# Changelog for M365FoundationsCISReport The format is based on and uses the types of changes according to [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ### Added - Added tenant output to connect function. - Added skip tenant connection confirmation to main function. ### Fixed - Fixed comment examples for `Export-M365SecurityAuditTable`. ### Changed - Updated `Sync-CISExcelAndCsvData` to be one function. ## [0.1.12] - 2024-06-17 ### Added - Added `Export-M365SecurityAuditTable` public function to export applicable audit results to a table format. - Added paramter to `Export-M365SecurityAuditTable` to specify output of the original audit results. - Added `Remove-RowsWithEmptyCSVStatus` public function to remove rows with empty status from the CSV file. - Added `Get-Action` private function to retrieve the action for the test 6.1.2 and 6.1.3 tests. - Added output modifications to tests that produce tables to ensure they can be exported with the new `Export-M365SecurityAuditTable` function. ## [0.1.11] - 2024-06-14 ### Added - Added Get-MFAStatus function to help with auditing mfa for conditional access controls. ### Fixed - Fixed 6.1.2/6.1.3 tests to minimize calls to the Graph API. - Fixed 2.1.1,2.1.4,2.1.5 to suppress error messages and create a standard object when no e5" ## [0.1.10] - 2024-06-12 ### Added - Added condition comments to each test. ### Fixed - Fixed csv CIS controls that were not matched correctly. ## [0.1.9] - 2024-06-10 ### Fixed - Fixed bug in 1.1.1 that caused the test to fail/pass incorrectly. Added verbose output. ### Docs - Updated helper csv formatting for one cis control. ## [0.1.8] - 2024-06-09 ### Added - Added output type to functions. ### Fixed - Whatif support for `Invoke-M365SecurityAudit`. - Whatif module output and module install process. ## [0.1.7] - 2024-06-08 ### Added - Added pipeline support to `Sync-CISExcelAndCsvData` function for `[CISAuditResult[]]` input. ### Changed - Updated `Connect-M365Suite` to make `TenantAdminUrl` an optional parameter. - Updated `Invoke-M365SecurityAudit` to make `TenantAdminUrl` an optional parameter. - Improved connection handling and error messaging in `Connect-M365Suite`. - Enhanced `Invoke-M365SecurityAudit` to allow flexible inclusion and exclusion of specific recommendations, IG filters, and profile levels. - SupportsShoudProcess to also bypass connection checks in `Invoke-M365SecurityAudit` as well as Disconnect-M365Suite. ## [0.1.6] - 2024-06-08 ### Added - Added pipeline support to `Sync-CISExcelAndCsvData` function for `[CISAuditResult[]]` input. ## [0.1.5] - 2024-06-08 ### Added - Updated test definitions for CIS Microsoft 365 Foundations Benchmark for better error handling and object output when errors occur. - Added a parameter to the `Initialize-CISAuditResult` function to allow for a static failed object to be created when an error occurs. - Refactored `Invoke-M365SecurityAudit` to include a new private function `Invoke-TestFunction` for executing test functions and handling errors. - Added a new private function `Measure-AuditResult` to calculate and display audit results. - Enhanced error logging to capture failed test details and display them at the end of the audit. - Added a private function `Get-RequiredModule` to initialize the `$requiredModules` variable for better code organization in the main script. - Updated `Test-MailboxAuditingE3` and `Test-MailboxAuditingE5` functions to use `Format-MissingAction` for structuring missing actions into a pipe-separated table format. - Added more verbose logging to `Test-BlockMailForwarding` and improved error handling for better troubleshooting. - Improved `Test-RestrictCustomScripts` to handle long URL lengths better by extracting and replacing common hostnames, and provided detailed output. - Added sorting to output. - Created new functions for improved modularity. - Parameter validation for Excel and CSV path in sync function. - Added Output type to tests. - Added `M365DomainForPWPolicyTest` parameter to `Invoke-M365SecurityAudit` to specify testing only the default domain for password expiration policy when '1.3.1' is included in the tests. ### Fixed - Ensured the `Invoke-TestFunction` returns a `CISAuditResult` object, which is then managed in the `Invoke-M365SecurityAudit` function. - Corrected the usage of the join operation within `$details` in `Test-BlockMailForwarding` to handle arrays properly. - Fixed the logic in `Test-RestrictCustomScripts` to accurately replace and manage URLs, ensuring compliance checks are correctly performed. - Updated the `Test-MailboxAuditingE3` and `Test-MailboxAuditingE5` functions to handle the `$allFailures` variable correctly, ensuring accurate pass/fail results. - Fixed the connections in helper CSV and connect function. - Removed verbose preference from `Test-RestrictCustomScripts`. - Ensured that the output in `Test-BlockMailForwarding` does not include extra spaces between table headers and data. - Fixed output in `Test-MailboxAuditingE3` and `Test-MailboxAuditingE5` to correctly align with the new table format. - Added step 1 and step 2 in `Test-BlockMailForwarding` details to ensure comprehensive compliance checks. - Fixed the issue with the output in `Test-RestrictCustomScripts` to ensure no extra spaces between table headers and data. ## [0.1.4] - 2024-05-30 ### Added - Test definitions filter function. - Logging function for future use. - Test grade written to console. ### Changed - Updated sync function to include connection info. - Refactored connect/disconnect functions to evaluate needed connections. ## [0.1.3] - 2024-05-28 ### Added - Array list to store the results of the audit. - Arraylist tests and helper template. - New testing function. - Missing properties to CSV. ### Changed - Refactored object initialization to source `RecDescription`, `CISControl`, and `CISDescription` properties from the CSV. - Added `Automated` and `Connection` properties to the output object. - All test functions aligned with the test-template. - Initialize-CISAuditResult refactored to use global test definitions. ### Fixed - Corrected test-template. - Details added to pass. ### Docs - Updated comments and documentation for new functions. ## [0.1.2] - 2024-04-29 ### Added - Automated and organized CSV testing and added test 1.1.1. - Functions to merge tests into an Excel benchmark. - Public function for merging tests. - Testing for guest users under test 1.1.4. - Error handling for `Get-AdminRoleUserLicense`. - Project URI and icon added to manifest. ### Fixed - Format for `TestDefinitions.csv`. - Filename for `Test-AdministrativeAccountCompliance`. - Error handling in test 1.1.1. - Properties for skipping and including tests. ### Docs - Updated comments for new functions. - Updated help documentation. - Updated online link in public function. ## [0.1.1] - 2024-04-02 ### Fixed - Fixed Test-ModernAuthExchangeOnline Profile Level in object. ### Added - CIS Download Notes to Comment-Help Block. - Notes to README.md for CIS Download. ## [0.1.0-preview0001] - 2024-03-25 ### Added - Initial release of the M365FoundationsCISReport PowerShell module v0.0.1. - Function `Invoke-M365SecurityAudit` for conducting a comprehensive security audit in Microsoft 365 environments. - Support for multiple parameter sets including ELevelFilter, IGFilters, RecFilter, and SkipRecFilter to cater to diverse audit requirements. - Implementation of `-NoModuleCheck`, `-DoNotConnect`, and `-DoNotDisconnect` switches for enhanced control over module behavior. - Integration with required modules like ExchangeOnlineManagement, AzureAD, Microsoft.Graph, Microsoft.Online.SharePoint.PowerShell, and MicrosoftTeams. - A dynamic test loading system based on CSV input for flexibility in defining audit tests. - Comprehensive verbose logging to detail the steps being performed during an audit. - Comment-help documentation for the `Invoke-M365SecurityAudit` function with examples and usage details. - Attribution to CIS and licensing information under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License in the README.