'plg', 'pot', 'potm', 'ppa', 'ppam', 'ppkg', 'pps', 'ppsm', 'ppt',
                        'pptm', 'prf', 'prg', 'ps1', 'ps11', 'ps11xml', 'ps1xml', 'ps2',
                        'ps2xml', 'psc1', 'psc2', 'pub', 'py', 'pyc', 'pyo', 'pyw', 'pyz',
                        'pyzw', 'rar', 'reg', 'rev', 'rtf', 'scf', 'scpt', 'scr', 'sct',
                        'searchConnector-ms', 'service', 'settingcontent-ms', 'sh', 'shb', 'shs',
                        'shtm', 'shtml', 'sldm', 'slk', 'so', 'spl', 'stm', 'svg', 'swf', 'sys',
                        'tar', 'theme', 'themepack', 'timer', 'uif', 'url', 'uue', 'vb', 'vbe',
                        'vbs', 'vhd', 'vhdx', 'vxd', 'wbk', 'website', 'wim', 'wiz', 'ws', 'wsc',
                        'wsf', 'wsh', 'xla', 'xlam', 'xlc', 'xll', 'xlm', 'xls', 'xlsb', 'xlsm',
                        'xlt', 'xltm', 'xlw', 'xnk', 'xps', 'xsl', 'xz', 'z'
                    )
                    # Return all required objects for evaluation
                    return $malwarePolicies, $malwareRules, $L2Extensions
                }
                '2.1.12' {
                    # Placeholder - Test-ConnectionFilterIPAllowList
                }
                '2.1.13' {
                    # Placeholder - Test-ConnectionFilterSafeList
                }
                '2.1.14' {
                    # Placeholder - Test-InboundAntiSpamPolicies
                }
                '3.1.1' {
                    # Test-AuditLogSearch.ps1
                    # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
@@ -431,6 +429,9 @@ function Get-CISExoOutput {
                    # [object[]]
                    return $mailboxes
                }
                '6.1.4' {
                    # Placeholder - Test-AuditBypassEnabled
                }
                '6.2.1' {
                    # Test-BlockMailForwarding.ps1
                    # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
@@ -480,7 +481,7 @@ function Get-CISExoOutput {
                        }
                    }
                    # Check Default Role Assignment Policy
-                $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy"
+                    $defaultPolicy = Get-RoleAssignmentPolicy 'Default Role Assignment Policy'
                    return $customPolicyFailures, $defaultPolicy
                }
                '6.5.1' {
@@ -532,6 +533,10 @@ function Get-CISExoOutput {
                default { throw "No match found for test: $Rec" }
            }
        }
        catch {
            throw "Get-CISExoOutput: `n$_"
        }
    }
    end {
        Write-Verbose "Retuning data for Rec: $Rec"
    }
--- a/source/Private/Get-CISMSTeamsOutput.ps1
+++ b/source/Private/Get-CISMSTeamsOutput.ps1
@@ -34,6 +34,7 @@ function Get-CISMSTeamsOutput {
        #>
    }
    process {
        try {
            Write-Verbose "Get-CISMSTeamsOutput: Retuning data for Rec: $Rec"
            switch ($Rec) {
                '8.1.1' {
@@ -326,6 +327,10 @@ function Get-CISMSTeamsOutput {
                default { throw "No match found for test: $Rec" }
            }
        }
        catch {
            throw "Get-CISMSTeamsOutput: `n$_"
        }
    }
    end {
        Write-Verbose "Retuning data for Rec: $Rec"
    }
--- a/source/Private/Get-CISMgOutput.ps1
+++ b/source/Private/Get-CISMgOutput.ps1
@@ -2,13 +2,10 @@ function Get-CISMgOutput {
    <#
    .SYNOPSIS
    This is a sample Private function only visible within the module.
    .DESCRIPTION
    This sample function is not exported to the module and only return the data passed as parameter.
    .EXAMPLE
    $null = Get-CISMgOutput -PrivateData 'NOTHING TO SEE HERE'
    .PARAMETER PrivateData
    The PrivateData parameter is what will be returned without transformation.
@@ -20,7 +17,6 @@ function Get-CISMgOutput {
        [Parameter(Mandatory = $false)]
        [String]$DomainName
    )
    begin {
        # Begin Block #
        # Tests
@@ -34,18 +30,34 @@ function Get-CISMgOutput {
            6.1.2
            6.1.3
            # Test number array
-            $testNumbers = @('1.1.1', '1.1.3', '1.2.1', '1.3.1', '5.1.2.3', '5.1.8.1', '6.1.2', '6.1.3')
+            $testNumbers = @('1.1.1', '1.1.1-v4', '1.1.3', '1.2.1', '1.3.1', '5.1.2.3', '5.1.8.1', '6.1.2', '6.1.3', '1.1.4')
        #>
    }
    process {
-        Write-Verbose "Get-CISMgOutput: Retuning data for Rec: $Rec"
+        try {
            Write-Verbose "Get-CISMgOutput: Returning data for Rec: $Rec"
            switch ($rec) {
                '1.1.1' {
-                # 1.1.1
+                    if ($script:Version400) {
                        $DirectoryRoles = Get-MgDirectoryRole
                        # Get privileged role IDs
                        $PrivilegedRoles = $DirectoryRoles | Where-Object {
                            $_.DisplayName -like '*Administrator*' -or $_.DisplayName -eq 'Global Reader'
                        }
                        # Get the members of these various roles
                        $RoleMembers = $PrivilegedRoles | ForEach-Object { Get-MgDirectoryRoleMember -DirectoryRoleId $_.Id } |
                        Select-Object Id -Unique
                        $PrivilegedUsers = $RoleMembers | ForEach-Object {
                            Get-MgUser -UserId $_.Id -Property UserPrincipalName, DisplayName, Id, OnPremisesSyncEnabled
                        }
                        return $PrivilegedUsers
                    }
                    else {
                        # Test-AdministrativeAccountCompliance
                        $AdminRoleAssignmentsAndUsers = Get-AdminRoleUserAndAssignment
                        return $AdminRoleAssignmentsAndUsers
                    }
                }
                '1.1.3' {
                    # Test-GlobalAdminsCount
                    # Step: Retrieve global admin role
@@ -54,11 +66,42 @@ function Get-CISMgOutput {
                    $globalAdmins = Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRole.Id
                    return $globalAdmins
                }
                '1.1.4' {
                    # 1.1.4 - MicrosoftGraphPlaceholder
                    $DirectoryRoles = Get-MgDirectoryRole
                    # Get privileged role IDs
                    $PrivilegedRoles = $DirectoryRoles |
                    Where-Object { $_.DisplayName -like '*Administrator*' -or $_.DisplayName -eq 'Global Reader' }
                    # Get the members of these various roles
                    $RoleMembers = $PrivilegedRoles | ForEach-Object { Get-MgDirectoryRoleMember -DirectoryRoleId $_.Id } |
                    Select-Object Id -Unique
                    # Retrieve details about the members in these roles
                    $PrivilegedUsers = $RoleMembers | ForEach-Object {
                        Get-MgUser -UserId $_.Id -Property UserPrincipalName, DisplayName, Id
                    }
                    $Report = [System.Collections.Generic.List[Object]]::new()
                    foreach ($Admin in $PrivilegedUsers) {
                        $License = $null
                        $License = (Get-MgUserLicenseDetail -UserId $Admin.id).SkuPartNumber -join ', '
                        $Object = [pscustomobject][ordered]@{
                            DisplayName       = $Admin.DisplayName
                            UserPrincipalName = $Admin.UserPrincipalName
                            License           = $License
                        }
                        $Report.Add($Object)
                    }
                    return $Report
                }
                '1.2.1' {
                    # Test-ManagedApprovedPublicGroups
-                $allGroups = Get-MgGroup -All | Where-Object { $_.Visibility -eq "Public" } | Select-Object DisplayName, Visibility
+                    $allGroups = Get-MgGroup -All | Where-Object { $_.Visibility -eq 'Public' } | Select-Object DisplayName, Visibility
                    return $allGroups
                }
                '1.2.2' {
                    # Test-BlockSharedMailboxSignIn.ps1
                    $users = Get-MgUser
                    return $users
                }
                '1.3.1' {
                    # Test-PasswordNeverExpirePolicy.ps1
                    $domains = if ($DomainName) {
@@ -83,11 +126,11 @@ function Get-CISMgOutput {
                }
                '6.1.2' {
                    # Test-MailboxAuditingE3
-                $tenantSkus = Get-MgSubscribedSku -All
+                    $tenantSKUs = Get-MgSubscribedSku -All
-                $e3SkuPartNumber = "SPE_E3"
+                    $e3SkuPartNumber = 'SPE_E3'
-                $founde3Sku = $tenantSkus | Where-Object { $_.SkuPartNumber -eq $e3SkuPartNumber }
+                    $foundE3Sku = $tenantSKUs | Where-Object { $_.SkuPartNumber -eq $e3SkuPartNumber }
-                if ($founde3Sku.Count -ne 0) {
+                    if ($foundE3Sku.Count -ne 0) {
-                    $allE3Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde3Sku.SkuId) )" -All
+                        $allE3Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($foundE3Sku.SkuId) )" -All
                        return $allE3Users
                    }
                    else {
@@ -96,11 +139,11 @@ function Get-CISMgOutput {
                }
                '6.1.3' {
                    # Test-MailboxAuditingE5
-                $tenantSkus = Get-MgSubscribedSku -All
+                    $tenantSKUs = Get-MgSubscribedSku -All
-                $e5SkuPartNumber = "SPE_E5"
+                    $e5SkuPartNumber = 'SPE_E5'
-                $founde5Sku = $tenantSkus | Where-Object { $_.SkuPartNumber -eq $e5SkuPartNumber }
+                    $foundE5Sku = $tenantSKUs | Where-Object { $_.SkuPartNumber -eq $e5SkuPartNumber }
-                if ($founde5Sku.Count -ne 0) {
+                    if ($foundE5Sku.Count -ne 0) {
-                    $allE5Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde5Sku.SkuId) )" -All
+                        $allE5Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($foundE5Sku.SkuId) )" -All
                        return $allE5Users
                    }
                    else {
@@ -110,8 +153,11 @@ function Get-CISMgOutput {
                default { throw "No match found for test: $Rec" }
            }
        }
        catch {
            throw "Get-CISMgOutput: `n$_"
        }
    }
    end {
-        Write-Verbose "Retuning data for Rec: $Rec"
+        Write-Verbose "Returning data for Rec: $Rec"
    }
 } # end function Get-CISMgOutput
--- a/source/Private/Get-CISSpoOutput.ps1
+++ b/source/Private/Get-CISSpoOutput.ps1
@@ -1,119 +1,161 @@
 <#
    .SYNOPSIS
-        This is a sample Private function only visible within the module.
+        Retrieves configuration settings from SharePoint Online or PnP based on the specified recommendation.
    .DESCRIPTION
-        This sample function is not exported to the module and only return the data passed as parameter.
+        The Get-CISSpoOutput function retrieves specific configuration settings from SharePoint Online or PnP based on a recommendation number.
        It dynamically switches between using SPO and PnP commands based on the provided authentication context.
    .PARAMETER Rec
        The recommendation number corresponding to the specific test to be run.
    .INPUTS
        None. You cannot pipe objects to this function.
    .OUTPUTS
        PSCustomObject
            Returns configuration details for the specified recommendation.
    .EXAMPLE
-        $null = Get-CISSpoOutput -PrivateData 'NOTHING TO SEE HERE'
+        PS> Get-CISSpoOutput -Rec '7.2.1'
-    .PARAMETER PrivateData
+        Retrieves the LegacyAuthProtocolsEnabled property from the SharePoint Online or PnP tenant.
        The PrivateData parameter is what will be returned without transformation.
 #>
 function Get-CISSpoOutput {
-    [cmdletBinding()]
+    [CmdletBinding()]
    param(
-        [Parameter(Mandatory = $true)]
+        [Parameter(Mandatory = $true, HelpMessage = "The recommendation number corresponding to the specific test to be run.")]
        [String]$Rec
    )
    begin {
-        # Begin Block #
+        # Check if PnP should be used
-        <#
+        $UsePnP = $script:PnpAuth
-            # Tests
+        # Determine the prefix based on the switch
-            7.2.1
+        $prefix = if ($UsePnP) { "PnP" } else { "SPO" }
-            7.2.2
+        # Define a hashtable to map the function calls
-            7.2.3
+        $commandMap = @{
            7.2.4
            7.2.5
            7.2.6
            7.2.7
            7.2.9
            7.2.10
            7.3.1
            7.3.2
            7.3.4
            # Test number array
            $testNumbers = @('7.2.1', '7.2.2', '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.2.10', '7.3.1', '7.3.2', '7.3.4')
        #>
    }
    process {
        Write-Verbose "Retuning data for Rec: $Rec"
        switch ($Rec) {
            '7.2.1' {
            # Test-ModernAuthSharePoint.ps1
-                $SPOTenant = Get-SPOTenant | Select-Object -Property LegacyAuthProtocolsEnabled
+            # 7.2.1 (L1) Ensure Legacy Authentication Protocols are disabled
-                return $SPOTenant
+            # $SPOTenant Mock Object
            '7.2.1' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property LegacyAuthProtocolsEnabled
            }
            '7.2.2' {
            # Test-SharePointAADB2B.ps1
            # 7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
-                $SPOTenantAzureADB2B = Get-SPOTenant | Select-Object EnableAzureADB2BIntegration
+            # $SPOTenantAzureADB2B Mock Object
-                return $SPOTenantAzureADB2B
+            '7.2.2' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property EnableAzureADB2BIntegration
            }
            '7.2.3' {
            # Test-RestrictExternalSharing.ps1
            # 7.2.3 (L1) Ensure external content sharing is restricted
            # Retrieve the SharingCapability setting for the SharePoint tenant
-                $SPOTenantSharingCapability = Get-SPOTenant | Select-Object SharingCapability
+            # $SPOTenantSharingCapability Mock Object
-                return $SPOTenantSharingCapability
+            '7.2.3' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property SharingCapability
            }
            '7.2.4' {
            # Test-OneDriveContentRestrictions.ps1
-                $SPOTenant = Get-SPOTenant | Select-Object OneDriveSharingCapability
+            # 7.2.4 (L2) Ensure OneDrive content sharing is restricted
-                return $SPOTenant
+            # $SPOTenant Mock Object
            '7.2.4' = {
                Invoke-Command {
                    if ($prefix -eq "SPO") {
                        & "$((Get-Command -Name "Get-${prefix}Tenant").Name)" | Select-Object -Property OneDriveSharingCapability
                    } else {
                        # Workaround until bugfix in PnP.PowerShell
                        & "$((Get-Command -Name "Get-${prefix}Tenant").Name)" | Select-Object -Property OneDriveLoopSharingCapability | Select-Object @{Name = "OneDriveSharingCapability"; Expression = { $_.OneDriveLoopSharingCapability }}
                    }
                }
            }
            '7.2.5' {
            # Test-SharePointGuestsItemSharing.ps1
            # 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
-                $SPOTenant = Get-SPOTenant | Select-Object PreventExternalUsersFromResharing
+            # $SPOTenant Mock Object
-                return $SPOTenant
+            '7.2.5' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property PreventExternalUsersFromResharing
            }
            '7.2.6' {
            # Test-SharePointExternalSharingDomains.ps1
            # 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
-                $SPOTenant = Get-SPOTenant | Select-Object SharingDomainRestrictionMode, SharingAllowedDomainList
+            # Add Authorized Domains?
-                return $SPOTenant
+            # $SPOTenant Mock Object
            '7.2.6' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property SharingDomainRestrictionMode, SharingAllowedDomainList
            }
            '7.2.7' {
            # Test-LinkSharingRestrictions.ps1
            # Retrieve link sharing configuration for SharePoint and OneDrive
-                $SPOTenantLinkSharing = Get-SPOTenant | Select-Object DefaultSharingLinkType
+            # $SPOTenantLinkSharing Mock Object
-                return $SPOTenantLinkSharing
+            '7.2.7' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property DefaultSharingLinkType
            }
            '7.2.9' {
            # Test-GuestAccessExpiration.ps1
            # Retrieve SharePoint tenant settings related to guest access expiration
-                $SPOTenantGuestAccess = Get-SPOTenant | Select-Object ExternalUserExpirationRequired, ExternalUserExpireInDays
+            # $SPOTenantGuestAccess Mock Object
-                return $SPOTenantGuestAccess
+            '7.2.9' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property ExternalUserExpirationRequired, ExternalUserExpireInDays
            }
            '7.2.10' {
            # Test-ReauthWithCode.ps1
            # 7.2.10 (L1) Ensure reauthentication with verification code is restricted
            # Retrieve reauthentication settings for SharePoint Online
-                $SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays
+            # $SPOTenantReauthentication Mock Object
-                return $SPOTenantReauthentication
+            '7.2.10' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property EmailAttestationRequired, EmailAttestationReAuthDays
            }
            '7.3.1' {
            # Test-DisallowInfectedFilesDownload.ps1
            # Retrieve the SharePoint tenant configuration
-                $SPOTenantDisallowInfectedFileDownload = Get-SPOTenant | Select-Object DisallowInfectedFileDownload
+            # $SPOTenantDisallowInfectedFileDownload Mock Object
-                return $SPOTenantDisallowInfectedFileDownload
+            '7.3.1' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}Tenant").Name)"
                } | Select-Object -Property DisallowInfectedFileDownload
            }
            '7.3.2' {
            # Test-OneDriveSyncRestrictions.ps1
            # Retrieve OneDrive sync client restriction settings
-                $SPOTenantSyncClientRestriction = Get-SPOTenantSyncClientRestriction | Select-Object TenantRestrictionEnabled, AllowedDomainList
+            # Add isHybrid parameter?
-                return $SPOTenantSyncClientRestriction
+            # $SPOTenantSyncClientRestriction Mock Object
            '7.3.2' = {
                Invoke-Command {
                    & "$((Get-Command -Name "Get-${prefix}TenantSyncClientRestriction").Name)"
                } | Select-Object -Property TenantRestrictionEnabled, AllowedDomainList
            }
            '7.3.4' {
            # Test-RestrictCustomScripts.ps1
            # Retrieve all site collections and select necessary properties
-                $SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages
+            # $SPOSitesCustomScript Mock Object
-                return $SPOSitesCustomScript
+            '7.3.4' = {
                Invoke-Command {
                    if ($prefix -eq "SPO") {
                        & "$((Get-Command -Name "Get-${prefix}Site").Name)" -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages
                    } else {
                        & "$((Get-Command -Name "Get-${prefix}TenantSite").Name)" | Select-Object Title, Url, DenyAddAndCustomizePages
                    }
-            default { throw "No match found for test: $Rec" }
+                }
            }
        }
    }
    process {
        try {
            Write-Verbose "Returning data for Rec: $Rec"
            if ($commandMap.ContainsKey($Rec)) {
                # Invoke the script block associated with the command
                $result = & $commandMap[$Rec] -ErrorAction Stop
                return $result
            }
            else {
                throw "No match found for test: $Rec"
            }
        }
        catch {
            throw "Get-CISSpoOutput: `n$_"
        }
    }
    end {
-        Write-Verbose "Retuning data for Rec: $Rec"
+        Write-Verbose "Finished processing for Rec: $Rec"
    }
 }
 } # end function Get-CISMSTeamsOutput
--- a/source/Private/Get-PhishPolicyCompliance.ps1
+++ b/source/Private/Get-PhishPolicyCompliance.ps1
@@ -0,0 +1,57 @@
 function Get-PhishPolicyCompliance {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [PSCustomObject]$Policy
    )
    Write-Verbose "Starting compliance evaluation for policy: $($Policy.Name)"
    # Define the compliance criteria for an anti-phishing policy
    $complianceCriteria = @{
        Enabled                             = $true                            # Policy must be enabled
        EnableTargetedUserProtection        = $true                            # Targeted user protection must be enabled
        EnableOrganizationDomainsProtection = $true                            # Organization domains protection must be enabled
        EnableMailboxIntelligence           = $true                            # Mailbox intelligence must be enabled
        EnableMailboxIntelligenceProtection = $true                            # Mailbox intelligence protection must be enabled
        EnableSpoofIntelligence             = $true                            # Spoof intelligence must be enabled
        TargetedUserProtectionAction        = 'Quarantine'                     # Actions for targeted user protection must be 'Quarantine'
        TargetedDomainProtectionAction      = 'Quarantine'                     # Actions for targeted domain protection must be 'Quarantine'
        MailboxIntelligenceProtectionAction = 'Quarantine'                     # Actions for mailbox intelligence protection must be 'Quarantine'
        EnableFirstContactSafetyTips        = $true                            # First contact safety tips must be enabled
        EnableSimilarUsersSafetyTips        = $true                            # Similar users safety tips must be enabled
        EnableSimilarDomainsSafetyTips      = $true                            # Similar domains safety tips must be enabled
        EnableUnusualCharactersSafetyTips   = $true                            # Unusual characters safety tips must be enabled
        HonorDmarcPolicy                    = $true                            # Honor DMARC policy must be enabled
    }
    # Initialize compliance state and a list to track non-compliance reasons
    $isCompliant = $true
    $nonCompliantReasons = @()
    Write-Verbose "Evaluating compliance criteria for policy: $($Policy.Name)"
    # Iterate through the compliance criteria and check each property of the policy
    foreach ($key in $complianceCriteria.Keys) {
        Write-Verbose "Checking $key`: Expected $($complianceCriteria[$key])"
        if ($Policy.PSObject.Properties[$key] -and $Policy.$key -ne $complianceCriteria[$key]) {
            Write-Verbose "Non-compliance detected for $key. Found $($Policy.$key)"
            $isCompliant = $false                                              # Mark as non-compliant if the value doesn't match
            $nonCompliantReasons += "$key`: Expected $($complianceCriteria[$key]), Found $($Policy.$key)" # Record the discrepancy
        } else {
            Write-Verbose "$key is compliant."
        }
    }
    # Special case: Ensure PhishThresholdLevel is at least 3
    Write-Verbose "Checking PhishThresholdLevel: Expected at least 3"
    if ($Policy.PSObject.Properties['PhishThresholdLevel'] -and $Policy.PhishThresholdLevel -lt 3) {
        Write-Verbose "Non-compliance detected for PhishThresholdLevel. Found $($Policy.PhishThresholdLevel)"
        $isCompliant = $false                                                  # Mark as non-compliant if threshold is below 3
        $nonCompliantReasons += "PhishThresholdLevel: Expected at least 3, Found $($Policy.PhishThresholdLevel)" # Record the issue
    } else {
        Write-Verbose "PhishThresholdLevel is compliant."
    }
    # Log the reasons for non-compliance if the policy is not compliant
    if (-not $isCompliant) {
        Write-Verbose "Policy $($Policy.Name) is not compliant. Reasons: $($nonCompliantReasons -join '; ')"
    } else {
        Write-Verbose "Policy $($Policy.Name) is fully compliant."
    }
    # Return whether the policy is compliant
    return $isCompliant
 }
--- a/source/Private/Get-RequiredModule.ps1
+++ b/source/Private/Get-RequiredModule.ps1
@@ -4,21 +4,28 @@ function Get-RequiredModule {
    param (
        [Parameter(Mandatory = $true, ParameterSetName = 'AuditFunction')]
        [switch]$AuditFunction,
        [Parameter(Mandatory = $true, ParameterSetName = 'SyncFunction')]
        [switch]$SyncFunction
    )
    switch ($PSCmdlet.ParameterSetName) {
        'AuditFunction' {
            if (($script:PnpAuth)) {
                return @(
                    @{ ModuleName = "ExchangeOnlineManagement"; RequiredVersion = "3.3.0"; SubModules = @() },
-                @{ ModuleName = "AzureAD"; RequiredVersion = "2.0.2.182"; SubModules = @() },
+                    @{ ModuleName = "Microsoft.Graph"; RequiredVersion = "2.4.0"; SubModules = @("DeviceManagement", "Users", "Identity.DirectoryManagement", "Identity.SignIns") },
-                @{ ModuleName = "Microsoft.Graph"; RequiredVersion = "2.4.0"; SubModules = @("Groups", "DeviceManagement", "Users", "Identity.DirectoryManagement", "Identity.SignIns") },
+                    @{ ModuleName = "PnP.PowerShell"; RequiredVersion = "2.5.0"; SubModules = @() },
                    @{ ModuleName = "MicrosoftTeams"; RequiredVersion = "5.5.0"; SubModules = @() }
                )
            }
            else {
                return @(
                    @{ ModuleName = "ExchangeOnlineManagement"; RequiredVersion = "3.3.0"; SubModules = @() },
                    @{ ModuleName = "Microsoft.Graph"; RequiredVersion = "2.4.0"; SubModules = @("DeviceManagement", "Users", "Identity.DirectoryManagement", "Identity.SignIns") },
                    @{ ModuleName = "Microsoft.Online.SharePoint.PowerShell"; RequiredVersion = "16.0.24009.12000"; SubModules = @() },
                    @{ ModuleName = "MicrosoftTeams"; RequiredVersion = "5.5.0"; SubModules = @() }
                )
            }
        }
        'SyncFunction' {
            return @(
                @{ ModuleName = "ImportExcel"; RequiredVersion = "7.8.9"; SubModules = @() }
--- a/source/Private/Get-ScopeOverlap.ps1
+++ b/source/Private/Get-ScopeOverlap.ps1
@@ -0,0 +1,57 @@
 function Get-ScopeOverlap {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [PSCustomObject]$Policy,
        [Parameter(Mandatory = $true)]
        [PSCustomObject[]]$OtherPolicies
    )
    Write-Verbose "Checking for scope overlap with policy: $($Policy.Name)..."
