Merge pull request #354 from maester365/tnh-EidscaSkipReasons

Added support for SkippedCustomReason and TestCases in EIDSCA
maester365 · Jul 15, 2024 · 013707d · 013707d
2 parents 96459b4 + 346de23
commit 013707d
Show file tree

Hide file tree

Showing 47 changed files with 228 additions and 55 deletions.
diff --git a/build/eidsca/Update-EidscaTests.ps1 b/build/eidsca/Update-EidscaTests.ps1
@@ -340,6 +340,23 @@ Function UpdateTemplate($template, $control, $controlItem, $docName, $isDoc) {
         $output = $output -replace '%GraphDocsUrlMarkdown%', $graphDocsUrlMarkdown
     }
 
+    # Add condition to test template if defined in EidscaTest
+    if (-not [string]::IsNullOrWhiteSpace($controlItem.SkipCondition) ) {
+        $SkipCheck = "if ( $($controlItem.SkipCondition) ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason '$($controlItem.SkipReason)'
+            return " + '$null' + " `
+    }"
+        $output = $output -replace '%SkipCheck%', "$($SkipCheck)"
+
+        # Extract variable name from the condition to build syntax for TestCases
+        $SkipConditionVariable = ($controlItem.SkipCondition -split ' ')[0]
+        $SkipConditionVariableName = $SkipConditionVariable -replace '[$()]', ''
+        $output = $output -replace '%TestCases%', " -TestCases @{ $($SkipConditionVariableName) = $($SkipConditionVariable) }"
+    } else {
+        $output = $output -replace '%SkipCheck%', ""
+        $output = $output -replace '%TestCases%', ""
+    }
+
     return $output
 }
 
@@ -404,7 +421,7 @@ foreach ($control in $aadsc) {
 
 $testTemplate = @'
 Describe "%ControlName%" -Tag "EIDSCA", "Security", "All", "%CheckId%" {
-    It "%CheckId%: %ControlName% - %DisplayName%. See https://maester.dev/docs/tests/%DocName%" {
+    It "%CheckId%: %ControlName% - %DisplayName%. See https://maester.dev/docs/tests/%DocName%"%TestCases% {
         <#
             Check if "https://graph.microsoft.com/%ApiVersion%/%RelativeUri%"
             .%CurrentValue% %CompareOperator% %RecommendedValue%
@@ -414,11 +431,6 @@ Describe "%ControlName%" -Tag "EIDSCA", "Security", "All", "%CheckId%" {
 }
 '@
 
-        # Add condition to test template if defined in EidscaTest
-        if ($controlItem.SkipCondition -ne "") {
-
-            $testTemplate = $testTemplate.Replace( '"%CheckId%"', '"%CheckId%" -Skip:( ' + $controlItem.SkipCondition + ' )')
-        }
         $testOutput = UpdateTemplate -template $testTemplate -control $control -controlItem $controlItem -docName $docName
         $docsOutput = UpdateTemplate -template $docsTemplate -control $control -controlItem $controlItem -docName $docName -isDoc $true
         $psOutput = UpdateTemplate -template $psTemplate -control $control -controlItem $controlItem -docName $docName

diff --git a/powershell/internal/eidsca/@templateps1.txt b/powershell/internal/eidsca/@templateps1.txt
@@ -21,6 +21,7 @@ Function %PSFunctionName% {
     [OutputType([bool])]
     param()
 
+    %SkipCheck%
     $result = Invoke-MtGraphRequest -RelativeUri "%RelativeUri%" -ApiVersion %ApiVersion%
 
     [string]$tenantValue = $result.%CurrentValue%

diff --git a/powershell/internal/eidsca/Test-MtEidscaAF01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF01.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAF01 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta
 
     [string]$tenantValue = $result.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaAF02.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF02.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAF02 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'Fido2' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta
 
     [string]$tenantValue = $result.isSelfServiceRegistrationAllowed

diff --git a/powershell/internal/eidsca/Test-MtEidscaAF03.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF03.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAF03 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'Fido2' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta
 
     [string]$tenantValue = $result.isAttestationEnforced

diff --git a/powershell/internal/eidsca/Test-MtEidscaAF04.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF04.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAF04 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'Fido2' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta
 
     [string]$tenantValue = $result.keyRestrictions.isEnforced

diff --git a/powershell/internal/eidsca/Test-MtEidscaAF05.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF05.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAF05 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'Fido2' -or (Test-MtEidscaAF04) -eq $false ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled and key restriction not enforced.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta
 
     [string]$tenantValue = $result.keyRestrictions.aaGuids -notcontains $null

diff --git a/powershell/internal/eidsca/Test-MtEidscaAF06.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF06.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAF06 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'Fido2' -or (Test-MtEidscaAF04) -eq $false ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled and key restriction not enforced.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta
 
