Fix to #215

maester365 · Jul 8, 2024 · 1cc9b23 · 1cc9b23
1 parent 5cb7ac1
commit 1cc9b23
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/powershell/public/CISA/Entra/Test-MtCisaWeakFactor.ps1 b/powershell/public/CISA/Entra/Test-MtCisaWeakFactor.ps1
@@ -23,23 +23,28 @@ Function Test-MtCisaWeakFactor {
         "Email"
     )
 
+    $isMethodsMigrationComplete = Test-MtCisaMethodsMigration
+
     $result = Get-MtAuthenticationMethodPolicyConfig
 
     $weakAuthMethods = $result | Where-Object { $_.id -in $weakFactors }
 
     $enabledWeakMethods = $weakAuthMethods | Where-Object { $_.state -eq "enabled" }
 
-    $testResult = ($enabledWeakMethods|Measure-Object).Count -eq 0
+    $testResult = (($enabledWeakMethods|Measure-Object).Count -eq 0) -and $isMethodsMigrationComplete
 
     if ($testResult) {
         $testResultMarkdown = "Well done. All weak authentication methods are disabled in your tenant.`n`n%TestResult%"
     } else {
-        $testResultMarkdown = "One or more weak methods are enabled in your tenant.`n`n%TestResult%"
+        $testResultMarkdown = "One or more weak methods are enabled in your tenant, or migration to Authentication Methods is incomplete.`n`n%TestResult%"
     }
 
     # Auth method does not support deep links.
     $authMethodsLink = "https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods"
-    $result = "| Authentication Method | State | Test Result |`n"
+    $migrationResult = "❌ Fail"
+    if($isMethodsMigrationComplete){$migrationResult = "✅ Pass"}
+    $result = "[Authentication Methods]($authMethodsLink) Migration Complete: $migrationResult`n`n"
+    $result += "| Authentication Method | State | Test Result |`n"
     $result += "| --- | --- | --- |`n"
     foreach ($item in $weakAuthMethods) {
         $methodResult = "✅ Pass"

diff --git a/tests/CISA/Entra/Test-MtCisaWeakFactor.Tests.ps1 b/tests/CISA/Entra/Test-MtCisaWeakFactor.Tests.ps1
@@ -5,10 +5,8 @@ BeforeDiscovery {
 Describe "CISA SCuBA" -Tag "MS.AAD", "MS.AAD.3.5", "CISA", "Security", "All" -Skip:( $EntraIDPlan -eq "Free" ) {
     It "MS.AAD.3.5: The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled." {
 
-        $isMethodsMigrationComplete = Test-MtCisaMethodsMigration
-
         $isWeakFactorDisabled = Test-MtCisaWeakFactor
 
-        $isWeakFactorDisabled -and $isMethodsMigrationComplete | Should -Be $true -Because "all weak authentication methods are disabled."
+        $isWeakFactorDisabled | Should -Be $true -Because "all weak authentication methods are disabled."
     }
 }