Export-M365SecurityAuditTable Export M365SecurityAuditTable Exports M365 security audit results to a CSV file or outputs a specific test result as an object. This function exports M365 security audit results from either an array of CISAuditResult objects or a CSV file. It can export all results to a specified path or output a specific test result as an object. Export-M365SecurityAuditTable AuditResults An array of CISAuditResult objects containing the audit results. PSObject[] PSObject[] None ExportPath The path where the CSV files will be exported. String String None ExportToExcel Switch to export the results to an Excel file. SwitchParameter False Prefix Add Prefix to filename after date when outputting to excel or csv. Validate that the count of letters in the prefix is less than 5. String String Corp WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None Export-M365SecurityAuditTable AuditResults An array of CISAuditResult objects containing the audit results. PSObject[] PSObject[] None ExportPath The path where the CSV files will be exported. String String None ExportToExcel Switch to export the results to an Excel file. SwitchParameter False Prefix Add Prefix to filename after date when outputting to excel or csv. Validate that the count of letters in the prefix is less than 5. String String Corp OnlyExportNestedTables ─────────────────────────────────────────────────────────────────────────── 2) OnlyExportNestedTables: nested tables only into ZIP -AuditResults, -ExportPath, -OnlyExportNestedTables ─────────────────────────────────────────────────────────────────────────── SwitchParameter False WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None Export-M365SecurityAuditTable AuditResults An array of CISAuditResult objects containing the audit results. PSObject[] PSObject[] None OutputTestNumber The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". String String None WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None AuditResults An array of CISAuditResult objects containing the audit results. PSObject[] PSObject[] None ExportPath The path where the CSV files will be exported. String String None ExportToExcel Switch to export the results to an Excel file. SwitchParameter SwitchParameter False Prefix Add Prefix to filename after date when outputting to excel or csv. Validate that the count of letters in the prefix is less than 5. String String Corp OnlyExportNestedTables ─────────────────────────────────────────────────────────────────────────── 2) OnlyExportNestedTables: nested tables only into ZIP -AuditResults, -ExportPath, -OnlyExportNestedTables ─────────────────────────────────────────────────────────────────────────── SwitchParameter SwitchParameter False OutputTestNumber The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". String String None WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None [CISAuditResult[]] - An array of CISAuditResult objects. [string] - A path to a CSV file. [PSCustomObject] - A custom object containing the path to the zip file and its hash. -------------------------- EXAMPLE 1 -------------------------- Export-M365SecurityAuditTable -AuditResults $object -OutputTestNumber 6.1.2 # Output object for a single test number from audit results -------------------------- EXAMPLE 2 -------------------------- Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" # Export all results from audit results to the specified path -------------------------- EXAMPLE 3 -------------------------- Export-M365SecurityAuditTable -CsvPath "C:\temp\auditresultstoday1.csv" -OutputTestNumber 6.1.2 # Output object for a single test number from CSV -------------------------- EXAMPLE 4 -------------------------- Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" # Export all results from CSV to the specified path -------------------------- EXAMPLE 5 -------------------------- Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportOriginalTests # Export all results from audit results to the specified path along with the original tests -------------------------- EXAMPLE 6 -------------------------- Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" -ExportOriginalTests # Export all results from CSV to the specified path along with the original tests https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable Get-AdminRoleUserLicense Get AdminRoleUserLicense Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API. The Get-AdminRoleUserLicense function connects to Microsoft Graph and retrieves all users who are assigned administrative roles along with their user details and licenses. This function is useful for auditing and compliance checks to ensure that administrators have appropriate licenses and role assignments. Get-AdminRoleUserLicense SkipGraphConnection A switch parameter that, when set, skips the connection to Microsoft Graph if already established. This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None SkipGraphConnection A switch parameter that, when set, skips the connection to Microsoft Graph if already established. This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally. SwitchParameter SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None None. You cannot pipe objects to Get-AdminRoleUserLicense. PSCustomObject Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses. Creation Date: 2024-04-15 Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing. -------------------------- EXAMPLE 1 -------------------------- Get-AdminRoleUserLicense This example retrieves all administrative role users along with their licenses by connecting to Microsoft Graph using the default scopes. -------------------------- EXAMPLE 2 -------------------------- Get-AdminRoleUserLicense -SkipGraphConnection This example