     [string]$tenantValue = $result.keyRestrictions.aaGuids -notcontains $null -and ($result.keyRestrictions.enforcementType -eq 'allow' -or $result.keyRestrictions.enforcementType -eq 'block')

diff --git a/powershell/internal/eidsca/Test-MtEidscaAG01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAG01.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAG01 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.policyMigrationState

diff --git a/powershell/internal/eidsca/Test-MtEidscaAG02.ps1 b/powershell/internal/eidsca/Test-MtEidscaAG02.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAG02 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.reportSuspiciousActivitySettings.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaAG03.ps1 b/powershell/internal/eidsca/Test-MtEidscaAG03.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAG03 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.reportSuspiciousActivitySettings.includeTarget.id

diff --git a/powershell/internal/eidsca/Test-MtEidscaAM01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM01.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAM01 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta
 
     [string]$tenantValue = $result.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaAM02.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM02.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAM02 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta
 
     [string]$tenantValue = $result.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaAM03.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM03.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAM03 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta
 
     [string]$tenantValue = $result.featureSettings.numberMatchingRequiredState.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaAM04.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM04.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAM04 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta
 
     [string]$tenantValue = $result.featureSettings.numberMatchingRequiredState.includeTarget.id

diff --git a/powershell/internal/eidsca/Test-MtEidscaAM06.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM06.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAM06 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta
 
     [string]$tenantValue = $result.featureSettings.displayAppInformationRequiredState.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaAM07.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM07.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAM07 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta
 
     [string]$tenantValue = $result.featureSettings.displayAppInformationRequiredState.includeTarget.id

diff --git a/powershell/internal/eidsca/Test-MtEidscaAM09.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM09.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAM09 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta
 
     [string]$tenantValue = $result.featureSettings.displayLocationInformationRequiredState.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaAM10.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM10.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAM10 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta
 
     [string]$tenantValue = $result.featureSettings.displayLocationInformationRequiredState.includeTarget.id

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP01.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP01 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.allowedToUseSSPR

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP04.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP04.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP04 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.allowInvitesFrom

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP05.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP05.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP05 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.allowedToSignUpEmailBasedSubscriptions

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP06.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP06.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP06 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.allowEmailVerifiedUsersToJoinOrganization

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP07.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP07.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP07 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.guestUserRoleId

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP08.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP08.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP08 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.permissionGrantPolicyIdsAssignedToDefaultUserRole | Sort-Object -Descending | select-object -first 1

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP09.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP09.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP09 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.allowUserConsentForRiskyApps

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP10.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP10.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP10 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.defaultUserRolePermissions.allowedToCreateApps

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP14.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP14.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAP14 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.defaultUserRolePermissions.allowedToReadOtherUsers

diff --git a/powershell/internal/eidsca/Test-MtEidscaAT01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAT01.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAT01 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('TemporaryAccessPass')" -ApiVersion beta
 
     [string]$tenantValue = $result.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaAT02.ps1 b/powershell/internal/eidsca/Test-MtEidscaAT02.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaAT02 {
     [OutputType([bool])]
     param()
 
+    if ( $EnabledAuthMethods -notcontains 'TemporaryAccessPass' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Temporary Access Pass is not enabled.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('TemporaryAccessPass')" -ApiVersion beta
 
     [string]$tenantValue = $result.isUsableOnce

diff --git a/powershell/internal/eidsca/Test-MtEidscaAV01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAV01.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaAV01 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Voice')" -ApiVersion beta
 
     [string]$tenantValue = $result.state

diff --git a/powershell/internal/eidsca/Test-MtEidscaCP01.ps1 b/powershell/internal/eidsca/Test-MtEidscaCP01.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaCP01 {
     [OutputType([bool])]
     param()
 
+    if ( $SettingsApiAvailable -notcontains 'EnableGroupSpecificConsent' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta
 
     [string]$tenantValue = $result.values | where-object name -eq 'EnableGroupSpecificConsent' | select-object -expand value

diff --git a/powershell/internal/eidsca/Test-MtEidscaCP03.ps1 b/powershell/internal/eidsca/Test-MtEidscaCP03.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaCP03 {
     [OutputType([bool])]
     param()
 
+    if ( $SettingsApiAvailable -notcontains 'BlockUserConsentForRiskyApps' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta
 
     [string]$tenantValue = $result.values | where-object name -eq 'BlockUserConsentForRiskyApps' | select-object -expand value

diff --git a/powershell/internal/eidsca/Test-MtEidscaCP04.ps1 b/powershell/internal/eidsca/Test-MtEidscaCP04.ps1
@@ -21,6 +21,11 @@ Function Test-MtEidscaCP04 {
     [OutputType([bool])]
     param()
 
+    if ( $SettingsApiAvailable -notcontains 'EnableAdminConsentRequests' ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants.'
+            return $null 
+    }
+
     $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta
 
     [string]$tenantValue = $result.values | where-object name -eq 'EnableAdminConsentRequests' | select-object -expand value

diff --git a/powershell/internal/eidsca/Test-MtEidscaCR01.ps1 b/powershell/internal/eidsca/Test-MtEidscaCR01.ps1
@@ -21,6 +21,8 @@ Function Test-MtEidscaCR01 {
     [OutputType([bool])]
     param()
 
+
+
     $result = Invoke-MtGraphRequest -RelativeUri "policies/adminConsentRequestPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.isEnabled
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,6 +21,8 @@ Function Test-MtEidscaAF01 { @@
         [OutputType([bool])]
         param()
         $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta
         [string]$tenantValue = $result.state
@@ Expand Down @@