[create-pull-request] automated change

maester365 · Dec 8, 2024 · 0ef5535 · 0ef5535
1 parent 9b9fd94
commit 0ef5535
Show file tree

Hide file tree

Showing 6 changed files with 238 additions and 24 deletions.
diff --git a/website/docs/commands/Connect-Maester.mdx b/website/docs/commands/Connect-Maester.mdx
@@ -89,6 +89,38 @@ Connect-Maester -Privileged
 
 Connects to Microsoft Graph with additional privileged scopes such as **RoleEligibilitySchedule.ReadWrite.Directory** that are required for querying global admin roles in Privileged Identity Management.
 
+### EXAMPLE 8
+
+```powershell
+Connect-Maester -Environment USGov -AzureEnvironment AzureUSGovernment -ExchangeEnvironmentName O365USGovGCCHigh
+```
+
+Connects to US Government environments for Microsoft Graph, Azure, and Exchange Online.
+
+### EXAMPLE 9
+
+```powershell
+Connect-Maester -Environment USGovDoD -AzureEnvironment AzureUSGovernment -ExchangeEnvironmentName O365USGovDoD
+```
+
+Connects to US Department of Defense (DoD) environments for Microsoft Graph, Azure, and Exchange Online.
+
+### EXAMPLE 10
+
+```powershell
+Connect-Maester -Environment China -AzureEnvironment AzureChinaCloud -ExchangeEnvironmentName O365China
+```
+
+Connects to China environments for Microsoft Graph, Azure, and Exchange Online.
+
+### EXAMPLE 11
+
+```powershell
+Connect-Maester -Environment Germany
+```
+
+Connects to the Germany environment for Microsoft Graph.
+
 ## PARAMETERS
 
 ### -SendMail
@@ -161,6 +193,7 @@ Accept wildcard characters: False
 
 The environment to connect to.
 Default is Global.
+Supported values include China, Germany, Global, USGov, USGovDoD.
 
 ```yaml
 Type: String
@@ -178,6 +211,7 @@ Accept wildcard characters: False
 
 The Azure environment to connect to.
 Default is AzureCloud.
+Supported values include AzureChinaCloud, AzureCloud, AzureUSGovernment.
 