    $overlapDetected = $false
    $overlappingDetails = @()
    # Extract the correct scope properties for the current policy
    $policyScope = @{
        Users  = $Policy.TargetedUsersToProtect
        Domains = $Policy.TargetedDomainsToProtect
    }
    # Log the current policy's scope
    foreach ($key in $policyScope.Keys) {
        Write-Verbose "Policy $($Policy.Name) $key scope: $($policyScope[$key] -join ', ')"
    }
    # Compare with the scope of other policies
    foreach ($otherPolicy in $OtherPolicies) {
        if ($null -ne $otherPolicy) {
            # Extract the correct scope properties for the other policy
            $otherScope = @{
                Users  = $otherPolicy.TargetedUsersToProtect
                Domains = $otherPolicy.TargetedDomainsToProtect
            }
            # Log the other policy's scope
            Write-Verbose "Comparing with policy: $($otherPolicy.Name)..."
            foreach ($key in $otherScope.Keys) {
                Write-Verbose "$($otherPolicy.Name) $key scope: $($otherScope[$key] -join ', ')"
            }
            # Compare scopes (intersection) and detect overlap
            foreach ($key in $policyScope.Keys) {
                $overlap = $policyScope[$key] | Where-Object { $otherScope[$key] -contains $_ }
                if ($overlap) {
                    $overlapDetected = $true
                    $overlappingDetails += "Overlap detected in $key between $($Policy.Name) and $($otherPolicy.Name): $($overlap -join ', ')"
                    Write-Verbose "Overlap detected in $key`: $($overlap -join ', ')"
                } else {
                    Write-Verbose "No overlap detected for $key between $($Policy.Name) and $($otherPolicy.Name)."
                }
            }
        }
    }
    # Provide a clear summary of overlapping details
    if ($overlapDetected) {
        Write-Verbose "Summary of overlaps for policy $($Policy.Name):"
        foreach ($detail in $overlappingDetails) {
            Write-Verbose "    $detail"
        }
    } else {
        Write-Verbose "No overlapping entities found for policy $($Policy.Name)."
    }
    return $overlapDetected
 }
--- a/source/Private/Get-TestDefinition.ps1
+++ b/source/Private/Get-TestDefinition.ps1
@@ -0,0 +1,28 @@
 function Get-TestDefinition {
    param (
        [string]$Version
    )
    # Load test definitions from CSV
    $testDefinitionsPath = Join-Path -Path $PSScriptRoot -ChildPath 'helper\TestDefinitions.csv'
    $testDefinitions = Import-Csv -Path $testDefinitionsPath
    # ################ Check for $Version -eq '4.0.0' ################
    if ($Version -eq '4.0.0') {
        $script:Version400 = $true
        $testDefinitionsV4Path = Join-Path -Path $PSScriptRoot -ChildPath 'helper\TestDefinitions-v4.0.0.csv'
        $testDefinitionsV4 = Import-Csv -Path $testDefinitionsV4Path
        # Merge the definitions, prioritizing version 4.0.0
        $mergedDefinitions = @{ }
        foreach ($test in $testDefinitions) {
            $mergedDefinitions[$test.Rec] = $test
        }
        foreach ($testV4 in $testDefinitionsV4) {
            $mergedDefinitions[$testV4.Rec] = $testV4  # Overwrite if Rec exists
        }
        # Convert back to an array
        $testDefinitions = $mergedDefinitions.Values
        Write-Verbose "Total tests after merging: $(($testDefinitions).Count)"
        $overwrittenTests = $testDefinitionsV4 | Where-Object { $testDefinitions[$_.Rec] }
        Write-Verbose "Overwritten tests: $($overwrittenTests.Rec -join ', ')"
    }
    return $testDefinitions
 }
--- a/source/Private/Get-TestDefinitionsObject.ps1
+++ b/source/Private/Get-TestDefinitionsObject.ps1
@@ -15,7 +15,6 @@ function Get-TestDefinitionsObject {
    )
    Write-Verbose "Initial test definitions count: $($TestDefinitions.Count)"
    switch ($ParameterSetName) {
        'ELevelFilter' {
            Write-Verbose "Applying ELevelFilter"
@@ -59,7 +58,6 @@ function Get-TestDefinitionsObject {
            $TestDefinitions = $TestDefinitions | Where-Object { $SkipRecommendation -notcontains $_.Rec }
        }
    }
    Write-Verbose "Filtered test definitions count: $($TestDefinitions.Count)"
    return $TestDefinitions
 }
--- a/source/Private/Get-TestError.ps1
+++ b/source/Private/Get-TestError.ps1
@@ -19,15 +19,15 @@ function Get-TestError {
    [cmdletBinding()]
    param (
        $LastError,
-        $recnum
+        $RecNum
    )
    # Retrieve the description from the test definitions
-    $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
+    $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum }
    $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
-    $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $LastError })
+    $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $LastError })
    # Call Initialize-CISAuditResult with error parameters
-    $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+    $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure
-    Write-Verbose "An error occurred during the test: `n$LastError" -Verbose
+    Write-Verbose "An error occurred during the test $RecNum`: `n$LastError" -Verbose
    return $auditResult
 }
--- a/source/Private/Get-UniqueConnection.ps1
+++ b/source/Private/Get-UniqueConnection.ps1
@@ -8,10 +8,7 @@ function Get-UniqueConnection {
    $uniqueConnections = @()
-    if ($Connections -contains "AzureAD" -or $Connections -contains "AzureAD | EXO" -or $Connections -contains "AzureAD | EXO | Microsoft Graph") {
+    if ($Connections -contains "Microsoft Graph" -or $Connections -contains "AzureAD | EXO | Microsoft Graph" -or $Connections -contains "EXO | Microsoft Graph") {
        $uniqueConnections += "AzureAD"
    }
    if ($Connections -contains "Microsoft Graph" -or $Connections -contains "AzureAD | EXO | Microsoft Graph") {
        $uniqueConnections += "Microsoft Graph"
    }
    if ($Connections -contains "EXO" -or $Connections -contains "AzureAD | EXO" -or $Connections -contains "Microsoft Teams | EXO" -or $Connections -contains "AzureAD | EXO | Microsoft Graph") {
--- a/source/Private/Initialize-CISAuditResult.ps1
+++ b/source/Private/Initialize-CISAuditResult.ps1
@@ -20,7 +20,7 @@ function Initialize-CISAuditResult {
        [Parameter(ParameterSetName = 'Error')]
        [switch]$Failure
    )
-
+    $M365AuditVersion = $Script:CISVersion
    # Import the test definitions CSV file
    $testDefinitions = $script:TestDefinitionsObject
@@ -45,6 +45,7 @@ function Initialize-CISAuditResult {
    $auditResult.Automated = [bool]::Parse($testDefinition.Automated)
    $auditResult.Connection = $testDefinition.Connection
    $auditResult.CISControlVer = 'v8'
    $auditResult.M365AuditVersion = $M365AuditVersion
    if ($PSCmdlet.ParameterSetName -eq 'Full') {
        $auditResult.Result = $Result
--- a/source/Private/Invoke-TestFunction.ps1
+++ b/source/Private/Invoke-TestFunction.ps1
@@ -1,5 +1,5 @@
 function Invoke-TestFunction {
-    [OutputType([CISAuditResult[]])]
+    [OutputType([CISAuditResult])]
    param (
        [Parameter(Mandatory = $true)]
        [PSObject]$FunctionFile,
@@ -10,10 +10,8 @@ function Invoke-TestFunction {
        [Parameter(Mandatory = $false)]
        [string[]]$ApprovedFederatedDomains
    )
    $functionName = $FunctionFile.BaseName
    $functionCmd = Get-Command -Name $functionName
    # Check if the test function needs DomainName parameter
    $paramList = @{}
    if ('DomainName' -in $functionCmd.Parameters.Keys) {
@@ -25,17 +23,21 @@ function Invoke-TestFunction {
    if ('ApprovedFederatedDomains' -in $functionCmd.Parameters.Keys) {
        $paramList.ApprovedFederatedDomains = $ApprovedFederatedDomains
    }
-    # Use splatting to pass parameters
+    # Version-aware logging
-    Write-Verbose "Running $functionName..."
+    if ($script:Version400) {
        Write-Verbose "Running $functionName (Version: 4.0.0)..."
    }
    else {
        Write-Verbose "Running $functionName (Version: 3.0.0)..."
    }
    try {
        $result = & $functionName @paramList
        # Assuming each function returns an array of CISAuditResult or a single CISAuditResult
        return $result
    }
    catch {
-        Write-Error "An error occurred during the test: $_"
+        Write-Error "An error occurred during the test $RecNum`: $_"
        $script:FailedTests.Add([PSCustomObject]@{ Test = $functionName; Error = $_ })
        # Call Initialize-CISAuditResult with error parameters
        $auditResult = Initialize-CISAuditResult -Rec $functionName -Failure
        return $auditResult
--- a/source/Private/Measure-AuditResult.ps1
+++ b/source/Private/Measure-AuditResult.ps1
@@ -18,15 +18,15 @@ function Measure-AuditResult {
    $passPercentage = if ($totalTests -eq 0) { 0 } else { [math]::Round(($passedTests / $totalTests) * 100, 2) }
    # Display the pass percentage to the user
-    Write-Host "Audit completed. $passedTests out of $totalTests tests passed." -ForegroundColor Cyan
+    Write-Verbose "Audit completed. $passedTests out of $totalTests tests passed."
-    Write-Host "Your passing percentage is $passPercentage%." -ForegroundColor Magenta
+    Write-Verbose "Your passing percentage is $passPercentage%."
    # Display details of failed tests
    if ($FailedTests.Count -gt 0) {
-        Write-Host "The following tests failed to complete:" -ForegroundColor Red
+        Write-Verbose "The following tests failed to complete:"
        foreach ($failedTest in $FailedTests) {
-            Write-Host "Test: $($failedTest.Test)" -ForegroundColor Yellow
+            Write-Verbose "Test: $($failedTest.Test)"
-            Write-Host "Error: $($failedTest.Error)" -ForegroundColor Yellow
+            Write-Verbose "Error: $($failedTest.Error)"
        }
    }
 }
--- a/source/Public/Export-M365SecurityAuditTable.ps1
+++ b/source/Public/Export-M365SecurityAuditTable.ps1
@@ -1,260 +1,201 @@
 <#
    .SYNOPSIS
-        Exports Microsoft 365 security audit results to CSV or Excel files and supports outputting specific test results as objects.
+        Export Microsoft 365 CIS audit results into CSV/Excel and package with hashes.
    .DESCRIPTION
-        The Export-M365SecurityAuditTable function exports Microsoft 365 security audit results from an array of CISAuditResult objects or a CSV file.
+        Export-M365SecurityAuditTable processes an array of CISAuditResult objects, exporting per-test nested tables
-        It can export all results to a specified path, output a specific test result as an object, and includes options for exporting results to Excel.
+        and/or a full audit summary (with oversized fields truncated) to CSV or Excel.  All output files are
-        Additionally, it computes hashes for the exported files and includes them in the zip archive for verification purposes.
+        hashed (SHA256) and bundled into a ZIP archive whose filename includes a short hash for integrity.
    .PARAMETER AuditResults
-        An array of CISAuditResult objects containing the audit results. This parameter is mandatory when exporting from audit results.
+        An array of PSCustomObject (CISAuditResult) objects containing the audit results to export or query.
    .PARAMETER CsvPath
        The path to a CSV file containing the audit results. This parameter is mandatory when exporting from a CSV file.
    .PARAMETER OutputTestNumber
        The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". This parameter is used to output a specific test result.
    .PARAMETER ExportAllTests
        Switch to export all test results. When specified, all test results are exported to the specified path.
    .PARAMETER ExportPath
-        The path where the CSV or Excel files will be exported. This parameter is mandatory when exporting all tests.
+        Path to the directory where CSV/Excel files and the final ZIP archive will be placed. Required for
-    .PARAMETER ExportOriginalTests
+        any file-based export (DefaultExport or OnlyExportNestedTables).
        Switch to export the original audit results to a CSV file. When specified, the original test results are exported along with the processed results.
    .PARAMETER ExportToExcel
-        Switch to export the results to an Excel file. When specified, results are exported in Excel format.
+        Switch to export files in Excel (.xlsx) format instead of CSV. Requires the ImportExcel module.
    .PARAMETER Prefix
        A short prefix (0–5 characters, default 'Corp') appended to the summary audit filename and hashes.
    .PARAMETER OnlyExportNestedTables
        Switch to export only the per-test nested tables to files, skipping the full audit summary.
    .PARAMETER OutputTestNumber
        Specify one test number (valid values: '1.1.1','1.3.1','6.1.2','6.1.3','7.3.4') to return that test’s
        details in-memory as objects without writing any files.
    .INPUTS
-        [CISAuditResult[]] - An array of CISAuditResult objects.
+        System.Object[] (array of CISAuditResult PSCustomObjects)
        [string] - A path to a CSV file.
    .OUTPUTS
-        [PSCustomObject] - A custom object containing the path to the zip file and its hash.
+        PSCustomObject with property ZipFilePath indicating the final ZIP archive location, or raw test details
        when using -OutputTestNumber.
    .EXAMPLE
-        Export-M365SecurityAuditTable -AuditResults $object -OutputTestNumber 6.1.2
+        # Return details for test 6.1.2
-        # Outputs the result of test number 6.1.2 from the provided audit results as an object.
+        Export-M365SecurityAuditTable -AuditResults $audits -OutputTestNumber 6.1.2
    .EXAMPLE
-        Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp"
+        # Full export (nested tables + summary) to CSV
-        # Exports all audit results to the specified path in CSV format.
+        Export-M365SecurityAuditTable -AuditResults $audits -ExportPath "C:\temp"
    .EXAMPLE
-        Export-M365SecurityAuditTable -CsvPath "C:\temp\auditresultstoday1.csv" -OutputTestNumber 6.1.2
+        # Only export nested tables to Excel
-        # Outputs the result of test number 6.1.2 from the CSV file as an object.
+        Export-M365SecurityAuditTable -AuditResults $audits -ExportPath "C:\temp" -OnlyExportNestedTables -ExportToExcel
    .EXAMPLE
-        Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp"
+        # Custom prefix for filenames
-        # Exports all audit results from the CSV file to the specified path in CSV format.
+        Export-M365SecurityAuditTable -AuditResults $audits -ExportPath "C:\temp" -Prefix Dev
    .EXAMPLE
        Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportOriginalTests
        # Exports all audit results along with the original test results to the specified path in CSV format.
    .EXAMPLE
        Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" -ExportOriginalTests
        # Exports all audit results from the CSV file along with the original test results to the specified path in CSV format.
    .EXAMPLE
        Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportToExcel
        # Exports all audit results to the specified path in Excel format.
    .LINK
        https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable
 #>
 function Export-M365SecurityAuditTable {
-    [CmdletBinding()]
+    [CmdletBinding(
        DefaultParameterSetName = 'DefaultExport',
        SupportsShouldProcess,
        ConfirmImpact = 'High'
    )]
    [OutputType([PSCustomObject])]
    param(
-        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "ExportAllResultsFromAuditResults")]
+        #───────────────────────────────────────────────────────────────────────────
-        [Parameter(Mandatory = $true, Position = 2, ParameterSetName = "OutputObjectFromAuditResultsSingle")]
+        # 1) DefaultExport: full audit export (nested tables + summary) into ZIP
-        [CISAuditResult[]]$AuditResults,
+        #    -AuditResults, -ExportPath, [-ExportToExcel], [-Prefix]
-        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "ExportAllResultsFromCsv")]
+        #───────────────────────────────────────────────────────────────────────────
-        [Parameter(Mandatory = $true, Position = 2, ParameterSetName = "OutputObjectFromCsvSingle")]
+        [Parameter(Mandatory, ParameterSetName = 'DefaultExport')]
-        [ValidateScript({ (Test-Path $_) -and ((Get-Item $_).PSIsContainer -eq $false) })]
+        [Parameter(Mandatory, ParameterSetName = 'OnlyExportNestedTables')]
-        [string]$CsvPath,
+        [Parameter(Mandatory, ParameterSetName = 'SingleObject')]
-        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "OutputObjectFromAuditResultsSingle")]
+        [psobject[]]
-        [Parameter(Mandatory = $true, Position = 1, ParameterSetName = "OutputObjectFromCsvSingle")]
+        $AuditResults,
-        [ValidateSet("1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4")]
+        [Parameter(Mandatory, ParameterSetName = 'DefaultExport')]
-        [string]$OutputTestNumber,
+        [Parameter(Mandatory, ParameterSetName = 'OnlyExportNestedTables')]
-        [Parameter(Mandatory = $false, Position = 0, ParameterSetName = "ExportAllResultsFromAuditResults")]
+        [string]
-        [Parameter(Mandatory = $false, Position = 0, ParameterSetName = "ExportAllResultsFromCsv")]
+        $ExportPath,
-        [switch]$ExportAllTests,
+        [Parameter(ParameterSetName = 'DefaultExport')]
-        [Parameter(Mandatory = $true, ParameterSetName = "ExportAllResultsFromAuditResults")]
+        [Parameter(ParameterSetName = 'OnlyExportNestedTables')]
-        [Parameter(Mandatory = $true, ParameterSetName = "ExportAllResultsFromCsv")]
+        [switch]
-        [string]$ExportPath,
+        $ExportToExcel,
-        [Parameter(Mandatory = $true, ParameterSetName = "ExportAllResultsFromAuditResults")]
+        [Parameter(ParameterSetName = 'DefaultExport')]
-        [Parameter(Mandatory = $true, ParameterSetName = "ExportAllResultsFromCsv")]
+        [Parameter(ParameterSetName = 'OnlyExportNestedTables')]
-        [switch]$ExportOriginalTests,
+        [ValidateLength(0,5)]
-        [Parameter(Mandatory = $false, ParameterSetName = "ExportAllResultsFromAuditResults")]
+        [string]
-        [Parameter(Mandatory = $false, ParameterSetName = "ExportAllResultsFromCsv")]
+        $Prefix = 'Corp',
-        [switch]$ExportToExcel
+        #───────────────────────────────────────────────────────────────────────────
        # 2) OnlyExportNestedTables: nested tables only into ZIP
        #    -AuditResults, -ExportPath, -OnlyExportNestedTables
        #───────────────────────────────────────────────────────────────────────────
        [Parameter(Mandatory, ParameterSetName = 'OnlyExportNestedTables')]
        [switch]
        $OnlyExportNestedTables,
        #───────────────────────────────────────────────────────────────────────────
        # 3) SingleObject: in-memory output of one test’s details
        #    -AuditResults, -OutputTestNumber
        #───────────────────────────────────────────────────────────────────────────
        [Parameter(Mandatory, ParameterSetName = 'SingleObject')]
        [ValidateSet('1.1.1','1.3.1','6.1.2','6.1.3','7.3.4')]
        [string]
        $OutputTestNumber
    )
    Begin {
-        $createdFiles = @() # Initialize an array to keep track of created files
+        # Load v4.0 definitions
        $AuditResults[0].M365AuditVersion
        $script:TestDefinitionsObject = Get-TestDefinition -Version $Version
        # Ensure Excel support if requested
        if ($ExportToExcel) {
-            Assert-ModuleAvailability -ModuleName ImportExcel -RequiredVersion "7.8.9"
+            Assert-ModuleAvailability -ModuleName ImportExcel -RequiredVersion '7.8.9'
        }
        if ($PSCmdlet.ParameterSetName -like "ExportAllResultsFromCsv" -or $PSCmdlet.ParameterSetName -eq "OutputObjectFromCsvSingle") {
            $AuditResults = Import-Csv -Path $CsvPath | ForEach-Object {
                $params = @{
                    Rec           = $_.Rec
                    Result        = [bool]$_.Result
                    Status        = $_.Status
                    Details       = $_.Details
                    FailureReason = $_.FailureReason
                }
                Initialize-CISAuditResult @params
            }
        }
        if ($ExportAllTests) {
            $TestNumbers = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
        }
        # Tests producing nested tables
        $nestedTests = '1.1.1','1.3.1','6.1.2','6.1.3','7.3.4'
        # Initialize collections
        $results      = @()
-        $testsToProcess = if ($OutputTestNumber) { @($OutputTestNumber) } else { $TestNumbers }
+        $createdFiles = [System.Collections.Generic.List[string]]::new()
        # Determine which tests to process
        if ($PSCmdlet.ParameterSetName -eq 'SingleObject') {
            $testsToProcess = @($OutputTestNumber)
        } else {
            $testsToProcess = $nestedTests
        }
    }
    Process {
        foreach ($test in $testsToProcess) {
-            $auditResult = $AuditResults | Where-Object { $_.Rec -eq $test }
+            $item = $AuditResults | Where-Object Rec -EQ $test
-            if (-not $auditResult) {
+            if (-not $item) { continue }
                Write-Information "No audit results found for the test number $test."
                continue
            }
            switch ($test) {
-                "6.1.2" {
+                '6.1.2' { $parsed = Get-AuditMailboxDetail -Details $item.Details -Version '6.1.2' }
-                    $details = $auditResult.Details
+                '6.1.3' { $parsed = Get-AuditMailboxDetail -Details $item.Details -Version '6.1.3' }
-                    if ($details -ne "No M365 E3 licenses found.") {
+                Default { $parsed = $item.Details | ConvertFrom-Csv -Delimiter '|' }
                        $csv = $details | ConvertFrom-Csv -Delimiter '|'
                    }
                    else {
                        $csv = $null
                    }
                    if ($null -ne $csv) {
                        foreach ($row in $csv) {
                            $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }) -join ','
                            $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate | Where-Object { $_ -notin @("MailItemsAccessed") }) -join ','
                            $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }) -join ','
                        }
                        $newObjectDetails = $csv
                    }
                    else {
                        $newObjectDetails = $details
                    }
                    $results += [PSCustomObject]@{ TestNumber = $test; Details = $newObjectDetails }
                }
                "6.1.3" {
                    $details = $auditResult.Details
                    if ($details -ne "No M365 E5 licenses found.") {
                        $csv = $details | ConvertFrom-Csv -Delimiter '|'
                    }
                    else {
                        $csv = $null
                    }
                    if ($null -ne $csv) {
                        foreach ($row in $csv) {
                            $row.AdminActionsMissing = (Get-Action -AbbreviatedActions $row.AdminActionsMissing.Split(',') -ReverseActionType Admin) -join ','
                            $row.DelegateActionsMissing = (Get-Action -AbbreviatedActions $row.DelegateActionsMissing.Split(',') -ReverseActionType Delegate) -join ','
                            $row.OwnerActionsMissing = (Get-Action -AbbreviatedActions $row.OwnerActionsMissing.Split(',') -ReverseActionType Owner) -join ','
                        }
                        $newObjectDetails = $csv
                    }
                    else {
                        $newObjectDetails = $details
                    }
                    $results += [PSCustomObject]@{ TestNumber = $test; Details = $newObjectDetails }
                }
                Default {
                    $details = $auditResult.Details
                    $csv = $details | ConvertFrom-Csv -Delimiter '|'
                    $results += [PSCustomObject]@{ TestNumber = $test; Details = $csv }
                }
            }
            $results += [PSCustomObject]@{ TestNumber = $test; Details = $parsed }
        }
    }
    End {
-        if ($ExportPath) {
+        #--- SingleObject: return in-memory details ---
-            $timestamp = (Get-Date).ToString("yyyy.MM.dd_HH.mm.ss")
+        if ($PSCmdlet.ParameterSetName -eq 'SingleObject') {
-            $exportedTests = @()
+            if ($results.Count -and $results[0].Details) {
            foreach ($result in $results) {
                $testDef = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $result.TestNumber }
                if ($testDef) {
                    $fileName = "$ExportPath\$($timestamp)_$($result.TestNumber).$($testDef.TestFileName -replace '\.ps1$').csv"
                    if ($result.Details.Count -eq 0) {
                        Write-Information "No results found for test number $($result.TestNumber)." -InformationAction Continue
                    }
                    else {
                        if (($result.Details -ne "No M365 E3 licenses found.") -and ($result.Details -ne "No M365 E5 licenses found.")) {
                            if ($ExportToExcel) {
                                $xlsxPath = [System.IO.Path]::ChangeExtension($fileName, '.xlsx')
                                $result.Details | Export-Excel -Path $xlsxPath -WorksheetName Table -TableName Table -AutoSize -TableStyle Medium2
                                $createdFiles += $xlsxPath # Add the created file to the array
                            }
                            else {
                                $result.Details | Export-Csv -Path $fileName -NoTypeInformation
                                $createdFiles += $fileName # Add the created file to the array
                            }
                            $exportedTests += $result.TestNumber
                        }
                    }
                }
            }
            if ($exportedTests.Count -gt 0) {
                Write-Information "The following tests were exported: $($exportedTests -join ', ')" -InformationAction Continue
            }
            else {
                if ($ExportOriginalTests) {
                    Write-Information "Full audit results exported however, none of the following tests had exports: `n1.1.1, 1.3.1, 6.1.2, 6.1.3, 7.3.4" -InformationAction Continue
                }
                else {
                    Write-Information "No specified tests were included in the export." -InformationAction Continue
                }
            }
            if ($ExportOriginalTests) {
                # Define the test numbers to check
                $TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
                # Check for large details and update the AuditResults array
                $updatedAuditResults = Get-ExceededLengthResultDetail -AuditResults $AuditResults -TestNumbersToCheck $TestNumbersToCheck -ExportedTests $exportedTests -DetailsLengthLimit 30000 -PreviewLineCount 25
                $originalFileName = "$ExportPath\$timestamp`_M365FoundationsAudit.csv"
                if ($ExportToExcel) {
                    $xlsxPath = [System.IO.Path]::ChangeExtension($originalFileName, '.xlsx')
                    $updatedAuditResults | Export-Excel -Path $xlsxPath -WorksheetName Table -TableName Table -AutoSize -TableStyle Medium2
                    $createdFiles += $xlsxPath # Add the created file to the array
                }
                else {
                    $updatedAuditResults | Export-Csv -Path $originalFileName -NoTypeInformation
                    $createdFiles += $originalFileName # Add the created file to the array
                }
            }
            # Hash each file and add it to a dictionary
            # Hash each file and save the hashes to a text file
            $hashFilePath = "$ExportPath\$timestamp`_Hashes.txt"
            $fileHashes = @()
            foreach ($file in $createdFiles) {
                $hash = Get-FileHash -Path $file -Algorithm SHA256
                $fileHashes += "$($file): $($hash.Hash)"
            }
            $fileHashes | Set-Content -Path $hashFilePath
            $createdFiles += $hashFilePath # Add the hash file to the array
            # Create a zip file and add all the created files
            $zipFilePath = "$ExportPath\$timestamp`_M365FoundationsAudit.zip"
            Compress-Archive -Path $createdFiles -DestinationPath $zipFilePath
            # Remove the original files after they have been added to the zip
            foreach ($file in $createdFiles) {
                Remove-Item -Path $file -Force
            }
            # Compute the hash for the zip file and rename it
            $zipHash = Get-FileHash -Path $zipFilePath -Algorithm SHA256
            $newZipFilePath = "$ExportPath\$timestamp`_M365FoundationsAudit_$($zipHash.Hash.Substring(0, 8)).zip"
            Rename-Item -Path $zipFilePath -NewName $newZipFilePath
            # Output the zip file path with hash
            [PSCustomObject]@{
                ZipFilePath = $newZipFilePath
            }
        } # End of ExportPath
        elseif ($OutputTestNumber) {
            if ($results[0].Details) {
                return $results[0].Details
            }
-            else {
+            throw "No results found for test $OutputTestNumber."
