Skip to content

Commit

Permalink
Merge pull request #117 from CriticalSolutionsNetwork/6.1.5/3-Exports
Browse files Browse the repository at this point in the history 
Fix: MFA STATUS Function
  • Loading branch information
@DrIOSX
DrIOSX authored Jun 18, 2024
2 parents 5e25d6e + 3ecd8bb commit 91bb61b
Show file tree
Hide file tree
Showing 14 changed files with 211 additions and 253 deletions.
15 changes: 15 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,21 @@ The format is based on and uses the types of changes according to [Keep a Change

### Added

- Added tenant output to connect function.
- Added skip tenant connection confirmation to main function.

### Fixed

- Fixed comment examples for `Export-M365SecurityAuditTable`.

### Changed

- Updated `Sync-CISExcelAndCsvData` to be one function.

## [0.1.12] - 2024-06-17

### Added

- Added `Export-M365SecurityAuditTable` public function to export applicable audit results to a table format.
- Added paramter to `Export-M365SecurityAuditTable` to specify output of the original audit results.
- Added `Remove-RowsWithEmptyCSVStatus` public function to remove rows with empty status from the CSV file.
Expand Down
Binary file modified README.md
View file
Binary file not shown.
Binary file modified docs/index.html
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion helpers/Build-Help.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1


<#
$ver = "v0.1.11"
$ver = "v0.1.12"
git checkout main
git pull origin main
git tag -a $ver -m "Release version $ver refactor Update"
Expand Down
68 changes: 66 additions & 2 deletions source/Private/Connect-M365Suite.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,52 +2,116 @@ function Connect-M365Suite {
[OutputType([void])]
[CmdletBinding()]
param (
[Parameter(Mandatory=$false)]
[Parameter(Mandatory = $false)]
[string]$TenantAdminUrl,

[Parameter(Mandatory)]
[string[]]$RequiredConnections
[string[]]$RequiredConnections,

[Parameter(Mandatory = $false)]
[switch]$SkipConfirmation
)

$VerbosePreference = "SilentlyContinue"
$tenantInfo = @()
$connectedServices = @()

try {
if ($RequiredConnections -contains "AzureAD" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
Write-Host "Connecting to Azure Active Directory..." -ForegroundColor Cyan
Connect-AzureAD | Out-Null
$tenantDetails = Get-AzureADTenantDetail
$tenantInfo += [PSCustomObject]@{
Service = "Azure Active Directory"
TenantName = $tenantDetails.DisplayName
TenantID = $tenantDetails.ObjectId
}
$connectedServices += "AzureAD"
Write-Host "Successfully connected to Azure Active Directory." -ForegroundColor Green
}

if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
Write-Host "Connecting to Microsoft Graph with scopes: Directory.Read.All, Domain.Read.All, Policy.Read.All, Organization.Read.All" -ForegroundColor Cyan
try {
Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome | Out-Null
$graphOrgDetails = Get-MgOrganization
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Graph"
TenantName = $graphOrgDetails.DisplayName
TenantID = $graphOrgDetails.Id
}
$connectedServices += "Microsoft Graph"
Write-Host "Successfully connected to Microsoft Graph with specified scopes." -ForegroundColor Green
}
catch {
Write-Host "Failed to connect to MgGraph, attempting device auth." -ForegroundColor Yellow
Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -UseDeviceCode -NoWelcome | Out-Null
$graphOrgDetails = Get-MgOrganization
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Graph"
TenantName = $graphOrgDetails.DisplayName
TenantID = $graphOrgDetails.Id
}
$connectedServices += "Microsoft Graph"
Write-Host "Successfully connected to Microsoft Graph with specified scopes." -ForegroundColor Green
}
}

if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
Write-Host "Connecting to Exchange Online..." -ForegroundColor Cyan
Connect-ExchangeOnline | Out-Null
$exoTenant = (Get-OrganizationConfig).Identity
$tenantInfo += [PSCustomObject]@{
Service = "Exchange Online"
TenantName = $exoTenant
TenantID = "N/A"
}
$connectedServices += "EXO"
Write-Host "Successfully connected to Exchange Online." -ForegroundColor Green
}

if ($RequiredConnections -contains "SPO") {
Write-Host "Connecting to SharePoint Online..." -ForegroundColor Cyan
Connect-SPOService -Url $TenantAdminUrl | Out-Null
$spoContext = Get-SPOSite -Limit 1
$tenantInfo += [PSCustomObject]@{
Service = "SharePoint Online"
TenantName = $spoContext.Url
TenantID = $spoContext.GroupId
}
$connectedServices += "SPO"
Write-Host "Successfully connected to SharePoint Online." -ForegroundColor Green
}

if ($RequiredConnections -contains "Microsoft Teams" -or $RequiredConnections -contains "Microsoft Teams | EXO") {
Write-Host "Connecting to Microsoft Teams..." -ForegroundColor Cyan
Connect-MicrosoftTeams | Out-Null
$teamsTenantDetails = Get-CsTenant
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Teams"
TenantName = $teamsTenantDetails.DisplayName
TenantID = $teamsTenantDetails.TenantId
}
$connectedServices += "Microsoft Teams"
Write-Host "Successfully connected to Microsoft Teams." -ForegroundColor Green
}

# Display tenant information and confirm with the user
if (-not $SkipConfirmation) {
Write-Host "Connected to the following tenants:" -ForegroundColor Yellow
foreach ($tenant in $tenantInfo) {
Write-Host "Service: $($tenant.Service)" -ForegroundColor Cyan
Write-Host "Tenant Name: $($tenant.TenantName)" -ForegroundColor Green
#Write-Host "Tenant ID: $($tenant.TenantID)"
Write-Host ""
}
$confirmation = Read-Host "Do you want to proceed with these connections? (Y/N)"
if ($confirmation -notlike 'Y') {
Write-Host "Connection setup aborted by user." -ForegroundColor Red
Disconnect-M365Suite -RequiredConnections $connectedServices
throw "User aborted connection setup."
}
}
}
catch {
$VerbosePreference = "Continue"
Expand Down
42 changes: 0 additions & 42 deletions source/Private/Merge-CISExcelAndCsvData.ps1
View file

This file was deleted.

22 changes: 0 additions & 22 deletions source/Private/New-MergedObject.ps1
View file

This file was deleted.

34 changes: 0 additions & 34 deletions source/Private/Update-CISExcelWorksheet.ps1
View file

This file was deleted.

29 changes: 0 additions & 29 deletions source/Private/Update-WorksheetCell.ps1
View file

This file was deleted.

32 changes: 22 additions & 10 deletions source/Public/Export-M365SecurityAuditTable.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,23 +21,23 @@
.OUTPUTS
[PSCustomObject]
.EXAMPLE
# Output object for a single test number from audit results
Export-M365SecurityAuditTable -AuditResults $object -OutputTestNumber 6.1.2
# Output object for a single test number from audit results
.EXAMPLE
# Export all results from audit results to the specified path
Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp"
# Export all results from audit results to the specified path
.EXAMPLE
# Output object for a single test number from CSV
Export-M365SecurityAuditTable -CsvPath "C:\temp\auditresultstoday1.csv" -OutputTestNumber 6.1.2
# Output object for a single test number from CSV
.EXAMPLE
# Export all results from CSV to the specified path
Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp"
# Export all results from CSV to the specified path
.EXAMPLE
# Export all results from audit results to the specified path along with the original tests
Export-M365SecurityAuditTable -ExportAllTests -AuditResults $object -ExportPath "C:\temp" -ExportOriginalTests
# Export all results from audit results to the specified path along with the original tests
.EXAMPLE
# Export all results from CSV to the specified path along with the original tests
Export-M365SecurityAuditTable -ExportAllTests -CsvPath "C:\temp\auditresultstoday1.csv" -ExportPath "C:\temp" -ExportOriginalTests
# Export all results from CSV to the specified path along with the original tests
.LINK
https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Export-M365SecurityAuditTable
#>
Expand Down Expand Up @@ -103,7 +103,12 @@ function Export-M365SecurityAuditTable {
switch ($test) {
"6.1.2" {
$details = $auditResult.Details
$csv = $details | ConvertFrom-Csv -Delimiter '|'
if ($details -ne "No M365 E3 licenses found.") {
$csv = $details | ConvertFrom-Csv -Delimiter '|'
}
else {
$csv = $null
}

if ($null -ne $csv) {
foreach ($row in $csv) {
Expand All @@ -120,7 +125,12 @@ function Export-M365SecurityAuditTable {
}
"6.1.3" {
$details = $auditResult.Details
$csv = $details | ConvertFrom-Csv -Delimiter '|'
if ($details -ne "No M365 E5 licenses found.") {
$csv = $details | ConvertFrom-Csv -Delimiter '|'
}
else {
$csv = $null
}

if ($null -ne $csv) {
foreach ($row in $csv) {
Expand Down Expand Up @@ -155,8 +165,10 @@ function Export-M365SecurityAuditTable {
Write-Information "No results found for test number $($result.TestNumber)." -InformationAction Continue
}
else {
$result.Details | Export-Csv -Path $fileName -NoTypeInformation
$exportedTests += $result.TestNumber
if (($result.Details -ne "No M365 E3 licenses found.") -and ($result.Details -ne "No M365 E5 licenses found.")) {
$result.Details | Export-Csv -Path $fileName -NoTypeInformation
$exportedTests += $result.TestNumber
}
}
}
}
Expand Down
11 changes: 5 additions & 6 deletions source/Public/Get-MFAStatus.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,15 @@ function Get-MFAStatus {
process {
if (Get-Module MSOnline){
Connect-MsolService
Write-Host -Object "Finding Azure Active Directory Accounts..."
Write-Host "Finding Azure Active Directory Accounts..."
# Get all users, excluding guests
$Users = if ($PSBoundParameters.ContainsKey('UserId')) {
Get-MsolUser -UserPrincipalName $UserId
} else {
Get-MsolUser -All | Where-Object { $_.UserType -ne "Guest" }
}
$Report = [System.Collections.Generic.List[Object]]::new() # Create output list
Write-Host -Object "Processing" $Users.Count "accounts..."
Write-Host "Processing $($Users.Count) accounts..."
ForEach ($User in $Users) {
$MFADefaultMethod = ($User.StrongAuthenticationMethods | Where-Object { $_.IsDefault -eq "True" }).MethodType
$MFAPhoneNumber = $User.StrongAuthenticationUserDetails.PhoneNumber
Expand Down Expand Up @@ -92,12 +92,11 @@ function Get-MFAStatus {
$Report.Add($ReportLine)
}

Write-Host -Object "Processing complete."
Write-Host "Processing complete."
return $Report | Select-Object UserPrincipalName, DisplayName, MFAState, MFADefaultMethod, MFAPhoneNumber, PrimarySMTP, Aliases | Sort-Object UserPrincipalName
}
else {
Write-Host -Object "You must first install MSOL using:`nInstall-Module MSOnline -Scope CurrentUser -Force"
Write-Host "You must first install MSOL using:`nInstall-Module MSOnline -Scope CurrentUser -Force"
}
}

}
}
Loading

0 comments on commit 91bb61b

Please sign in to comment.