Merge pull request #142 from CriticalSolutionsNetwork/Revert-and-refa…

…ctor-1.3.3,6.1.2,6.1.3 Revert and refactor 1.3.3,2.1.4,6.1.2,6.1.3
CriticalSolutionsNetwork · Jul 7, 2024 · 1717b60 · 1717b60
2 parents 904e36c + 6624bde
commit 1717b60
Show file tree

Hide file tree

Showing 29 changed files with 993 additions and 944 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,27 @@ The format is based on and uses the types of changes according to [Keep a Change
 
 ## [Unreleased]
 
+### Added
+
+- New private function `Get-AuditMailboxDetail` for 6.1.2 and 6.1.3 tests to get the action details for the test.
+
+### Changed
+
+- Changed `Get-Action` function to include both dictionaries.
+
+### Fixed
+
+- Fixed Test 1.3.3 to be the simpler version of the test while including output to check for current users sharing calendars.
+- Safe Attachments logic and added `$DomainName` as input to 2.1.4 to test main policy.
+
+### Docs
+
+- Updated `about_M365FoundationsCISReport` help file with new functions and changes.
+- Updated `Invoke-M365SecurityAudit` help file with examples.
+- Updated `Export-M365SecurityAudit` help file with examples.
+
+## [0.1.23] - 2024-07-02
+
 # Fixed
 
 - SPO tests formatting and output.

diff --git a/README copy.md b/README copy.md
@@ -13,81 +13,40 @@ For full license details, please visit [Creative Commons Attribution-NonCommerci
 [Register for and download CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks)
 
 ## Invoke-M365SecurityAudit
-### Synopsis
-Invokes a security audit for Microsoft 365 environments.
-### Syntax
-```powershell
-
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
-
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-ELevel <String>] [-ProfileLevel <String>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
-
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG1] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
 
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG2] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
-
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG3] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
-
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeRecommendation <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
-
-Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-SkipRecommendation <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
+# EXAMPLES
+```powershell
+# Example 1: Performing a security audit based on CIS benchmarks
+$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
+$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ApprovedCloudStorageProviders "DropBox" -ApprovedFederatedDomains "northwind.com"
 
+# Example 2: Exporting a security audit and it's nested tables to zipped CSV files
+Export-M365SecurityAuditTable -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests -ExportAllTests
+    # Output Ex: 2024.07.07_14.55.55_M365FoundationsAudit_368B2E2F.zip
 
+# Example 3: Retrieving licenses for users in administrative roles
+Get-AdminRoleUserLicense
 
+# Example 4: Getting MFA status of users
+Get-MFAStatus -UserId "user@domain.com"
 
-```
-### Parameters
-| Name  | Alias  | Description | Required? | Pipeline Input | Default Value |
-| - | - | - | - | - | - |
-| <nobr>TenantAdminUrl</nobr> |  | The URL of the tenant admin. This parameter is mandatory. | true | false |  |
-| <nobr>DomainName</nobr> |  | The domain name of the Microsoft 365 environment. This parameter is mandatory. | true | false |  |
-| <nobr>ELevel</nobr> |  | Specifies the E-Level \(E3 or E5\) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. | false | false |  |
-| <nobr>ProfileLevel</nobr> |  | Specifies the profile level \(L1 or L2\) for the audit. This parameter is optional and can be combined with the ELevel parameter. | false | false |  |
-| <nobr>IncludeIG1</nobr> |  | If specified, includes tests where IG1 is true. | false | false | False |
-| <nobr>IncludeIG2</nobr> |  | If specified, includes tests where IG2 is true. | false | false | False |
-| <nobr>IncludeIG3</nobr> |  | If specified, includes tests where IG3 is true. | false | false | False |
-| <nobr>IncludeRecommendation</nobr> |  | Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers. | false | false |  |
-| <nobr>SkipRecommendation</nobr> |  | Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. | false | false |  |
-| <nobr>DoNotConnect</nobr> |  | If specified, the cmdlet will not establish a connection to Microsoft 365 services. | false | false | False |
-| <nobr>DoNotDisconnect</nobr> |  | If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. | false | false | False |
-| <nobr>NoModuleCheck</nobr> |  | If specified, the cmdlet will not check for the presence of required modules. | false | false | False |
-| <nobr>WhatIf</nobr> | wi |  | false | false |  |
-| <nobr>Confirm</nobr> | cf |  | false | false |  |
-### Inputs
- - None. You cannot pipe objects to Invoke-M365SecurityAudit.
-
-### Outputs
- - CISAuditResult\\[\] The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
-
-### Note
-This module is based on CIS benchmarks and is governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. For more details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en
-
-### Examples
-**EXAMPLE 1**
-```powershell
-Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1"
-```
-Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
+# Example 5: Removing rows with empty status values from a CSV file
+Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1"
 
-**EXAMPLE 2**
-```powershell
-Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1
-```
-Performs an audit including all tests where IG1 is true.
+# Example 6: Synchronizing CIS benchmark data with audit results
+Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles"
 
-**EXAMPLE 3**
-```powershell
-Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
+# Example 7: Granting Microsoft Graph permissions to the auditor
+Grant-M365SecurityAuditConsent -UserPrincipalNameForConsent 'user@example.com'
 ```
-Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
 
-**EXAMPLE 4**
-```powershell
-$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com"
-PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
-```
-Captures the audit results into a variable and exports them to a CSV file.
+# NOTE
+Ensure that you have the necessary permissions and administrative roles in your Microsoft 365 environment to run these cmdlets. Proper configuration and setup are required for accurate audit results.
 
-### Links
+# TROUBLESHOOTING NOTE
+If you encounter any issues while using the cmdlets, ensure that your environment meets the module prerequisites. Check for any updates or patches that may address known bugs. For issues related to specific cmdlets, refer to the individual help files for troubleshooting tips.
 
- - [Online Version: [GitHub Repository URL]](#Online Version: [GitHub Repository URL])
+# SEE ALSO
+- [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/)
+- [Microsoft 365 Security Documentation](https://docs.microsoft.com/en-us/microsoft-365/security/)
+- [PowerShell Documentation](https://docs.microsoft.com/en-us/powershell/)
diff --git a/README.md b/README.md
diff --git a/docs/index.html b/docs/index.html
diff --git a/help/Export-M365SecurityAuditTable.md b/help/Export-M365SecurityAuditTable.md
@@ -1,4 +1,4 @@
----
+---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable
@@ -109,32 +109,31 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -OutputTestNumber
-The test number to output as an object.
-Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
+### -ExportAllTests
+Switch to export all test results.
 
 ```yaml
-Type: String
-Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle
+Type: SwitchParameter
+Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 
-Required: True
-Position: 2
-Default value: None
+Required: False
+Position: 1
+Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ExportAllTests
-Switch to export all test results.
+### -ExportOriginalTests
+Switch to export the original audit results to a CSV file.
 
 ```yaml
 Type: SwitchParameter
 Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 
-Required: False
-Position: 1
+Required: True
+Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -155,32 +154,33 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ExportOriginalTests
-Switch to export the original audit results to a CSV file.
+### -ExportToExcel
+Switch to export the results to an Excel file.
 
 ```yaml
 Type: SwitchParameter
 Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ExportToExcel
-Switch to export the results to an Excel file.
+### -OutputTestNumber
+The test number to output as an object.
+Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4".
 
 ```yaml
-Type: SwitchParameter
-Parameter Sets: ExportAllResultsFromAuditResults, ExportAllResultsFromCsv
+Type: String
+Parameter Sets: OutputObjectFromAuditResultsSingle, OutputObjectFromCsvSingle
 Aliases:
 
-Required: False
-Position: Named
-Default value: False
+Required: True
+Position: 2
+Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
@@ -191,7 +191,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 ## INPUTS
 
 ### [CISAuditResult[]] - An array of CISAuditResult objects.
-### [string] - A path to a CSV file.
+###     [string] - A path to a CSV file.
 ## OUTPUTS
 
 ### [PSCustomObject] - A custom object containing the path to the zip file and its hash.

diff --git a/help/Get-AdminRoleUserLicense.md b/help/Get-AdminRoleUserLicense.md
@@ -63,7 +63,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 ## OUTPUTS
 
 ### PSCustomObject
-### Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses.
+###     Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses.
 ## NOTES
 Creation Date:  2024-04-15
 Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing.

diff --git a/help/Get-MFAStatus.md b/help/Get-MFAStatus.md
@@ -1,4 +1,4 @@
----
+---
 external help file: M365FoundationsCISReport-help.xml
 Module Name: M365FoundationsCISReport
 online version: https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-MFAStatus
@@ -36,33 +36,33 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
 
 ## PARAMETERS
 
-### -UserId
-The User Principal Name (UPN) of a specific user to retrieve MFA status for.
-If not provided, the function retrieves MFA status for all users.
+### -SkipMSOLConnectionChecks
+{{ Fill SkipMSOLConnectionChecks Description }}
 