-                Write-Information "No results found for test number $($OutputTestNumber)." -InformationAction Continue
+        }
        #--- File export: DefaultExport or OnlyExportNestedTables ---
        if (-not $ExportPath) {
            throw 'ExportPath is required for file export.'
        }
        if ($PSCmdlet.ShouldProcess($ExportPath, 'Export and archive audit results')) {
            # Ensure directory
            if (-not (Test-Path $ExportPath)) { New-Item -Path $ExportPath -ItemType Directory -Force | Out-Null }
            $timestamp     = (Get-Date).ToString('yyyy.MM.dd_HH.mm.ss')
            $exportedTests = @()
            # Always truncate large details before writing files
            Write-Verbose 'Truncating oversized details...'
            $truncatedAudit = Get-ExceededLengthResultDetail `
                -AuditResults       $AuditResults `
                -TestNumbersToCheck $nestedTests `
                -ExportedTests      $exportedTests `
                -DetailsLengthLimit 30000 `
                -PreviewLineCount   25
            #--- Export nested tables ---
            Write-Verbose "[$($PSCmdlet.ParameterSetName)] exporting nested table CSV/XLSX..."
            foreach ($entry in $results) {
                if (-not $entry.Details) { continue }
                $name = "$timestamp`_$($entry.TestNumber)"
                $csv  = Join-Path $ExportPath "$name.csv"
                if ($ExportToExcel) {
                    $xlsx = [IO.Path]::ChangeExtension($csv, '.xlsx')
                    $entry.Details | Export-Excel -Path $xlsx -WorksheetName Table -TableName Table -AutoSize -TableStyle Medium2
                    $createdFiles.Add($xlsx)
                } else {
                    $entry.Details | Export-Csv -Path $csv -NoTypeInformation
                    $createdFiles.Add($csv)
                }
                $exportedTests += $entry.TestNumber
            }
            if ($exportedTests.Count) {
                Write-Information "Exported nested tables: $($exportedTests -join ', ')"
            } elseif ($OnlyExportNestedTables) {
                Write-Warning 'No nested data to export.'
            }
            #--- Summary export (DefaultExport only) ---
            if ($PSCmdlet.ParameterSetName -eq 'DefaultExport') {
                Write-Verbose 'Exporting full summary with truncated details...'
                $base = "${timestamp}_${Prefix}-M365FoundationsAudit"
                $out  = Join-Path $ExportPath "$base.csv"
                if ($ExportToExcel) {
                    $xlsx = [IO.Path]::ChangeExtension($out, '.xlsx')
                    $truncatedAudit | select-object * | Export-Excel -Path $xlsx -WorksheetName Table -TableName Table -AutoSize -TableStyle Medium2
                    $createdFiles.Add($xlsx)
                } else {
                    Write-Verbose "Exporting to Path: $out"
                    $truncatedAudit | select-object * | Export-Csv -Path $out -NoTypeInformation
                    $createdFiles.Add($out)
                }
                Write-Information 'Exported summary of all audit results.'
            }
            #--- Hash & ZIP ---
            Write-Verbose 'Computing file hashes...'
            $hashFile = Join-Path $ExportPath "$timestamp`_${Prefix}-Hashes.txt"
            $createdFiles | ForEach-Object {
                $h = Get-FileHash -Path $_ -Algorithm SHA256
                "$([IO.Path]::GetFileName($_)): $($h.Hash)"
            } | Set-Content -Path $hashFile
            $createdFiles.Add($hashFile)
            Write-Verbose 'Creating ZIP archive...'
            $zip = Join-Path $ExportPath "$timestamp`_${Prefix}-M365FoundationsAudit.zip"
            Compress-Archive -Path $createdFiles -DestinationPath $zip -Force
            $createdFiles | Remove-Item -Force
            # Rename to include short hash
            $zHash  = Get-FileHash -Path $zip -Algorithm SHA256
            $final  = Join-Path $ExportPath ("$timestamp`_${Prefix}-M365FoundationsAudit_$($zHash.Hash.Substring(0,8)).zip")
            Rename-Item -Path $zip -NewName (Split-Path $final -Leaf)
            return [PSCustomObject]@{ ZipFilePath = $final }
        }
    }
        else {
            Write-Error "No valid operation specified. Please provide valid parameters."
        }
        # Output the created files at the end
        #if ($createdFiles.Count -gt 0) {
        ###########    $createdFiles
        #}
    }
 }
--- a/source/Public/Get-AdminRoleUserLicense.ps1
+++ b/source/Public/Get-AdminRoleUserLicense.ps1
@@ -34,7 +34,7 @@ function Get-AdminRoleUserLicense {
    begin {
        if (-not $SkipGraphConnection) {
-            Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome
+            Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" | Out-Null
        }
        $adminRoleUsers = [System.Collections.ArrayList]::new()
--- a/source/Public/Get-M365SecurityAuditRecNumberList.ps1
+++ b/source/Public/Get-M365SecurityAuditRecNumberList.ps1
@@ -0,0 +1,29 @@
 function Get-M365SecurityAuditRecNumberList {
    param (
        [ValidateSet('3.0.0', '4.0.0')]
        [string]$Version
    )
    switch ($Version) {
        '3.0.0' {
            # Define the Rec numbers for version 3.0.0
            $recNumbers_3_0_0 = @(
                '1.1.1', '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9',
                '3.1.1', '5.1.2.3', '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '7.2.1',
                '7.2.2', '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.2.10', '7.3.1', '7.3.2', '7.3.4', '8.1.1', '8.1.2', '8.2.1',
                '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', '8.5.7', '8.6.1'
            )
            return $recNumbers_3_0_0
        }
        '4.0.0' {
            # Define the Rec numbers for version 4.0.0
            $recNumbers_4_0_0 = @(
                '1.1.1', '1.1.3', '1.1.4', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.11', '2.1.12', '2.1.13', '2.1.14', '2.1.2',
                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.1.4', '6.2.1',
                '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7',
                '7.2.9', '7.3.1', '7.3.2', '7.3.4', '8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', '8.5.7',
                '8.6.1'
            )
            return $recNumbers_4_0_0
        }
    }
 }
--- a/source/Public/Invoke-M365SecurityAudit.ps1
+++ b/source/Public/Invoke-M365SecurityAudit.ps1
@@ -1,214 +1,202 @@
 <#
    .SYNOPSIS
-        Invokes a security audit for Microsoft 365 environments.
+        Perform a CIS‑aligned security audit of a Microsoft 365 tenant.
    .DESCRIPTION
-        The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters. It allows auditing of various configurations and settings within a Microsoft 365 environment, such as compliance with CIS benchmarks.
+        Invoke-M365SecurityAudit runs a series of CIS benchmark tests (v3.0.0 or v4.0.0) against your
        Microsoft 365 environment.  You can filter by domain, license level (E3/E5), profile level (L1/L2),
        IG levels, include or skip specific recommendations, and supply app‑based credentials.
        Results are returned as an array of CISAuditResult objects.
    .PARAMETER TenantAdminUrl
-        The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.
+        The SharePoint admin URL (e.g. https://contoso-admin.sharepoint.com).  If omitted, SPO tests are skipped.
    .PARAMETER DomainName
-        The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.
+        Limit domain‐specific tests (1.3.1, 2.1.9) to this domain (e.g. “contoso.com”).
    .PARAMETER ELevel
-        Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter.
+        License audit level (“E3” or “E5”).  Requires -ProfileLevel to also be specified.
    .PARAMETER ProfileLevel
-        Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter.
+        CIS profile level (“L1” or “L2”).  Mandatory when -ELevel is used.
    .PARAMETER IncludeIG1
-        If specified, includes tests where IG1 is true.
+        Include IG1‐only tests in the audit.
    .PARAMETER IncludeIG2
-        If specified, includes tests where IG2 is true.
+        Include IG2‐only tests in the audit.
    .PARAMETER IncludeIG3
-        If specified, includes tests where IG3 is true.
+        Include IG3‐only tests in the audit.
    .PARAMETER IncludeRecommendation
-        Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.
+        An array of specific recommendation IDs to include (e.g. '1.1.3','2.1.1').
    .PARAMETER SkipRecommendation
-        Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.
+        An array of specific recommendation IDs to exclude.
    .PARAMETER ApprovedCloudStorageProviders
-        Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
+        For test 8.1.1, list allowed storage providers (‘GoogleDrive’,’Box’,’ShareFile’,’DropBox’,’Egnyte’).
    .PARAMETER ApprovedFederatedDomains
-        Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
+        For test 8.2.1, list allowed federated domains (e.g. 'microsoft.com').
    .PARAMETER DoNotConnect
-        If specified, the cmdlet will not establish a connection to Microsoft 365 services.
+        Skip connecting to Microsoft 365 services; you must have an existing session.
    .PARAMETER DoNotDisconnect
-        If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.
+        Skip disconnecting from Microsoft 365 services at the end.
    .PARAMETER NoModuleCheck
-        If specified, the cmdlet will not check for the presence of required modules.
+        Skip installing/checking required PowerShell modules.
    .PARAMETER DoNotConfirmConnections
-        If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.
+        When connecting, do not prompt for “Proceed?” before authenticating.
-    .EXAMPLE
+    .PARAMETER AuthParams
-        PS> Invoke-M365SecurityAudit
+        A CISAuthenticationParameters object for certificate‑based app authentication.
-
+    .PARAMETER Version
-        Performs a security audit using default parameters.
+        CIS definitions version (“3.0.0” or “4.0.0”; default “4.0.0”).
        Output:
        Status      : Fail
        ELevel      : E3
        ProfileLevel: L1
        Connection  : Microsoft Graph
        Rec         : 1.1.1
        Result      : False
        Details     : Non-compliant accounts:
                        Username        | Roles                  | HybridStatus | Missing Licence
                        user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
                        user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
        FailureReason: Non-Compliant Accounts: 2
    .EXAMPLE
        PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1"
        Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
        Output:
        Status      : Fail
        ELevel      : E5
        ProfileLevel: L1
        Connection  : Microsoft Graph
        Rec         : 1.1.1
        Result      : False
        Details     : Non-compliant accounts:
                        Username        | Roles                  | HybridStatus | Missing Licence
                        user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
                        user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
        FailureReason: Non-Compliant Accounts: 2
    .EXAMPLE
        PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1
        Performs an audit including all tests where IG1 is true.
        Output:
        Status      : Fail
        ELevel      : E3
        ProfileLevel: L1
        Connection  : Microsoft Graph
        Rec         : 1.1.1
        Result      : False
        Details     : Non-compliant accounts:
                        Username        | Roles                  | HybridStatus | Missing Licence
                        user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
                        user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
        FailureReason: Non-Compliant Accounts: 2
    .EXAMPLE
        PS> Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
        Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
        Output:
        Status      : Fail
        ELevel      : E3
        ProfileLevel: L1
        Connection  : Microsoft Graph
        Rec         : 1.1.1
        Result      : False
        Details     : Non-compliant accounts:
                        Username        | Roles                  | HybridStatus | Missing Licence
                        user1@domain.com| Global Administrator   | Cloud-Only   | AAD_PREMIUM
                        user2@domain.com| Global Administrator   | Hybrid       | AAD_PREMIUM, AAD_PREMIUM_P2
        FailureReason: Non-Compliant Accounts: 2
    .EXAMPLE
        PS> $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com"
        PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
        Captures the audit results into a variable and exports them to a CSV file.
        Output:
        CISAuditResult[]
        auditResults.csv
    .EXAMPLE
        PS> Invoke-M365SecurityAudit -WhatIf
        Displays what would happen if the cmdlet is run without actually performing the audit.
        Output:
        What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment".
    .INPUTS
-        None. You cannot pipe objects to Invoke-M365SecurityAudit.
+        None; this cmdlet does not accept pipeline input.
    .OUTPUTS
-        CISAuditResult[]
+        CISAuditResult[] — an array of PSCustomObjects representing each test’s outcome.
-        The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
+    .EXAMPLE
-    .NOTES
+        # Quick audit with defaults (v4.0.0)
-        - This module is based on CIS benchmarks.
+        Invoke-M365SecurityAudit
-        - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
+    .EXAMPLE
-        - Commercial use is not permitted. This module cannot be sold or used for commercial purposes.
+        # Audit E5, level L1, for a single domain:
-        - Modifications and sharing are allowed under the same license.
+        Invoke-M365SecurityAudit -TenantAdminUrl 'https://contoso-admin.sharepoint.com' `
-        - For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en
+            -DomainName 'contoso.com' -ELevel E5 -ProfileLevel L1
-        - Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks
+    .EXAMPLE
        # Only include specific recommendations:
        Invoke-M365SecurityAudit -IncludeRecommendation '1.1.3','2.1.1'
    .EXAMPLE
        # App‑only auth + skip confirmation:
        $auth = New-M365SecurityAuditAuthObject -ClientId ... -ClientCertThumbPrint ...
        Invoke-M365SecurityAudit -AuthParams $auth -DoNotConfirmConnections
    .LINK
        https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit
 #>
 function Invoke-M365SecurityAudit {
-    [CmdletBinding(SupportsShouldProcess = $true, DefaultParameterSetName = 'Default')]
+    # Add confirm to high
    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High' , DefaultParameterSetName = 'Default')]
    [OutputType([CISAuditResult[]])]
    param (
        [Parameter(Mandatory = $false, HelpMessage = "The SharePoint tenant admin URL, which should end with '-admin.sharepoint.com'. If not specified none of the Sharepoint Online tests will run.")]
        [ValidatePattern('^https://[a-zA-Z0-9-]+-admin\.sharepoint\.com$')]
-        [string]$TenantAdminUrl,
+        [string]
        $TenantAdminUrl,
        [Parameter(Mandatory = $false, HelpMessage = "Specify this to test only the default domain for password expiration and DKIM Config for tests '1.3.1' and 2.1.9. The domain name of your organization, e.g., 'example.com'.")]
        [ValidatePattern('^[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$')]
-        [string]$DomainName,
+        [string]
        $DomainName,
        # E-Level with optional ProfileLevel selection
-        [Parameter(Mandatory = $true, ParameterSetName = 'ELevelFilter', HelpMessage = "Specifies the E-Level (E3 or E5) for the audit.")]
+        [Parameter(Mandatory = $true, ParameterSetName = 'ELevelFilter', HelpMessage = 'Specifies the E-Level (E3 or E5) for the audit.')]
        [ValidateSet('E3', 'E5')]
-        [string]$ELevel,
+        [string]
-        [Parameter(Mandatory = $true, ParameterSetName = 'ELevelFilter', HelpMessage = "Specifies the profile level (L1 or L2) for the audit.")]
+        $ELevel,
        [Parameter(Mandatory = $true, ParameterSetName = 'ELevelFilter', HelpMessage = 'Specifies the profile level (L1 or L2) for the audit.')]
        [ValidateSet('L1', 'L2')]
-        [string]$ProfileLevel,
+        [string]
        $ProfileLevel,
        # IG Filters, one at a time
-        [Parameter(Mandatory = $true, ParameterSetName = 'IG1Filter', HelpMessage = "Includes tests where IG1 is true.")]
+        [Parameter(Mandatory = $true, ParameterSetName = 'IG1Filter', HelpMessage = 'Includes tests where IG1 is true.')]
-        [switch]$IncludeIG1,
+        [switch]
-        [Parameter(Mandatory = $true, ParameterSetName = 'IG2Filter', HelpMessage = "Includes tests where IG2 is true.")]
+        $IncludeIG1,
-        [switch]$IncludeIG2,
+        [Parameter(Mandatory = $true, ParameterSetName = 'IG2Filter', HelpMessage = 'Includes tests where IG2 is true.')]
-        [Parameter(Mandatory = $true, ParameterSetName = 'IG3Filter', HelpMessage = "Includes tests where IG3 is true.")]
+        [switch]
-        [switch]$IncludeIG3,
+        $IncludeIG2,
        [Parameter(Mandatory = $true, ParameterSetName = 'IG3Filter', HelpMessage = 'Includes tests where IG3 is true.')]
        [switch]
        $IncludeIG3,
        # Inclusion of specific recommendation numbers
-        [Parameter(Mandatory = $true, ParameterSetName = 'RecFilter', HelpMessage = "Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.")]
+        [Parameter(Mandatory = $true, ParameterSetName = 'RecFilter', HelpMessage = 'Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.')]
        [ValidateSet(
-            '1.1.1', '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
+            '1.1.1', '1.1.3', '1.1.4', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
-                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', `
+                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '2.1.11', '2.1.12', '2.1.13', `
-                '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', `
+                '2.1.14', '3.1.1', '5.1.2.3', '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.1.4', '6.2.1', `
-                '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', '7.2.3', '7.2.4', `
+                '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', `
-                '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.3.1', '7.3.2', '7.3.4', '8.1.1', `
+                '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.3.1', '7.3.2', '7.3.4', `
-                '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', `
+                '8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', `
                '8.5.7', '8.6.1'
        )]
-        [string[]]$IncludeRecommendation,
+        [string[]]
        $IncludeRecommendation,
        # Exclusion of specific recommendation numbers
-        [Parameter(Mandatory = $true, ParameterSetName = 'SkipRecFilter', HelpMessage = "Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.")]
+        [Parameter(Mandatory = $true, ParameterSetName = 'SkipRecFilter', HelpMessage = 'Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.')]
        [ValidateSet(
-            '1.1.1', '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
+            '1.1.1', '1.1.3', '1.1.4', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
-                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', `
+                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '2.1.11', '2.1.12', '2.1.13', `
-                '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', `
+                '2.1.14', '3.1.1', '5.1.2.3', '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.1.4', '6.2.1', `
-                '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', '7.2.3', '7.2.4', `
+                '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', `
-                '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.3.1', '7.3.2', '7.3.4', '8.1.1', `
+                '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.3.1', '7.3.2', '7.3.4', `
-                '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', `
+                '8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', `
                '8.5.7', '8.6.1'
        )]
-        [string[]]$SkipRecommendation,
+        [string[]]
        $SkipRecommendation,
        # Common parameters for all parameter sets
-        [Parameter(Mandatory = $false, HelpMessage = "Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.")]
+        [Parameter(Mandatory = $false, HelpMessage = 'Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.')]
        [ValidateSet(
            'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte'
        )]
-        [string[]]$ApprovedCloudStorageProviders = @(),
+        [string[]]
-        [Parameter(Mandatory = $false, HelpMessage = "Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.")]
+        $ApprovedCloudStorageProviders = @(),
        [Parameter(Mandatory = $false, HelpMessage = 'Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.')]
        [ValidatePattern('^[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$')]
-        [string[]]$ApprovedFederatedDomains,
+        [string[]]
-        [Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not establish a connection to Microsoft 365 services.")]
+        $ApprovedFederatedDomains,
-        [switch]$DoNotConnect,
+        [Parameter(Mandatory = $false, HelpMessage = 'Specifies that the cmdlet will not establish a connection to Microsoft 365 services.')]
-        [Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not disconnect from Microsoft 365 services after execution.")]
+        [switch]
-        [switch]$DoNotDisconnect,
+        $DoNotConnect,
-        [Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not check for the presence of required modules.")]
+        [Parameter(Mandatory = $false, HelpMessage = 'Specifies that the cmdlet will not disconnect from Microsoft 365 services after execution.')]
-        [switch]$NoModuleCheck,
+        [switch]
-        [Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.")]
+        $DoNotDisconnect,
-        [switch]$DoNotConfirmConnections
+        [Parameter(Mandatory = $false, HelpMessage = 'Specifies that the cmdlet will not check for the presence of required modules.')]
        [switch]
        $NoModuleCheck,
        [Parameter(Mandatory = $false, HelpMessage = 'Specifies that the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.')]
        [switch]
        $DoNotConfirmConnections,
        [Parameter(Mandatory = $false, HelpMessage = 'Specifies an authentication object containing parameters for application-based authentication.')]
        [CISAuthenticationParameters]
        $AuthParams,
        [Parameter(Mandatory = $false, HelpMessage = "Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are '3.0.0' or '4.0.0'.")]
        [ValidateSet('3.0.0', '4.0.0')]
        [string]
        $Version = '4.0.0'
    )
-    Begin {
+    begin {
        if ($script:MaximumFunctionCount -lt 8192) {
            Write-Verbose "Setting the `$script:MaximumFunctionCount to 8192 for the test run."
            $script:MaximumFunctionCount = 8192
        }
        if ($AuthParams) {
            $script:PnpAuth = $true
            $defaultPNPUpdateCheck = $env:PNPPOWERSHELL_UPDATECHECK
            $env:PNPPOWERSHELL_UPDATECHECK = 'Off'
        }
        # Check for 4.0.0 specific tests when in 3.0.0 mode
        # Test variables for testing 3.0.0 specific tests for included 4.0.0 tests
        $recNumbersToCheck = @('1.1.4', '2.1.11', '2.1.12', '2.1.13', '2.1.14', '6.1.4')
        # $IncludeRecommendation = '1.1.1','1.1.4'
        # $Version = '3.0.0'
        if ($IncludeRecommendation) {
            if ($Version -ne '4.0.0') {
                $foundRecNumbers = @()
                foreach ($rec in $recNumbersToCheck) {
                    if ($IncludeRecommendation -contains $rec) {
                        $foundRecNumbers += $rec
                    }
                }
                if ($foundRecNumbers.Count -gt 0) {
                    throw "Check the '-IncludeRecommendation' parameter. The following test numbers are not available in the 3.0.0 version: $($foundRecNumbers -join ', ')"
                }
            }
        }
        # Ensure required modules are installed
        $requiredModules = Get-RequiredModule -AuditFunction
        # Format the required modules list
        $requiredModulesFormatted = Format-RequiredModuleList -RequiredModules $requiredModules
        # Check and install required modules if necessary
-        if (!($NoModuleCheck) -and $PSCmdlet.ShouldProcess("Check for required modules: $requiredModulesFormatted", "Check")) {
+        if (!($NoModuleCheck) -and $PSCmdlet.ShouldProcess("Install Modules: $requiredModulesFormatted", 'Assert-ModuleAvailability')) {
-            Write-Host "Checking for and installing required modules..." -ForegroundColor DarkMagenta
+            Write-Information 'Checking for and installing required modules...'
            foreach ($module in $requiredModules) {
                Assert-ModuleAvailability -ModuleName $module.ModuleName -RequiredVersion $module.RequiredVersion -SubModules $module.SubModules
            }
        }
-        # Load test definitions from CSV
+        elseif ($script:PnpAuth = $true) {
-        $testDefinitionsPath = Join-Path -Path $PSScriptRoot -ChildPath "helper\TestDefinitions.csv"
+            # Ensure MgGraph assemblies are loaded prior to running PnP cmdlets
-        $testDefinitions = Import-Csv -Path $testDefinitionsPath
+            Get-MgGroup -Top 1 -ErrorAction SilentlyContinue | Out-Null
        }
        $Script:CISVersion = $Version
        # Call the function to load and merge test definitions
        $testDefinitions = Get-TestDefinition -Version $Version
        # Load the Test Definitions into the script scope for use in other functions
        $script:TestDefinitionsObject = $testDefinitions
        # Apply filters based on parameter sets
@@ -228,7 +216,7 @@ function Invoke-M365SecurityAudit {
                $requiredConnections = $requiredConnections | Where-Object { $_ -ne 'SPO' }
                $testDefinitions = $testDefinitions | Where-Object { $_.Connection -ne 'SPO' }
                if ($null -eq $testDefinitions) {
-                    throw "No tests to run as no SharePoint Online tests are available."
+                    throw 'No tests to run as no SharePoint Online tests are available.'
