Merge pull request #119 from CriticalSolutionsNetwork/MFA-Status-Enha…

…ncement

Gereral testing enhancements.

CHANGELOG.md

@@ -4,6 +4,31 @@ The format is based on and uses the types of changes according to [Keep a Change
 
 ## [Unreleased]
 
+### Fixed
+
+- Fixed test 1.3.1 to include notification window for password expiration.
+- Fixed 6.1.1 test definition to include the correct connection.
+- Removed banner and warning from EXO and AzureAD connection step.
+- Fixed missing CommentBlock for `Remove-RowsWithEmptyCSVStatus` function.
+- Fixed formatting and color for various Write-Host messages.
+
+### Added
+
+- Added export to excel to `Export-M365SecurityAuditTable` function.
+- `Get-AdminRoleUserLicense` function to get the license of a user with admin roles for 1.1.1.
+- Skip MSOL connection confirmation to `Get-MFAStatus` function.
+- Added `Get-CISMgOutput` function to get the output of the Microsoft Graph API per test.
+- Added `Get-CISExoOutput` function to get the output of the Exchange Online API per test.
+- Added `Get-CISMSTeamsOutput` function to get the output of the Microsoft Teams API per test.
+- Added `Get-CISSPOOutput` function to get the output of the SharePoint Online API per test.
+- Added `Get-TestError` function to get the error output of a test.
+- Updated Microsoft Graph tests to utilize the new output functions ('1.1.1', '1.1.3', '1.2.1', '1.3.1', '5.1.2.3', '5.1.8.1', '6.1.2', '6.1.3')
+- Updated EXO tests to utilize the new output functions ('1.2.2', '1.3.3', '1.3.6', '2.1.1', '2.1.2', '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '8.6.1').
+- Updated MSTeams tests to utilize the new output functions ('8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', '8.5.7', '8.6.1')
+- Updated SPO tests to utilize the new output functions ('7.2.1', '7.2.2', '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.2.10', '7.3.1', '7.3.2', '7.3.4')
+
+## [0.1.13] - 2024-06-18
+
 ### Added
 
 - Added tenant output to connect function.

source/Private/Assert-ModuleAvailability.ps1

@@ -10,25 +10,25 @@ function Assert-ModuleAvailability {
         $module = Get-Module -ListAvailable -Name $ModuleName | Where-Object { $_.Version -ge [version]$RequiredVersion }
 
         if ($null -eq $module) {
-            Write-Information "Installing $ModuleName module..." -InformationAction Continue
+            Write-Host "Installing $ModuleName module..." -ForegroundColor Yellow
             Install-Module -Name $ModuleName -RequiredVersion $RequiredVersion -Force -AllowClobber -Scope CurrentUser | Out-Null
         }
         elseif ($module.Version -lt [version]$RequiredVersion) {
-            Write-Information "Updating $ModuleName module to required version..." -InformationAction Continue
+            Write-Host "Updating $ModuleName module to required version..." -ForegroundColor Yellow
             Update-Module -Name $ModuleName -RequiredVersion $RequiredVersion -Force | Out-Null
         }
         else {
-            Write-Information "$ModuleName module is already at required version or newer." -InformationAction Continue
+            Write-Host "$ModuleName module is already at required version or newer." -ForegroundColor Gray
         }
 
         if ($SubModules.Count -gt 0) {
             foreach ($subModule in $SubModules) {
-                Write-Information "Importing submodule $ModuleName.$subModule..." -InformationAction Continue
+                Write-Host "Importing submodule $ModuleName.$subModule..." -ForegroundColor DarkGray
                 Import-Module -Name "$ModuleName.$subModule" -RequiredVersion $RequiredVersion -ErrorAction Stop | Out-Null
             }
         } else {
-            Write-Information "Importing module $ModuleName..." -InformationAction Continue
-            Import-Module -Name $ModuleName -RequiredVersion $RequiredVersion -ErrorAction Stop | Out-Null
+            Write-Host "Importing module $ModuleName..." -ForegroundColor DarkGray
+            Import-Module -Name $ModuleName -RequiredVersion $RequiredVersion -ErrorAction Stop -WarningAction SilentlyContinue | Out-Null
         }
     }
     catch {

source/Private/Connect-M365Suite.ps1

@@ -18,9 +18,9 @@ function Connect-M365Suite {
 
     try {
         if ($RequiredConnections -contains "AzureAD" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
-            Write-Host "Connecting to Azure Active Directory..." -ForegroundColor Cyan
-            Connect-AzureAD | Out-Null
-            $tenantDetails = Get-AzureADTenantDetail
+            Write-Host "Connecting to Azure Active Directory..." -ForegroundColor Yellow
+            Connect-AzureAD -WarningAction SilentlyContinue | Out-Null
+            $tenantDetails = Get-AzureADTenantDetail -WarningAction SilentlyContinue
             $tenantInfo += [PSCustomObject]@{
                 Service = "Azure Active Directory"
                 TenantName = $tenantDetails.DisplayName
@@ -31,7 +31,7 @@ function Connect-M365Suite {
         }
 
         if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
-            Write-Host "Connecting to Microsoft Graph with scopes: Directory.Read.All, Domain.Read.All, Policy.Read.All, Organization.Read.All" -ForegroundColor Cyan
+            Write-Host "Connecting to Microsoft Graph with scopes: Directory.Read.All, Domain.Read.All, Policy.Read.All, Organization.Read.All" -ForegroundColor Yellow
             try {
                 Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome | Out-Null
                 $graphOrgDetails = Get-MgOrganization
@@ -58,8 +58,8 @@ function Connect-M365Suite {
         }
 
         if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
-            Write-Host "Connecting to Exchange Online..." -ForegroundColor Cyan
-            Connect-ExchangeOnline | Out-Null
+            Write-Host "Connecting to Exchange Online..." -ForegroundColor Yellow
+            Connect-ExchangeOnline -ShowBanner:$false | Out-Null
             $exoTenant = (Get-OrganizationConfig).Identity
             $tenantInfo += [PSCustomObject]@{
                 Service = "Exchange Online"
@@ -71,20 +71,20 @@ function Connect-M365Suite {
         }
 
         if ($RequiredConnections -contains "SPO") {
-            Write-Host "Connecting to SharePoint Online..." -ForegroundColor Cyan
+            Write-Host "Connecting to SharePoint Online..." -ForegroundColor Yellow
             Connect-SPOService -Url $TenantAdminUrl | Out-Null
-            $spoContext = Get-SPOSite -Limit 1
+            $spoContext = Get-SPOCrossTenantHostUrl
+            $tenantName = Get-UrlLine -Output $spoContext
             $tenantInfo += [PSCustomObject]@{
                 Service = "SharePoint Online"
-                TenantName = $spoContext.Url
-                TenantID = $spoContext.GroupId
+                TenantName = $tenantName
             }
             $connectedServices += "SPO"
             Write-Host "Successfully connected to SharePoint Online." -ForegroundColor Green
         }
 
         if ($RequiredConnections -contains "Microsoft Teams" -or $RequiredConnections -contains "Microsoft Teams | EXO") {
-            Write-Host "Connecting to Microsoft Teams..." -ForegroundColor Cyan
+            Write-Host "Connecting to Microsoft Teams..." -ForegroundColor Yellow
             Connect-MicrosoftTeams | Out-Null
             $teamsTenantDetails = Get-CsTenant
             $tenantInfo += [PSCustomObject]@{
@@ -101,9 +101,8 @@ function Connect-M365Suite {
             Write-Host "Connected to the following tenants:" -ForegroundColor Yellow
             foreach ($tenant in $tenantInfo) {
                 Write-Host "Service: $($tenant.Service)" -ForegroundColor Cyan
-                Write-Host "Tenant Name: $($tenant.TenantName)" -ForegroundColor Green
+                Write-Host "Tenant Context: $($tenant.TenantName)`n" -ForegroundColor Green
                 #Write-Host "Tenant ID: $($tenant.TenantID)"
-                Write-Host ""
             }
             $confirmation = Read-Host "Do you want to proceed with these connections? (Y/N)"
             if ($confirmation -notlike 'Y') {

source/Private/Get-AdminRoleUserAndAssignment.ps1

@@ -0,0 +1,38 @@
+function Get-AdminRoleUserAndAssignment {
+    [CmdletBinding()]
+    param ()
+
+    $result = @{}
+
+    # Get the DisplayNames of all admin roles
+    $adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName
+
+    # Get Admin Roles
+    $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne "Directory Synchronization Accounts") }
+
+    foreach ($role in $adminRoles) {
+        Write-Verbose "Processing role: $($role.DisplayName)"
+        $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+
+        foreach ($assignment in $roleAssignments) {
+            Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)"
+            $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
+
+            if ($userDetails) {
+                Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)"
+                $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
+
+                if (-not $result[$role.DisplayName]) {
+                    $result[$role.DisplayName] = @()
+                }
+                $result[$role.DisplayName] += [PSCustomObject]@{
+                    AssignmentId = $assignment.Id
+                    UserDetails  = $userDetails
+                    Licenses     = $licenses
+                }
+            }
+        }
+    }
+
+    return $result
+}

source/Private/Get-CISAadOutput.ps1

@@ -0,0 +1,39 @@
+<#
+    .SYNOPSIS
+        This is a sample Private function only visible within the module.
+    .DESCRIPTION
+        This sample function is not exported to the module and only return the data passed as parameter.
+    .EXAMPLE
+        $null = Get-Get-CISAadOutput -PrivateData 'NOTHING TO SEE HERE'
+    .PARAMETER PrivateData
+        The PrivateData parameter is what will be returned without transformation.
+#>
+function Get-CISAadOutput {
+    [cmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [String]$Rec
+    )
+    begin {
+        # Begin Block #
+    <#
+        # Tests
+        1.2.2
+        # Test number
+        $testNumbers ="1.2.2"
+    #>
+    }
+    process {
+        switch ($Rec) {
+            '1.2.2' {
+                # Test-BlockSharedMailboxSignIn.ps1
+                $users = Get-AzureADUser
+            }
+            default { throw "No match found for test: $Rec" }
+        }
+    }
+    end {
+        Write-Verbose "Get-CISAadOutput: Retuning data for Rec: $Rec"
+        return $users
+    }
+} # end function Get-CISAadOutput