retrieves all administrative role users along with their licenses without attempting to connect to Microsoft Graph, assuming that the connection is already established. https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense Get-M365SecurityAuditRecNumberList Get M365SecurityAuditRecNumberList {{ Fill in the Synopsis }} {{ Fill in the Description }} Get-M365SecurityAuditRecNumberList Version {{ Fill Version Description }} 3.0.0 4.0.0 String String None Version {{ Fill Version Description }} String String None None System.Object -------------------------- Example 1 -------------------------- PS C:\> {{ Add example code here }} {{ Add example description here }} Get-MFAStatus Get MFAStatus Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users. The Get-MFAStatus function connects to Microsoft Online Service and retrieves the MFA status for all Azure Active Directory users, excluding guest accounts. Optionally, you can specify a single user by their User Principal Name (UPN) to get their MFA status. Get-MFAStatus UserId The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. String String None SkipMSOLConnectionChecks {{ Fill SkipMSOLConnectionChecks Description }} SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None UserId The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users. String String None SkipMSOLConnectionChecks {{ Fill SkipMSOLConnectionChecks Description }} SwitchParameter SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None System.Object Returns a sorted list of custom objects containing the following properties: - UserPrincipalName - DisplayName - MFAState - MFADefaultMethod - MFAPhoneNumber - PrimarySMTP - Aliases The function requires the MSOL module to be installed and connected to your tenant. Ensure that you have the necessary permissions to read user and MFA status information. -------------------------- EXAMPLE 1 -------------------------- Get-MFAStatus Retrieves the MFA status for all Azure Active Directory users. -------------------------- EXAMPLE 2 -------------------------- Get-MFAStatus -UserId "example@domain.com" Retrieves the MFA status for the specified user with the UPN "example@domain.com". https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus Grant-M365SecurityAuditConsent Grant M365SecurityAuditConsent Grants Microsoft Graph permissions for an auditor. This function grants the specified Microsoft Graph permissions to a user, allowing the user to perform audits. It connects to Microsoft Graph, checks if a service principal exists for the client application, creates it if it does not exist, and then grants the specified permissions. Finally, it assigns the app to the user. Grant-M365SecurityAuditConsent UserPrincipalNameForConsent Specify the UPN of the user to grant consent for. String String None SkipGraphConnection If specified, skips connecting to Microsoft Graph. SwitchParameter False SkipModuleCheck If specified, skips the check for the Microsoft.Graph module. SwitchParameter False SuppressRevertOutput If specified, suppresses the output of the revert commands. SwitchParameter False DoNotDisconnect If specified, does not disconnect from Microsoft Graph after granting consent. SwitchParameter False WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None UserPrincipalNameForConsent Specify the UPN of the user to grant consent for. String String None SkipGraphConnection If specified, skips connecting to Microsoft Graph. SwitchParameter SwitchParameter False SkipModuleCheck If specified, skips the check for the Microsoft.Graph module. SwitchParameter SwitchParameter False SuppressRevertOutput If specified, suppresses the output of the revert commands. SwitchParameter SwitchParameter False DoNotDisconnect If specified, does not disconnect from Microsoft Graph after granting consent. SwitchParameter SwitchParameter False WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None System.Void This function requires the Microsoft.Graph module version 2.4.0 or higher. -------------------------- EXAMPLE 1 -------------------------- Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com Grants Microsoft Graph permissions to user@example.com for the client application with the specified Application ID. -------------------------- EXAMPLE 2 -------------------------- Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent user@example.com -SkipGraphConnection Grants Microsoft Graph permissions to user@example.com, skipping the connection to Microsoft Graph. https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Grant-M365SecurityAuditConsent Invoke-M365SecurityAudit Invoke M365SecurityAudit Invokes a security audit for Microsoft 365 environments. The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters. It allows auditing of various configurations and settings within a Microsoft 365 environment, such as compliance with CIS benchmarks. Invoke-M365SecurityAudit TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. String String None DomainName The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. String String None ELevel Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. String String None ProfileLevel Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. String String None ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. String[] String[] @() ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. String[] String[] None DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. SwitchParameter False DoNotDisconnect If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. SwitchParameter False NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. SwitchParameter False DoNotConfirmConnections If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. SwitchParameter False