                }
            }
        }
@@ -239,39 +227,41 @@ function Invoke-M365SecurityAudit {
        # Initialize a collection to hold failed test details
        $script:FailedTests = [System.Collections.ArrayList]::new()
    } # End Begin
-    Process {
+    process {
        $allAuditResults = [System.Collections.ArrayList]::new() # Initialize a collection to hold all results
        # Dynamically dot-source the test scripts
-        $testsFolderPath = Join-Path -Path $PSScriptRoot -ChildPath "tests"
+        $testsFolderPath = Join-Path -Path $PSScriptRoot -ChildPath 'tests'
-        $testFiles = Get-ChildItem -Path $testsFolderPath -Filter "Test-*.ps1" |
+        $testFiles = Get-ChildItem -Path $testsFolderPath -Filter 'Test-*.ps1' |
        Where-Object { $testsToLoad -contains $_.BaseName }
        $totalTests = $testFiles.Count
        $currentTestIndex = 0
        # Establishing connections if required
        try {
            $actualUniqueConnections = Get-UniqueConnection -Connections $requiredConnections
-            if (!($DoNotConnect) -and $PSCmdlet.ShouldProcess("Establish connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')", "Connect")) {
+            if (!($DoNotConnect) -and $PSCmdlet.ShouldProcess("Establish connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')", 'Connect')) {
-                Write-Host "Establishing connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')" -ForegroundColor DarkMagenta
+                Write-Information "Establishing connections to Microsoft 365 services: $($actualUniqueConnections -join ', ')"
-                Connect-M365Suite -TenantAdminUrl $TenantAdminUrl -RequiredConnections $requiredConnections -SkipConfirmation:$DoNotConfirmConnections
+                Connect-M365Suite -TenantAdminUrl $TenantAdminUrl -RequiredConnections $requiredConnections -SkipConfirmation:$DoNotConfirmConnections -AuthParams $AuthParams
            }
        }
        catch {
-            Write-Host "Connection execution aborted: $_" -ForegroundColor Red
+            throw "Connection execution aborted: $_"
            break
        }
    }
    end {
        try {
-            Write-Host "A total of $($totalTests) tests were selected to run..." -ForegroundColor DarkMagenta
+            if ($PSCmdlet.ShouldProcess("Measure and display audit results for $($totalTests) tests", 'Measure')) {
                Write-Information "A total of $($totalTests) tests were selected to run..."
                # Import the test functions
                $testFiles | ForEach-Object {
                    $currentTestIndex++
-                Write-Progress -Activity "Loading Test Scripts" -Status "Loading $($currentTestIndex) of $($totalTests): $($_.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
+                    Write-Progress -Activity 'Loading Test Scripts' -Status "Loading $($currentTestIndex) of $($totalTests): $($_.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
-                Try {
+                    try {
                        # Dot source the test function
                        . $_.FullName
                    }
-                Catch {
+                    catch {
                        # Log the error and add the test to the failed tests collection
-                    Write-Verbose "Failed to load test function $($_.Name): $_" -Verbose
+                        Write-Verbose "Failed to load test function $($_.Name): $_"
                        $script:FailedTests.Add([PSCustomObject]@{ Test = $_.Name; Error = $_ })
                    }
                }
@@ -279,42 +269,41 @@ function Invoke-M365SecurityAudit {
                # Execute each test function from the prepared list
                foreach ($testFunction in $testFiles) {
                    $currentTestIndex++
-                Write-Progress -Activity "Executing Tests" -Status "Executing $($currentTestIndex) of $($totalTests): $($testFunction.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
+                    Write-Progress -Activity 'Executing Tests' -Status "Executing $($currentTestIndex) of $($totalTests): $($testFunction.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
                    $functionName = $testFunction.BaseName
-                if ($PSCmdlet.ShouldProcess($functionName, "Execute test")) {
+                    Write-Information "Executing test function: $functionName"
                    $auditResult = Invoke-TestFunction -FunctionFile $testFunction -DomainName $DomainName -ApprovedCloudStorageProviders $ApprovedCloudStorageProviders -ApprovedFederatedDomains $ApprovedFederatedDomains
                    # Add the result to the collection
                    [void]$allAuditResults.Add($auditResult)
                }
                # Call the private function to calculate and display results
                Measure-AuditResult -AllAuditResults $allAuditResults -FailedTests $script:FailedTests
                # Return all collected audit results
                # Define the test numbers to check
                $TestNumbersToCheck = '1.1.1', '1.3.1', '6.1.2', '6.1.3', '7.3.4'
                # Check for large details in the audit results
                $exceedingTests = Get-ExceededLengthResultDetail -AuditResults $allAuditResults -TestNumbersToCheck $TestNumbersToCheck -ReturnExceedingTestsOnly -DetailsLengthLimit 30000
                if ($exceedingTests.Count -gt 0) {
                    Write-Information "The following tests exceeded the details length limit: $($exceedingTests -join ', ')"
                    Write-Information "( Assuming the results were instantiated. Ex: `$object = invoke-M365SecurityAudit )`nUse the following command and adjust as necessary to view the full details of the test results:"
                    Write-Information "Export-M365SecurityAuditTable -ExportAllTests -AuditResults `$object -ExportPath `"C:\temp`" -ExportOriginalTests"
                }
                # return $allAuditResults.ToArray() | Sort-Object -Property Rec
                # TODO Check if this fixes export-table.
                return $allAuditResults | Sort-Object -Property Rec
            }
        }
        catch {
            # Log the error and add the test to the failed tests collection
-            Write-Verbose "Invoke-M365SecurityAudit: Failed to load test function $($_.Name): $_" -Verbose
+            throw "Failed to execute test function $($testFunction.Name): $_"
            $script:FailedTests.Add([PSCustomObject]@{ Test = $_.Name; Error = $_ })
        }
        finally {
-            if (!($DoNotDisconnect) -and $PSCmdlet.ShouldProcess("Disconnect from Microsoft 365 services: $($actualUniqueConnections -join ', ')", "Disconnect")) {
+            $env:PNPPOWERSHELL_UPDATECHECK = $defaultPNPUpdateCheck
            if (!($DoNotDisconnect) -and $PSCmdlet.ShouldProcess("Disconnect from Microsoft 365 services: $($actualUniqueConnections -join ', ')", 'Disconnect')) {
                # Clean up sessions
                Disconnect-M365Suite -RequiredConnections $requiredConnections
            }
        }
    }
    End {
        if ($PSCmdlet.ShouldProcess("Measure and display audit results for $($totalTests) tests", "Measure")) {
            # Call the private function to calculate and display results
            Measure-AuditResult -AllAuditResults $allAuditResults -FailedTests $script:FailedTests
            # Return all collected audit results
            # Define the test numbers to check
            $TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
            # Check for large details in the audit results
            $exceedingTests = Get-ExceededLengthResultDetail -AuditResults $allAuditResults -TestNumbersToCheck $TestNumbersToCheck -ReturnExceedingTestsOnly -DetailsLengthLimit 30000
            if ($exceedingTests.Count -gt 0) {
                Write-Information "The following tests exceeded the details length limit: $($exceedingTests -join ', ')" -InformationAction Continue
                Write-Host "(Assuming the results were instantiated. Ex: `$object = invoke-M365SecurityAudit) Use the following command and adjust as neccesary to view the full details of the test results:" -ForegroundColor DarkCyan
                Write-Host "Export-M365SecurityAuditTable -ExportAllTests -AuditResults `$object -ExportPath `"C:\temp`" -ExportOriginalTests" -ForegroundColor Green
            }
            return $allAuditResults.ToArray() | Sort-Object -Property Rec
        }
    }
 }
--- a/source/Public/New-M365SecurityAuditAuthObject.ps1
+++ b/source/Public/New-M365SecurityAuditAuthObject.ps1
@@ -0,0 +1,65 @@
 <#
    .SYNOPSIS
        Creates a new CISAuthenticationParameters object for Microsoft 365 authentication.
    .DESCRIPTION
        The New-M365SecurityAuditAuthObject function constructs a new CISAuthenticationParameters object
        containing the necessary credentials and URLs for authenticating to various Microsoft 365 services.
        It validates input parameters to ensure they conform to expected formats and length requirements.
        An app registration in Azure AD with the required permissions to EXO, SPO, MSTeams and MgGraph is needed.
    .PARAMETER ClientCertThumbPrint
        The thumbprint of the client certificate used for authentication. It must be a 40-character hexadecimal string.
        This certificate is used to authenticate the application in Azure AD.
    .PARAMETER ClientId
        The Client ID (Application ID) of the Azure AD application. It must be a valid GUID format.
    .PARAMETER TenantId
        The Tenant ID of the Azure AD directory. It must be a valid GUID format representing your Microsoft 365 tenant.
    .PARAMETER OnMicrosoftUrl
        The URL of your onmicrosoft.com domain. It should be in the format 'example.onmicrosoft.com'.
    .PARAMETER SpAdminUrl
        The SharePoint admin URL, which should end with '-admin.sharepoint.com'. This URL is used for connecting to SharePoint Online.
    .INPUTS
        None. You cannot pipe objects to this function.
    .OUTPUTS
        CISAuthenticationParameters
            The function returns an instance of the CISAuthenticationParameters class containing the authentication details.
    .EXAMPLE
        PS> $authParams = New-M365SecurityAuditAuthObject -ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" `
                                                            -ClientId "12345678-1234-1234-1234-123456789012" `
                                                            -TenantId "12345678-1234-1234-1234-123456789012" `
                                                            -OnMicrosoftUrl "yourcompany.onmicrosoft.com" `
                                                            -SpAdminUrl "https://yourcompany-admin.sharepoint.com"
        Creates a new CISAuthenticationParameters object with the specified credentials and URLs, validating each parameter's format and length.
    .NOTES
        Requires PowerShell 7.0 or later.
        https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps
 #>
 function New-M365SecurityAuditAuthObject {
    [CmdletBinding()]
    [OutputType([CISAuthenticationParameters])]
    param(
        [Parameter(Mandatory = $true, HelpMessage = "The 40-character hexadecimal thumbprint of the client certificate.")]
        [ValidatePattern("^[0-9a-fA-F]{40}$")]  # Regex for a valid thumbprint format
        [ValidateLength(40, 40)]  # Enforce exact length
        [string]$ClientCertThumbPrint,
        [Parameter(Mandatory = $true, HelpMessage = "The Client ID (GUID format) of the Azure AD application.")]
        [ValidatePattern("^[0-9a-fA-F\-]{36}$")]  # Regex for a valid GUID
        [string]$ClientId,
        [Parameter(Mandatory = $true, HelpMessage = "The Tenant ID (GUID format) of the Azure AD directory.")]
        [ValidatePattern("^[0-9a-fA-F\-]{36}$")]  # Regex for a valid GUID
        [string]$TenantId,
        [Parameter(Mandatory = $true, HelpMessage = "The onmicrosoft.com domain URL (e.g., 'example.onmicrosoft.com').")]
        [ValidatePattern("^[a-zA-Z0-9]+\.onmicrosoft\.com$")]  # Regex for a valid onmicrosoft.com URL
        [string]$OnMicrosoftUrl,
        [Parameter(Mandatory = $true, HelpMessage = "The SharePoint admin URL ending with '-admin.sharepoint.com'.")]
        [ValidatePattern("^https:\/\/[a-zA-Z0-9\-]+\-admin\.sharepoint\.com$")]  # Regex for a valid SharePoint admin URL
        [string]$SpAdminUrl
    )
    # Create and return the authentication parameters object
    return [CISAuthenticationParameters]::new(
        $ClientCertThumbPrint,
        $ClientId,
        $TenantId,
        $OnMicrosoftUrl,
        $SpAdminUrl
    )
 }
--- a/source/Public/Remove-RowsWithEmptyCSVStatus.ps1
+++ b/source/Public/Remove-RowsWithEmptyCSVStatus.ps1
@@ -22,28 +22,21 @@ function Remove-RowsWithEmptyCSVStatus {
        [Parameter(Mandatory = $true)]
        [string]$WorksheetName
    )
    # Import the Excel file
    $ExcelData = Import-Excel -Path $FilePath -WorksheetName $WorksheetName
    # Check if CSV_Status column exists
    if (-not $ExcelData.PSObject.Properties.Match("CSV_Status")) {
        throw "CSV_Status column not found in the worksheet."
    }
    # Filter rows where CSV_Status is not empty
    $FilteredData = $ExcelData | Where-Object { $null -ne $_.CSV_Status -and $_.CSV_Status -ne '' }
    # Get the original file name and directory
    $OriginalFileName = [System.IO.Path]::GetFileNameWithoutExtension($FilePath)
    $Directory = [System.IO.Path]::GetDirectoryName($FilePath)
    # Create a new file name for the filtered data
    $NewFileName = "$OriginalFileName-Filtered.xlsx"
    $NewFilePath = Join-Path -Path $Directory -ChildPath $NewFileName
    # Export the filtered data to a new Excel file
    $FilteredData | Export-Excel -Path $NewFilePath -WorksheetName $WorksheetName -Show
    Write-Output "Filtered Excel file created at $NewFilePath"
 }
--- a/source/en-US/M365FoundationsCISReport-help.xml
+++ b/source/en-US/M365FoundationsCISReport-help.xml
--- a/source/en-US/about_M365FoundationsCISReport.help.txt
+++ b/source/en-US/about_M365FoundationsCISReport.help.txt
@@ -30,9 +30,11 @@ Optional Subtopics
 EXAMPLES
    # Example 1: Performing a security audit based on CIS benchmarks
    $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
    $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com"
-    # Example 2: Exporting a security audit table to a CSV file
+    # Example 2: Exporting a security audit and it's nested tables to zipped CSV files
-    Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests
+    Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp"
        # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
    # Example 3: Retrieving licenses for users in administrative roles
    Get-AdminRoleUserLicense
@@ -49,6 +51,14 @@ EXAMPLES
    # Example 7: Granting Microsoft Graph permissions to the auditor
    Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com'
    # Example 8: (PowerShell 7.x Only) Creating a new authentication object for the security audit for app-based authentication.
    $authParams = New-M365SecurityAuditAuthObject -ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" `
                                                                -ClientId "12345678-1234-1234-1234-123456789012" `
                                                                -TenantId "12345678-1234-1234-1234-123456789012" `
                                                                -OnMicrosoftUrl "yourcompany.onmicrosoft.com" `
                                                                -SpAdminUrl "https://yourcompany-admin.sharepoint.com"
    Invoke-M365SecurityAudit -AuthParams $authParams -TenantAdminUrl "https://yourcompany-admin.sharepoint.com"
 NOTE
    Ensure that you have the necessary permissions and administrative roles in
    your Microsoft 365 environment to run these cmdlets. Proper configuration
--- a/source/helper/TestDefinitions-v4.0.0.csv
+++ b/source/helper/TestDefinitions-v4.0.0.csv
@@ -0,0 +1,9 @@
 Index,TestFileName,Rec,RecDescription,ELevel,ProfileLevel,CISControl,CISDescription,IG1,IG2,IG3,Automated,Connection
 1,Test-AdministrativeAccountCompliance4.ps1,1.1.1,Ensure Administrative accounts are cloud-only,E3,L1,5.4,Restrict Administrator Privileges to Dedicated Administrator Accounts,TRUE,TRUE,TRUE,TRUE,Microsoft Graph
 2,Test-AdminAccountLicenses.ps1,1.1.4,Ensure administrative accounts use licenses with a reduced application footprint,E3,L1,5.4,Restrict Administrator Privileges to Dedicated Administrator Accounts,TRUE,TRUE,TRUE,TRUE,Microsoft Graph
 3,Test-AntiPhishingPolicy4.ps1,2.1.7,Ensure that an anti-phishing policy has been created,E5,L2,9.7,Deploy and Maintain Email Server Anti-Malware Protections,FALSE,FALSE,TRUE,TRUE,EXO
 4,Test-AttachmentFiltering.ps1,2.1.11,Ensure comprehensive attachment filtering is applied,E3,L2,9.6,Block unnecessary file types attempting to enter the enterprise’s email gateway,FALSE,TRUE,TRUE,TRUE,EXO
 5,Test-ConnectionFilterIPAllowList.ps1,2.1.12,Ensure the connection filter IP allow list is not used,E3,L1,9.7,Deploy and Maintain Email Server Anti-Malware Protections,FALSE,FALSE,TRUE,TRUE,EXO
 6,Test-ConnectionFilterSafeList.ps1,2.1.13,Ensure the connection filter safe list is off,E3,L1,9.7,Deploy and Maintain Email Server Anti-Malware Protections,FALSE,FALSE,TRUE,TRUE,EXO
 7,Test-InboundAntiSpamPolicies.ps1,2.1.14,Ensure inbound anti-spam policies do not contain allowed domains,E3,L1,9.7,Deploy and Maintain Email Server Anti-Malware Protections,FALSE,FALSE,TRUE,TRUE,EXO
 8,Test-AuditBypassEnabled.ps1,6.1.4,Ensure 'AuditBypassEnabled' is not enabled on mailboxes,E3,L1,8.5,"Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation",FALSE,TRUE,TRUE,TRUE,EXO
--- a/source/helper/TestDefinitions.csv
+++ b/source/helper/TestDefinitions.csv
@@ -2,7 +2,7 @@
 1,Test-AdministrativeAccountCompliance.ps1,1.1.1,Ensure Administrative accounts are separate and cloud-only,E3,L1,5.4,Restrict Administrator Privileges to Dedicated Administrator Accounts,TRUE,TRUE,TRUE,FALSE,Microsoft Graph
 2,Test-GlobalAdminsCount.ps1,1.1.3,Ensure that between two and four global admins are designated,E3,L1,5.1,Establish and Maintain an Inventory of Accounts,TRUE,TRUE,TRUE,TRUE,Microsoft Graph
 3,Test-ManagedApprovedPublicGroups.ps1,1.2.1,Ensure that only organizationally managed/approved public groups exist,E3,L2,3.3,Configure Data Access Control Lists,TRUE,TRUE,TRUE,TRUE,Microsoft Graph
-4,Test-BlockSharedMailboxSignIn.ps1,1.2.2,Ensure sign-in to shared mailboxes is blocked,E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,AzureAD | EXO
+4,Test-BlockSharedMailboxSignIn.ps1,1.2.2,Ensure sign-in to shared mailboxes is blocked,E3,L1,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,EXO | Microsoft Graph
 5,Test-PasswordNeverExpirePolicy.ps1,1.3.1,Ensure the 'Password expiration policy' is set to 'Set passwords to never expire',E3,L1,5.2,Use Unique Passwords,TRUE,TRUE,TRUE,TRUE,Microsoft Graph
 6,Test-ExternalSharingCalendars.ps1,1.3.3,Ensure 'External sharing' of calendars is not available,E3,L2,4.8,Uninstall or Disable Unnecessary Services on Enterprise Assets and Software,FALSE,TRUE,TRUE,TRUE,EXO
 7,Test-CustomerLockbox.ps1,1.3.6,Ensure the customer lockbox feature is enabled,E5,L2,0,Explicitly Not Mapped,FALSE,FALSE,FALSE,TRUE,EXO
--- a/source/tests/Test-AdminAccountLicenses.ps1
+++ b/source/tests/Test-AdminAccountLicenses.ps1
@@ -0,0 +1,55 @@
 function Test-AdminAccountLicenses {
    [CmdletBinding()]
    param ()
    begin {
        # The following conditions are checked:
        # Condition A: The administrative account is cloud-only (not synced).
        # Condition B: The account is assigned a valid license (e.g., Microsoft Entra ID P1 or P2).
        # Condition C: The administrative account does not have any other application assignments (only valid licenses).
        $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
        $RecNum = '1.1.4'
        Write-Verbose "Starting Test-AdministrativeAccountCompliance with Rec: $RecNum"
    }
    process {
        try {
            # Retrieve admin roles, assignments, and user details including licenses
            Write-Verbose 'Retrieving admin roles, assignments, and user details including licenses'
            $Report = Get-CISMgOutput -Rec $RecNum
            $NonCompliantUsers = $Report | Where-Object { $_.License -notin $validLicenses }
            # Generate failure reasons
            Write-Verbose 'Generating failure reasons for non-compliant users'
            $failureReasons = $nonCompliantUsers | ForEach-Object {
                "$($_.DisplayName)|$($_.UserPrincipalName)|$(if ($_.License) {$_.License}else{'No licenses found'})"
            }
            $failureReasons = $failureReasons -join "`n"
            $failureReason = if ($nonCompliantUsers) {
                "Non-Compliant Accounts without only a singular P1 or P2 license and no others: $($nonCompliantUsers.Count)"
            }
            else {
                "Compliant Accounts: $($uniqueAdminRoleUsers.Count)"
            }
            $result = $nonCompliantUsers.Count -eq 0
            $status = if ($result) { 'Pass' } else { 'Fail' }
            $details = if ($nonCompliantUsers) { "DisplayName | UserPrincipalName | License`n$failureReasons" } else { 'N/A' }
            Write-Verbose "Assessment completed. Result: $status"
            # Create the parameter splat
            $params = @{
                Rec           = $RecNum
                Result        = $result
                Status        = $status
                Details       = $details
                FailureReason = $failureReason
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            $LastError = $_
            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Output the result
        return $auditResult
    }
 }
 #   $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
--- a/source/tests/Test-AdministrativeAccountCompliance.ps1
+++ b/source/tests/Test-AdministrativeAccountCompliance.ps1
@@ -7,14 +7,14 @@ function Test-AdministrativeAccountCompliance {
        # Condition B: The account is assigned a valid license (e.g., Microsoft Entra ID P1 or P2).
        # Condition C: The administrative account does not have any other application assignments (only valid licenses).
        $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
-        $recnum = "1.1.1"
+        $RecNum = "1.1.1"
-        Write-Verbose "Starting Test-AdministrativeAccountCompliance with Rec: $recnum"
+        Write-Verbose "Starting Test-AdministrativeAccountCompliance with Rec: $RecNum"
    }
    process {
        try {
            # Retrieve admin roles, assignments, and user details including licenses
            Write-Verbose "Retrieving admin roles, assignments, and user details including licenses"
-            $adminRoleAssignments = Get-CISMgOutput -Rec $recnum
+            $adminRoleAssignments = Get-CISMgOutput -Rec $RecNum
            $adminRoleUsers = @()
            foreach ($roleName in $adminRoleAssignments.Keys) {
                $assignments = $adminRoleAssignments[$roleName]
@@ -80,7 +80,7 @@ function Test-AdministrativeAccountCompliance {
            Write-Verbose "Assessment completed. Result: $status"
            # Create the parameter splat
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $result
                Status        = $status
                Details       = $details
@@ -90,7 +90,7 @@ function Test-AdministrativeAccountCompliance {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-AdministrativeAccountCompliance4.ps1
+++ b/source/tests/Test-AdministrativeAccountCompliance4.ps1
@@ -0,0 +1,51 @@
 function Test-AdministrativeAccountCompliance4 {
    [CmdletBinding()]
    param ()
    begin {
        $RecNum = "1.1.1"
        Write-Verbose "Starting Test-AdministrativeAccountCompliance4 for Rec: $RecNum"
    }
    process {
        try {
            # Retrieve privileged users with OnPremisesSyncEnabled
            Write-Verbose "Retrieving data for privileged users"
            $PrivilegedUsers = Get-CISMgOutput -Rec $RecNum
            # Filter for users with OnPremisesSyncEnabled
            $NonCompliantUsers = $PrivilegedUsers | Where-Object { $_.OnPremisesSyncEnabled -eq $true }
            if ($NonCompliantUsers.Count -gt 0) {
                Write-Verbose "Non-compliant users found: $($NonCompliantUsers.Count)"
                # Generate pipe-delimited failure table as plain text
                $Header = "DisplayName|UserPrincipalName|OnPremisesSyncEnabled"
                $FailureRows = $NonCompliantUsers | ForEach-Object {
                    "$($_.DisplayName)|$($_.UserPrincipalName)|$($_.OnPremisesSyncEnabled)"
                }
                $Details = "$Header`n$($FailureRows -join "`n")"
                $Status = "Fail"
                $FailureReason = "Non-compliant accounts detected: $($NonCompliantUsers.Count)"
            }
            else {
                Write-Verbose "All accounts are compliant."
                $Details = "N/A"
                $Status = "Pass"
                $FailureReason = "All administrative accounts are cloud-only."
            }
            # Prepare audit result
            $Params = @{
                Rec           = $RecNum
                Result        = ($NonCompliantUsers.Count -eq 0)
                Status        = $Status
                Details       = $Details
                FailureReason = $FailureReason
            }
            $AuditResult = Initialize-CISAuditResult @Params
        }
        catch {
            Write-Error "Error during compliance check: $_"
            $AuditResult = Get-TestError -LastError $_ -RecNum $RecNum
        }
    }
    end {
        # Output result
        return $AuditResult
    }
 }
--- a/source/tests/Test-AntiPhishingPolicy.ps1
+++ b/source/tests/Test-AntiPhishingPolicy.ps1
@@ -3,8 +3,8 @@ function Test-AntiPhishingPolicy {
    [OutputType([CISAuditResult])]
    param ()
    begin {
-        $recnum = "2.1.7"
+        $RecNum = "2.1.7"
-        Write-Verbose "Running Test-AntiPhishingPolicy for $recnum..."
+        Write-Verbose "Running Test-AntiPhishingPolicy for $RecNum..."
        #. .\source\Classes\CISAuditResult.ps1
        <#
        Conditions for 2.1.7 (L1) Ensure robust anti-phishing policies are enforced
@@ -26,7 +26,7 @@ function Test-AntiPhishingPolicy {
            # Step 1: Retrieve all anti-phishing policies
            #$VerbosePreference = "Continue"
            Write-Verbose "Retrieving all anti-phishing policies..."