 ```yaml
 Type: String
@@ -195,6 +229,7 @@ Accept wildcard characters: False
 
 The Exchange environment to connect to.
 Default is O365Default.
+Supported values include O365China, O365Default, O365GermanyCloud, O365USGovDoD, O365USGovGCCHigh.
 
 ```yaml
 Type: String

diff --git a/website/docs/commands/Invoke-Maester.mdx b/website/docs/commands/Invoke-Maester.mdx
@@ -19,7 +19,7 @@ Invoke-Maester [[-Path] <String>] [-Tag <String[]>] [-ExcludeTag <String[]>] [-O
  [-OutputMarkdownFile <String>] [-OutputJsonFile <String>] [-OutputFolder <String>]
  [-OutputFolderFileName <String>] [-PesterConfiguration <PesterConfiguration>] [-Verbosity <String>]
  [-NonInteractive] [-PassThru] [-MailRecipient <String[]>] [-MailTestResultsUri <String>]
- [-MailUserId <String>] [-TeamId <String>] [-TeamChannelId <String>] [-SkipGraphConnect]
+ [-MailUserId <String>] [-TeamId <String>] [-TeamChannelId <String>] [-SkipGraphConnect] [-DisableTelemetry]
  [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 
@@ -455,6 +455,23 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DisableTelemetry
+
+Disable Telemetry
+If set, telemetry information will not be logged.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ProgressAction
 
 \{\{ Fill ProgressAction Description \}\}

diff --git a/website/docs/commands/Test-MtCaReferencedGroupsExist.mdx b/website/docs/commands/Test-MtCaReferencedGroupsExist.mdx
@@ -0,0 +1,67 @@
+---
+sidebar_class_name: hidden
+description: Checks if any conditional access policies include or exclude groups that have been deleted.
+id: Test-MtCaReferencedGroupsExist
+title: Test-MtCaReferencedGroupsExist
+hide_title: false
+hide_table_of_contents: false
+custom_edit_url: https://github.com/maester365/maester/blob/main/powershell/public/Test-MtCaReferencedGroupsExist.ps1
+---
+
+## SYNOPSIS
+
+Checks if any conditional access policies include or exclude groups that have been deleted.
+
+## SYNTAX
+
+```powershell
+Test-MtCaReferencedGroupsExist [-ProgressAction <ActionPreference>] [<CommonParameters>]
+```
+
+## DESCRIPTION
+
+Security Groups will be used to exclude and include users from Conditional Access Policies.
+Assignments are still visible in the policy definition in Microsoft Graph API even the group is deleted.
+This test checks if all groups used in Conditional Access Policies still exist and shows invalid or deleted items.
+
+## EXAMPLES
+
+### EXAMPLE 1
+
+```powershell
+Test-MtCaReferencedGroupsExist
+```
+
+## PARAMETERS
+
+### -ProgressAction
+
+\{\{ Fill ProgressAction Description \}\}
+
+```yaml
+Type: ActionPreference
+Parameter Sets: (All)
+Aliases: proga
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+## OUTPUTS
+
+### System.Boolean
+
+## NOTES
+
+## RELATED LINKS
+
+[https://maester.dev/docs/commands/Test-MtCaReferencedGroupsExist](https://maester.dev/docs/commands/Test-MtCaReferencedGroupsExist)
diff --git a/website/docs/commands/Test-MtConditionalAccessWhatIf.mdx b/website/docs/commands/Test-MtConditionalAccessWhatIf.mdx
@@ -18,16 +18,18 @@ Tests Conditional Access evaluation with What If for a given scenario.
 
 ```powershell
 Test-MtConditionalAccessWhatIf [-UserId] <String> -IncludeApplications <String[]> [-DevicePlatform <String>]
- [-ClientAppType <String>] [-SignInRiskLevel <String>] [-UserRiskLevel <String>] [-Country <String>]
- [-IpAddress <String>] [-AllResults] [-ProgressAction <ActionPreference>] [<CommonParameters>]
+ [-ClientAppType <String>] [-SignInRiskLevel <String>] [-UserRiskLevel <String>] [-InsiderRiskLevel <String>]
+ [-ServicePrincipalRiskLevel <String>] [-DeviceInfo <Hashtable>] [-Country <String>] [-IpAddress <String>]
+ [-AllResults] [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 
 ### UserActionBasedCA
 
 ```powershell
 Test-MtConditionalAccessWhatIf [-UserId] <String> [-UserAction <String[]>] [-DevicePlatform <String>]
- [-ClientAppType <String>] [-SignInRiskLevel <String>] [-UserRiskLevel <String>] [-Country <String>]
- [-IpAddress <String>] [-AllResults] [-ProgressAction <ActionPreference>] [<CommonParameters>]
+ [-ClientAppType <String>] [-SignInRiskLevel <String>] [-UserRiskLevel <String>] [-InsiderRiskLevel <String>]
+ [-ServicePrincipalRiskLevel <String>] [-DeviceInfo <Hashtable>] [-Country <String>] [-IpAddress <String>]
+ [-AllResults] [-ProgressAction <ActionPreference>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -38,58 +40,70 @@ The function uses the Microsoft Graph API to evaluate the Conditional Access pol
 
 Learn more:
 https://learn.microsoft.com/entra/identity/conditional-access/what-if-tool
+https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.beta.identity.signins/test-mgbetaidentityconditionalaccess?view=graph-powershell-beta
 
 ## EXAMPLES
 
 ### EXAMPLE 1
 
 ```powershell
-Test-MtConditionalAccessWhatIf -UserId 7a6da1c3-616a-416b-a820-cbe4fa8e225e `
-    -IncludeApplications "00000002-0000-0ff1-ce00-000000000000" `
-    -ClientAppType exchangeActiveSync
+Test-MtConditionalAccessWhatIf -UserId '7a6da1c3-616a-416b-a820-cbe4fa8e225e' `
+    -IncludeApplications '00000002-0000-0ff1-ce00-000000000000' `
+    -ClientAppType 'exchangeActiveSync'
 ```
 
 This example tests the Conditional Access policies for a user signing into Exchange Online using a legacy Mail client that relies on basic authentication.
 
 ### EXAMPLE 2
 
 ```powershell
-Test-MtConditionalAccessWhatIf -UserId 7a6da1c3-616a-416b-a820-cbe4fa8e225e `
-    -UserAction registerOrJoinDevices
+Test-MtConditionalAccessWhatIf -UserId '7a6da1c3-616a-416b-a820-cbe4fa8e225e' `
+    -UserAction 'registerOrJoinDevices'
 ```
 
 This example tests the Conditional Access policies for a user registering or joining a device to Microsoft Entra.
 
 ### EXAMPLE 3
 
 ```powershell
-Test-MtConditionalAccessWhatIf -UserId 7a6da1c3-616a-416b-a820-cbe4fa8e225e `
+Test-MtConditionalAccessWhatIf -UserId '7a6da1c3-616a-416b-a820-cbe4fa8e225e' `
     -IncludeApplications '67ad5377-2d78-4ac2-a867-6300cda00e85' `
-    -Country FR -IpAddress '92.205.185.202'
+    -Country 'FR' -IpAddress '92.205.185.202'
 ```
 
 This example tests the Conditional Access policies for a user signing into **Office 365** from **France** with a specific **IP address**.
 
 ### EXAMPLE 4
 
 ```powershell
-Test-MtConditionalAccessWhatIf -UserId 7a6da1c3-616a-416b-a820-cbe4fa8e225e `
+Test-MtConditionalAccessWhatIf -UserId '7a6da1c3-616a-416b-a820-cbe4fa8e225e' `
     -IncludeApplications '67ad5377-2d78-4ac2-a867-6300cda00e85' `
-    -SignInRiskLevel High -DevicePlatform iOS
+    -SignInRiskLevel 'High' -DevicePlatform 'iOS'
 ```
 
 This example tests the Conditional Access policies for a user signing into **Office 365** from an **iOS** device with a **High** sign-in risk level.
 
 ### EXAMPLE 5
 
 ```powershell
-Test-MtConditionalAccessWhatIf -UserId 7a6da1c3-616a-416b-a820-cbe4fa8e225e `
-    -UserAction registerSecurityInformation `
-    -DevicePlatform Android `
-    -UserRiskLevel High
+Test-MtConditionalAccessWhatIf -UserId '7a6da1c3-616a-416b-a820-cbe4fa8e225e' `
+    -IncludeApplications 'bbad9299-f060-4e15-9a9a-285980ae00fc' `
+    -DeviceInfo { 'isCompliant' = 'true'; 'Manufacturer' = 'Dell' } `
+    -InsiderRiskLevel 'Minor'
 ```
 
-This example tests the Conditional Access policies for a user accessing the **My Security Info** page from an **Android** device with a **High** user risk level.
+This example tests the Conditional Access policies for a user accessing an **application** from a **compliant**, **Dell** device with a **Minor** insider risk level.
+
+### EXAMPLE 6
+
+```powershell
+Test-MtConditionalAccessWhatIf -UserId '7a6da1c3-616a-416b-a820-cbe4fa8e225e' `
+    -IncludeApplications 'a7936c39-024c-4148-a9b3-f88f2e9406f6' `
+    -ServicePrincipalRiskLevel 'High' -Verbose
+```
+
+This example tests the Conditional Access policies for a service principal user accessing the **application** with a **High** service principal risk level.
+It will return all applied results, including the report-only and disabled policies.
 
 ## PARAMETERS
 
@@ -215,6 +229,86 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -InsiderRiskLevel
+
+Insider risk level for the test.
+Values can be Minor, Moderate, Elevated
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -ServicePrincipalRiskLevel
+
+Service Principal risk level for the test.
+Values can be None, Low, Medium, High
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -DeviceInfo
+
+[DeviceInfo &lt;IMicrosoftGraphDeviceInfo&gt;]: deviceInfo
+ 		[(Any) &lt;Object&gt;]: This indicates any property can be added to this object.
+ 		[DeviceId &lt;String&gt;]:
+ 		[DisplayName &lt;String&gt;]:
+ 		[EnrollmentProfileName &lt;String&gt;]:
+ 		[ExtensionAttribute1 &lt;String&gt;]:
+ 		[ExtensionAttribute10 &lt;String&gt;]:
+ 		[ExtensionAttribute11 &lt;String&gt;]:
+ 		[ExtensionAttribute12 &lt;String&gt;]:
+ 		[ExtensionAttribute13 &lt;String&gt;]:
+ 		[ExtensionAttribute14 &lt;String&gt;]:
+ 		[ExtensionAttribute15 &lt;String&gt;]:
+ 		[ExtensionAttribute2 &lt;String&gt;]:
+ 		[ExtensionAttribute3 &lt;String&gt;]:
+ 		[ExtensionAttribute4 &lt;String&gt;]:
+ 		[ExtensionAttribute5 &lt;String&gt;]:
+ 		[ExtensionAttribute6 &lt;String&gt;]:
+ 		[ExtensionAttribute7 &lt;String&gt;]:
+ 		[ExtensionAttribute8 &lt;String&gt;]:
+ 		[ExtensionAttribute9 &lt;String&gt;]:
+ 		[IsCompliant &lt;Boolean?&gt;]:
+ 		[Manufacturer &lt;String&gt;]:
+ 		[MdmAppId &lt;String&gt;]:
+ 		[Model &lt;String&gt;]:
+ 		[OperatingSystem &lt;String&gt;]:
+ 		[OperatingSystemVersion &lt;String&gt;]:
+ 		[Ownership &lt;String&gt;]:
+ 		[PhysicalIds &lt;String []&gt;]:
+ 		[ProfileType &lt;String&gt;]:
+ 		[SystemLabels &lt;String []&gt;]:
+ 		[TrustType &lt;String&gt;]:
+
+```yaml
+Type: Hashtable
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### -Country
 
 Country to be used for the test.
@@ -252,7 +346,7 @@ Accept wildcard characters: False
 
 ### -AllResults
 
-Output all results
+Output all results, not only the applied policies.
 
 ```yaml
 Type: SwitchParameter
@@ -262,7 +356,7 @@ Aliases:
 Required: False
 Position: Named
 Default value: False
-Accept pipeline input: False
+Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 

diff --git a/website/docs/commands/Test-MtEidscaCR04.mdx b/website/docs/commands/Test-MtEidscaCR04.mdx
@@ -24,7 +24,7 @@ Specifies the duration the request is active before it automatically expires if
 
 Queries policies/adminConsentRequestPolicy
 and returns the result of
- graph/policies/adminConsentRequestPolicy.requestDurationInDays -eq '30'
+ graph/policies/adminConsentRequestPolicy.requestDurationInDays -le '30'
 
 ## EXAMPLES
 
@@ -34,7 +34,7 @@ and returns the result of
 Test-MtEidscaCR04
 ```
 
-Returns the result of graph.microsoft.com/beta/policies/adminConsentRequestPolicy.requestDurationInDays -eq '30'
+Returns the result of graph.microsoft.com/beta/policies/adminConsentRequestPolicy.requestDurationInDays -le '30'
 
 ## PARAMETERS