AuthParams Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services. CISAuthenticationParameters CISAuthenticationParameters None Version Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0". String String 4.0.0 WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None Invoke-M365SecurityAudit TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. String String None DomainName The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. String String None IncludeIG1 If specified, includes tests where IG1 is true. SwitchParameter False ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. String[] String[] @() ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. String[] String[] None DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. SwitchParameter False DoNotDisconnect If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. SwitchParameter False NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. SwitchParameter False DoNotConfirmConnections If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. SwitchParameter False AuthParams Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services. CISAuthenticationParameters CISAuthenticationParameters None Version Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0". String String 4.0.0 WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None Invoke-M365SecurityAudit TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. String String None DomainName The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. String String None IncludeIG2 If specified, includes tests where IG2 is true. SwitchParameter False ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. String[] String[] @() ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. String[] String[] None DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. SwitchParameter False DoNotDisconnect If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. SwitchParameter False NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. SwitchParameter False DoNotConfirmConnections If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. SwitchParameter False AuthParams Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services. CISAuthenticationParameters CISAuthenticationParameters None Version Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0". String String 4.0.0 WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None Invoke-M365SecurityAudit TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. String String None DomainName The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. String String None IncludeIG3 If specified, includes tests where IG3 is true. SwitchParameter False ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. String[] String[] @() ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. String[] String[] None DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. SwitchParameter False DoNotDisconnect If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. SwitchParameter False NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. SwitchParameter False DoNotConfirmConnections If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. SwitchParameter False AuthParams Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services. CISAuthenticationParameters CISAuthenticationParameters None Version Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0". String String 4.0.0 WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None Invoke-M365SecurityAudit TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. String String None DomainName The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. String String None IncludeRecommendation Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers. String[] String[] None ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. String[] String[] @() ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. String[] String[] None DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. SwitchParameter False DoNotDisconnect If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. SwitchParameter False NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. SwitchParameter False DoNotConfirmConnections If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. SwitchParameter False AuthParams Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services. CISAuthenticationParameters CISAuthenticationParameters None Version Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0". String String 4.0.0 WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None Invoke-M365SecurityAudit TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. String String None DomainName The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. String String None SkipRecommendation Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. String[] String[] None ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. String[] String[] @() ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. String[] String[] None DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. SwitchParameter False DoNotDisconnect If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. SwitchParameter False NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. SwitchParameter False DoNotConfirmConnections If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. SwitchParameter False AuthParams Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services. CISAuthenticationParameters CISAuthenticationParameters None Version Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0". String String 4.0.0 WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None TenantAdminUrl The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run. String String None DomainName The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified. String String None