-            $antiPhishPolicies = Get-CISExoOutput -Rec $recnum
+            $antiPhishPolicies = Get-CISExoOutput -Rec $RecNum
            # Step 2: Initialize variables to track compliance and details
            $compliantPolicy = $null
            $details = @()
@@ -205,7 +205,7 @@ function Test-AntiPhishingPolicy {
            #$VerbosePreference = "SilentlyContinue"
            # Prepare the parameters for the audit result
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isOverallCompliant
                Status        = if ($isOverallCompliant) { "Pass" } else { "Fail" }
                Details       = $resultDetails
@@ -215,8 +215,8 @@ function Test-AntiPhishingPolicy {
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
-            Write-Error "An error occurred during the test: $_"
+            Write-Error "An error occurred during the test $RecNum`:: $_"
-            $auditResult = Get-TestError -LastError $_ -recnum $recnum
+            $auditResult = Get-TestError -LastError $_ -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-AntiPhishingPolicy4.ps1
+++ b/source/tests/Test-AntiPhishingPolicy4.ps1
@@ -0,0 +1,120 @@
 function Test-AntiPhishingPolicy4 {
    [CmdletBinding()]
    [OutputType([CISAuditResult])]
    param ()
    begin {
        # Set the record number and start the process
        $RecNum = '2.1.7'
        Write-Verbose "Running Test-AntiPhishingPolicy4 for $RecNum..."
    }
    process {
        try {
            # Step 1: Retrieve all anti-phishing policies and rules
            Write-Verbose 'Retrieving all anti-phishing policies and rules...'
            $antiPhishPolicies, $antiPhishRules = Get-CISExoOutput -Rec $RecNum
            if ($null -eq $antiPhishPolicies -or $antiPhishPolicies.Count -eq 0) {
                throw 'No Anti-Phishing policies found.'
            }
            # Initialize lists to track compliant and non-compliant policies and reasons for failures
            $compliantPolicies = @()
            $failureReasons = @()
            $nonCompliantPolicies = @()
            # Step 2: Evaluate strict and standard preset policies
            Write-Verbose 'Evaluating strict and standard preset policies...'
            $strictPolicy = $antiPhishPolicies | Where-Object { $_.Name -eq 'Strict Preset Security Policy' }
            $standardPolicy = $antiPhishPolicies | Where-Object { $_.Name -eq 'Standard Preset Security Policy' }
            $strictStandardCompliant = $false
            foreach ($policy in @($strictPolicy, $standardPolicy)) {
                if ($null -ne $policy) {
                    # Check if the Strict or Standard policy is compliant
                    $isCompliant = Get-PhishPolicyCompliance -policy $policy
                    if ($isCompliant) {
                        $strictStandardCompliant = $true
                        $compliantPolicies += $policy.Name
                        Write-Verbose "Compliant policy found: $($policy.Name). Ending evaluation."
                        return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($policy.Name)" -FailureReason 'None'
                    } else {
                        $nonCompliantPolicies += $policy.Name
                    }
                }
            }
            # Step 3: Evaluate custom policies if strict and standard are not compliant
            if (-not $strictStandardCompliant) {
                Write-Verbose 'Evaluating custom policies for compliance...'
                # Filter custom policies using $antiPhishRules to exclude default, strict, and standard
                $customPolicies = $antiPhishPolicies | Where-Object { $antiPhishRules.AntiPhishPolicy -contains $_.Name -and $_.Name -notin @('Strict Preset Security Policy', 'Standard Preset Security Policy', 'Office365 AntiPhish Default') }
                $customPolicies = $customPolicies | Sort-Object -Property { $antiPhishRules | Where-Object { $_.AntiPhishPolicy -eq $_.Name } | Select-Object -ExpandProperty Priority }
                foreach ($policy in $customPolicies) {
                    # Check for scope overlap between custom policies and strict/standard policies
                    $scopeOverlap = Get-ScopeOverlap -Policy $policy -OtherPolicies @($strictPolicy, $standardPolicy)
                    if ($scopeOverlap) {
                        $failureReasons += "Custom policy $($policy.Name) overlaps with strict or standard preset policies."
                        $nonCompliantPolicies += $policy.Name
                    } else {
                        # Check if the custom policy is compliant
                        $isCompliant = Get-PhishPolicyCompliance -policy $policy
                        if ($isCompliant) {
                            $compliantPolicies += $policy.Name
                            Write-Verbose "Compliant custom policy found: $($policy.Name). Ending evaluation."
                            return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($policy.Name)" -FailureReason 'None'
                        } else {
                            $nonCompliantPolicies += $policy.Name
                        }
                    }
                }
            }
            # Step 4: Evaluate the default policy if no compliant custom, strict, or standard policies
            if ($compliantPolicies.Count -eq 0) {
                Write-Verbose 'Evaluating default policy for compliance...'
                $defaultPolicy = $antiPhishPolicies | Where-Object { $_.Name -eq 'Office365 AntiPhish Default' }
                if ($null -ne $defaultPolicy) {
                    # Check for scope overlap between the default policy and other policies
                    $scopeOverlap = Get-ScopeOverlap -Policy $defaultPolicy -OtherPolicies @($strictPolicy, $standardPolicy, $customPolicies)
                    if ($scopeOverlap) {
                        $failureReasons += "Default policy overlaps with other scoped policies."
                        $nonCompliantPolicies += $defaultPolicy.Name
                    } else {
                        # Check if the default policy is compliant
                        $isCompliant = Get-PhishPolicyCompliance -policy $defaultPolicy
                        if ($isCompliant) {
                            $compliantPolicies += $defaultPolicy.Name
                            Write-Verbose "Compliant default policy found: $($defaultPolicy.Name)."
                            return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($defaultPolicy.Name)" -FailureReason 'None'
                        } else {
                            $nonCompliantPolicies += $defaultPolicy.Name
                        }
                    }
                }
            }
            # Step 5: Determine overall compliance
            $isOverallCompliant = ($compliantPolicies.Count -gt 0) -and ($failureReasons.Count -eq 0)
            # Step 6: Prepare result details
            $resultDetails = if ($isOverallCompliant) {
                # Prepare details for compliant policies
                "Compliant Policies: $($compliantPolicies -join ', ')"
            }
            else {
                # Prepare details for non-compliant policies and reasons
                "Non-Compliant Policies: $($nonCompliantPolicies -join ', ')`nFailure Reasons:`n" + ($failureReasons -join "`n")
            }
            # Step 7: Prepare the audit result object
            $params = @{
                Rec           = $RecNum
                Result        = $isOverallCompliant
                Status        = if ($isOverallCompliant) { 'Pass' } else { 'Fail' }
                Details       = $resultDetails
                FailureReason = if (-not $isOverallCompliant) { $failureReasons -join "`n" } else { 'None' }
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            # Handle errors and return the error result
            Write-Error "An error occurred during the test $RecNum`: $_"
            $auditResult = Get-TestError -LastError $_ -RecNum $RecNum
        }
    }
    end {
        # Return the audit result object
        return $auditResult
    }
 }
--- a/source/tests/Test-AttachmentFiltering.ps1
+++ b/source/tests/Test-AttachmentFiltering.ps1
@@ -0,0 +1,72 @@
 function Test-AttachmentFiltering {
    [CmdletBinding()]
    param ()
    begin {
        # Record the recommendation number and log the test start
        $RecNum = "2.1.11" # Recommendation for attachment filtering
        Write-Verbose "Starting Test-AttachmentFiltering with Rec: $RecNum"
    }
    process {
        try {
            # Step 1: Retrieve data needed for compliance check
            Write-Verbose "Retrieving malware policies, rules, and extensions for compliance evaluation..."
            $malwarePolicies, $malwareRules, $L2Extensions = Get-CISExoOutput -Rec $RecNum
            # Initialize compliance tracking
            $compliantPolicyFound = $false
            $failureReasons = @()
            $details = @()
            # Step 2: Check each malware policy for compliance
            Write-Verbose "Evaluating each malware filter policy..."
            foreach ($policy in $malwarePolicies) {
                # Check if the policy enables the file filter
                if (-not $policy.EnableFileFilter) {
                    $failureReasons += "Policy $($policy.Identity) has file filtering disabled."
                    continue
                }
                # Check if the number of extensions exceeds the minimum threshold (120)
                if ($policy.FileTypes.Count -le 120) {
                    $failureReasons += "Policy $($policy.Identity) does not include the minimum number of extensions (120)."
                    continue
                }
                # Check for missing extensions from the L2 benchmark
                $missingExtensions = $L2Extensions | Where-Object { -not $policy.FileTypes.Contains($_) }
                if ($missingExtensions.Count -gt 0) {
                    $failureReasons += "Policy $($policy.Identity) is missing extensions: $($missingExtensions -join ', ')."
                } else {
                    # Policy is compliant if it passes all checks
                    $compliantPolicyFound = $true
                    $details += "Compliant Policy Found: $($policy.Identity)"
                    # Break out of the loop since we only need one compliant policy
                    break
                }
            }
            # Step 3: Determine overall compliance
            $isCompliant = $compliantPolicyFound
            # Step 4: Prepare result details
            if ($isCompliant) {
                $resultDetails = $details -join "`n"
            } else {
                $resultDetails = "Non-Compliant Policies:`n$($failureReasons -join '`n')"
            }
            # Step 5: Create the audit result
            $params = @{
                Rec           = $RecNum
                Result        = $isCompliant
                Status        = if ($isCompliant) { 'Pass' } else { 'Fail' }
                Details       = $resultDetails
                FailureReason = if (-not $isCompliant) { $failureReasons -join "`n" } else { 'None' }
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            # Handle errors and return the error result
            $LastError = $_
            Write-Error "An error occurred during Test-AttachmentFiltering: $($LastError.Exception.Message)"
            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return the audit result
        return $auditResult
    }
 }
--- a/source/tests/Test-AuditDisabledFalse.ps1
+++ b/source/tests/Test-AuditDisabledFalse.ps1
@@ -24,14 +24,14 @@ function Test-AuditDisabledFalse {
        #   - Condition B: Using PowerShell, the `AuditDisabled` property in the organization's configuration is set to `True`.
        #   - Condition C: Mailbox auditing is not enabled by default at the organizational level.
        # Initialization code, if needed
-        $recnum = "6.1.1"
+        $RecNum = "6.1.1"
-        Write-Verbose "Running Test-AuditDisabledFalse for $recnum..."
+        Write-Verbose "Running Test-AuditDisabledFalse for $RecNum..."
    }
    process {
        try {
            # 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
            # Retrieve the AuditDisabled configuration (Condition B)
-            $auditNotDisabled = Get-CISExoOutput -Rec $recnum
+            $auditNotDisabled = Get-CISExoOutput -Rec $RecNum
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $auditNotDisabled) {
                "AuditDisabled is set to True"  # Condition A Fail
@@ -47,7 +47,7 @@ function Test-AuditDisabledFalse {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $auditNotDisabled
                Status        = if ($auditNotDisabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -57,7 +57,7 @@ function Test-AuditDisabledFalse {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-AuditLogSearch.ps1
+++ b/source/tests/Test-AuditLogSearch.ps1
@@ -9,8 +9,8 @@ function Test-AuditLogSearch {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "3.1.1"
+        $RecNum = "3.1.1"
-        Write-Verbose "Running Test-AuditLogSearch for $recnum..."
+        Write-Verbose "Running Test-AuditLogSearch for $RecNum..."
        <#
        Conditions for 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
        Validate test for a pass:
@@ -30,7 +30,7 @@ function Test-AuditLogSearch {
    process {
        try {
            # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
-            $auditLogResult = Get-CISExoOutput -Rec $recnum
+            $auditLogResult = Get-CISExoOutput -Rec $RecNum
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $auditLogResult) {
                # Condition A (Fail): Audit log search is not enabled in the Microsoft Purview compliance portal
@@ -48,7 +48,7 @@ function Test-AuditLogSearch {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $auditLogResult
                Status        = if ($auditLogResult) { "Pass" } else { "Fail" }
                Details       = $details
@@ -58,7 +58,7 @@ function Test-AuditLogSearch {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-BlockChannelEmails.ps1
+++ b/source/tests/Test-BlockChannelEmails.ps1
@@ -9,8 +9,8 @@ function Test-BlockChannelEmails {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.1.2"
+        $RecNum = "8.1.2"
-        Write-Verbose "Running Test-BlockChannelEmails for $recnum..."
+        Write-Verbose "Running Test-BlockChannelEmails for $RecNum..."
    }
    process {
        try {
@@ -30,7 +30,7 @@ function Test-BlockChannelEmails {
            #   - Condition B: The setting `Users can send emails to a channel email address` is not set to `Off` in the Teams admin center.
            #   - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled.
            # Retrieve Teams client configuration
-            $teamsClientConfig = Get-CISMSTeamsOutput -Rec $recnum
+            $teamsClientConfig = Get-CISMSTeamsOutput -Rec $RecNum
            $allowEmailIntoChannel = $teamsClientConfig.AllowEmailIntoChannel
            # Prepare failure reasons and details based on compliance
            $failureReasons = if ($allowEmailIntoChannel) {
@@ -47,7 +47,7 @@ function Test-BlockChannelEmails {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec            = $recnum
+                Rec            = $RecNum
                Result         = -not $allowEmailIntoChannel
                Status         = if (-not $allowEmailIntoChannel) { "Pass" } else { "Fail" }
                Details        = $details
@@ -57,7 +57,7 @@ function Test-BlockChannelEmails {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-BlockMailForwarding.ps1
+++ b/source/tests/Test-BlockMailForwarding.ps1
@@ -8,8 +8,8 @@ function Test-BlockMailForwarding {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "6.2.1"
+        $RecNum = "6.2.1"
-        Write-Verbose "Running Test-BlockMailForwarding for $recnum..."
+        Write-Verbose "Running Test-BlockMailForwarding for $RecNum..."
        <#
        Conditions for 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
        Validate test for a pass:
@@ -30,7 +30,7 @@ function Test-BlockMailForwarding {
        try {
            # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
            # Step 1: Retrieve the transport rules that redirect messages
-            $transportRules,$nonCompliantSpamPolicies = Get-CISExoOutput -Rec $recnum
+            $transportRules,$nonCompliantSpamPolicies = Get-CISExoOutput -Rec $RecNum
            $transportForwardingBlocked = $transportRules.Count -eq 0
            # Step 2: Check all anti-spam outbound policies
            $nonCompliantSpamPoliciesArray = @($nonCompliantSpamPolicies)
@@ -67,7 +67,7 @@ function Test-BlockMailForwarding {
            }
            # Populate the audit result
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $forwardingBlocked
                Status        = if ($forwardingBlocked) { "Pass" } else { "Fail" }
                Details       = $details
@@ -77,7 +77,7 @@ function Test-BlockMailForwarding {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-BlockSharedMailboxSignIn.ps1
+++ b/source/tests/Test-BlockSharedMailboxSignIn.ps1
@@ -9,8 +9,8 @@ function Test-BlockSharedMailboxSignIn {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "1.2.2"
+        $RecNum = "1.2.2"
-        Write-Verbose "Running Test-BlockSharedMailboxSignIn for $recnum..."
+        Write-Verbose "Running Test-BlockSharedMailboxSignIn for $RecNum..."
        # Conditions for 1.2.2 (L1) Ensure sign-in to shared mailboxes is blocked
        #
        # Validate test for a pass:
@@ -36,7 +36,7 @@ function Test-BlockSharedMailboxSignIn {
                    "abcddcba-98fe-76dc-a456-426614174000"
                )
            #>
-            $objectids = Get-CISExoOutput -Rec $recnum
+            $objectids = Get-CISExoOutput -Rec $RecNum
            # Step: Retrieve user details from Azure AD
            # $users Mock Object
            <#
@@ -58,9 +58,9 @@ function Test-BlockSharedMailboxSignIn {
                    }
                )
            #>
-            $users = Get-CISAadOutput -Rec $recnum
+            $users = Get-CISMgOutput -Rec $RecNum
            # Step: Retrieve details of shared mailboxes from Azure AD (Condition B: Pass/Fail)
-            $sharedMailboxDetails = $users | Where-Object {$_.objectid -in $objectids}
+            $sharedMailboxDetails = $users | Where-Object {$_.id -in $objectids}
            # Step: Identify enabled mailboxes (Condition B: Pass/Fail)
            $enabledMailboxes = $sharedMailboxDetails | Where-Object { $_.AccountEnabled } | ForEach-Object { $_.DisplayName }
            $allBlocked = $enabledMailboxes.Count -eq 0
@@ -80,7 +80,7 @@ function Test-BlockSharedMailboxSignIn {
            }
            # Step: Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $allBlocked  # Pass: Condition A, Condition B
                Status        = if ($allBlocked) { "Pass" } else { "Fail" }
                Details       = $details
@@ -90,7 +90,7 @@ function Test-BlockSharedMailboxSignIn {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-CommonAttachmentFilter.ps1
+++ b/source/tests/Test-CommonAttachmentFilter.ps1
@@ -24,8 +24,8 @@ function Test-CommonAttachmentFilter {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "2.1.2"
+        $RecNum = "2.1.2"
-        Write-Verbose "Running Test-CommonAttachmentFilter for $recnum..."
+        Write-Verbose "Running Test-CommonAttachmentFilter for $RecNum..."
    }
    process {
        try {
@@ -35,7 +35,7 @@ function Test-CommonAttachmentFilter {
            # Retrieve the attachment filter policy
            # $result Mock Object
            # $result = $true
-            $result = Get-CISExoOutput -Rec $recnum
+            $result = Get-CISExoOutput -Rec $RecNum
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $result) {
                # Condition A: The Common Attachment Types Filter is not enabled in the Microsoft 365 Security & Compliance Center.
@@ -53,7 +53,7 @@ function Test-CommonAttachmentFilter {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $result
                Status        = if ($result) { "Pass" } else { "Fail" }
                Details       = $details
@@ -63,7 +63,7 @@ function Test-CommonAttachmentFilter {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-CustomerLockbox.ps1
+++ b/source/tests/Test-CustomerLockbox.ps1
@@ -11,8 +11,8 @@ function Test-CustomerLockbox {
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "1.3.6"
+        $RecNum = "1.3.6"
-        Write-Verbose "Running Test-CustomerLockbox for $recnum..."
+        Write-Verbose "Running Test-CustomerLockbox for $RecNum..."
        # Conditions for 1.3.6 (L2) Ensure the customer lockbox feature is enabled (Automated)
        #
        # Validate test for a pass:
@@ -34,7 +34,7 @@ function Test-CustomerLockbox {
            # Step: Retrieve the organization configuration (Condition C: Pass/Fail)
            # $customerLockboxEnabled Mock Object
            # $customerLockboxEnabled = $true
-            $customerLockboxEnabled = Get-CISExoOutput -Rec $recnum
+            $customerLockboxEnabled = Get-CISExoOutput -Rec $RecNum
            # Step: Prepare failure reasons and details based on compliance (Condition A, B, & C: Fail)
            $failureReasons = if (-not $customerLockboxEnabled) {
                "Customer lockbox feature is not enabled."
@@ -51,7 +51,7 @@ function Test-CustomerLockbox {
            }
            # Step: Create and populate the CISAuditResult object
            $params = @{
-                Rec            = $recnum
+                Rec            = $RecNum
                Result         = $customerLockboxEnabled
                Status         = if ($customerLockboxEnabled) { "Pass" } else { "Fail" }
                Details        = $details
@@ -61,7 +61,7 @@ function Test-CustomerLockbox {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-DialInBypassLobby.ps1
+++ b/source/tests/Test-DialInBypassLobby.ps1
@@ -9,8 +9,8 @@ function Test-DialInBypassLobby {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.5.4"
+        $RecNum = "8.5.4"
-        Write-Verbose "Running Test-DialInBypassLobby for $recnum..."
+        Write-Verbose "Running Test-DialInBypassLobby for $RecNum..."
    }
    process {
        try {
@@ -36,7 +36,7 @@ function Test-DialInBypassLobby {
                    AllowPSTNUsersToBypassLobby           = $true
                }
            #>
-            $CsTeamsMeetingPolicyPSTN = Get-CISMSTeamsOutput -Rec $recnum
+            $CsTeamsMeetingPolicyPSTN = Get-CISMSTeamsOutput -Rec $RecNum
            $PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $PSTNBypassDisabled) {
@@ -53,7 +53,7 @@ function Test-DialInBypassLobby {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $PSTNBypassDisabled
                Status        = if ($PSTNBypassDisabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -63,7 +63,7 @@ function Test-DialInBypassLobby {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-DisallowInfectedFilesDownload.ps1
+++ b/source/tests/Test-DisallowInfectedFilesDownload.ps1
@@ -5,17 +5,14 @@ function Test-DisallowInfectedFilesDownload {
        # Aligned
        # Define your parameters here if needed
    )
    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.3.1"
+        $RecNum = "7.3.1"
        Write-Verbose "Running Test-DisallowInfectedFilesDownload for $RecNum..."
    }
    process {
        try {
            # 7.3.1 (L2) Ensure Office 365 SharePoint infected files are disallowed for download
            #
@@ -32,31 +29,33 @@ function Test-DisallowInfectedFilesDownload {
            #   - Condition A: The `DisallowInfectedFileDownload` setting is not set to `True`.
            #   - Condition B: The setting does not prevent users from downloading infected files.
            #   - Condition C: Verification using the PowerShell command indicates that the setting is incorrectly configured.
            # Retrieve the SharePoint tenant configuration
-            $SPOTenantDisallowInfectedFileDownload = Get-CISSpoOutput -Rec $recnum
+            # $SPOTenantDisallowInfectedFileDownload Mock Object
-
+            <#
                $SPOTenantDisallowInfectedFileDownload = [PSCustomObject]@{
                    DisallowInfectedFileDownload           = $false
                }
            #>
            $SPOTenantDisallowInfectedFileDownload = Get-CISSpoOutput -Rec $RecNum
            # Condition A: The `DisallowInfectedFileDownload` setting is set to `True`
            $isDisallowInfectedFileDownloadEnabled = $SPOTenantDisallowInfectedFileDownload.DisallowInfectedFileDownload
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $isDisallowInfectedFileDownloadEnabled) {
-                "Downloading infected files is not disallowed."  # Condition B: The setting does not prevent users from downloading infected files
+                "Downloading infected files is not disallowed. To ensure infected files cannot be downloaded, use the following command:`n" + ` # Condition B: The setting does not prevent users from downloading infected files
                "Set-SPOTenant -DisallowInfectedFileDownload `$true"
            }
            else {
                "N/A"
            }
            $details = if ($isDisallowInfectedFileDownloadEnabled) {
                "DisallowInfectedFileDownload: True"  # Condition C: Verification confirms the setting is correctly configured
            }
            else {
                "DisallowInfectedFileDownload: False"  # Condition C: Verification indicates the setting is incorrectly configured
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isDisallowInfectedFileDownloadEnabled
                Status        = if ($isDisallowInfectedFileDownloadEnabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -66,10 +65,9 @@ function Test-DisallowInfectedFilesDownload {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return the audit result
        return $auditResult
--- a/source/tests/Test-EnableDKIM.ps1
+++ b/source/tests/Test-EnableDKIM.ps1
@@ -10,8 +10,8 @@ function Test-EnableDKIM {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "2.1.9"
+        $RecNum = "2.1.9"
-        Write-Verbose "Running Test-EnableDKIM for $recnum..."
+        Write-Verbose "Running Test-EnableDKIM for $RecNum..."
        <#
        Conditions for 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains (Automated)
        Validate test for a pass:
@@ -30,7 +30,7 @@ function Test-EnableDKIM {
        try {
            # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
            # Retrieve DKIM configuration for all domains
-            $dkimConfig = Get-CISExoOutput -Rec $recnum
+            $dkimConfig = Get-CISExoOutput -Rec $RecNum
            if (-not $DomainName) {
                $dkimResult = ($dkimConfig | ForEach-Object { $_.Enabled }) -notcontains $false
                $dkimFailedDomains = $dkimConfig | Where-Object { -not $_.Enabled } | ForEach-Object { $_.Domain }
@@ -62,7 +62,7 @@ function Test-EnableDKIM {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $dkimResult
                Status        = if ($dkimResult) { "Pass" } else { "Fail" }
                Details       = $details
@@ -72,7 +72,7 @@ function Test-EnableDKIM {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-ExternalNoControl.ps1
+++ b/source/tests/Test-ExternalNoControl.ps1
@@ -9,8 +9,8 @@ function Test-ExternalNoControl {
        # Dot source the class script if necessary
        # . .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.5.7"
+        $RecNum = "8.5.7"
-        Write-Verbose "Running Test-ExternalNoControl for $recnum..."
+        Write-Verbose "Running Test-ExternalNoControl for $RecNum..."
    }
    process {
        try {
@@ -36,7 +36,7 @@ function Test-ExternalNoControl {
                    AllowExternalParticipantGiveRequestControl           = $true
                }
            #>
-            $CsTeamsMeetingPolicyControl = Get-CISMSTeamsOutput -Rec $recnum
+            $CsTeamsMeetingPolicyControl = Get-CISMSTeamsOutput -Rec $RecNum
            # Check if external participants can give or request control
            $externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl
            # Prepare failure reasons and details based on compliance
@@ -54,7 +54,7 @@ function Test-ExternalNoControl {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec            = $recnum
+                Rec            = $RecNum
                Result         = $externalControlRestricted
                Status         = if ($externalControlRestricted) { "Pass" } else { "Fail" }
                Details        = $details
@@ -64,7 +64,7 @@ function Test-ExternalNoControl {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-ExternalSharingCalendars.ps1
+++ b/source/tests/Test-ExternalSharingCalendars.ps1
@@ -5,12 +5,14 @@ function Test-ExternalSharingCalendars {
        # Aligned
        # Parameters can be added if needed
    )
    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "1.3.3"
+        $RecNum = "1.3.3"
-        Write-Verbose "Running Test-ExternalSharingCalendars for $recnum..."
+
        # Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated)
        #
        # Validate test for a pass:
@@ -25,19 +27,12 @@ function Test-ExternalSharingCalendars {
        #   - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled.
        #   - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`.
    }
    process {
        try {
            # Step: Retrieve sharing policies related to calendar sharing
-            # $sharingPolicies Mock Object
+            $sharingPolicies = Get-CISExoOutput -Rec $RecNum
-            <#
+
                $sharingPolicies = [PSCustomObject]@{
                    Name = "Default Sharing Policy"
                    Domains = @("Anonymous:CalendarSharingFreeBusySimple")
                    Enabled = $true
                    Default = $true
                }
            #>
            $sharingPolicies = Get-CISExoOutput -Rec $recnum
            # Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies
            $isExternalSharingDisabled = $true
            $sharingPolicyDetails = @()
@@ -47,46 +42,50 @@ function Test-ExternalSharingCalendars {
                    $sharingPolicyDetails += "$($policy.Name): Enabled"
                }
            }
-            # Retrieve calendars with publishing enabled (from 1.3.3b)
+            $failureRemediation = @'
-            # $calendarDetails Mock Object
+# Get all mailboxes
-            <#
+$mailboxes = Get-Mailbox -ResultSize Unlimited
-                $calendarDetails = @(
+
-                    [PSCustomObject]@{
+# Initialize a hashtable to store calendar folder names
-                        Calendar = "SMBuser1@domain.com"
+$calendarFolders = @{}
-                        URL = "https://example.com/calendar/smbuser1"
+# Get the default calendar folder names for all mailboxes
-                    },
+$mailboxes | ForEach-Object {
-                    [PSCustomObject]@{
+    $calendarFolderName = [string](Get-EXOMailboxFolderStatistics $_.PrimarySmtpAddress -FolderScope Calendar | Where-Object { $_.FolderType -eq 'Calendar' }).Name
-                        Calendar = "SMBuser2@domain.com"
+    $calendarFolders[$_.PrimarySmtpAddress] = $calendarFolderName
                        URL = "https://example.com/calendar/smbuser2"
                    },
                    [PSCustomObject]@{
                        Calendar = "SMBuser4@domain.com"
                        URL = "https://example.com/calendar/smbuser3"
 }
-                )
+# Get the calendar folder settings for each mailbox
-            #>
+foreach ($mailbox in $mailboxes) {
-            $calendarDetails = Get-CISExoOutput -Rec "$("$recnum" + "b")"
+    $primarySmtpAddress = $mailbox.PrimarySmtpAddress
-            # Build the failure reason string
+    $calendarFolder = $calendarFolders[$primarySmtpAddress]
    # Get users calendar folder settings for their default Calendar folder
    $calendar = Get-MailboxCalendarFolder -Identity "$primarySmtpAddress:\$calendarFolder"
    # Check if calendar publishing is enabled and display a message
    if ($calendar.PublishEnabled) {
        Write-Host -ForegroundColor Yellow "Calendar publishing is enabled for $primarySmtpAddress on $($calendar.PublishedCalendarUrl)"
    }
 }
 '@
            # Step: Prepare failure reasons and details based on compliance (Condition A & B: Fail)
            $failureReasons = if (-not $isExternalSharingDisabled) {
-                $baseMessage = "Calendar sharing with external users is enabled in one or more policies."
+                "Calendar sharing with external users is enabled in one or more policies.`n`n" + `
-                if ($calendarDetails.Count -gt 0) {
+                "Use the following command to verify which users are sharing calendars prior to disabling:`n`n" + `
-                    $baseMessage += "`nPrior to remediating, check the following mailboxes that have calendar publishing enabled: `n$($calendarDetails -join '`n')"
+                $failureRemediation
                }
                $baseMessage
            }
            else {
                "N/A"
            }
            # Step: Prepare details for the audit result (Condition A & B: Pass/Fail)
            $details = if ($isExternalSharingDisabled) {
                "Calendar sharing with external users is disabled."
            }
            else {
-                "Enabled Sharing Policies:`n$($sharingPolicyDetails -join ', ')"
+                "Enabled Sharing Policies: $($sharingPolicyDetails -join ', ')"
            }
            # Step: Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isExternalSharingDisabled
                Status        = if ($isExternalSharingDisabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -96,9 +95,10 @@ function Test-ExternalSharingCalendars {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return the audit result
        return $auditResult
--- a/source/tests/Test-GlobalAdminsCount.ps1
+++ b/source/tests/Test-GlobalAdminsCount.ps1
@@ -23,12 +23,12 @@ function Test-GlobalAdminsCount {
        #   - Condition B: The number of global admins is more than 4.
        #   - Condition C: Any discrepancies or errors in retrieving the list of global admin usernames.
        # Initialization code, if needed
-        $recnum = "1.1.3"
+        $RecNum = "1.1.3"
-        Write-Verbose "Starting Test-GlobalAdminsCount with Rec: $recnum"
+        Write-Verbose "Starting Test-GlobalAdminsCount with Rec: $RecNum"
    }
    process {
        try {
-            $globalAdmins = Get-CISMgOutput -Rec $recnum
+            $globalAdmins = Get-CISMgOutput -Rec $RecNum
            # Step: Count the number of global admins
            $globalAdminCount = $globalAdmins.Count
            # Step: Retrieve and format the usernames of global admins
@@ -49,7 +49,7 @@ function Test-GlobalAdminsCount {
            $details = "Count: $globalAdminCount; Users: $globalAdminUsernames"
            # Step: Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $globalAdminCount -ge 2 -and $globalAdminCount -le 4
                Status        = if ($globalAdminCount -ge 2 -and $globalAdminCount -le 4) { "Pass" } else { "Fail" }
                Details       = $details
@@ -59,7 +59,7 @@ function Test-GlobalAdminsCount {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-GuestAccessExpiration.ps1
+++ b/source/tests/Test-GuestAccessExpiration.ps1
@@ -5,17 +5,14 @@ function Test-GuestAccessExpiration {
        # Aligned
        # Define your parameters here if needed
    )
    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.2.9"
+        $RecNum = "7.2.9"
        Write-Verbose "Running Test-GuestAccessExpiration for $RecNum..."
    }
    process {
        try {
            # 7.2.9 (L1) Ensure guest access to a site or OneDrive will expire automatically
            #
@@ -32,24 +29,28 @@ function Test-GuestAccessExpiration {
            #   - Condition A: The ExternalUserExpirationRequired setting in SharePoint is not set to True.
            #   - Condition B: The ExternalUserExpireInDays setting in SharePoint is configured to more than 30 days.
            #   - Condition C: Verification using the SharePoint Admin Center indicates that guest access is not set to expire automatically after the specified number of days.
            # Retrieve SharePoint tenant settings related to guest access expiration
-            $SPOTenantGuestAccess = Get-CISSpoOutput -Rec $recnum
+            # $SPOTenantGuestAccess Mock Object
            <#
                $SPOTenantGuestAccess = [PSCustomObject]@{
                    ExternalUserExpirationRequired           = "$false"
                    ExternalUserExpireInDays                 = "60"
                }
            #>
            $SPOTenantGuestAccess = Get-CISSpoOutput -Rec $RecNum
            $isGuestAccessExpirationConfiguredCorrectly = $SPOTenantGuestAccess.ExternalUserExpirationRequired -and $SPOTenantGuestAccess.ExternalUserExpireInDays -le 30
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $isGuestAccessExpirationConfiguredCorrectly) {
-                "Guest access expiration is not configured to automatically expire within 30 days or less."
+                "Guest access expiration is not configured to automatically expire within 30 days or less. To remediate this setting, use the Set-SPOTenant command:`n`n" + `
                "Set-SPOTenant -ExternalUserExpirationRequired `$true -ExternalUserExpireInDays 30"
            }
            else {
                "N/A"
            }
            $details = "ExternalUserExpirationRequired: $($SPOTenantGuestAccess.ExternalUserExpirationRequired); ExternalUserExpireInDays: $($SPOTenantGuestAccess.ExternalUserExpireInDays)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec            = $recnum
+                Rec            = $RecNum
                Result         = $isGuestAccessExpirationConfiguredCorrectly
                Status         = if ($isGuestAccessExpirationConfiguredCorrectly) { "Pass" } else { "Fail" }
                Details        = $details
@@ -59,10 +60,9 @@ function Test-GuestAccessExpiration {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return the audit result
        return $auditResult
--- a/source/tests/Test-GuestUsersBiweeklyReview.ps1
+++ b/source/tests/Test-GuestUsersBiweeklyReview.ps1
@@ -11,7 +11,7 @@ function Test-GuestUsersBiweeklyReview {
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "1.1.4"
+        $RecNum = "1.1.4"
    }
    process {
@@ -41,7 +41,7 @@ function Test-GuestUsersBiweeklyReview {
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = -not $guestUsers
                Status        = if ($guestUsers) { "Fail" } else { "Pass" }
                Details       = $details
@@ -51,7 +51,7 @@ function Test-GuestUsersBiweeklyReview {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
--- a/source/tests/Test-IdentifyExternalEmail.ps1
+++ b/source/tests/Test-IdentifyExternalEmail.ps1
@@ -10,8 +10,8 @@ function Test-IdentifyExternalEmail {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "6.2.3"
+        $RecNum = "6.2.3"
-        Write-Verbose "Running Test-IdentifyExternalEmail for $recnum..."
+        Write-Verbose "Running Test-IdentifyExternalEmail for $RecNum..."
        # Conditions for 6.2.3 (L1) Ensure email from external senders is identified
        #
        # Validate test for a pass:
@@ -32,7 +32,7 @@ function Test-IdentifyExternalEmail {
        try {
            # 6.2.3 (L1) Ensure email from external senders is identified
            # Retrieve external sender tagging configuration
-            $externalInOutlook = Get-CISExoOutput -Rec $recnum
+            $externalInOutlook = Get-CISExoOutput -Rec $RecNum
            $externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $externalTaggingEnabled) {
@@ -46,7 +46,7 @@ function Test-IdentifyExternalEmail {
            $details = "Enabled: $($externalTaggingEnabled); AllowList: $($externalInOutlook.AllowList)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $externalTaggingEnabled
                Status        = if ($externalTaggingEnabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -56,7 +56,7 @@ function Test-IdentifyExternalEmail {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-LinkSharingRestrictions.ps1
+++ b/source/tests/Test-LinkSharingRestrictions.ps1
@@ -6,14 +6,13 @@ function Test-LinkSharingRestrictions {
        # Define your parameters here
        # Test behavior in prod
    )
    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.2.7"
+        $RecNum = "7.2.7"
        Write-Verbose "Running Test-LinkSharingRestrictions for $RecNum..."
    }
    process {
        try {
            # 7.2.7 (L1) Ensure link sharing is restricted in SharePoint and OneDrive
@@ -31,38 +30,39 @@ function Test-LinkSharingRestrictions {
            #   - Condition A: The `DefaultSharingLinkType` setting in SharePoint and OneDrive is not set to `Direct`.
            #   - Condition B: The setting `Choose the type of link that's selected by default when users share files and folders in SharePoint and OneDrive` is not set to `Specific people (only the people the user specifies)`.
            #   - Condition C: Verification using the UI indicates that the link sharing settings are not configured as recommended.
            # Retrieve link sharing configuration for SharePoint and OneDrive
-            $SPOTenantLinkSharing = Get-CISSpoOutput -Rec $recnum
+            # $SPOTenantLinkSharing Mock Object
            <#
                $$SPOTenantLinkSharing = [PSCustomObject]@{
                    DefaultSharingLinkType           = "Direct"
                }
            #>
            $SPOTenantLinkSharing = Get-CISSpoOutput -Rec $RecNum
            $isLinkSharingRestricted = $SPOTenantLinkSharing.DefaultSharingLinkType -eq 'Direct'  # Or 'SpecificPeople' as per the recommendation
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $isLinkSharingRestricted) {
-                "Link sharing is not restricted to 'Specific people'. Current setting: $($SPOTenantLinkSharing.DefaultSharingLinkType)"
+                "Link sharing is not restricted to 'Specific people'. Current setting: $($SPOTenantLinkSharing.DefaultSharingLinkType). To remediate this setting, use the Set-SPOTenant command:`n`n" + `
                "Set-SPOTenant -DefaultSharingLinkType Direct"
            }
            else {
                "N/A"
            }
            $details = "DefaultSharingLinkType: $($SPOTenantLinkSharing.DefaultSharingLinkType)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isLinkSharingRestricted
                Status        = if ($isLinkSharingRestricted) { "Pass" } else { "Fail" }
                Details       = $details
                FailureReason = $failureReasons
            }
            $auditResult = Initialize-CISAuditResult @params
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return the audit result
        return $auditResult
--- a/source/tests/Test-MailTipsEnabled.ps1
+++ b/source/tests/Test-MailTipsEnabled.ps1
@@ -9,8 +9,8 @@ function Test-MailTipsEnabled {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "6.5.2"
+        $RecNum = "6.5.2"
-        Write-Verbose "Running Test-MailTipsEnabled for $recnum..."
+        Write-Verbose "Running Test-MailTipsEnabled for $RecNum..."
        # Conditions for 6.5.2 (L2) Ensure MailTips are enabled for end users
        #
        # Validate test for a pass:
@@ -33,7 +33,7 @@ function Test-MailTipsEnabled {
        try {
            # 6.5.2 (L2) Ensure MailTips are enabled for end users
            # Retrieve organization configuration for MailTips settings
-            $orgConfig = Get-CISExoOutput -Rec $recnum
+            $orgConfig = Get-CISExoOutput -Rec $RecNum
            # Check the MailTips settings (Conditions A, B, C, D)
            $allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25
            $externalRecipientsTipsEnabled = $orgConfig.MailTipsExternalRecipientsTipsEnabled
@@ -52,7 +52,7 @@ function Test-MailTipsEnabled {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $allTipsEnabled -and $externalRecipientsTipsEnabled
                Status        = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -62,7 +62,7 @@ function Test-MailTipsEnabled {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-MailboxAuditingE3.ps1
+++ b/source/tests/Test-MailboxAuditingE3.ps1
@@ -24,20 +24,22 @@ function Test-MailboxAuditingE3 {
        #>
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
-        $actionDictionaries = Get-Action -Dictionaries
+        $RecNum = "6.1.2"
        $version = $RecNum
        $actionDictionaries = Get-Action -Dictionaries -Version $version
        # E3 specific actions
-        $AdminActions = $actionDictionaries.AdminActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
+        $AdminActions = $actionDictionaries.AdminActions.Keys
-        $DelegateActions = $actionDictionaries.DelegateActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed") }
+        $DelegateActions = $actionDictionaries.DelegateActions.Keys
-        $OwnerActions = $actionDictionaries.OwnerActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
+        $OwnerActions = $actionDictionaries.OwnerActions.Keys
        $allFailures = @()
-        $recnum = "6.1.2"
+
-        Write-Verbose "Running Test-MailboxAuditingE3 for $recnum..."
+        Write-Verbose "Running Test-MailboxAuditingE3 for $RecNum..."
-        $allUsers = Get-CISMgOutput -Rec $recnum
+        $allUsers = Get-CISMgOutput -Rec $RecNum
        $processedUsers = @{}  # Dictionary to track processed users
    }
    process {
        if ($null -ne $allUsers) {
-            $mailboxes = Get-CISExoOutput -Rec $recnum
+            $mailboxes = Get-CISExoOutput -Rec $RecNum
            try {
                foreach ($user in $allUsers) {
                    if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
@@ -52,17 +54,17 @@ function Test-MailboxAuditingE3 {
                    if ($mailbox.AuditEnabled) {
                        foreach ($action in $AdminActions) {
                            if ($mailbox.AuditAdmin -notcontains $action) {
-                                $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin")
+                                $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin" -Version $version)
                            }
                        }
                        foreach ($action in $DelegateActions) {
                            if ($mailbox.AuditDelegate -notcontains $action) {
-                                $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate")
+                                $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate" -Version $version)
                            }
                        }
                        foreach ($action in $OwnerActions) {
                            if ($mailbox.AuditOwner -notcontains $action) {
-                                $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner")
+                                $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner" -Version $version)
                            }
                        }
                        if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
@@ -90,7 +92,7 @@ function Test-MailboxAuditingE3 {
                }
                # Populate the audit result
                $params = @{
-                    Rec           = $recnum
+                    Rec           = $RecNum
                    Result        = $allFailures.Count -eq 0
                    Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
                    Details       = $details
@@ -99,18 +101,18 @@ function Test-MailboxAuditingE3 {
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
-                Write-Error "An error occurred during the test: $_"
+                Write-Error "An error occurred during the test $RecNum`:: $_"
                # Retrieve the description from the test definitions
-                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum }
                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
-                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
-                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+                $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure
            }
        }
        else {
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $false
                Status        = "Fail"
                Details       = "No M365 E3 licenses found."
--- a/source/tests/Test-MailboxAuditingE5.ps1
+++ b/source/tests/Test-MailboxAuditingE5.ps1
@@ -24,19 +24,20 @@ function Test-MailboxAuditingE5 {
        #   - Condition B: AuditAdmin actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SendAs, SendOnBehalf, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules.
        #   - Condition C: AuditDelegate actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, SendAs, SendOnBehalf, SoftDelete, Update, UpdateFolderPermissions, UpdateInboxRules.
        #   - Condition D: AuditOwner actions do not include all of the following: ApplyRecord, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules.
-        $actionDictionaries = Get-Action -Dictionaries
+        $RecNum = "6.1.3"
        $version = $RecNum
        $actionDictionaries = Get-Action -Dictionaries -Version $version
        $AdminActions = $actionDictionaries.AdminActions.Keys
        $DelegateActions = $actionDictionaries.DelegateActions.Keys
        $OwnerActions = $actionDictionaries.OwnerActions.Keys
        $allFailures = @()
        $processedUsers = @{}
-        $recnum = "6.1.3"
+        Write-Verbose "Running Test-MailboxAuditingE5 for $RecNum..."
-        Write-Verbose "Running Test-MailboxAuditingE5 for $recnum..."
+        $allUsers = Get-CISMgOutput -Rec $RecNum
        $allUsers = Get-CISMgOutput -Rec $recnum
    }
    process {
        if ($null -ne $allUsers) {
-            $mailboxes = Get-CISExoOutput -Rec $recnum
+            $mailboxes = Get-CISExoOutput -Rec $RecNum
            try {
                foreach ($user in $allUsers) {
                    if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
@@ -52,19 +53,19 @@ function Test-MailboxAuditingE5 {
                        # Validate Admin actions
                        foreach ($action in $AdminActions) {
                            if ($mailbox.AuditAdmin -notcontains $action) {
-                                $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin") # Condition B
+                                $missingAdminActions += (Get-Action -Actions $action -ActionType "Admin" -Version $version) # Condition B
                            }
                        }
                        # Validate Delegate actions
                        foreach ($action in $DelegateActions) {
                            if ($mailbox.AuditDelegate -notcontains $action) {
-                                $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate") # Condition C
+                                $missingDelegateActions += (Get-Action -Actions $action -ActionType "Delegate" -Version $version) # Condition C
                            }
                        }
                        # Validate Owner actions
                        foreach ($action in $OwnerActions) {
                            if ($mailbox.AuditOwner -notcontains $action) {
-                                $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner") # Condition D
+                                $missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner" -Version $version) # Condition D
                            }
                        }
                        if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
@@ -93,7 +94,7 @@ function Test-MailboxAuditingE5 {
                # $details = Initialize-LargeTestTable -lineCount 3000 # Adjust the lineCount to exceed 32,000 characters
                # Populate the audit result
                $params = @{
-                    Rec           = $recnum
+                    Rec           = $RecNum
                    Result        = $allFailures.Count -eq 0
                    Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
                    Details       = $details
@@ -102,18 +103,18 @@ function Test-MailboxAuditingE5 {
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
-                Write-Error "An error occurred during the test: $_"
+                Write-Error "An error occurred during the test $RecNum`:: $_"
                # Retrieve the description from the test definitions
-                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum }
                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
-                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
-                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+                $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure
            }
        }
        else {
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $false
                Status        = "Fail"
                Details       = "No M365 E5 licenses found."
--- a/source/tests/Test-ManagedApprovedPublicGroups.ps1
+++ b/source/tests/Test-ManagedApprovedPublicGroups.ps1
@@ -8,8 +8,8 @@ function Test-ManagedApprovedPublicGroups {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "1.2.1"
+        $RecNum = "1.2.1"
-        Write-Verbose "Starting Test-ManagedApprovedPublicGroups with Rec: $recnum"
+        Write-Verbose "Starting Test-ManagedApprovedPublicGroups with Rec: $RecNum"
        # Conditions for 1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist (Automated)
        #
        # Validate test for a pass:
@@ -27,7 +27,7 @@ function Test-ManagedApprovedPublicGroups {
    process {
        try {
            # Step: Retrieve all groups with visibility set to 'Public'
-            $allGroups = Get-CISMgOutput -Rec $recnum
+            $allGroups = Get-CISMgOutput -Rec $RecNum
            # Step: Determine failure reasons based on the presence of public groups
            $failureReasons = if ($null -ne $allGroups -and $allGroups.Count -gt 0) {
                "There are public groups present that are not organizationally managed/approved."
@@ -45,7 +45,7 @@ function Test-ManagedApprovedPublicGroups {
            }
            # Step: Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $null -eq $allGroups -or $allGroups.Count -eq 0
                Status        = if ($null -eq $allGroups -or $allGroups.Count -eq 0) { "Pass" } else { "Fail" }
                Details       = $details
@@ -55,7 +55,7 @@ function Test-ManagedApprovedPublicGroups {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-MeetingChatNoAnonymous.ps1
+++ b/source/tests/Test-MeetingChatNoAnonymous.ps1
@@ -9,8 +9,8 @@ function Test-MeetingChatNoAnonymous {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.5.5"
+        $RecNum = "8.5.5"
-        Write-Verbose "Running Test-MeetingChatNoAnonymous for $recnum..."
+        Write-Verbose "Running Test-MeetingChatNoAnonymous for $RecNum..."
    }
    process {
        try {
@@ -36,7 +36,7 @@ function Test-MeetingChatNoAnonymous {
                    MeetingChatEnabledType           = "Enabled"
                }
            #>
-            $CsTeamsMeetingPolicyChat = Get-CISMSTeamsOutput -Rec $recnum
+            $CsTeamsMeetingPolicyChat = Get-CISMSTeamsOutput -Rec $RecNum
            # Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous'
            $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous'
            # Prepare failure reasons and details based on compliance
@@ -49,7 +49,7 @@ function Test-MeetingChatNoAnonymous {
            $details = "MeetingChatEnabledType is set to $($CsTeamsMeetingPolicyChat.MeetingChatEnabledType)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $chatAnonDisabled
                Status        = if ($chatAnonDisabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -59,7 +59,7 @@ function Test-MeetingChatNoAnonymous {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-ModernAuthExchangeOnline.ps1
+++ b/source/tests/Test-ModernAuthExchangeOnline.ps1
@@ -23,14 +23,14 @@ function Test-ModernAuthExchangeOnline {
        #   - Condition A: Modern authentication for Exchange Online is not enabled.
        #   - Condition B: Exchange Online clients do not use modern authentication to log in to Microsoft 365 mailboxes.
        #   - Condition C: Users of older email clients, such as Outlook 2013 and Outlook 2016, are still able to authenticate to Exchange using Basic Authentication.
-        $recnum = "6.5.1"
+        $RecNum = "6.5.1"
-        Write-Verbose "Running Test-ModernAuthExchangeOnline for $recnum..."
+        Write-Verbose "Running Test-ModernAuthExchangeOnline for $RecNum..."
    }
    process {
        try {
            # 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
            # Check modern authentication setting in Exchange Online configuration (Condition A and B)
-            $orgConfig = Get-CISExoOutput -Rec $recnum
+            $orgConfig = Get-CISExoOutput -Rec $RecNum
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) {
                "Modern authentication is disabled"
@@ -42,7 +42,7 @@ function Test-ModernAuthExchangeOnline {
            $details = "OAuth2ClientProfileEnabled: $($orgConfig.OAuth2ClientProfileEnabled) for Organization: $($orgConfig.Name)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $orgConfig.OAuth2ClientProfileEnabled
                Status        = if ($orgConfig.OAuth2ClientProfileEnabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -52,7 +52,7 @@ function Test-ModernAuthExchangeOnline {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-ModernAuthSharePoint.ps1
+++ b/source/tests/Test-ModernAuthSharePoint.ps1
@@ -11,17 +11,15 @@ function Test-ModernAuthSharePoint {
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.2.1"
+        $RecNum = "7.2.1"
-
+        Write-Verbose "Running Test-ModernAuthSharePoint for $RecNum..."
        <#
        # Conditions for 7.2.1 (L1) Ensure modern authentication for SharePoint applications is required
        ## Validate test for a pass:
        # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
        # - Specific conditions to check:
        #   - Condition A: The setting "Apps that don't use modern authentication" is set to "Block access" in the SharePoint admin center.
