86 lines
3.1 KiB
PowerShell
86 lines
3.1 KiB
PowerShell
function Get-CISMgOutput {
|
|
<#
|
|
.SYNOPSIS
|
|
This is a sample Private function only visible within the module.
|
|
|
|
.DESCRIPTION
|
|
This sample function is not exported to the module and only return the data passed as parameter.
|
|
|
|
.EXAMPLE
|
|
$null = Get-CISMgOutput -PrivateData 'NOTHING TO SEE HERE'
|
|
|
|
.PARAMETER PrivateData
|
|
The PrivateData parameter is what will be returned without transformation.
|
|
|
|
#>
|
|
[cmdletBinding()]
|
|
[OutputType([string])]
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
[String]
|
|
$Rec
|
|
)
|
|
|
|
begin {
|
|
# Begin Block #
|
|
}
|
|
process {
|
|
switch ($rec) {
|
|
'1.1.3' {
|
|
# Step: Retrieve global admin role
|
|
$globalAdminRole = Get-MgDirectoryRole -Filter "RoleTemplateId eq '62e90394-69f5-4237-9190-012177145e10'"
|
|
# Step: Retrieve global admin members
|
|
$globalAdmins = Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRole.Id
|
|
return $globalAdmins
|
|
}
|
|
'1.2.1' {
|
|
$allGroups = Get-MgGroup -All | Where-Object { $_.Visibility -eq "Public" } | Select-Object DisplayName, Visibility
|
|
return $allGroups
|
|
}
|
|
'5.1.2.3' {
|
|
# Retrieve the tenant creation policy
|
|
$tenantCreationPolicy = (Get-MgPolicyAuthorizationPolicy).DefaultUserRolePermissions | Select-Object AllowedToCreateTenants
|
|
return $tenantCreationPolicy
|
|
}
|
|
'5.1.8.1' {
|
|
# Retrieve password hash sync status (Condition A and C)
|
|
$passwordHashSync = Get-MgOrganization | Select-Object -ExpandProperty OnPremisesSyncEnabled
|
|
return $passwordHashSync
|
|
}
|
|
'6.1.2' {
|
|
$tenantSkus = Get-MgSubscribedSku -All
|
|
$e3SkuPartNumber = "SPE_E3"
|
|
$founde3Sku = $tenantSkus | Where-Object { $_.SkuPartNumber -eq $e3SkuPartNumber }
|
|
if ($founde3Sku.Count -ne 0) {
|
|
$allE3Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde3Sku.SkuId) )" -All
|
|
return $allE3Users
|
|
}
|
|
else {
|
|
return $null
|
|
}
|
|
}
|
|
'6.1.3' {
|
|
$tenantSkus = Get-MgSubscribedSku -All
|
|
$e5SkuPartNumber = "SPE_E5"
|
|
$founde5Sku = $tenantSkus | Where-Object { $_.SkuPartNumber -eq $e5SkuPartNumber }
|
|
if ($founde5Sku.Count -ne 0) {
|
|
$allE5Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde5Sku.SkuId) )" -All
|
|
return $allE5Users
|
|
}
|
|
else {
|
|
return $null
|
|
}
|
|
}
|
|
Default {
|
|
# 1.1.1
|
|
$AdminRoleAssignmentsAndUsers = Get-AdminRoleUserAndAssignment
|
|
return $AdminRoleAssignmentsAndUsers
|
|
}
|
|
}
|
|
}
|
|
end {
|
|
Write-Verbose "Retuning data for Rec: $Rec"
|
|
}
|
|
} # end function Get-CISMgOutput
|
|
|