 ```yaml
-Type: String
+Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 
 Required: False
-Position: 1
-Default value: None
+Position: Named
+Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -SkipMSOLConnectionChecks
-{{ Fill SkipMSOLConnectionChecks Description }}
+### -UserId
+The User Principal Name (UPN) of a specific user to retrieve MFA status for.
+If not provided, the function retrieves MFA status for all users.
 
 ```yaml
-Type: SwitchParameter
+Type: String
 Parameter Sets: (All)
 Aliases:
 
 Required: False
-Position: Named
-Default value: False
+Position: 1
+Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
@@ -75,14 +75,14 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 ## OUTPUTS
 
 ### System.Object
-### Returns a sorted list of custom objects containing the following properties:
-### - UserPrincipalName
-### - DisplayName
-### - MFAState
-### - MFADefaultMethod
-### - MFAPhoneNumber
-### - PrimarySMTP
-### - Aliases
+###     Returns a sorted list of custom objects containing the following properties:
+###         - UserPrincipalName
+###         - DisplayName
+###         - MFAState
+###         - MFADefaultMethod
+###         - MFAPhoneNumber
+###         - PrimarySMTP
+###         - Aliases
 ## NOTES
 The function requires the MSOL module to be installed and connected to your tenant.
 Ensure that you have the necessary permissions to read user and MFA status information.
Name	Description	Required?	Pipeline Input	Default Value
AuditResults	An array of CISAuditResult objects containing the audit results. This parameter is mandatory when exporting from audit results.	true	false
CsvPath	The path to a CSV file containing the audit results. This parameter is mandatory when exporting from a CSV file.	true	false
OutputTestNumber	The test number to output as an object. Valid values are "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4". This parameter is used to output a specific test result.	true	false
ExportAllTests	Switch to export all test results. When specified, all test results are exported to the specified path.	false	false	False
ExportPath	The path where the CSV or Excel files will be exported. This parameter is mandatory when exporting all tests.	true	false
ExportOriginalTests	Switch to export the original audit results to a CSV file. When specified, the original test results are exported along with the processed results.	true	false	False
ExportToExcel	Switch to export the results to an Excel file. When specified, results are exported in Excel format.	false	false	False
Name	Alias	Description	Required?	Pipeline Input	Default Value
UserId		The User Principal Name (UPN) of a specific user to retrieve MFA status for. If not provided, the function retrieves MFA status for all users.	false	false
SkipMSOLConnectionChecks			false	false	False
Name	Alias	Description	Required?	Pipeline Input	Default Value
UserPrincipalNameForConsent		The UPN or ID of the user to grant consent for.	true	true (ByValue, ByPropertyName)
SkipGraphConnection		If specified, skips connecting to Microsoft Graph.	false	false	False
SkipModuleCheck		If specified, skips the check for the Microsoft.Graph module.	false	false	False
SuppressRevertOutput		If specified, suppresses the output of the revert commands.	false	false	False
DoNotDisconnect		If specified, does not disconnect from Microsoft Graph after granting consent.	false	false	False
WhatIf	wi		false	false
Confirm	cf		false	false
Name	Alias	Description	Required?	Pipeline Input	Default Value
TenantAdminUrl		The URL of the tenant admin. If not specified, none of the SharePoint Online tests will run.	false	false
DomainName		The domain name of the Microsoft 365 environment to test. This parameter is not mandatory and by default it will pass/fail all found domains as a group if a specific domain is not specified.	false	false
ELevel		Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter.	true	false
ProfileLevel		Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter.	true	false
IncludeIG1		If specified, includes tests where IG1 is true.	true	false	False
IncludeIG2		If specified, includes tests where IG2 is true.	true	false	False
IncludeIG3		If specified, includes tests where IG3 is true.	true	false	False
IncludeRecommendation		Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.	true	false
SkipRecommendation		Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.	true	false
ApprovedCloudStorageProviders		Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.	false	false	@()
ApprovedFederatedDomains		Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.	false	false
DoNotConnect		If specified, the cmdlet will not establish a connection to Microsoft 365 services.	false	false	False
DoNotDisconnect		If specified, the cmdlet will not disconnect from Microsoft 365 services after execution.	false	false	False
NoModuleCheck		If specified, the cmdlet will not check for the presence of required modules.	false	false	False
DoNotConfirmConnections		If specified, the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.	false	false	False
WhatIf	wi		false	false
Confirm	cf		false	false
Name	Alias	Description	Required?	Pipeline Input	Default Value
FilePath		The path to the Excel file to be processed.	true	false
WorksheetName		The name of the worksheet within the Excel file to be processed.	true	false
Name	Description	Required?	Pipeline Input
ExcelPath	Specifies the path to the Excel file to be updated. This parameter is mandatory.	false	false
CsvPath	Specifies the path to the CSV file containing new data. This parameter is mandatory.	false	false
SheetName	Specifies the name of the worksheet in the Excel file where data will be merged and updated. This parameter is mandatory.	false	false