        #   - Condition B: The PowerShell command `Get-SPOTenant | ft LegacyAuthProtocolsEnabled` returns `False`.
        ## Validate test for a fail:
        # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
        # - Specific conditions to check:
@@ -29,26 +27,28 @@ function Test-ModernAuthSharePoint {
        #   - Condition B: The PowerShell command `Get-SPOTenant | ft LegacyAuthProtocolsEnabled` returns `True`.
        #>
    }
    process {
        try {
            # 7.2.1 (L1) Ensure modern authentication for SharePoint applications is required
-            $SPOTenant = Get-CISSpoOutput -Rec $recnum
+            # $SPOTenant Mock Object
            <#
                $SPOTenant = [PSCustomObject]@{
                    LegacyAuthProtocolsEnabled           = $true
                }
            #>
            $SPOTenant = Get-CISSpoOutput -Rec $RecNum
            $modernAuthForSPRequired = -not $SPOTenant.LegacyAuthProtocolsEnabled
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $modernAuthForSPRequired) {
-                "Legacy authentication protocols are enabled" # Fail Condition B
+                "Legacy authentication protocols are enabled. The following command can be used to disable:`nSet-SPOTenant -LegacyAuthProtocolsEnabled `$false" # Fail Condition B
            }
            else {
                "N/A"
            }
            $details = "LegacyAuthProtocolsEnabled: $($SPOTenant.LegacyAuthProtocolsEnabled)" # Details for Condition B
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $modernAuthForSPRequired
                Status        = if ($modernAuthForSPRequired) { "Pass" } else { "Fail" }
                Details       = $details
@@ -58,10 +58,9 @@ function Test-ModernAuthSharePoint {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return the audit result
        return $auditResult
--- a/source/tests/Test-NoAnonymousMeetingJoin.ps1
+++ b/source/tests/Test-NoAnonymousMeetingJoin.ps1
@@ -9,8 +9,8 @@ function Test-NoAnonymousMeetingJoin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.5.1"
+        $RecNum = "8.5.1"
-        Write-Verbose "Running Test-NoAnonymousMeetingJoin for $recnum..."
+        Write-Verbose "Running Test-NoAnonymousMeetingJoin for $RecNum..."
    }
    process {
        try {
@@ -36,7 +36,7 @@ function Test-NoAnonymousMeetingJoin {
                    AllowAnonymousUsersToJoinMeeting            = $true
                }
            #>
-            $teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum
+            $teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $RecNum
            $allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting
            # Prepare failure reasons and details based on compliance
            $failureReasons = if ($allowAnonymousUsersToJoinMeeting) {
@@ -48,7 +48,7 @@ function Test-NoAnonymousMeetingJoin {
            $details = "AllowAnonymousUsersToJoinMeeting is set to $allowAnonymousUsersToJoinMeeting"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = -not $allowAnonymousUsersToJoinMeeting
                Status        = if (-not $allowAnonymousUsersToJoinMeeting) { "Pass" } else { "Fail" }
                Details       = $details
@@ -58,7 +58,7 @@ function Test-NoAnonymousMeetingJoin {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-NoAnonymousMeetingStart.ps1
+++ b/source/tests/Test-NoAnonymousMeetingStart.ps1
@@ -9,8 +9,8 @@ function Test-NoAnonymousMeetingStart {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.5.2"
+        $RecNum = "8.5.2"
-        Write-Verbose "Running Test-NoAnonymousMeetingStart for $recnum..."
+        Write-Verbose "Running Test-NoAnonymousMeetingStart for $RecNum..."
    }
    process {
        try {
@@ -31,7 +31,7 @@ function Test-NoAnonymousMeetingStart {
            #   - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`.
            # Connect to Teams PowerShell using Connect-MicrosoftTeams
            # Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings
-            $CsTeamsMeetingPolicyAnonymous = Get-CISMSTeamsOutput -Rec $recnum
+            $CsTeamsMeetingPolicyAnonymous = Get-CISMSTeamsOutput -Rec $RecNum
            $anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting
            # Prepare failure reasons and details based on compliance
            $failureReasons = if ($anonymousStartDisabled) {
@@ -43,7 +43,7 @@ function Test-NoAnonymousMeetingStart {
            $details = "AllowAnonymousUsersToStartMeeting is set to $($CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting)" # Condition C
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $anonymousStartDisabled
                Status        = if ($anonymousStartDisabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -53,7 +53,7 @@ function Test-NoAnonymousMeetingStart {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-NoWhitelistDomains.ps1
+++ b/source/tests/Test-NoWhitelistDomains.ps1
@@ -9,8 +9,8 @@ function Test-NoWhitelistDomains {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "6.2.2"
+        $RecNum = "6.2.2"
-        Write-Verbose "Running Test-NoWhitelistDomains for $recnum..."
+        Write-Verbose "Running Test-NoWhitelistDomains for $RecNum..."
        <#
        Conditions for 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains (Automated)
        Validate test for a pass:
@@ -32,7 +32,7 @@ function Test-NoWhitelistDomains {
            # 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
            # Retrieve transport rules that whitelist specific domains
            # Condition A: Checking for transport rules that whitelist specific domains
-            $whitelistedRules = Get-CISExoOutput -Rec $recnum
+            $whitelistedRules = Get-CISExoOutput -Rec $RecNum
            # Prepare failure reasons and details based on compliance
            # Condition B: Prepare failure reasons based on the presence of whitelisted rules
            $failureReasons = if ($whitelistedRules) {
@@ -51,7 +51,7 @@ function Test-NoWhitelistDomains {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = -not $whitelistedRules
                Status        = if ($whitelistedRules) { "Fail" } else { "Pass" }
                Details       = $details
@@ -61,7 +61,7 @@ function Test-NoWhitelistDomains {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-NotifyMalwareInternal.ps1
+++ b/source/tests/Test-NotifyMalwareInternal.ps1
@@ -24,8 +24,8 @@ function Test-NotifyMalwareInternal {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "2.1.3"
+        $RecNum = "2.1.3"
-        Write-Verbose "Running Test-NotifyMalwareInternal for $recnum..."
+        Write-Verbose "Running Test-NotifyMalwareInternal for $RecNum..."
    }
    process {
        try {
@@ -47,7 +47,7 @@ function Test-NotifyMalwareInternal {
                    }
                )
            #>
-            $malwareNotifications = Get-CISExoOutput -Rec $recnum
+            $malwareNotifications = Get-CISExoOutput -Rec $RecNum
            # Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications.
            $policiesToReport = @()
            foreach ($policy in $malwareNotifications) {
@@ -73,7 +73,7 @@ function Test-NotifyMalwareInternal {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $result
                Status        = if ($result) { "Pass" } else { "Fail" }
                Details       = $details
@@ -83,7 +83,7 @@ function Test-NotifyMalwareInternal {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-OneDriveContentRestrictions.ps1
+++ b/source/tests/Test-OneDriveContentRestrictions.ps1
@@ -5,7 +5,6 @@ function Test-OneDriveContentRestrictions {
        # Aligned
        # Define your parameters here
    )
    begin {
        # 7.2.4 (L2) Ensure OneDrive content sharing is restricted
        #
@@ -22,39 +21,41 @@ function Test-OneDriveContentRestrictions {
        #   - Condition A: The OneDriveSharingCapability setting is not configured to "Disabled" using the PowerShell cmdlet `Get-SPOTenant | fl OneDriveSharingCapability`.
        #   - Condition B: The OneDriveSharingCapability is not set to "Only people in your organization" in the SharePoint admin center under Policies > Sharing > OneDrive.
        #   - Condition C: OneDrive content sharing is more permissive than SharePoint content sharing.
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.2.4"
+        $RecNum = "7.2.4"
        Write-Verbose "Running Test-OneDriveContentRestrictions for $RecNum..."
    }
    process {
        try {
            # 7.2.4 (L2) Ensure OneDrive content sharing is restricted
            # Retrieve OneDrive sharing capability settings
-            $SPOTenant = Get-CISSpoOutput -Rec $recnum
+            # $SPOTenant Mock Object
            <#
                $SPOTenant = [PSCustomObject]@{
                    OneDriveSharingCapability           = "ExternalUserAndGuestSharing"
                }
            #>
            $SPOTenant = Get-CISSpoOutput -Rec $RecNum
            $isOneDriveSharingRestricted = $SPOTenant.OneDriveSharingCapability -eq 'Disabled'
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $isOneDriveSharingRestricted) {
-                "OneDrive content sharing is not restricted to 'Disabled'. Current setting: $($SPOTenant.OneDriveSharingCapability)"
+                "OneDrive content sharing is not restricted to 'Disabled'. To remediate this setting, use the Set-SPOTenant command.`n`n" + `
                "Set-SPOTenant -OneDriveSharingCapability Disabled"
            }
            else {
                "N/A"
            }
            $details = if ($isOneDriveSharingRestricted) {
                "OneDrive content sharing is restricted."
            }
            else {
                "OneDriveSharingCapability: $($SPOTenant.OneDriveSharingCapability)"
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isOneDriveSharingRestricted
                Status        = if ($isOneDriveSharingRestricted) { "Pass" } else { "Fail" }
                Details       = $details
@@ -64,10 +65,9 @@ function Test-OneDriveContentRestrictions {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return auditResult
        return $auditResult
--- a/source/tests/Test-OneDriveSyncRestrictions.ps1
+++ b/source/tests/Test-OneDriveSyncRestrictions.ps1
@@ -5,14 +5,13 @@ function Test-OneDriveSyncRestrictions {
        # Aligned
        # Define your parameters here
    )
    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.3.2"
+        $RecNum = "7.3.2"
        Write-Verbose "Running Test-OneDriveSyncRestrictions for $RecNum..."
    }
    process {
        try {
            # 7.3.2 (L2) Ensure OneDrive sync is restricted for unmanaged devices
@@ -30,20 +29,20 @@ function Test-OneDriveSyncRestrictions {
            #   - Condition A: "Allow syncing only on computers joined to specific domains" is not enabled.
            #   - Condition B: "TenantRestrictionEnabled" is set to False.
            #   - Condition C: "AllowedDomainList" does not contain the trusted domain GUIDs from the on-premises environment.
            # Retrieve OneDrive sync client restriction settings
-            $SPOTenantSyncClientRestriction = Get-CISSpoOutput -Rec $recnum
+            $SPOTenantSyncClientRestriction = Get-CISSpoOutput -Rec $RecNum
            $isSyncRestricted = $SPOTenantSyncClientRestriction.TenantRestrictionEnabled -and $SPOTenantSyncClientRestriction.AllowedDomainList
            # Condition A: Check if TenantRestrictionEnabled is True
            # Condition B: Ensure AllowedDomainList contains trusted domains GUIDs
            $failureReasons = if (-not $isSyncRestricted) {
-                "OneDrive sync is not restricted to managed devices. TenantRestrictionEnabled should be True and AllowedDomainList should contain trusted domains GUIDs."
+                "OneDrive sync is not restricted to managed devices. For hybrid devices, TenantRestrictionEnabled should be True and AllowedDomainList should contain trusted domains GUIDs.`n" + `
                "To remediate this setting, edit and use the Set-SPOTenantSyncClientRestriction command below:`n" + `
                "Set-SPOTenantSyncClientRestriction -TenantRestrictionEnabled `$true -AllowedDomainList `"<GUID1>`",`"<GUID2>`"`n`n" + `
                "Note: Utilize the -BlockMacSync:`$true parameter if you are not using conditional access to ensure Macs cannot sync."
            }
            else {
                "N/A"
            }
            # Condition C: Prepare details based on whether sync is restricted
            $details = if ($isSyncRestricted) {
                "OneDrive sync is restricted for unmanaged devices."
@@ -51,10 +50,9 @@ function Test-OneDriveSyncRestrictions {
            else {
                "TenantRestrictionEnabled: $($SPOTenantSyncClientRestriction.TenantRestrictionEnabled); AllowedDomainList: $($SPOTenantSyncClientRestriction.AllowedDomainList -join ', ')"
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isSyncRestricted
                Status        = if ($isSyncRestricted) { "Pass" } else { "Fail" }
                Details       = $details
@@ -64,10 +62,9 @@ function Test-OneDriveSyncRestrictions {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return auditResult
        return $auditResult
--- a/source/tests/Test-OrgOnlyBypassLobby.ps1
+++ b/source/tests/Test-OrgOnlyBypassLobby.ps1
@@ -9,8 +9,8 @@ function Test-OrgOnlyBypassLobby {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.5.3"
+        $RecNum = "8.5.3"
-        Write-Verbose "Running Test-OrgOnlyBypassLobby for $recnum..."
+        Write-Verbose "Running Test-OrgOnlyBypassLobby for $RecNum..."
    }
    process {
        try {
@@ -31,7 +31,7 @@ function Test-OrgOnlyBypassLobby {
            #   - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
            # Connect to Teams PowerShell using Connect-MicrosoftTeams
            # Retrieve the Teams meeting policy for lobby bypass settings
-            $CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $recnum
+            $CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $RecNum
            $lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests'
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $lobbyBypassRestricted) {
@@ -49,7 +49,7 @@ function Test-OrgOnlyBypassLobby {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $lobbyBypassRestricted
                Status        = if ($lobbyBypassRestricted) { "Pass" } else { "Fail" }
                Details       = $details
@@ -59,7 +59,7 @@ function Test-OrgOnlyBypassLobby {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-OrganizersPresent.ps1
+++ b/source/tests/Test-OrganizersPresent.ps1
@@ -9,8 +9,8 @@ function Test-OrganizersPresent {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.5.6"
+        $RecNum = "8.5.6"
-        Write-Verbose "Running Test-OrganizersPresent for $recnum..."
+        Write-Verbose "Running Test-OrganizersPresent for $RecNum..."
    }
    process {
        try {
@@ -36,7 +36,7 @@ function Test-OrganizersPresent {
                    DesignatedPresenterRoleMode           = "Enabled"
                }
            #>
-            $CsTeamsMeetingPolicyPresenters = Get-CISMSTeamsOutput -Rec $recnum
+            $CsTeamsMeetingPolicyPresenters = Get-CISMSTeamsOutput -Rec $RecNum
            $presenterRoleRestricted = $CsTeamsMeetingPolicyPresenters.DesignatedPresenterRoleMode -eq 'OrganizerOnlyUserOverride'
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $presenterRoleRestricted) {
@@ -53,7 +53,7 @@ function Test-OrganizersPresent {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $presenterRoleRestricted
                Status        = if ($presenterRoleRestricted) { "Pass" } else { "Fail" }
                Details       = $details
@@ -63,7 +63,7 @@ function Test-OrganizersPresent {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-PasswordHashSync.ps1
+++ b/source/tests/Test-PasswordHashSync.ps1
@@ -24,14 +24,14 @@ function Test-PasswordHashSync {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "5.1.8.1"
+        $RecNum = "5.1.8.1"
-        Write-Verbose "Starting Test-PasswordHashSync with Rec: $recnum"
+        Write-Verbose "Starting Test-PasswordHashSync with Rec: $RecNum"
    }
    process {
        try {
            # 5.1.8.1 (L1) Ensure password hash sync is enabled for hybrid deployments
            # Retrieve password hash sync status (Condition A and C)
-            $passwordHashSync = Get-CISMgOutput -Rec $recnum
+            $passwordHashSync = Get-CISMgOutput -Rec $RecNum
            $hashSyncResult = $passwordHashSync
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $hashSyncResult) {
@@ -43,7 +43,7 @@ function Test-PasswordHashSync {
            $details = "OnPremisesSyncEnabled: $($passwordHashSync)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $hashSyncResult
                Status        = if ($hashSyncResult) { "Pass" } else { "Fail" }
                Details       = $details
@@ -53,7 +53,7 @@ function Test-PasswordHashSync {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-PasswordNeverExpirePolicy.ps1
+++ b/source/tests/Test-PasswordNeverExpirePolicy.ps1
@@ -11,7 +11,7 @@ function Test-PasswordNeverExpirePolicy {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "1.3.1"
+        $RecNum = "1.3.1"
        $overallResult = $true
        $detailsList = @()
        $failureReasonsList = @()
@@ -39,19 +39,18 @@ function Test-PasswordNeverExpirePolicy {
    process {
        try {
            # Step: Retrieve all domains or a specific domain
-            $domains = Get-CISMgOutput -Rec $recnum -DomainName $DomainName
+            $domains = Get-CISMgOutput -Rec $RecNum -DomainName $DomainName
            foreach ($domain in $domains) {
                $domainName = $domain.Id
                $isDefault = $domain.IsDefault
                # Step (Condition C): Determine if the notification window is set to 30 days
                $notificationWindow = $domain.PasswordNotificationWindowInDays
-                $notificationPolIsCompliant = $notificationWindow -eq 30
+                $notificationPolIsCompliant = $true # No longer a requirement
                # Step (Condition A): Retrieve password expiration policy
                $passwordPolicy = $domain.PasswordValidityPeriodInDays
                $pwPolIsCompliant = $passwordPolicy -eq 2147483647
                # Step (Condition A & B): Determine if the policy is compliant
                $overallResult = $overallResult -and $notificationPolIsCompliant -and $pwPolIsCompliant
                # Step (Condition A & B): Prepare failure reasons and details based on compliance
                $failureReasons = if ($notificationPolIsCompliant -and $pwPolIsCompliant) {
                    "N/A"
@@ -59,21 +58,17 @@ function Test-PasswordNeverExpirePolicy {
                else {
                    "Password expiration is not set to never expire or notification window is not set to 30 days for domain $domainName. Run the following command to remediate: `nUpdate-MgDomain -DomainId $domainName -PasswordValidityPeriodInDays 2147483647 -PasswordNotificationWindowInDays 30`n"
                }
                $details = "$domainName|$passwordPolicy days|$notificationWindow days|$isDefault"
                # Add details and failure reasons to the lists
                $detailsList += $details
                $failureReasonsList += $failureReasons
            }
            # Prepare the final failure reason and details
            $finalFailureReason = $failureReasonsList -join "`n"
            $finalDetails = $detailsList -join "`n"
            # Step: Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $overallResult
                Status        = if ($overallResult) { "Pass" } else { "Fail" }
                Details       = $finalDetails
@@ -83,10 +78,9 @@ function Test-PasswordNeverExpirePolicy {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return the audit result
        return $auditResult
--- a/source/tests/Test-ReauthWithCode.ps1
+++ b/source/tests/Test-ReauthWithCode.ps1
@@ -5,7 +5,6 @@ function Test-ReauthWithCode {
        # Aligned
        # Define your parameters here
    )
    begin {
        <#
        Conditions for 7.2.10 (L1) Ensure reauthentication with verification code is restricted
@@ -22,34 +21,37 @@ function Test-ReauthWithCode {
        #   - Condition A: The `EmailAttestationRequired` property is set to `False`.
        #   - Condition B: The `EmailAttestationReAuthDays` property is set to more than `15`.
        #>
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.2.10"
+        $RecNum = "7.2.10"
        Write-Verbose "Running Test-ReauthWithCode for $RecNum..."
    }
    process {
        try {
            # 7.2.10 (L1) Ensure reauthentication with verification code is restricted
            # Retrieve reauthentication settings for SharePoint Online
-            $SPOTenantReauthentication = Get-CISSpoOutput -Rec $recnum
+            # $SPOTenantReauthentication Mock Object
            <#
                $SPOTenantReauthentication = [PSCustomObject]@{
                    EmailAttestationRequired                    = "$false"
                    EmailAttestationReAuthDays                  = "30"
                }
            #>
            $SPOTenantReauthentication = Get-CISSpoOutput -Rec $RecNum
            $isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $isReauthenticationRestricted) {
-                "Reauthentication with verification code does not require reauthentication within 15 days or less."
+                "Reauthentication with verification code does not require reauthentication within 15 days or less. To remediate this setting, use the Set-SPOTenant command:`n" + `
                "Set-SPOTenant -EmailAttestationRequired `$true -EmailAttestationReAuthDays 15"
            }
            else {
                "N/A"
            }
            $details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isReauthenticationRestricted
                Status        = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" }
                Details       = $details
@@ -59,10 +61,9 @@ function Test-ReauthWithCode {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return auditResult
        return $auditResult
--- a/source/tests/Test-ReportSecurityInTeams.ps1
+++ b/source/tests/Test-ReportSecurityInTeams.ps1
@@ -9,8 +9,8 @@ function Test-ReportSecurityInTeams {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "8.6.1"
+        $RecNum = "8.6.1"
-        Write-Verbose "Running Test-ReportSecurityInTeams for $recnum..."
+        Write-Verbose "Running Test-ReportSecurityInTeams for $RecNum..."
    }
    process {
        try {
@@ -24,7 +24,7 @@ function Test-ReportSecurityInTeams {
                    AllowSecurityEndUserReporting           = $true
                }
            #>
-            $CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $recnum
+            $CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $RecNum
            # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
            # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
            # $ReportSubmissionPolicy Mock Object
@@ -40,7 +40,7 @@ function Test-ReportSecurityInTeams {
                    ReportChatMessageToCustomizedAddressEnabled = $false
                }
            #>
-            $ReportSubmissionPolicy = Get-CISExoOutput -Rec $recnum
+            $ReportSubmissionPolicy = Get-CISExoOutput -Rec $RecNum
            # Check if all the required settings are enabled
            $securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and
            $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
@@ -92,7 +92,7 @@ ReportChatMessageToCustomizedAddressEnabled: True
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $securityReportEnabled
                Status        = if ($securityReportEnabled) { "Pass" } else { "Fail" }
                Details       = $details
@@ -102,7 +102,7 @@ ReportChatMessageToCustomizedAddressEnabled: True
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-RestrictCustomScripts.ps1
+++ b/source/tests/Test-RestrictCustomScripts.ps1
@@ -4,15 +4,13 @@ function Test-RestrictCustomScripts {
    param (
        # Define your parameters here if needed
    )
    begin {
        # Dot source the class script if necessary
        # . .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.3.4"
+        $RecNum = "7.3.4"
        Write-Verbose "Running Test-RestrictCustomScripts for $RecNum..."
    }
    process {
        try {
            # 7.3.4 (L1) Ensure custom script execution is restricted on site collections
@@ -30,23 +28,27 @@ function Test-RestrictCustomScripts {
            #   - Condition A: The `DenyAddAndCustomizePages` setting is not set to `Enabled` for any site collection.
            #   - Condition B: The setting is not validated through PowerShell commands, indicating misconfiguration.
            #   - Condition C: Verification using the SharePoint Admin Center indicates that the `DenyAddAndCustomizePages` setting is not enforced.
            # Retrieve all site collections and select necessary properties
-            $SPOSitesCustomScript = Get-CISSpoOutput -Rec $recnum
+            # $SPOSitesCustomScript Mock Object
-
+            <#
                $SPOSitesCustomScript = [PSCustomObject]@{
                    Title           = "Site Collection 1"
                    Url             = "https://contoso.sharepoint.com/sites/site1"
                    DenyAddAndCustomizePages = "Enabled"
                }
            #>
            $SPOSitesCustomScript = Get-CISSpoOutput -Rec $RecNum
            # Process URLs to replace 'sharepoint.com' with '<SPUrl>'
            $processedUrls = $SPOSitesCustomScript | ForEach-Object {
                $_.Url = $_.Url -replace 'sharepoint\.com', '<SPUrl>'
                $_
            }
            # Find sites where custom scripts are allowed
            $customScriptAllowedSites = $processedUrls | Where-Object { $_.DenyAddAndCustomizePages -ne 'Enabled' }
            #$verbosePreference = 'Continue'
            # Check the total length of URLs
            $totalUrlLength = ($customScriptAllowedSites.Url -join '').Length
            Write-Verbose "Total length of URLs: $totalUrlLength"
            # Extract hostnames from allowed sites if the total length exceeds the limit
            $mostUsedHostname = $null
            if ($totalUrlLength -gt 20000) {
@@ -57,7 +59,6 @@ function Test-RestrictCustomScripts {
                    }
                }
                Write-Verbose "Extracted hostnames: $($hostnames -join ', ')"
                # Find the most used hostname using the Get-MostCommonWord function
                $mostUsedHostname = Get-MostCommonWord -InputStrings $hostnames
                Write-Verbose "Most used hostname: $mostUsedHostname"
@@ -65,7 +66,6 @@ function Test-RestrictCustomScripts {
            #$verbosePreference = 'SilentlyContinue'
            # Compliance is true if no sites allow custom scripts
            $complianceResult = $customScriptAllowedSites.Count -eq 0
            # Gather details for non-compliant sites (where custom scripts are allowed)
            $nonCompliantSiteDetails = $customScriptAllowedSites | ForEach-Object {
                $url = $_.Url
@@ -74,35 +74,32 @@ function Test-RestrictCustomScripts {
                }
                "$(if ($_.Title) {$_.Title} else {"NoTitle"})|$url"
            }
            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $complianceResult) {
-                "Some site collections are not restricting custom script execution. Review Details property for sites that are not aligned with the benchmark."
+                "Some site collections are not restricting custom script execution. Review Details property for sites that are not aligned with the benchmark.`n" + `
                "To remediate this setting, use the following command:`n" + `
                "Set-SPOSite -Identity <SiteUrl> -DenyAddAndCustomizePages `$true"
            }
            else {
                "N/A"
            }
            $details = if ($complianceResult) {
                "All site collections have custom script execution restricted"
            }
            else {
                "Title|Url`n" + ($nonCompliantSiteDetails -join "`n")
            }
            # Convert details to PSObject and check length
            $detailsPSObject = $details | ConvertFrom-Csv -Delimiter '|'
            $detailsLength = ($detailsPSObject | ForEach-Object { $_.Url }).Length
            if ($detailsLength -gt 32767) {
                # Create a preview of the first 10 results
                $preview = $detailsPSObject | Select-Object -First 10 | ForEach-Object { "$($_.Title)|$($_.Url)" }
                $details = "The output is too large. Here is a preview of the first 10 results:`n`n" + ($preview -join "`n") + "`n`nPlease run the test with the following commands to get the full details:`n`nGet-SPOSite -Limit All | Where-Object { `$.DenyAddAndCustomizePages -ne 'Enabled' } | Select-Object Title, Url"
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $complianceResult
                Status        = if ($complianceResult) { "Pass" } else { "Fail" }
                Details       = $details
@@ -112,7 +109,7 @@ function Test-RestrictCustomScripts {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
--- a/source/tests/Test-RestrictExternalSharing.ps1
+++ b/source/tests/Test-RestrictExternalSharing.ps1
@@ -5,18 +5,15 @@ function Test-RestrictExternalSharing {
        # Aligned
        # Define your parameters here
    )
    begin {
    <#
        Conditions for 7.2.3 (L1) Ensure external content sharing is restricted
        Validate test for a pass:
        - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
        - Specific conditions to check:
        - Condition A: The SharingCapability is set to "ExternalUserSharingOnly" or more restrictive in the SharePoint admin center.