ELevel Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. String String None ProfileLevel Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. String String None IncludeIG1 If specified, includes tests where IG1 is true. SwitchParameter SwitchParameter False IncludeIG2 If specified, includes tests where IG2 is true. SwitchParameter SwitchParameter False IncludeIG3 If specified, includes tests where IG3 is true. SwitchParameter SwitchParameter False IncludeRecommendation Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers. String[] String[] None SkipRecommendation Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. String[] String[] None ApprovedCloudStorageProviders Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names. String[] String[] @() ApprovedFederatedDomains Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names. String[] String[] None DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. SwitchParameter SwitchParameter False DoNotDisconnect If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. SwitchParameter SwitchParameter False NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. SwitchParameter SwitchParameter False DoNotConfirmConnections If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them. SwitchParameter SwitchParameter False AuthParams Specifies an authentication object containing parameters for application-based authentication. If provided, this will be used for connecting to services. CISAuthenticationParameters CISAuthenticationParameters None Version Specifies the CIS benchmark definitions version to use. Default is 4.0.0. Valid values are "3.0.0" or "4.0.0". String String 4.0.0 WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter SwitchParameter False Confirm Prompts you for confirmation before running the cmdlet. SwitchParameter SwitchParameter False ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None None. You cannot pipe objects to Invoke-M365SecurityAudit. CISAuditResult[] The cmdlet returns an array of CISAuditResult objects representing the results of the security audit. - This module is based on CIS benchmarks. - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. - Commercial use is not permitted. This module cannot be sold or used for commercial purposes. - Modifications and sharing are allowed under the same license. - For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en - Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks -------------------------- EXAMPLE 1 -------------------------- Invoke-M365SecurityAudit Performs a security audit using default parameters. Output: Status : Fail ELevel : E3 ProfileLevel: L1 Connection : Microsoft Graph Rec : 1.1.1 Result : False Details : Non-compliant accounts: Username | Roles | HybridStatus | Missing Licence user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 FailureReason: Non-Compliant Accounts: 2 -------------------------- EXAMPLE 2 -------------------------- Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -ELevel "E5" -ProfileLevel "L1" Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment. Output: Status : Fail ELevel : E5 ProfileLevel: L1 Connection : Microsoft Graph Rec : 1.1.1 Result : False Details : Non-compliant accounts: Username | Roles | HybridStatus | Missing Licence user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 FailureReason: Non-Compliant Accounts: 2 -------------------------- EXAMPLE 3 -------------------------- Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -IncludeIG1 Performs an audit including all tests where IG1 is true. Output: Status : Fail ELevel : E3 ProfileLevel: L1 Connection : Microsoft Graph Rec : 1.1.1 Result : False Details : Non-compliant accounts: Username | Roles | HybridStatus | Missing Licence user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 FailureReason: Non-Compliant Accounts: 2 -------------------------- EXAMPLE 4 -------------------------- Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" -SkipRecommendation '1.1.3', '2.1.1' Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1. Output: Status : Fail ELevel : E3 ProfileLevel: L1 Connection : Microsoft Graph Rec : 1.1.1 Result : False Details : Non-compliant accounts: Username | Roles | HybridStatus | Missing Licence user1@domain.com| Global Administrator | Cloud-Only | AAD_PREMIUM user2@domain.com| Global Administrator | Hybrid | AAD_PREMIUM, AAD_PREMIUM_P2 FailureReason: Non-Compliant Accounts: 2 -------------------------- EXAMPLE 5 -------------------------- $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -M365DomainForPWPolicyTest "contoso.com" PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation Captures the audit results into a variable and exports them to a CSV file. Output: CISAuditResult[] auditResults.csv -------------------------- EXAMPLE 6 -------------------------- Invoke-M365SecurityAudit -WhatIf Displays what would happen if the cmdlet is run without actually performing the audit. Output: What if: Performing the operation "Invoke-M365SecurityAudit" on target "Microsoft 365 environment". https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Invoke-M365SecurityAudit New-M365SecurityAuditAuthObject New M365SecurityAuditAuthObject Creates a new CISAuthenticationParameters object for Microsoft 365 authentication. The New-M365SecurityAuditAuthObject function constructs a new CISAuthenticationParameters object containing the necessary credentials and URLs for authenticating to various Microsoft 365 services. It validates input parameters to ensure they conform to expected formats and length requirements. An app registration in Azure AD with the required permissions to EXO, SPO, MSTeams and MgGraph is needed. New-M365SecurityAuditAuthObject ClientCertThumbPrint The thumbprint of the client certificate used