        - Condition B: Using PowerShell, the SharingCapability property for the SharePoint tenant is set to "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly", or "Disabled".
        - Condition C: The external sharing settings in SharePoint Online and OneDrive are set to the same or a more restrictive level than the organization’s sharing settings.
        Validate test for a fail:
        - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
        - Specific conditions to check:
@@ -24,37 +21,40 @@ function Test-RestrictExternalSharing {
        - Condition B: Using PowerShell, the SharingCapability property for the SharePoint tenant is set to "Anyone" or "ExternalUserAndGuestSharing".
        - Condition C: The external sharing settings in SharePoint Online and OneDrive are set to a more permissive level than the organization’s sharing settings.
    #>
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "7.2.3"
+        $RecNum = "7.2.3"
        Write-Verbose "Running Test-RestrictExternalSharing for $RecNum..."
    }
    process {
        try {
            # 7.2.3 (L1) Ensure external content sharing is restricted
            # Retrieve the SharingCapability setting for the SharePoint tenant
-            $SPOTenantSharingCapability = Get-CISSpoOutput -Rec $recnum
+            <#
                $SPOTenantSharingCapability = [PSCustomObject]@{
                    SharingCapability           = "ExternalUserAndGuestSharing"
                }
            #>
            $SPOTenantSharingCapability = Get-CISSpoOutput -Rec $RecNum
            $isRestricted = $SPOTenantSharingCapability.SharingCapability -in @('ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly', 'Disabled')
            # Prepare failure reasons and details based on compliance
            # Condition B: Using PowerShell, the SharingCapability property for the SharePoint tenant is set to "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly", or "Disabled".
            $failureReasons = if (-not $isRestricted) {
-                "External content sharing is not adequately restricted. Current setting: $($SPOTenantSharingCapability.SharingCapability)"
+                "External content sharing is not adequately restricted. Current setting: $($SPOTenantSharingCapability.SharingCapability)`n" + `
                "The acceptable values for SharingCapability are: 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly', or 'Disabled'.`n" + `
                "To remediate this setting, use the Set-SPOTenant cmdlet to set the SharingCapability property to an acceptable value:`n`n" + `
                "Set-SPOTenant -SharingCapability <acceptable value from above>"
            }
            else {
                "N/A"
            }
            # Condition A: The SharingCapability is set to "ExternalUserSharingOnly" or more restrictive in the SharePoint admin center.
            # Condition C: The external sharing settings in SharePoint Online and OneDrive are set to the same or a more restrictive level than the organization’s sharing settings.
            $details = "SharingCapability: $($SPOTenantSharingCapability.SharingCapability)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isRestricted
                Status        = if ($isRestricted) { "Pass" } else { "Fail" }
                Details       = $details
@@ -64,10 +64,9 @@ function Test-RestrictExternalSharing {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
        # Return auditResult
        return $auditResult
--- a/source/tests/Test-RestrictOutlookAddins.ps1
+++ b/source/tests/Test-RestrictOutlookAddins.ps1
@@ -11,8 +11,8 @@ function Test-RestrictOutlookAddins {
        # Initialization code
        $defaultPolicyFailureDetails = @()
        $relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps')
-        $recnum = "6.3.1"
+        $RecNum = "6.3.1"
-        Write-Verbose "Running Test-RestrictOutlookAddins for $recnum..."
+        Write-Verbose "Running Test-RestrictOutlookAddins for $RecNum..."
        # Conditions for 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
        #
        # Validate test for a pass:
@@ -32,7 +32,7 @@ function Test-RestrictOutlookAddins {
            # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
            # Check all mailboxes for custom policies with unallowed add-ins
            # Check Default Role Assignment Policy
-            $customPolicyFailures, $defaultPolicy = Get-CISExoOutput -Rec $recnum
+            $customPolicyFailures, $defaultPolicy = Get-CISExoOutput -Rec $RecNum
            $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
            # Condition A: Verify that the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are unchecked under Other roles.
            if ($defaultPolicyRoles) {
@@ -58,7 +58,7 @@ function Test-RestrictOutlookAddins {
            $isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails)
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $isCompliant
                Status        = if ($isCompliant) { "Pass" } else { "Fail" }
                Details       = $detailsString
@@ -68,7 +68,7 @@ function Test-RestrictOutlookAddins {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-RestrictStorageProvidersOutlook.ps1
+++ b/source/tests/Test-RestrictStorageProvidersOutlook.ps1
@@ -24,14 +24,14 @@ function Test-RestrictStorageProvidersOutlook {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "6.5.3"
+        $RecNum = "6.5.3"
-        Write-Verbose "Running Test-RestrictStorageProvidersOutlook for $recnum..."
+        Write-Verbose "Running Test-RestrictStorageProvidersOutlook for $RecNum..."
    }
    process {
        try {
            # 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
            # Retrieve all OwaMailbox policies
-            $owaPolicies = Get-CISExoOutput -Rec $recnum
+            $owaPolicies = Get-CISExoOutput -Rec $RecNum
            # Condition A: Check if AdditionalStorageProvidersAvailable is set to False
            $nonCompliantPolicies = $owaPolicies | Where-Object { $_.AdditionalStorageProvidersAvailable }
            # Determine compliance
@@ -51,7 +51,7 @@ function Test-RestrictStorageProvidersOutlook {
            }
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $allPoliciesRestricted
                Status        = if ($allPoliciesRestricted) { "Pass" } else { "Fail" }
                Details       = $details
@@ -61,7 +61,7 @@ function Test-RestrictStorageProvidersOutlook {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-RestrictTenantCreation.ps1
+++ b/source/tests/Test-RestrictTenantCreation.ps1
@@ -9,8 +9,8 @@ function Test-RestrictTenantCreation {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
-        $recnum = "5.1.2.3"
+        $RecNum = "5.1.2.3"
-        Write-Verbose "Starting Test-RestrictTenantCreation with Rec: $recnum"
+        Write-Verbose "Starting Test-RestrictTenantCreation with Rec: $RecNum"
        <#
        Conditions for 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
        Validate test for a pass:
@@ -29,7 +29,7 @@ function Test-RestrictTenantCreation {
        try {
            # 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
            # Retrieve the tenant creation policy
-            $tenantCreationPolicy = Get-CISMgOutput -Rec $recnum
+            $tenantCreationPolicy = Get-CISMgOutput -Rec $RecNum
            $tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants
            # Prepare failure reasons and details based on compliance
            $failureReasons = if ($tenantCreationResult) {
@@ -41,7 +41,7 @@ function Test-RestrictTenantCreation {
            $details = "AllowedToCreateTenants: $($tenantCreationPolicy.AllowedToCreateTenants)"
            # Create and populate the CISAuditResult object
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $tenantCreationResult
                Status        = if ($tenantCreationResult) { "Pass" } else { "Fail" }
                Details       = $details
@@ -51,7 +51,7 @@ function Test-RestrictTenantCreation {
        }
        catch {
            $LastError = $_
-            $auditResult = Get-TestError -LastError $LastError -recnum $recnum
+            $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum
        }
    }
    end {
--- a/source/tests/Test-SafeAttachmentsPolicy.ps1
+++ b/source/tests/Test-SafeAttachmentsPolicy.ps1
@@ -1,19 +1,22 @@
 function Test-SafeAttachmentsPolicy {
    [CmdletBinding()]
    [OutputType([CISAuditResult])]
-    param ()
+    param (
        [Parameter(Mandatory = $false)]
        [string]$DomainName
    )
    begin {
-        $recnum = "2.1.4"
+        $RecNum = "2.1.4"
-        Write-Verbose "Running Test-SafeAttachmentsPolicy for $recnum..."
+        Write-Verbose "Running Test-SafeAttachmentsPolicy for $RecNum..."
        <#
            Conditions for 2.1.4 (L2) Ensure Safe Attachments policy is enabled:
            Validate test for a pass:
-                - Ensure the highest priority Safe Attachments policy is enabled.
+                - Ensure Safe Attachments policies are enabled.
-                - Check if the policy's action is set to 'Block'.
+                - Check if each policy's action is set to 'Block'.
                - Confirm the QuarantineTag is set to 'AdminOnlyAccessPolicy'.
                - Verify that the Redirect setting is disabled.
            Validate test for a fail:
-                - If the highest priority Safe Attachments policy's action is not set to 'Block'.
+                - If any Safe Attachments policy's action is not set to 'Block'.
                - If the QuarantineTag is not set to 'AdminOnlyAccessPolicy'.
                - If the Redirect setting is enabled.
                - If no enabled Safe Attachments policies are found.
@@ -33,40 +36,52 @@ function Test-SafeAttachmentsPolicy {
                }
            )
        #>
-        $safeAttachmentPolicies = Get-CISExoOutput -Rec $recnum
+        $safeAttachmentPolicies, $safeAttachmentRules = Get-CISExoOutput -Rec $RecNum
        $safeAttachmentPolicies = $safeAttachmentPolicies | Where-Object { $_.Identity -in $safeAttachmentRules.SafeAttachmentPolicy }
        if ($safeAttachmentPolicies -ne 1) {
            try {
-                $highestPriorityPolicy = $safeAttachmentPolicies | Select-Object -First 1
+                if ($DomainName) {
                    $safeAttachmentPolicies = $safeAttachmentPolicies | Where-Object { $_.Identity -eq ($safeAttachmentRules | Sort-Object -Property Priority | Where-Object { $_.RecipientDomainIs -in $DomainName } | Select-Object -ExpandProperty SafeAttachmentPolicy -First 1) }
                    $RecipientDomains = $safeAttachmentRules | Where-Object { $_.SafeAttachmentPolicy -eq $safeAttachmentPolicies.Identity } | Select-Object -ExpandProperty RecipientDomainIs
                }
                # Initialize details and failure reasons
                $details = @()
                $failureReasons = @()
                foreach ($policy in $safeAttachmentPolicies) {
                    # Check policy specifics as per CIS benchmark requirements
-                if ($highestPriorityPolicy.Action -ne 'Block') {
+                    if ($Policy.Action -ne 'Block') {
-                    $failureReasons += "Policy action is not set to 'Block'."
+                        $failureReasons += "Policy: $($Policy.Identity); Action is not set to 'Block'."
                    }
-                if ($highestPriorityPolicy.QuarantineTag -ne 'AdminOnlyAccessPolicy') {
+                    if ($Policy.QuarantineTag -ne 'AdminOnlyAccessPolicy') {
-                    $failureReasons += "Quarantine policy is not set to 'AdminOnlyAccessPolicy'."
+                        $failureReasons += "Policy: $($Policy.Identity); Quarantine is not set to 'AdminOnlyAccessPolicy'."
                    }
-                if ($highestPriorityPolicy.Redirect -ne $false) {
+                    if ($Policy.Redirect -ne $false) {
-                    $failureReasons += "Redirect is not disabled."
+                        $failureReasons += "Policy: $($Policy.Identity); Redirect is not disabled."
                    }
                    # The result is a pass if there are no failure reasons
                    $details += [PSCustomObject]@{
                        Policy        = ($Policy.Identity).trim()
                        Action        = $Policy.Action
                        QuarantineTag = $Policy.QuarantineTag
                        Redirect      = $Policy.Redirect
                        Enabled       = $Policy.Enable
                        Priority      = [int]($safeAttachmentRules | Where-Object { $_.SafeAttachmentPolicy -eq $Policy.Identity } | Select-Object -ExpandProperty Priority)
                    }
                }
                $result = $failureReasons.Count -eq 0
-                $details = [PSCustomObject]@{
+                if ($RecipientDomains) {
-                    Policy        = $highestPriorityPolicy.Identity
+                    $failureReasons += "Recipient domain(s): '$($RecipientDomains -join ', ' )' included in tested policy."
                    Action        = $highestPriorityPolicy.Action
                    QuarantineTag = $highestPriorityPolicy.QuarantineTag
                    Redirect      = $highestPriorityPolicy.Redirect
                    Enabled       = $highestPriorityPolicy.Enable
                }
                # Format details for output manually
-                $detailsString = "Policy|Action|QuarantineTag|Redirect|Enabled`n" + ($details |
+                $detailsString = "Policy|Action|QuarantineTag|Redirect|Enabled|Priority`n" + `
-                    ForEach-Object { "$($_.Policy)|$($_.Action)|$($_.QuarantineTag)|$($_.Redirect)|$($_.Enabled)`n" }
+                ($details | ForEach-Object {
                        "$($_.Policy)|$($_.Action)|$($_.QuarantineTag)|$($_.Redirect)|$($_.Enabled)|$($_.Priority)`n"
                    }
                )
                $failureReasonsString = ($failureReasons -join "`n")
                # Create and populate the CISAuditResult object
                $params = @{
-                    Rec           = $recnum
+                    Rec           = $RecNum
                    Result        = $result
                    Status        = if ($result) { "Pass" } else { "Fail" }
                    Details       = $detailsString
@@ -75,18 +90,18 @@ function Test-SafeAttachmentsPolicy {
                $auditResult = Initialize-CISAuditResult @params
            }
            catch {
-                Write-Error "An error occurred during the test: $_"
+                Write-Error "An error occurred during the test $RecNum`:: $_"
                # Retrieve the description from the test definitions
-                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
+                $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum }
                $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
-                $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
+                $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ })
                # Call Initialize-CISAuditResult with error parameters
-                $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+                $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure
            }
        }
        else {
            $params = @{
-                Rec           = $recnum
+                Rec           = $RecNum
                Result        = $false
                Status        = "Fail"
                Details       = "No Safe Attachments policies found."
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
DrIOS	55a4ec4bea	add: Version number to test output	2025-04-21 11:57:40 -05:00
DrIOS	e2ab71f1a8	Fix: Update Help	2025-04-21 11:27:41 -05:00
DrIOS	118bb6f227	Fix: Export-M365SecurityAuditTable function	2025-04-21 11:19:43 -05:00
DrIOS	2a6aaffe2f	Add: Get-TestDefinition function	2025-04-21 11:17:24 -05:00
DrIOS	4cbe2ada48	fix: formatting	2025-04-21 11:16:50 -05:00
DrIOS	9579a65f94	Add: Get-TestDefinition function	2025-04-21 11:16:10 -05:00
DrIOS	ac4d268eb8	test: test	2025-04-20 11:13:00 -05:00
DrIOS	00c06f7d25	fix: formatting	2025-04-19 19:51:38 -05:00
DrIOS	445c962af0	fix: pre test call	2025-04-19 19:33:22 -05:00
DrIOS	6cb086f8f1	fix: formatting	2025-04-19 19:22:25 -05:00
DrIOS	6098c26ce5	fix: Minimum version in module install	2025-04-19 19:20:20 -05:00
DrIOS	06a3ce57d1	fix: Formatting	2025-04-19 18:14:54 -05:00
DrIOS	62a0488ed5	fix: version type in assert module	2025-03-25 08:31:52 -05:00
DrIOS	2c339f8bc5	fix : changelog and formatting	2025-03-25 08:09:00 -05:00
DrIOS	e16c147e7d	add: Adds new CSV for PowerShell commands and updates PnP update check handling	2025-03-23 15:39:50 -05:00
Doug Rios	3e4214c070	Merge branch 'main' into 365-4.0.0-Update	2025-03-23 15:34:35 -05:00
DrIOS	ee23b72db7	fix formatting	2025-03-15 10:52:54 -05:00
DrIOS	5a995c702f	add: UpdateCheck variable off for pnp powershell.	2025-03-10 10:06:49 -05:00
Doug Rios	be0b6e0129	Merge pull request #156 from CriticalSolutionsNetwork/Bugfix--Fix-SPO-output-for-Get-SPOSite fix: Fix SPO output for Get-SPOSite	2025-01-14 13:11:13 -06:00
DrIOS	642cdfe2ab	fix: Fix SPO output for Get-SPOSite	2025-01-14 13:07:59 -06:00
Doug Rios	a8b76c7e16	Merge pull request #155 from CriticalSolutionsNetwork/Bugfix-Sharepoint-Online-Issue-from-EOY-2024 Bugfix sharepoint online issue from eoy 2024	2025-01-13 16:07:14 -06:00
DrIOS	fbf40fa98e	add: method to avoid assembly already loaded error	2025-01-13 16:03:30 -06:00
DrIOS	f409e8a5f1	add: new method of verifying spo tenant for Connect-SPOService branch	2025-01-13 15:35:07 -06:00
DrIOS	c341279531	add: error handling to identify problematic step in connect function	2025-01-13 14:46:53 -06:00
DrIOS	6a8438bbe8	add: error handling to identify problematic step in connect function	2025-01-13 14:44:18 -06:00
DrIOS	d62e914de0	fix: 2.1.1 attachment filtering	2025-01-13 14:39:21 -06:00
DrIOS	e1ef81a249	fix: return when higest policy passes.	2024-12-30 13:52:34 -06:00
DrIOS	a0b524104d	format: Line breaks	2024-12-30 13:45:28 -06:00
DrIOS	bd9978a494	fix: scope function and antiphishing policy comments	2024-12-27 15:22:40 -06:00
DrIOS	07ca126c1b	format: comments for Get-PhishPolicyCompliance	2024-12-27 11:54:46 -06:00
DrIOS	f493eed7a0	format: Get-CISExoOutput comments	2024-12-27 11:46:08 -06:00
DrIOS	4e12eae6a9	add: Tests for 2.17	2024-12-27 11:05:28 -06:00
DrIOS	022dcde49b	docs: update spellcheck	2024-12-27 10:33:24 -06:00
DrIOS	ef4bc4dcbd	add: parameter validation updates and new public function	2024-12-26 16:06:11 -06:00
DrIOS	af17eb1c2e	add: public function for gathering rec numbers	2024-12-26 15:58:02 -06:00
DrIOS	8fb2f1d9c8	Format: remove blank lines in Get-TestDefinitionsObject	2024-12-26 15:33:14 -06:00
DrIOS	88f2566422	add: test and call for 1.1.4	2024-12-26 14:40:25 -06:00
DrIOS	856bd0b8d8	aDD: warning for pnp.powershell and authobject usage	2024-12-26 14:06:52 -06:00
DrIOS	330f399b41	fix: added warning for subsequent runs when using auth object	2024-12-26 13:00:31 -06:00
DrIOS	ac5274d9f6	docs:update CHANGELOG	2024-12-26 10:47:53 -06:00
DrIOS	80c9c73c83	docs:update comment	2024-12-26 10:44:59 -06:00
DrIOS	d11ebf47a6	fix: pnp spo graph module load error	2024-12-26 10:44:02 -06:00
DrIOS	d9b8bf2941	format: update recnum to RecNum	2024-12-26 09:28:33 -06:00
DrIOS	391be439b0	add: formatting	2024-12-24 16:42:52 -06:00
DrIOS	5753ab8a4f	add: Core logic to switch between versions	2024-12-24 15:51:03 -06:00
DrIOS	ca021695a4	add: Placeholders for test defs	2024-12-24 14:33:03 -06:00
DrIOS	fb7b543c6a	add: TestDefinitions-v4.0.0.csv file	2024-12-24 13:37:08 -06:00
DrIOS	fdc20093ba	docs: update help docs	2024-12-24 11:31:26 -06:00
DrIOS	87c635210d	docs: Update Help	2024-08-04 16:03:14 -05:00
DrIOS	07592569b4	docs: Pull doc changes	2024-08-04 15:55:40 -05:00
Doug Rios	4b3a0b7505	Merge pull request #148 from CriticalSolutionsNetwork/Testing-Automations Testing automations	2024-08-04 15:46:49 -05:00
DrIOS	042bf7b37c	docs: update help docs	2024-08-04 15:44:12 -05:00
DrIOS	69ae64562f	docs: update help docs	2024-08-04 15:40:50 -05:00
DrIOS	c64325e773	docs: update help docs	2024-08-04 15:34:28 -05:00
DrIOS	c341db53c5	docs: update help docs	2024-08-04 15:17:21 -05:00
DrIOS	2f5c653cc8	docs: Update CHANGELOG	2024-08-04 14:53:21 -05:00
DrIOS	00600123f3	docs: Update readme and html help	2024-08-04 14:50:58 -05:00
DrIOS	0cb1643341	docs: Update readme and html help	2024-08-04 14:47:45 -05:00
DrIOS	939980b087	docs: Update readme and html help	2024-08-04 14:29:42 -05:00
DrIOS	f375fdd5ef	rename function	2024-08-04 14:13:35 -05:00
DrIOS	0ea930c708	rename function	2024-08-04 14:13:25 -05:00
Doug Rios	f9e3b5faed	Merge pull request #149 from CriticalSolutionsNetwork/main Update README.md	2024-08-04 13:56:38 -05:00
Doug Rios	4613d592d1	Update README.md	2024-08-04 13:54:55 -05:00
DrIOS	da968db3e2	change: refactor Get-CISSpoOutput to support application auth using Pnp Powershell	2024-08-04 13:51:29 -05:00
DrIOS	357f284d08	add: test number to error	2024-08-04 13:49:58 -05:00
DrIOS	9e3058add4	add: test number to Get-TestError output	2024-08-04 13:49:13 -05:00
DrIOS	d7d16ff0b5	add: App Authentication test	2024-08-03 18:52:46 -05:00
DrIOS	45eb961554	Fix: Vaugue parameter name	2024-08-03 11:43:42 -05:00
DrIOS	686e805f6a	Fix: Vaugue parameter name	2024-08-03 11:42:59 -05:00
DrIOS	63edc13261	fix: Export original and all tests	2024-08-03 11:29:15 -05:00
DrIOS	9508130ddd	fix: compatibility version	2024-08-03 11:28:46 -05:00
DrIOS	db73d755ed	fix: Output suppression	2024-08-01 21:14:56 -05:00
Doug Rios	37e2b70ba4	Merge pull request #146 from CriticalSolutionsNetwork/Fix-pw-notification-test Fix pw notification test	2024-07-23 08:17:32 -05:00
DrIOS	8acae46b98	docs: Update CHANGELOG	2024-07-23 07:53:00 -05:00
DrIOS	1fd460c84d	fix: notification window for 1.3.1	2024-07-23 07:51:15 -05:00
Doug Rios	9f28c976ce	Merge pull request #144 from CriticalSolutionsNetwork/Test-Help docs: Update Help Wiki	2024-07-07 17:45:21 -05:00
DrIOS	1ec287031c	docs: Update Help Wiki	2024-07-07 17:43:25 -05:00
DrIOS	de89312352	docs: Update Help Wiki	2024-07-07 17:41:04 -05:00
Doug Rios	1717b60891	Merge pull request #142 from CriticalSolutionsNetwork/Revert-and-refactor-1.3.3,6.1.2,6.1.3 Revert and refactor 1.3.3,2.1.4,6.1.2,6.1.3	2024-07-07 17:24:24 -05:00
DrIOS	6624bde267	docs: Update CHANGELOG	2024-07-07 17:21:40 -05:00
DrIOS	e4277afdb7	docs: Update Help README/HTML	2024-07-07 17:15:26 -05:00
DrIOS	7688071899	docs: Update Markdown	2024-07-07 17:15:05 -05:00
DrIOS	e1ab050e69	docs: Update Comment Help	2024-07-07 17:00:42 -05:00
DrIOS	7226afd198	docs: Update Comment Help	2024-07-07 16:42:55 -05:00
DrIOS	337a21bc7d	docs: Update Comment Help	2024-07-07 16:37:38 -05:00
DrIOS	14ed9f6598	docs: Update Comment Help	2024-07-07 16:32:50 -05:00
DrIOS	5ddcd4466e	docs: Update CHANGELOG	2024-07-07 16:21:05 -05:00
DrIOS	228c58cef3	fix: Safe Attachments logic	2024-07-07 16:18:43 -05:00
DrIOS	fe04175798	fix: formatting of 1.3.3 here string	2024-07-07 13:06:19 -05:00
DrIOS	8197187f70	docs: Update CHANGELOG	2024-07-07 13:02:11 -05:00
DrIOS	f830bdf2f0	docs: Update testfile	2024-07-07 12:56:02 -05:00
DrIOS	e86c61d221	change: Get-Action Testing-Refactor export	2024-07-07 12:48:39 -05:00
DrIOS	17647d7180	change: Get-Action Testing-DONE	2024-07-07 12:18:38 -05:00
DrIOS	d941459ac0	change: Get-Action Testing	2024-07-07 12:11:06 -05:00
DrIOS	4557c1806f	change: Get-Action Testing	2024-07-07 12:01:34 -05:00
DrIOS	fcaebf1db1	change: Get-Action Testing	2024-07-07 11:58:16 -05:00
DrIOS	ff1162f962	change: Test-ExternalSharingCalendars reverted to simple test	2024-07-07 10:25:15 -05:00
DrIOS	f91af6e725	change: Test-ExternalSharingCalendars reverted to simple test	2024-07-07 10:24:32 -05:00
Doug Rios	904e36c376	Merge pull request #140 from CriticalSolutionsNetwork/131-formatting-spo 131 formatting spo	2024-07-02 10:04:19 -05:00
DrIOS	d68ae22982	docs: Update CHANGELOG	2024-07-02 10:02:55 -05:00
DrIOS	50c94485e7	fix: Manual rebase export	2024-07-02 10:00:26 -05:00
DrIOS	a80e26f089	fix: Manual rebase export	2024-07-02 09:54:30 -05:00
DrIOS	5d11b46d96	fix: SPO formatting and output	2024-07-02 09:47:06 -05:00
DrIOS	5ef32eb4b8	fix: up to 7.2.6 SPO formatting and output	2024-07-02 09:00:54 -05:00
DrIOS	0e2e779c82	fix: up to 7.2.6 SPO formatting and output	2024-07-02 09:00:43 -05:00