for authentication. It must be a 40-character hexadecimal string. This certificate is used to authenticate the application in Azure AD. String String None ClientId The Client ID (Application ID) of the Azure AD application. It must be a valid GUID format. String String None TenantId The Tenant ID of the Azure AD directory. It must be a valid GUID format representing your Microsoft 365 tenant. String String None OnMicrosoftUrl The URL of your onmicrosoft.com domain. It should be in the format 'example.onmicrosoft.com'. String String None SpAdminUrl The SharePoint admin URL, which should end with '-admin.sharepoint.com'. This URL is used for connecting to SharePoint Online. String String None ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None ClientCertThumbPrint The thumbprint of the client certificate used for authentication. It must be a 40-character hexadecimal string. This certificate is used to authenticate the application in Azure AD. String String None ClientId The Client ID (Application ID) of the Azure AD application. It must be a valid GUID format. String String None TenantId The Tenant ID of the Azure AD directory. It must be a valid GUID format representing your Microsoft 365 tenant. String String None OnMicrosoftUrl The URL of your onmicrosoft.com domain. It should be in the format 'example.onmicrosoft.com'. String String None SpAdminUrl The SharePoint admin URL, which should end with '-admin.sharepoint.com'. This URL is used for connecting to SharePoint Online. String String None ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None None. You cannot pipe objects to this function. CISAuthenticationParameters The function returns an instance of the CISAuthenticationParameters class containing the authentication details. Requires PowerShell 7.0 or later. -------------------------- EXAMPLE 1 -------------------------- $authParams = New-M365SecurityAuditAuthObject -ClientCertThumbPrint "ABCDEF1234567890ABCDEF1234567890ABCDEF12" ` -ClientId "12345678-1234-1234-1234-123456789012" ` -TenantId "12345678-1234-1234-1234-123456789012" ` -OnMicrosoftUrl "yourcompany.onmicrosoft.com" ` -SpAdminUrl "https://yourcompany-admin.sharepoint.com" Creates a new CISAuthenticationParameters object with the specified credentials and URLs, validating each parameter's format and length. Remove-RowsWithEmptyCSVStatus Remove RowsWithEmptyCSVStatus Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file. The Remove-RowsWithEmptyCSVStatus function imports data from a specified worksheet in an Excel file, checks for the presence of the 'CSV_Status' column, and filters out rows where the 'CSV_Status' column is empty. The filtered data is then exported to a new Excel file with a '-Filtered' suffix added to the original file name. Remove-RowsWithEmptyCSVStatus FilePath The path to the Excel file to be processed. String String None WorksheetName The name of the worksheet within the Excel file to be processed. String String None ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None FilePath The path to the Excel file to be processed. String String None WorksheetName The name of the worksheet within the Excel file to be processed. String String None ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None This function requires the ImportExcel module to be installed. -------------------------- EXAMPLE 1 -------------------------- Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1" This command imports data from the "Sheet1" worksheet in the "Report.xlsx" file, removes rows where the 'CSV_Status' column is empty, and saves the filtered data to a new file named "Report-Filtered.xlsx" in the same directory. Sync-CISExcelAndCsvData Sync CISExcelAndCsvData Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates. The Sync-CISExcelAndCsvData function merges and updates data in a specified Excel worksheet from a CSV file. This includes adding or updating fields for connection status, details, failure reasons, and the date of the update. It's designed to ensure that the Excel document maintains a running log of changes over time, ideal for tracking remediation status and audit history. Sync-CISExcelAndCsvData ExcelPath Specifies the path to the Excel file to be updated. This parameter is mandatory. String String None CsvPath Specifies the path to the CSV file containing new data. This parameter is mandatory. String String None SheetName Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory. String String None ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None ExcelPath Specifies the path to the Excel file to be updated. This parameter is mandatory. String String None CsvPath Specifies the path to the CSV file containing new data. This parameter is mandatory. String String None SheetName Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory. String String None ProgressAction {{ Fill ProgressAction Description }} ActionPreference ActionPreference None System.String The function accepts strings for file paths and worksheet names. None The function directly updates the Excel file and does not output any objects. - Ensure that the 'ImportExcel' module is installed and up to date to handle Excel file manipulations. - It is recommended to back up the Excel file before running this function to avoid accidental data loss. - The CSV file should have columns that match expected headers like 'Connection', 'Details', 'FailureReason', and 'Status' for correct data mapping. -------------------------- EXAMPLE 1 -------------------------- Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "AuditData" Updates the 'AuditData' worksheet in 'excel.xlsx' with data from 'data.csv', adding new information and the date of the update. https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData