From bc140e7edafb1770e823b2fc5906bb8ec4481996 Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 19:50:40 +0000 Subject: [PATCH 01/11] Deduplicate, update and expand help tests for all public functions --- powershell/tests/functions/Common.Tests.ps1 | 54 ++++++ powershell/tests/functions/Help.Tests.ps1 | 68 ------- powershell/tests/general/Help.Exceptions.ps1 | 25 --- powershell/tests/general/Help.Tests.ps1 | 178 +++++-------------- 4 files changed, 99 insertions(+), 226 deletions(-) create mode 100644 powershell/tests/functions/Common.Tests.ps1 delete mode 100644 powershell/tests/functions/Help.Tests.ps1 delete mode 100644 powershell/tests/general/Help.Exceptions.ps1 diff --git a/powershell/tests/functions/Common.Tests.ps1 b/powershell/tests/functions/Common.Tests.ps1 new file mode 100644 index 00000000..31b91336 --- /dev/null +++ b/powershell/tests/functions/Common.Tests.ps1 @@ -0,0 +1,54 @@ +BeforeDiscovery { + $moduleName = 'Maester' + $moduleRoot = "$PSScriptRoot/../.." + # Get all the functions in the /public folder + $exportedFunctions = Get-Command -Module $moduleName -CommandType Function + + # Eventually this should include all functions in the /public folder + # For now, just the ones that we have tested and added + $functionsWithTests = @('Invoke-Maester') +} + +Describe 'Common function tests' -Tags 'Acceptance' -ForEach @{ exportedFunctions = $exportedFunctions; moduleRoot = $moduleRoot } { + Context '<_.CommandType> <_.Name>' -ForEach $exportedFunctions { + BeforeAll { + $function = $_ + # Need to update this if we start building the module as a single psm1 file (for improved performance) + $functionPath = $_.ScriptBlock.File + } + + It ".ps1 should exist in public folder" { + $functionPath | Should -BeLike "/public/*/$($function.Name).ps1" + $functionPath | Should -Exist + } + + It "Should be an advanced function" { + $function.CmdletBinding | Should -BeTrue -Because 'public functions should be advanced functions' + $function.ScriptBlock.Ast.Body.ParamBlock | Should -Not -BeNullOrEmpty -Because 'functions should have a param()-block' + $function.ScriptBlock.Ast.Body.ParamBlock | Should -Not -BeNullOrEmpty -Because 'functions should have [CmdletBinding()] attribute for explicit advanced function' + } + + It "Should contain Write-Verbose blocks" { + $function.Definition | Should -Match 'Write-Verbose' -Because 'we like information when troubleshooting' + } + + # Not really necessary as we test exported commands meaning they were able to load + It ".ps1 is valid PowerShell code" { + $psFile = Get-Content -Path $functionPath -ErrorAction Stop + $errors = $null + $null = [System.Management.Automation.PSParser]::Tokenize($psFile, [ref]$errors) + $errors.Count | Should -Be 0 + } + + # Same comment as above, but doesn't hurt to double check + It '.ps1 should run without exceptions' { + $scriptBlock = [scriptblock]::Create((Get-Content $functionPath -Raw)) + { & $scriptBlock } | Should -Not -Throw + } + + # Intentionally using skip so the output will remind us of the missing test files :) + It 'Matching test file file should exist' -Skip:$($_ -notin $functionsWithTests) { + "$moduleRoot/tests/functions/$($_).Tests.ps1" | Should -Exist + } + } +} \ No newline at end of file diff --git a/powershell/tests/functions/Help.Tests.ps1 b/powershell/tests/functions/Help.Tests.ps1 deleted file mode 100644 index fa7b9768..00000000 --- a/powershell/tests/functions/Help.Tests.ps1 +++ /dev/null @@ -1,68 +0,0 @@ -BeforeDiscovery { - $module = 'Maester' - $moduleRoot = "$PSScriptRoot/../.." - # Get all the functions in the /public folder - $functions = Get-ChildItem -Path "$moduleRoot/public" -Filter '*.ps1' | ForEach-Object { $_.BaseName } - - # Eventually this should include all functions in the /public folder - # For now, just the ones that we have tested and added - $functionsWithTests = @('Invoke-MtMaester') -} - -Describe "$module Help Tests" -Tags ('Unit', 'Acceptance') -ForEach @{ moduleRoot = $moduleRoot } { - Context 'Function <_>' -ForEach $functions { - BeforeAll { - $function = $_ - $functionPath = Join-Path -Path $moduleRoot -ChildPath "/public/$function.ps1" - } - - It ".ps1 should exist" { - Join-Path -Path $moduleRoot -ChildPath "/public/$function.ps1" - $functionPath | Should -Exist - } - - It ".ps1 should have help block" { - $functionPath | Should -FileContentMatch '<#' - $functionPath | Should -FileContentMatch '#>' - } - - It ".ps1 should have a SYNOPSIS section in the help block" { - $functionPath | Should -FileContentMatch '.SYNOPSIS' - } - - It ".ps1 should have a DESCRIPTION section in the help block" { - $functionPath | Should -FileContentMatch '.DESCRIPTION' - } - - It ".ps1 should have a EXAMPLE section in the help block" { - $functionPath | Should -FileContentMatch '.EXAMPLE' - } - - It ".ps1 should be an advanced function" { - $functionPath | Should -FileContentMatch 'function' - $functionPath | Should -FileContentMatch 'cmdletbinding' - $functionPath | Should -FileContentMatch 'param' - } - - It ".ps1 should contain Write-Verbose blocks" { - $functionPath | Should -FileContentMatch 'Write-Verbose' - } - - It ".ps1 is valid PowerShell code" { - $psFile = Get-Content -Path $functionPath -ErrorAction Stop - $errors = $null - $null = [System.Management.Automation.PSParser]::Tokenize($psFile, [ref]$errors) - $errors.Count | Should -Be 0 - } - - It '.ps1 should run without exceptions' { - $scriptBlock = [scriptblock]::Create((Get-Content $functionPath -Raw)) - { & $scriptBlock } | Should -Not -Throw - } - - # Intentionally using skip so the output will remind us of the missing test files :) - It 'Matching test file file should exist' -Skip:$($_ -notin $functionsWithTests) { - "$moduleRoot/tests/functions/$($_).Tests.ps1" | Should -Exist - } - } -} \ No newline at end of file diff --git a/powershell/tests/general/Help.Exceptions.ps1 b/powershell/tests/general/Help.Exceptions.ps1 deleted file mode 100644 index 75272f87..00000000 --- a/powershell/tests/general/Help.Exceptions.ps1 +++ /dev/null @@ -1,25 +0,0 @@ -# List of functions that should be ignored -$global:FunctionHelpTestExceptions = @( - -) - -<# - List of arrayed enumerations. These need to be treated differently. Add full name. - Example: - - "Sqlcollaborative.Dbatools.Connection.ManagementConnectionType[]" -#> -$global:HelpTestEnumeratedArrays = @( -) - -<# - Some types on parameters just fail their validation no matter what. - For those it becomes possible to skip them, by adding them to this hashtable. - Add by following this convention: = @() - Example: - - "Get-DbaCmObject" = @("DoNotUse") -#> -$global:HelpTestSkipParameterType = @{ - -} diff --git a/powershell/tests/general/Help.Tests.ps1 b/powershell/tests/general/Help.Tests.ps1 index c87e1098..5537cd75 100644 --- a/powershell/tests/general/Help.Tests.ps1 +++ b/powershell/tests/general/Help.Tests.ps1 @@ -1,146 +1,58 @@ -<# - .NOTES - The original test this is based upon was written by June Blender. - After several rounds of modifications it stands now as it is, but the honor remains hers. - - Thank you June, for all you have done! - - .DESCRIPTION - This test evaluates the help for all commands in a module. - - .PARAMETER SkipTest - Disables this test. - - .PARAMETER CommandPath - List of paths under which the script files are stored. - This test assumes that all functions have their own file that is named after themselves. - These paths are used to search for commands that should exist and be tested. - Will search recursively and accepts wildcards, make sure only functions are found - - .PARAMETER ModuleName - Name of the module to be tested. - The module must already be imported - - .PARAMETER ExceptionsFile - File in which exceptions and adjustments are configured. - In it there should be two arrays and a hashtable defined: - $global:FunctionHelpTestExceptions - $global:HelpTestEnumeratedArrays - $global:HelpTestSkipParameterType - These can be used to tweak the tests slightly in cases of need. - See the example file for explanations on each of these usage and effect. -#> -[CmdletBinding()] -Param ( - [switch] - $SkipTest, - - [string[]] - $CommandPath = @("$PSScriptRoot\..\..\public", "$PSScriptRoot\..\..\internal"), - - [string] - $ModuleName = "PSFramework", - - [string] - $ExceptionsFile = "$PSScriptRoot\..\general\Help.Exceptions.ps1" -) -if ($SkipTest) { return } -. $ExceptionsFile - -$includedNames = (Get-ChildItem $CommandPath -Recurse -File | Where-Object Name -like "*.ps1").BaseName -$commandTypes = @('Cmdlet', 'Function') -if ($PSVersionTable.PSEdition -eq 'Desktop' ) { $commandTypes += 'Workflow' } -$commands = Get-Command -Module (Get-Module $ModuleName) -CommandType $commandTypes | Where-Object Name -In $includedNames - -## When testing help, remember that help is cached at the beginning of each session. -## To test, restart session. - - -foreach ($command in $commands) { - $commandName = $command.Name - - # Skip all functions that are on the exclusions list - if ($global:FunctionHelpTestExceptions -contains $commandName) { continue } - - # The module-qualified command fails on Microsoft.PowerShell.Archive cmdlets - $Help = Get-Help $commandName -ErrorAction SilentlyContinue - - Describe "Test help for $commandName" { - - # If help is not found, synopsis in auto-generated help is the syntax diagram - It "should not be auto-generated" -TestCases @{ Help = $Help } { - $Help.Synopsis | Should -Not -BeLike '*`[``]*' +# Based on https://github.com/pester/Pester/blob/main/tst/Help.Tests.ps1 +BeforeDiscovery { + $moduleName = 'Maester' + $exportedCommands = Get-Command -Module $moduleName -CommandType Cmdlet, Function +} + +Describe 'Testing module help' -Tag 'Help','Acceptance' -ForEach @{ exportedCommands = $exportedCommands; moduleName = $moduleName } { + Context '<_.CommandType> <_.Name>' -ForEach $exportedCommands { + BeforeAll { + $command = $_ + $help = $_ | Get-Help } - # Should be a description for every function - It "gets description for $commandName" -TestCases @{ Help = $Help } { - $Help.Description | Should -Not -BeNullOrEmpty + It 'Help is found' { + $help.Name | Should -Be $command.Name + $help.Category | Should -Be $command.CommandType + $help.ModuleName | Should -Be $moduleName } - # Should be at least one example - It "gets example code from $commandName" -TestCases @{ Help = $Help } { - ($Help.Examples.Example | Select-Object -First 1).Code | Should -Not -BeNullOrEmpty + It 'Synopsis is defined' { + $help.Synopsis | Should -Not -BeNullOrEmpty + # Syntax is used as synopsis when none is defined in help. + $help.Synopsis | Should -Not -Match "^\s*$($command.Name)((\s+\[+?-\w+)|$)" } - # Should be at least one example description - It "gets example help from $commandName" -TestCases @{ Help = $Help } { - ($Help.Examples.Example.Remarks | Select-Object -First 1).Text | Should -Not -BeNullOrEmpty + It 'Description is defined' { + # Property is missing if undefined + $help.description | Should -Not -BeNullOrEmpty } - Context "Test parameter help for $commandName" { + It 'Has link sections' { + $help.psobject.properties.name -match 'relatedLinks' | Should -Not -BeNullOrEmpty -Because 'all exported functions should at least have link to online version as first Uri' - $common = 'Debug', 'ErrorAction', 'ErrorVariable', 'InformationAction', 'InformationVariable', 'OutBuffer', 'OutVariable', 'PipelineVariable', 'Verbose', 'WarningAction', 'WarningVariable' - - $parameters = $command.ParameterSets.Parameters | Sort-Object -Property Name -Unique | Where-Object Name -notin $common - $parameterNames = $parameters.Name - $HelpParameterNames = $Help.Parameters.Parameter.Name | Sort-Object -Unique - foreach ($parameter in $parameters) { - $parameterName = $parameter.Name - $parameterHelp = $Help.parameters.parameter | Where-Object Name -EQ $parameterName - - # Should be a description for every parameter - It "gets help for parameter: $parameterName : in $commandName" -TestCases @{ parameterHelp = $parameterHelp } { - $parameterHelp.Description.Text | Should -Not -BeNullOrEmpty - } + $firstUri = $help.relatedLinks.navigationLink | Where-Object uri | Select-Object -First 1 -ExpandProperty uri + $firstUri | Should -Be "https://maester.dev/docs/commands/$($help.Name)" -Because 'first uri-link should be to online version of this help topic' + } - It "help for $parameterName parameter in $commandName has correct Mandatory value" -TestCases @{ parameterHelp = $parameterHelp; parameterName = $parameterName; command = $command } { - ($parameterHelp.Required -eq "true") | Should -BeIn $command.ParameterSets.parameters.Where{ $_.Name -eq $parameterName }.IsMandatory - } + It 'Has at least one example' { + $help.Examples | Should -Not -BeNullOrEmpty + $help.Examples.example | Where-Object { -not $_.Code.Trim() } | ForEach-Object { $_.title.Trim('- ') } | Should -Be @() -Because 'no examples should be empty' + } - if ($HelpTestSkipParameterType[$commandName] -contains $parameterName) { continue } + It 'All static parameters have description' { + $RiskMitigationParameters = 'Whatif', 'Confirm' - $codeType = $parameter.ParameterType.Name + if ($help.parameters) { + $parametersMissingHelp = @($help.parameters | ForEach-Object Parameter | + Where-Object name -NotIn $RiskMitigationParameters | + Where-Object { $_.psobject.properties.name -notcontains 'description' } | + ForEach-Object name) - if ($parameter.ParameterType.IsEnum) { - # Enumerations often have issues with the typename not being reliably available - $names = $parameter.ParameterType::GetNames($parameter.ParameterType) - # Parameter type in Help should match code - It "help for $commandName has correct parameter type for $parameterName" -TestCases @{ parameterHelp = $parameterHelp; names = $names } { - $parameterHelp.parameterValueGroup.parameterValue | Should -be $names - } - } - elseif ($parameter.ParameterType.FullName -in $HelpTestEnumeratedArrays) { - # Enumerations often have issues with the typename not being reliably available - $names = [Enum]::GetNames($parameter.ParameterType.DeclaredMembers[0].ReturnType) - It "help for $commandName has correct parameter type for $parameterName" -TestCases @{ parameterHelp = $parameterHelp; names = $names } { - $parameterHelp.parameterValueGroup.parameterValue | Should -be $names - } - } - else { - # To avoid calling Trim method on a null object. - $helpType = if ($parameterHelp.parameterValue) { $parameterHelp.parameterValue.Trim() } - # Parameter type in Help should match code - It "help for $commandName has correct parameter type for $parameterName" -TestCases @{ helpType = $helpType; codeType = $codeType } { - $helpType | Should -be $codeType - } - } - } - foreach ($helpParm in $HelpParameterNames) { - # Shouldn't find extra parameters in help. - It "finds help parameter in code: $helpParm" -TestCases @{ helpParm = $helpParm; parameterNames = $parameterNames } { - $helpParm -in $parameterNames | Should -Be $true - } - } - } - } -} \ No newline at end of file + $parametersMissingHelp | Should -Be @() + } else { + Set-ItResult -Skipped -Because 'no static parameters to test' + } + } + } +} From 2b50ddd37df6b477e282b49983cd394238055d91 Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 20:21:12 +0000 Subject: [PATCH 02/11] Fix counters in test-script --- powershell/tests/pester.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/powershell/tests/pester.ps1 b/powershell/tests/pester.ps1 index 7b79729b..88a6c498 100644 --- a/powershell/tests/pester.ps1 +++ b/powershell/tests/pester.ps1 @@ -92,6 +92,8 @@ if ($TestFunctions) $config.Output.Verbosity = $Output $result = Invoke-Pester -Configuration $config + $totalRun += $result.TotalCount + $totalFailed += $result.FailedCount foreach ($test in $result.Tests) { if ($test.Result -notin 'Passed','Skipped') { $failedTest = [pscustomobject]@{ From ceeb0246d0e8ce68725a018ffa4859058c0fbc97 Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 20:23:05 +0000 Subject: [PATCH 03/11] Add links to online help for public functions --- powershell/public/Add-MtTestResultDetail.ps1 | 6 ++++-- powershell/public/Clear-MtDnsCache.ps1 | 3 +++ powershell/public/Clear-MtGraphCache.ps1 | 3 +++ powershell/public/Compare-MtTestResult.ps1 | 3 +++ powershell/public/Connect-Maester.ps1 | 6 ++++-- powershell/public/Disconnect-Maester.ps1 | 6 ++++-- .../public/Get-MtAuthenticationMethodPolicyConfig.ps1 | 3 +++ powershell/public/Get-MtConditionalAccessPolicy.ps1 | 6 ++++-- powershell/public/Get-MtGraphScope.ps1 | 6 ++++-- powershell/public/Get-MtGroupMember.ps1 | 6 ++++-- powershell/public/Get-MtLicenseInformation.ps1 | 3 +++ powershell/public/Get-MtRole.ps1 | 6 ++++-- powershell/public/Get-MtRoleMember.ps1 | 6 ++++-- powershell/public/Get-MtUser.ps1 | 3 +++ powershell/public/Get-MtUserAuthenticationMethod.ps1 | 5 ++++- .../public/Get-MtUserAuthenticationMethodInfoByType.ps1 | 6 ++++-- powershell/public/Invoke-Maester.ps1 | 6 ++++-- powershell/public/Invoke-MtGraphRequest.ps1 | 5 ++++- powershell/public/Send-MtMail.ps1 | 6 ++++-- powershell/public/Send-MtTeamsMessage.ps1 | 6 ++++-- powershell/public/Test-MtAppManagementPolicyEnabled.ps1 | 6 ++++-- powershell/public/Test-MtCaAllAppsExists.ps1 | 6 ++++-- .../public/Test-MtCaApplicationEnforcedRestriction.ps1 | 6 ++++-- ...Test-MtCaBlockLegacyExchangeActiveSyncAuthentication.ps1 | 6 ++++-- .../public/Test-MtCaBlockLegacyOtherAuthentication.ps1 | 6 ++++-- .../Test-MtCaBlockUnknownOrUnsupportedDevicePlatform.ps1 | 6 ++++-- powershell/public/Test-MtCaDeviceComplianceAdminsExists.ps1 | 6 ++++-- powershell/public/Test-MtCaDeviceComplianceExists.ps1 | 6 ++++-- powershell/public/Test-MtCaEmergencyAccessExists.ps1 | 6 ++++-- .../public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 | 6 ++++-- powershell/public/Test-MtCaEnforceSignInFrequency.ps1 | 6 ++++-- .../public/Test-MtCaExclusionForDirectorySyncAccount.ps1 | 6 ++++-- powershell/public/Test-MtCaLicenseUtilization.ps1 | 3 +++ powershell/public/Test-MtCaMfaForAdmin.ps1 | 6 ++++-- powershell/public/Test-MtCaMfaForAdminManagement.ps1 | 6 ++++-- powershell/public/Test-MtCaMfaForAllUsers.ps1 | 6 ++++-- powershell/public/Test-MtCaMfaForGuest.ps1 | 6 ++++-- powershell/public/Test-MtCaMfaForRiskySignIn.ps1 | 6 ++++-- .../Test-MtCaRequirePasswordChangeForHighUserRisk.ps1 | 6 ++++-- .../public/Test-MtCaSecureSecurityInfoRegistration.ps1 | 6 ++++-- powershell/public/Test-MtCaWIFBlockLegacyAuthentication.ps1 | 3 +++ powershell/public/Test-MtConditionalAccessWhatIf.ps1 | 5 ++++- powershell/public/Test-MtPimAlertsExists.ps1 | 5 ++++- powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 | 5 ++++- .../public/cisa/entra/Test-MtCisaActivationNotification.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 | 6 ++++-- .../cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 | 6 ++++-- .../cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaMethodsMigration.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaMfa.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 | 6 ++++-- .../public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 | 6 ++++-- .../cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 | 6 ++++-- .../cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 | 6 ++++-- .../cisa/entra/Test-MtCisaRequireActivationApproval.ps1 | 6 ++++-- .../cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 | 6 ++++-- powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 | 6 ++++-- .../exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 | 6 ++++-- .../exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 | 6 ++++-- .../exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 | 6 ++++-- .../exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 | 6 ++++-- .../public/cisa/exchange/Get-MailAuthenticationRecord.ps1 | 6 ++++-- powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 | 4 +++- .../public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 | 6 ++++-- .../cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaContactSharing.ps1 | 6 ++++-- powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 | 6 ++++-- powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 | 6 ++++-- powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 | 6 ++++-- .../cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaSmtpAuthentication.ps1 | 6 ++++-- powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 | 6 ++++-- .../public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 | 6 ++++-- powershell/public/core/Get-MtHtmlReport.ps1 | 6 ++++-- powershell/public/core/Get-MtSession.ps1 | 6 ++++-- powershell/public/core/Install-MaesterTests.ps1 | 6 ++++-- powershell/public/core/Test-MtConnection.ps1 | 5 ++++- powershell/public/core/Update-MaesterTests.ps1 | 4 +++- powershell/public/eidsca/Test-MtEidscaControl.ps1 | 6 ++++-- 101 files changed, 394 insertions(+), 178 deletions(-) diff --git a/powershell/public/Add-MtTestResultDetail.ps1 b/powershell/public/Add-MtTestResultDetail.ps1 index 50df2327..fb7f11db 100644 --- a/powershell/public/Add-MtTestResultDetail.ps1 +++ b/powershell/public/Add-MtTestResultDetail.ps1 @@ -30,9 +30,11 @@ This example shows how to use the Add-MtTestResultDetail function to add rich markdown content to the test results with deep links to the admin portal. -#> -Function Add-MtTestResultDetail { +.LINK + https://maester.dev/docs/commands/Add-MtTestResultDetail +#> +function Add-MtTestResultDetail { [CmdletBinding()] param( # Brief description of what this test is checking. diff --git a/powershell/public/Clear-MtDnsCache.ps1 b/powershell/public/Clear-MtDnsCache.ps1 index 2b9c0a2b..352cf5ae 100644 --- a/powershell/public/Clear-MtDnsCache.ps1 +++ b/powershell/public/Clear-MtDnsCache.ps1 @@ -11,6 +11,9 @@ Clear-MtDnsCache This example clears the cache of all DNS lookups. + +.LINK + https://maester.dev/docs/commands/Clear-MtDnsCache #> function Clear-MtDnsCache { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification='Setting module level variable')] diff --git a/powershell/public/Clear-MtGraphCache.ps1 b/powershell/public/Clear-MtGraphCache.ps1 index e49a7685..05e026c3 100644 --- a/powershell/public/Clear-MtGraphCache.ps1 +++ b/powershell/public/Clear-MtGraphCache.ps1 @@ -16,6 +16,9 @@ Clear-MtGraphCache This example clears the cache of all Graph API calls. + +.LINK + https://maester.dev/docs/commands/Clear-MtGraphCache #> function Clear-MtGraphCache { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification='Setting module level variable')] diff --git a/powershell/public/Compare-MtTestResult.ps1 b/powershell/public/Compare-MtTestResult.ps1 index 5ef23643..9ddf3f16 100644 --- a/powershell/public/Compare-MtTestResult.ps1 +++ b/powershell/public/Compare-MtTestResult.ps1 @@ -12,6 +12,9 @@ PriorTest = (Get-Content .\test-results\TestResults-2024-05-20-182925.json | ConvertFrom-Json) } Compare-MtTestResult @tests + +.LINK + https://maester.dev/docs/commands/Compare-MtTestResult #> function Compare-MtTestResult { [CmdletBinding()] diff --git a/powershell/public/Connect-Maester.ps1 b/powershell/public/Connect-Maester.ps1 index 46dceb92..0e7deed8 100644 --- a/powershell/public/Connect-Maester.ps1 +++ b/powershell/public/Connect-Maester.ps1 @@ -45,9 +45,11 @@ Connect-Maester -Privileged Connects to Microsoft Graph with additional privileged scopes such as **RoleEligibilitySchedule.ReadWrite.Directory** that are required for querying global admin roles in Privileged Identity Management. -#> -Function Connect-Maester { +.LINK + https://maester.dev/docs/commands/Connect-Maester +#> +function Connect-Maester { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [Alias("Connect-MtGraph", "Connect-MtMaester")] [CmdletBinding()] diff --git a/powershell/public/Disconnect-Maester.ps1 b/powershell/public/Disconnect-Maester.ps1 index 9d76d9f3..5cfa2845 100644 --- a/powershell/public/Disconnect-Maester.ps1 +++ b/powershell/public/Disconnect-Maester.ps1 @@ -19,9 +19,11 @@ .Example Disconnect-MtMaester -#> -Function Disconnect-Maester { +.LINK + https://maester.dev/docs/commands/Disconnect-Maester +#> +function Disconnect-Maester { [Alias("Disconnect-MtMaester", "Disconnect-MtGraph")] [CmdletBinding()] param() diff --git a/powershell/public/Get-MtAuthenticationMethodPolicyConfig.ps1 b/powershell/public/Get-MtAuthenticationMethodPolicyConfig.ps1 index 8fe91200..dabb8d97 100644 --- a/powershell/public/Get-MtAuthenticationMethodPolicyConfig.ps1 +++ b/powershell/public/Get-MtAuthenticationMethodPolicyConfig.ps1 @@ -7,6 +7,9 @@ .EXAMPLE Get-MtAuthenticationMethodPolicyConfig -State Enabled + +.LINK + https://maester.dev/docs/commands/Get-MtAuthenticationMethodPolicyConfig #> function Get-MtAuthenticationMethodPolicyConfig { diff --git a/powershell/public/Get-MtConditionalAccessPolicy.ps1 b/powershell/public/Get-MtConditionalAccessPolicy.ps1 index 23ecea89..086d60fe 100644 --- a/powershell/public/Get-MtConditionalAccessPolicy.ps1 +++ b/powershell/public/Get-MtConditionalAccessPolicy.ps1 @@ -6,9 +6,11 @@ .Example Get-MtConditionalAccessPolicy -#> -Function Get-MtConditionalAccessPolicy { +.LINK + https://maester.dev/docs/commands/Get-MtConditionalAccessPolicy +#> +function Get-MtConditionalAccessPolicy { [CmdletBinding()] param() diff --git a/powershell/public/Get-MtGraphScope.ps1 b/powershell/public/Get-MtGraphScope.ps1 index 76fdc90e..4e2a7bf4 100644 --- a/powershell/public/Get-MtGraphScope.ps1 +++ b/powershell/public/Get-MtGraphScope.ps1 @@ -24,9 +24,11 @@ Connect-MgGraph -Scopes (Get-MtGraphScope -PrivilegedScopes) Connects to Microsoft Graph with the required scopes to run Maester for all tests, including those requiring read write APIs. -#> -Function Get-MtGraphScope { +.LINK + https://maester.dev/docs/commands/Get-MtGraphScope +#> +function Get-MtGraphScope { [CmdletBinding()] param( diff --git a/powershell/public/Get-MtGroupMember.ps1 b/powershell/public/Get-MtGroupMember.ps1 index a54995e5..cb60c469 100644 --- a/powershell/public/Get-MtGroupMember.ps1 +++ b/powershell/public/Get-MtGroupMember.ps1 @@ -6,9 +6,11 @@ .Example Get-MtGroupMember -#> -Function Get-MtGroupMember { +.LINK + https://maester.dev/docs/commands/Get-MtGroupMember +#> +function Get-MtGroupMember { [CmdletBinding()] param( [Parameter(Position=0,mandatory=$true)] diff --git a/powershell/public/Get-MtLicenseInformation.ps1 b/powershell/public/Get-MtLicenseInformation.ps1 index 8b3b1447..4a0bb2e8 100644 --- a/powershell/public/Get-MtLicenseInformation.ps1 +++ b/powershell/public/Get-MtLicenseInformation.ps1 @@ -10,6 +10,9 @@ .EXAMPLE Get-MtLicenseInformation -Product EntraID + +.LINK + https://maester.dev/docs/commands/Get-MtLicenseInformation #> function Get-MtLicenseInformation { [OutputType([string])] diff --git a/powershell/public/Get-MtRole.ps1 b/powershell/public/Get-MtRole.ps1 index b16de0fe..789634a7 100644 --- a/powershell/public/Get-MtRole.ps1 +++ b/powershell/public/Get-MtRole.ps1 @@ -10,9 +10,11 @@ .Example Get-MtRole -#> -Function Get-MtRole { +.LINK + https://maester.dev/docs/commands/Get-MtRole +#> +function Get-MtRole { [CmdletBinding()] param( [switch]$CisaHighlyPrivilegedRoles diff --git a/powershell/public/Get-MtRoleMember.ps1 b/powershell/public/Get-MtRoleMember.ps1 index c0561240..5a120b7d 100644 --- a/powershell/public/Get-MtRoleMember.ps1 +++ b/powershell/public/Get-MtRoleMember.ps1 @@ -35,9 +35,11 @@ Returns all the currently active members of the role with the specified RoleId. -#> -Function Get-MtRoleMember { +.LINK + https://maester.dev/docs/commands/Get-MtRoleMember +#> +function Get-MtRoleMember { [CmdletBinding(DefaultParameterSetName = "RoleName")] param( # The name of the role to get members for. diff --git a/powershell/public/Get-MtUser.ps1 b/powershell/public/Get-MtUser.ps1 index a10f49c2..02be8544 100644 --- a/powershell/public/Get-MtUser.ps1 +++ b/powershell/public/Get-MtUser.ps1 @@ -19,6 +19,9 @@ Get-MtUser -Count 5 -UserType Member # Get 5 Member users from the tenant. + +.LINK + https://maester.dev/docs/commands/Get-MtUser #> function Get-MtUser { [OutputType([System.Collections.ArrayList])] diff --git a/powershell/public/Get-MtUserAuthenticationMethod.ps1 b/powershell/public/Get-MtUserAuthenticationMethod.ps1 index 129b20b2..a6726633 100644 --- a/powershell/public/Get-MtUserAuthenticationMethod.ps1 +++ b/powershell/public/Get-MtUserAuthenticationMethod.ps1 @@ -20,8 +20,11 @@ Get-MtUserAuthenticationMethod -UserId 'john@contoso.com' # Get the authentication methods for the specified user + +.LINK + https://maester.dev/docs/commands/Get-MtUserAuthenticationMethod #> -Function Get-MtUserAuthenticationMethod { +function Get-MtUserAuthenticationMethod { [CmdletBinding()] param( # The GUID or user principal name of the user to get Authentication Methods for. diff --git a/powershell/public/Get-MtUserAuthenticationMethodInfoByType.ps1 b/powershell/public/Get-MtUserAuthenticationMethodInfoByType.ps1 index 6b5fc746..259cf5e5 100644 --- a/powershell/public/Get-MtUserAuthenticationMethodInfoByType.ps1 +++ b/powershell/public/Get-MtUserAuthenticationMethodInfoByType.ps1 @@ -16,9 +16,11 @@ $authMethod | Get-MtUserAuthenticationMethodInfoByType # Returns the DisplayName and IsMfa metadata for the authentication methods registered by the specified user. -#> -Function Get-MtUserAuthenticationMethodInfoByType { +.LINK + https://maester.dev/docs/commands/Get-MtUserAuthenticationMethodInfoByType +#> +function Get-MtUserAuthenticationMethodInfoByType { [CmdletBinding()] param( diff --git a/powershell/public/Invoke-Maester.ps1 b/powershell/public/Invoke-Maester.ps1 index 2a1a48b1..a23053db 100644 --- a/powershell/public/Invoke-Maester.ps1 +++ b/powershell/public/Invoke-Maester.ps1 @@ -70,9 +70,11 @@ Invoke-Maester -PesterConfiguration $configuration ``` Runs all the Pester tests in the EIDSCA folder. -#> -Function Invoke-Maester { +.LINK + https://maester.dev/docs/commands/Invoke-Maester +#> +function Invoke-Maester { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [Alias("Invoke-MtMaester")] [CmdletBinding()] diff --git a/powershell/public/Invoke-MtGraphRequest.ps1 b/powershell/public/Invoke-MtGraphRequest.ps1 index 337cddb4..c775537d 100644 --- a/powershell/public/Invoke-MtGraphRequest.ps1 +++ b/powershell/public/Invoke-MtGraphRequest.ps1 @@ -21,8 +21,11 @@ Get all users with a display name of "John Doe" and return the first 10 results. + +.LINK + https://maester.dev/docs/commands/Invoke-MtGraphRequest #> -Function Invoke-MtGraphRequest { +function Invoke-MtGraphRequest { [CmdletBinding()] param( # Graph endpoint such as "users". diff --git a/powershell/public/Send-MtMail.ps1 b/powershell/public/Send-MtMail.ps1 index ed830276..370be5de 100644 --- a/powershell/public/Send-MtMail.ps1 +++ b/powershell/public/Send-MtMail.ps1 @@ -20,9 +20,11 @@ Send-MtMail -MaesterResults $MaesterResults -Recipient john@contoso.com, sam@contoso.com -Subject 'Maester Results' -TestResultsUri "https://github.com/contoso/maester/runs/123456789" Sends an email with the summary of the Maester test results to two users along with the link to the detailed test results. -#> -Function Send-MtMail { +.LINK + https://maester.dev/docs/commands/Send-MtMail +#> +function Send-MtMail { [CmdletBinding()] param( # The Maester test results returned from `Invoke-Pester -PassThru | ConvertTo-MtMaesterResult` diff --git a/powershell/public/Send-MtTeamsMessage.ps1 b/powershell/public/Send-MtTeamsMessage.ps1 index af6513f5..a224a6d1 100644 --- a/powershell/public/Send-MtTeamsMessage.ps1 +++ b/powershell/public/Send-MtTeamsMessage.ps1 @@ -20,9 +20,11 @@ Send-MtTeamsMessage -MaesterResults $MaesterResults -TeamId '00000000-0000-0000-0000-000000000000' -TeamChannelId '19%3A00000000000000000000000000000000%40thread.tacv2' -Subject 'Maester Results' -TestResultsUri "https://github.com/contoso/maester/runs/123456789" Sends an Adaptive Card in a Teams Channel with the summary of the Maester test results to the specified channel along with the link to the detailed test results. -#> -Function Send-MtTeamsMessage { +.LINK + https://maester.dev/docs/commands/Send-MtTeamsMessage +#> +function Send-MtTeamsMessage { [CmdletBinding()] param( # The Maester test results returned from `Invoke-Pester -PassThru | ConvertTo-MtMaesterResult` diff --git a/powershell/public/Test-MtAppManagementPolicyEnabled.ps1 b/powershell/public/Test-MtAppManagementPolicyEnabled.ps1 index 67aef82a..f7e19faf 100644 --- a/powershell/public/Test-MtAppManagementPolicyEnabled.ps1 +++ b/powershell/public/Test-MtAppManagementPolicyEnabled.ps1 @@ -7,9 +7,11 @@ .Example Test-MtAppManagementPolicyEnabled -#> -Function Test-MtAppManagementPolicyEnabled { +.LINK + https://maester.dev/docs/commands/Test-MtAppManagementPolicyEnabled +#> +function Test-MtAppManagementPolicyEnabled { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/Test-MtCaAllAppsExists.ps1 b/powershell/public/Test-MtCaAllAppsExists.ps1 index 8710ad0c..1f32be15 100644 --- a/powershell/public/Test-MtCaAllAppsExists.ps1 +++ b/powershell/public/Test-MtCaAllAppsExists.ps1 @@ -18,9 +18,11 @@ Test-MtCaAllAppsExists -SkipCheckAllUsers Returns true if at least one conditional access policy exists that targets all cloud apps and all users, but skips the check for all users. -#> -Function Test-MtCaAllAppsExists { +.LINK + https://maester.dev/docs/commands/Test-MtCaAllAppsExists +#> +function Test-MtCaAllAppsExists { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'Exists is not a plurality')] [CmdletBinding()] [OutputType([bool])] diff --git a/powershell/public/Test-MtCaApplicationEnforcedRestriction.ps1 b/powershell/public/Test-MtCaApplicationEnforcedRestriction.ps1 index 42d9ee07..be38c2dc 100644 --- a/powershell/public/Test-MtCaApplicationEnforcedRestriction.ps1 +++ b/powershell/public/Test-MtCaApplicationEnforcedRestriction.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaApplicationEnforcedRestriction -#> -Function Test-MtCaApplicationEnforcedRestriction { +.LINK + https://maester.dev/docs/commands/Test-MtCaApplicationEnforcedRestriction +#> +function Test-MtCaApplicationEnforcedRestriction { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaBlockLegacyExchangeActiveSyncAuthentication.ps1 b/powershell/public/Test-MtCaBlockLegacyExchangeActiveSyncAuthentication.ps1 index f982d6af..c8666b83 100644 --- a/powershell/public/Test-MtCaBlockLegacyExchangeActiveSyncAuthentication.ps1 +++ b/powershell/public/Test-MtCaBlockLegacyExchangeActiveSyncAuthentication.ps1 @@ -11,9 +11,11 @@ .Example Test-MtCaBlockLegacyExchangeActiveSyncAuthentication -#> -Function Test-MtCaBlockLegacyExchangeActiveSyncAuthentication { +.LINK + https://maester.dev/docs/commands/Test-MtCaBlockLegacyExchangeActiveSyncAuthentication +#> +function Test-MtCaBlockLegacyExchangeActiveSyncAuthentication { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaBlockLegacyOtherAuthentication.ps1 b/powershell/public/Test-MtCaBlockLegacyOtherAuthentication.ps1 index da61b1c3..254ecec8 100644 --- a/powershell/public/Test-MtCaBlockLegacyOtherAuthentication.ps1 +++ b/powershell/public/Test-MtCaBlockLegacyOtherAuthentication.ps1 @@ -11,9 +11,11 @@ .Example Test-MtCaBlockLegacyOtherAuthentication -#> -Function Test-MtCaBlockLegacyOtherAuthentication { +.LINK + https://maester.dev/docs/commands/Test-MtCaBlockLegacyOtherAuthentication +#> +function Test-MtCaBlockLegacyOtherAuthentication { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaBlockUnknownOrUnsupportedDevicePlatform.ps1 b/powershell/public/Test-MtCaBlockUnknownOrUnsupportedDevicePlatform.ps1 index 9dd44938..a4d91958 100644 --- a/powershell/public/Test-MtCaBlockUnknownOrUnsupportedDevicePlatform.ps1 +++ b/powershell/public/Test-MtCaBlockUnknownOrUnsupportedDevicePlatform.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaBlockUnknownOrUnsupportedDevicePlatform -#> -Function Test-MtCaBlockUnknownOrUnsupportedDevicePlatform { +.LINK + https://maester.dev/docs/commands/Test-MtCaBlockUnknownOrUnsupportedDevicePlatform +#> +function Test-MtCaBlockUnknownOrUnsupportedDevicePlatform { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaDeviceComplianceAdminsExists.ps1 b/powershell/public/Test-MtCaDeviceComplianceAdminsExists.ps1 index 21947c0a..b79260ee 100644 --- a/powershell/public/Test-MtCaDeviceComplianceAdminsExists.ps1 +++ b/powershell/public/Test-MtCaDeviceComplianceAdminsExists.ps1 @@ -11,9 +11,11 @@ .Example Test-MtCaDeviceComplianceAdminsExists -#> -Function Test-MtCaDeviceComplianceAdminsExists { +.LINK + https://maester.dev/docs/commands/Test-MtCaDeviceComplianceAdminsExists +#> +function Test-MtCaDeviceComplianceAdminsExists { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'Exists is not a plural.')] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'PSScriptAnalyzer bug is not detecting usage of PolicyIncludesAllRoles')] [CmdletBinding()] diff --git a/powershell/public/Test-MtCaDeviceComplianceExists.ps1 b/powershell/public/Test-MtCaDeviceComplianceExists.ps1 index 4ce8fe65..74faf9f0 100644 --- a/powershell/public/Test-MtCaDeviceComplianceExists.ps1 +++ b/powershell/public/Test-MtCaDeviceComplianceExists.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaDeviceComplianceExists -#> -Function Test-MtCaDeviceComplianceExists { +.LINK + https://maester.dev/docs/commands/Test-MtCaDeviceComplianceExists +#> +function Test-MtCaDeviceComplianceExists { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'Exists is not a plural.')] [CmdletBinding()] [OutputType([bool])] diff --git a/powershell/public/Test-MtCaEmergencyAccessExists.ps1 b/powershell/public/Test-MtCaEmergencyAccessExists.ps1 index 472f0804..f9fbdbd8 100644 --- a/powershell/public/Test-MtCaEmergencyAccessExists.ps1 +++ b/powershell/public/Test-MtCaEmergencyAccessExists.ps1 @@ -11,9 +11,11 @@ .Example Test-MtCaEmergencyAccessExists -#> -Function Test-MtCaEmergencyAccessExists { +.LINK + https://maester.dev/docs/commands/Test-MtCaEmergencyAccessExists +#> +function Test-MtCaEmergencyAccessExists { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'Exists is not a plural.')] [CmdletBinding()] [OutputType([bool])] diff --git a/powershell/public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 b/powershell/public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 index f13ca3ee..a9c0451e 100644 --- a/powershell/public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 +++ b/powershell/public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaEnforceNonPersistentBrowserSession -#> -Function Test-MtCaEnforceNonPersistentBrowserSession { +.LINK + https://maester.dev/docs/commands/Test-MtCaEnforceNonPersistentBrowserSession +#> +function Test-MtCaEnforceNonPersistentBrowserSession { [CmdletBinding()] [OutputType([bool])] param ( diff --git a/powershell/public/Test-MtCaEnforceSignInFrequency.ps1 b/powershell/public/Test-MtCaEnforceSignInFrequency.ps1 index e7a75000..840ed051 100644 --- a/powershell/public/Test-MtCaEnforceSignInFrequency.ps1 +++ b/powershell/public/Test-MtCaEnforceSignInFrequency.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaEnforceSignInFrequency -#> -Function Test-MtCaEnforceSignInFrequency { +.LINK + https://maester.dev/docs/commands/Test-MtCaEnforceSignInFrequency +#> +function Test-MtCaEnforceSignInFrequency { [CmdletBinding()] [OutputType([bool])] param ( diff --git a/powershell/public/Test-MtCaExclusionForDirectorySyncAccount.ps1 b/powershell/public/Test-MtCaExclusionForDirectorySyncAccount.ps1 index b62d124d..5a21e646 100644 --- a/powershell/public/Test-MtCaExclusionForDirectorySyncAccount.ps1 +++ b/powershell/public/Test-MtCaExclusionForDirectorySyncAccount.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaExclusionForDirectorySyncAccount -#> -Function Test-MtCaExclusionForDirectorySyncAccount { +.LINK + https://maester.dev/docs/commands/Test-MtCaExclusionForDirectorySyncAccount +#> +function Test-MtCaExclusionForDirectorySyncAccount { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'PolicyIncludesAllUsers is used in the condition.')] [CmdletBinding()] [OutputType([bool])] diff --git a/powershell/public/Test-MtCaLicenseUtilization.ps1 b/powershell/public/Test-MtCaLicenseUtilization.ps1 index 7f061bca..9674df80 100644 --- a/powershell/public/Test-MtCaLicenseUtilization.ps1 +++ b/powershell/public/Test-MtCaLicenseUtilization.ps1 @@ -16,6 +16,9 @@ Test-MtCaLicenseUtilization -License P2 This example tests the utilization of P2 licenses in the tenant. + +.LINK + https://maester.dev/docs/commands/Test-MtCaLicenseUtilization #> function Test-MtCaLicenseUtilization { [CmdletBinding()] diff --git a/powershell/public/Test-MtCaMfaForAdmin.ps1 b/powershell/public/Test-MtCaMfaForAdmin.ps1 index b0eda5be..48b2a65f 100644 --- a/powershell/public/Test-MtCaMfaForAdmin.ps1 +++ b/powershell/public/Test-MtCaMfaForAdmin.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaMfaForAdmin -#> -Function Test-MtCaMfaForAdmin { +.LINK + https://maester.dev/docs/commands/Test-MtCaMfaForAdmin +#> +function Test-MtCaMfaForAdmin { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'PolicyIncludesAllRoles is used in the condition.')] [CmdletBinding()] [OutputType([bool])] diff --git a/powershell/public/Test-MtCaMfaForAdminManagement.ps1 b/powershell/public/Test-MtCaMfaForAdminManagement.ps1 index 48c4611e..e0db0c62 100644 --- a/powershell/public/Test-MtCaMfaForAdminManagement.ps1 +++ b/powershell/public/Test-MtCaMfaForAdminManagement.ps1 @@ -11,9 +11,11 @@ .Example Test-MtCaMfaForAdminManagement -#> -Function Test-MtCaMfaForAdminManagement { +.LINK + https://maester.dev/docs/commands/Test-MtCaMfaForAdminManagement +#> +function Test-MtCaMfaForAdminManagement { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaMfaForAllUsers.ps1 b/powershell/public/Test-MtCaMfaForAllUsers.ps1 index 6f639c7a..af3cdc3f 100644 --- a/powershell/public/Test-MtCaMfaForAllUsers.ps1 +++ b/powershell/public/Test-MtCaMfaForAllUsers.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaMfaForAllUsers -#> -Function Test-MtCaMfaForAllUsers { +.LINK + https://maester.dev/docs/commands/Test-MtCaMfaForAllUsers +#> +function Test-MtCaMfaForAllUsers { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'AllUsers is a well known term for conditional access policies.')] [CmdletBinding()] [OutputType([bool])] diff --git a/powershell/public/Test-MtCaMfaForGuest.ps1 b/powershell/public/Test-MtCaMfaForGuest.ps1 index 5b445441..be9778ae 100644 --- a/powershell/public/Test-MtCaMfaForGuest.ps1 +++ b/powershell/public/Test-MtCaMfaForGuest.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaMfaForGuest -#> -Function Test-MtCaMfaForGuest { +.LINK + https://maester.dev/docs/commands/Test-MtCaMfaForGuest +#> +function Test-MtCaMfaForGuest { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaMfaForRiskySignIn.ps1 b/powershell/public/Test-MtCaMfaForRiskySignIn.ps1 index 284ec233..3093e5da 100644 --- a/powershell/public/Test-MtCaMfaForRiskySignIn.ps1 +++ b/powershell/public/Test-MtCaMfaForRiskySignIn.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaMfaForRiskySignIn -#> -Function Test-MtCaMfaForRiskySignIn { +.LINK + https://maester.dev/docs/commands/Test-MtCaMfaForRiskySignIn +#> +function Test-MtCaMfaForRiskySignIn { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaRequirePasswordChangeForHighUserRisk.ps1 b/powershell/public/Test-MtCaRequirePasswordChangeForHighUserRisk.ps1 index c60f8514..c70f3b83 100644 --- a/powershell/public/Test-MtCaRequirePasswordChangeForHighUserRisk.ps1 +++ b/powershell/public/Test-MtCaRequirePasswordChangeForHighUserRisk.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaRequirePasswordChangeForHighUserRisk -#> -Function Test-MtCaRequirePasswordChangeForHighUserRisk { +.LINK + https://maester.dev/docs/commands/Test-MtCaRequirePasswordChangeForHighUserRisk +#> +function Test-MtCaRequirePasswordChangeForHighUserRisk { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaSecureSecurityInfoRegistration.ps1 b/powershell/public/Test-MtCaSecureSecurityInfoRegistration.ps1 index 4929fd1d..5e92692a 100644 --- a/powershell/public/Test-MtCaSecureSecurityInfoRegistration.ps1 +++ b/powershell/public/Test-MtCaSecureSecurityInfoRegistration.ps1 @@ -10,9 +10,11 @@ .Example Test-MtCaSecureSecurityInfoRegistration -#> -Function Test-MtCaSecureSecurityInfoRegistration { +.LINK + https://maester.dev/docs/commands/Test-MtCaSecureSecurityInfoRegistration +#> +function Test-MtCaSecureSecurityInfoRegistration { [CmdletBinding()] [OutputType([bool])] param () diff --git a/powershell/public/Test-MtCaWIFBlockLegacyAuthentication.ps1 b/powershell/public/Test-MtCaWIFBlockLegacyAuthentication.ps1 index bdafffa2..9f7a8f91 100644 --- a/powershell/public/Test-MtCaWIFBlockLegacyAuthentication.ps1 +++ b/powershell/public/Test-MtCaWIFBlockLegacyAuthentication.ps1 @@ -10,6 +10,9 @@ .EXAMPLE Test-MtCaWIFBlockLegacyAuthentication -UserId "e7417ac7-0485-4014-9100-33163bd6211f" + +.LINK + https://maester.dev/docs/commands/Test-MtCaWIFBlockLegacyAuthentication #> function Test-MtCaWIFBlockLegacyAuthentication { [CmdletBinding()] diff --git a/powershell/public/Test-MtConditionalAccessWhatIf.ps1 b/powershell/public/Test-MtConditionalAccessWhatIf.ps1 index 3a78abb4..99836e72 100644 --- a/powershell/public/Test-MtConditionalAccessWhatIf.ps1 +++ b/powershell/public/Test-MtConditionalAccessWhatIf.ps1 @@ -44,7 +44,10 @@ -UserRiskLevel High This example tests the Conditional Access policies for a user accessing the **My Security Info** page from an **Android** device with a **High** user risk level. - #> + +.LINK + https://maester.dev/docs/commands/Test-MtConditionalAccessWhatIf +#> function Test-MtConditionalAccessWhatIf { [CmdletBinding(DefaultParameterSetName = 'ApplicationBasedCA')] [OutputType([object])] diff --git a/powershell/public/Test-MtPimAlertsExists.ps1 b/powershell/public/Test-MtPimAlertsExists.ps1 index 7f3f62c3..848de8e5 100644 --- a/powershell/public/Test-MtPimAlertsExists.ps1 +++ b/powershell/public/Test-MtPimAlertsExists.ps1 @@ -7,8 +7,11 @@ .Example Test-MtPimAlertsExists -FilteredAccessLevel "ControlPlane" -AlertId "RolesAssignedOutsidePimAlert" + +.LINK + https://maester.dev/docs/commands/Test-MtPimAlertsExists #> -Function Test-MtPimAlertsExists { +function Test-MtPimAlertsExists { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'Exists is not a plurality')] [OutputType([object])] [CmdletBinding()] diff --git a/powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 b/powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 index 289f963c..1aa41ed8 100644 --- a/powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 +++ b/powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 @@ -7,8 +7,11 @@ .Example Test-MtPrivPermanentDirectoryRole -FilteredAccessLevel "ControlPlane" -FilterPrincipal "ExternalUser" + +.LINK + https://maester.dev/docs/commands/Test-MtPrivPermanentDirectoryRole #> -Function Test-MtPrivPermanentDirectoryRole { +function Test-MtPrivPermanentDirectoryRole { [OutputType([bool])] [CmdletBinding()] param ( diff --git a/powershell/public/cisa/entra/Test-MtCisaActivationNotification.ps1 b/powershell/public/cisa/entra/Test-MtCisaActivationNotification.ps1 index 126a354c..1d097778 100644 --- a/powershell/public/cisa/entra/Test-MtCisaActivationNotification.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaActivationNotification.ps1 @@ -16,9 +16,11 @@ Test-MtCisaActivationNotification -GlobalAdminOnly Returns true if notifications are set for activation of the Global Admin role -#> -Function Test-MtCisaActivationNotification { +.LINK + https://maester.dev/docs/commands/Test-MtCisaActivationNotification +#> +function Test-MtCisaActivationNotification { [CmdletBinding()] [OutputType([bool])] param( diff --git a/powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 index fff45d43..0ef8482f 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAppAdminConsent Returns true if configured -#> -Function Test-MtCisaAppAdminConsent { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAppAdminConsent +#> +function Test-MtCisaAppAdminConsent { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 index fd76740f..919449f6 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAppGroupOwnerConsent Returns true if disabled -#> -Function Test-MtCisaAppGroupOwnerConsent { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAppGroupOwnerConsent +#> +function Test-MtCisaAppGroupOwnerConsent { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 index 8c800072..e8614c8e 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAppRegistration Returns true if disabled -#> -Function Test-MtCisaAppRegistration { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAppRegistration +#> +function Test-MtCisaAppRegistration { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 index b8c74eb6..a7d8263e 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAppUserConsent Returns true if disabled -#> -Function Test-MtCisaAppUserConsent { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAppUserConsent +#> +function Test-MtCisaAppUserConsent { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 b/powershell/public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 index 74f1adc6..2c5b1c1d 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAssignmentNotification Returns true if notifications are set for all roles -#> -Function Test-MtCisaAssignmentNotification { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAssignmentNotification +#> +function Test-MtCisaAssignmentNotification { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 b/powershell/public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 index 8f3cfc32..253c15f9 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAuthenticatorContext Returns true if the Authentication Methods policy for Microsoft Authenticator is set appropriately -#> -Function Test-MtCisaAuthenticatorContext { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAuthenticatorContext +#> +function Test-MtCisaAuthenticatorContext { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 b/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 index 647e09ae..af08cc67 100644 --- a/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 @@ -10,9 +10,11 @@ Test-MtCisaBlockHighRiskSignIn Returns true if at least one policy is set to block high risk sign-ins. -#> -Function Test-MtCisaBlockHighRiskSignIn { +.LINK + https://maester.dev/docs/commands/Test-MtCisaBlockHighRiskSignIn +#> +function Test-MtCisaBlockHighRiskSignIn { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 b/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 index 9d9bf78e..ff591ef4 100644 --- a/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 @@ -10,9 +10,11 @@ Test-MtCisaBlockHighRiskUser Returns true if at least one policy is set to block high risk users. -#> -Function Test-MtCisaBlockHighRiskUser { +.LINK + https://maester.dev/docs/commands/Test-MtCisaBlockHighRiskUser +#> +function Test-MtCisaBlockHighRiskUser { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 b/powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 index 31fad95d..85ce7541 100644 --- a/powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 @@ -10,9 +10,11 @@ Test-MtCisaBlockLegacyAuth Returns true if a CA policy exists that blocks legacy authentication. -#> -Function Test-MtCisaBlockLegacyAuth { +.LINK + https://maester.dev/docs/commands/Test-MtCisaBlockLegacyAuth +#> +function Test-MtCisaBlockLegacyAuth { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 b/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 index 81660d00..4966c1ce 100644 --- a/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 @@ -10,9 +10,11 @@ Test-MtCisaCloudGlobalAdmin Returns true if all global admins are cloud users -#> -Function Test-MtCisaCloudGlobalAdmin { +.LINK + https://maester.dev/docs/commands/Test-MtCisaCloudGlobalAdmin +#> +function Test-MtCisaCloudGlobalAdmin { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 b/powershell/public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 index 3bb45083..0e599057 100644 --- a/powershell/public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 @@ -11,9 +11,11 @@ Returns true if cross-tenant default inbound access is set to block. -#> -Function Test-MtCisaCrossTenantInboundDefault { +.LINK + https://maester.dev/docs/commands/Test-MtCisaCrossTenantInboundDefault +#> +function Test-MtCisaCrossTenantInboundDefault { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 b/powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 index d668e69d..41071d25 100644 --- a/powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 @@ -11,9 +11,11 @@ Returns true if diagnostic settings for the appropriate logs are configured -#> -Function Test-MtCisaDiagnosticSettings { +.LINK + https://maester.dev/docs/commands/Test-MtCisaDiagnosticSettings +#> +function Test-MtCisaDiagnosticSettings { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'Diagnostic Settings is a specific term')] [CmdletBinding()] [OutputType([bool])] diff --git a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 index c0a0827e..5119389e 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 @@ -10,9 +10,11 @@ Test-MtCisaGlobalAdminCount Returns true if only 2 to 8 users are eligible to be global admins -#> -Function Test-MtCisaGlobalAdminCount { +.LINK + https://maester.dev/docs/commands/Test-MtCisaGlobalAdminCount +#> +function Test-MtCisaGlobalAdminCount { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 index 6a40569a..3b41a7fc 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 @@ -10,9 +10,11 @@ Test-MtCisaGlobalAdminRatio Returns true if global admin to privileged roles ration is 1 or less -#> -Function Test-MtCisaGlobalAdminRatio { +.LINK + https://maester.dev/docs/commands/Test-MtCisaGlobalAdminRatio +#> +function Test-MtCisaGlobalAdminRatio { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 b/powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 index 970ce5ba..7bb82ea3 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 @@ -10,9 +10,11 @@ Test-MtCisaGuestInvitation Returns true if guest invitiations are restricted to admins -#> -Function Test-MtCisaGuestInvitation { +.LINK + https://maester.dev/docs/commands/Test-MtCisaGuestInvitation +#> +function Test-MtCisaGuestInvitation { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 b/powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 index 9de73908..dad1bee3 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 @@ -10,9 +10,11 @@ Test-MtCisaGuestUserAccess Returns true if guests use proper role template -#> -Function Test-MtCisaGuestUserAccess { +.LINK + https://maester.dev/docs/commands/Test-MtCisaGuestUserAccess +#> +function Test-MtCisaGuestUserAccess { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 b/powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 index 09b9564d..e7e73062 100644 --- a/powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 @@ -10,9 +10,11 @@ Test-MtCisaManagedDevice Returns true if at least one policy requires managed devices -#> -Function Test-MtCisaManagedDevice { +.LINK + https://maester.dev/docs/commands/Test-MtCisaManagedDevice +#> +function Test-MtCisaManagedDevice { [CmdletBinding()] [OutputType([bool])] param( diff --git a/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 b/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 index 85943fd2..5ec3fd17 100644 --- a/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 @@ -10,9 +10,11 @@ Test-MtCisaManagedDeviceRegistration Returns true if at least one policy requires MFA for registration -#> -Function Test-MtCisaManagedDeviceRegistration { +.LINK + https://maester.dev/docs/commands/Test-MtCisaManagedDeviceRegistration +#> +function Test-MtCisaManagedDeviceRegistration { [CmdletBinding()] [OutputType([bool])] param( diff --git a/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 b/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 index a011362d..4db5f3e6 100644 --- a/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 @@ -10,9 +10,11 @@ Test-MtCisaMethodsMigration Returns true if policyMigrationState is migrationComplete -#> -Function Test-MtCisaMethodsMigration { +.LINK + https://maester.dev/docs/commands/Test-MtCisaMethodsMigration +#> +function Test-MtCisaMethodsMigration { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaMfa.ps1 b/powershell/public/cisa/entra/Test-MtCisaMfa.ps1 index 5901b58e..37e05fb5 100644 --- a/powershell/public/cisa/entra/Test-MtCisaMfa.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaMfa.ps1 @@ -10,9 +10,11 @@ Test-MtCisaMfa Returns true if at least one policy requires MFA -#> -Function Test-MtCisaMfa { +.LINK + https://maester.dev/docs/commands/Test-MtCisaMfa +#> +function Test-MtCisaMfa { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 b/powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 index 32ecfad4..385c2733 100644 --- a/powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 @@ -14,9 +14,11 @@ Test-MtCisaNotifyHighRisk Returns the result of (graph.microsoft.com/beta/identityProtection/settings/notifications) -#> -Function Test-MtCisaNotifyHighRisk { +.LINK + https://maester.dev/docs/commands/Test-MtCisaNotifyHighRisk +#> +function Test-MtCisaNotifyHighRisk { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 b/powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 index 532725bb..7e194001 100644 --- a/powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 @@ -10,9 +10,11 @@ Test-MtCisaPasswordExpiration Returns true if at least 1 domain has password expiration of 100 years or greater -#> -Function Test-MtCisaPasswordExpiration { +.LINK + https://maester.dev/docs/commands/Test-MtCisaPasswordExpiration +#> +function Test-MtCisaPasswordExpiration { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 b/powershell/public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 index 72d659c3..ab59d8cd 100644 --- a/powershell/public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 @@ -10,9 +10,11 @@ Test-MtCisaPermanentRoleAssignment Returns true if no roles have permanent active assignments -#> -Function Test-MtCisaPermanentRoleAssignment { +.LINK + https://maester.dev/docs/commands/Test-MtCisaPermanentRoleAssignment +#> +function Test-MtCisaPermanentRoleAssignment { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 b/powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 index 426fede1..e81598c9 100644 --- a/powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 @@ -10,9 +10,11 @@ Test-MtCisaPhishResistant Returns true if at least one policy is set to use the built-in phishing resistant authentication strengths -#> -Function Test-MtCisaPhishResistant { +.LINK + https://maester.dev/docs/commands/Test-MtCisaPhishResistant +#> +function Test-MtCisaPhishResistant { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 b/powershell/public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 index 74235da5..1f8f5231 100644 --- a/powershell/public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 @@ -9,9 +9,11 @@ Test-MtCisaPhishResistant Returns true if at least one policy requires phishing resistant methods for the specific roles -#> -Function Test-MtCisaPrivilegedPhishResistant { +.LINK + https://maester.dev/docs/commands/Test-MtCisaPrivilegedPhishResistant +#> +function Test-MtCisaPrivilegedPhishResistant { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 b/powershell/public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 index 6edea839..6e427243 100644 --- a/powershell/public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 @@ -10,9 +10,11 @@ Test-MtCisaRequireActivationApproval Returns true if the Global Admin role requires approval on activation -#> -Function Test-MtCisaRequireActivationApproval { +.LINK + https://maester.dev/docs/commands/Test-MtCisaRequireActivationApproval +#> +function Test-MtCisaRequireActivationApproval { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 b/powershell/public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 index 4b8d6e37..b5d700fb 100644 --- a/powershell/public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 @@ -10,9 +10,11 @@ Test-MtCisaUnmanagedRoleAssignment Returns true if all role assignments have a start time -#> -Function Test-MtCisaUnmanagedRoleAssignment { +.LINK + https://maester.dev/docs/commands/Test-MtCisaUnmanagedRoleAssignment +#> +function Test-MtCisaUnmanagedRoleAssignment { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 b/powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 index 942d2aab..4043e2c3 100644 --- a/powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 @@ -10,9 +10,11 @@ Test-MtCisaWeakFactor Returns true if weak Authentication Methods are disabled -#> -Function Test-MtCisaWeakFactor { +.LINK + https://maester.dev/docs/commands/Test-MtCisaWeakFactor +#> +function Test-MtCisaWeakFactor { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 index a3bf55d0..01b6a71a 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 @@ -25,9 +25,11 @@ warnings : ConvertFrom-MailAuthenticationRecordDkim -DomainName "microsoft.com" Returns [DKIMRecord] or "Failure to obtain record" -#> -Function ConvertFrom-MailAuthenticationRecordDkim { +.LINK + https://maester.dev/docs/commands/ConvertFrom-MailAuthenticationRecordDkim +#> +function ConvertFrom-MailAuthenticationRecordDkim { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([DKIMRecord], [System.String])] [cmdletbinding()] diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 index 399fa602..140b5f5d 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 @@ -30,9 +30,11 @@ warnings : {sp: No subdomain policy set, adkim: No DKIM alignment se ConvertFrom-MailAuthenticationRecordDmarc -DomainName "microsoft.com" Returns [DMARCRecord] or "Failure to obtain record" -#> -Function ConvertFrom-MailAuthenticationRecordDmarc { +.LINK + https://maester.dev/docs/commands/ConvertFrom-MailAuthenticationRecordDmarc +#> +function ConvertFrom-MailAuthenticationRecordDmarc { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([DMARCRecord], [System.String])] [cmdletbinding()] diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 index fef5098b..5a592b95 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 @@ -12,9 +12,11 @@ microsoft.com MX 1731 Answer microsoft-com.m ConvertFrom-MailAuthenticationRecordMx -DomainName "microsoft.com" Returns MX records or "Failure to obtain record" -#> -Function ConvertFrom-MailAuthenticationRecordMx { +.LINK + https://maester.dev/docs/commands/ConvertFrom-MailAuthenticationRecordMx +#> +function ConvertFrom-MailAuthenticationRecordMx { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([PSCustomObject], [System.String])] [cmdletbinding()] diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 index d927c825..822fb85a 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 @@ -19,9 +19,11 @@ warnings : ConvertFrom-MailAuthenticationRecordSpf -DomainName "microsoft.com" Returns [SPFRecord] object or "Failure to obtain record" -#> -Function ConvertFrom-MailAuthenticationRecordSpf { +.LINK + https://maester.dev/docs/commands/ConvertFrom-MailAuthenticationRecordSpf +#> +function ConvertFrom-MailAuthenticationRecordSpf { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([SPFRecord], [System.String])] [cmdletbinding()] diff --git a/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 b/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 index 2959a283..9d841c9d 100644 --- a/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 +++ b/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 @@ -16,9 +16,11 @@ Get-MailAuthenticationRecord -DomainName "microsoft.com" Returns an object containing the structured mail authentication objects -#> -Function Get-MailAuthenticationRecord { +.LINK + https://maester.dev/docs/commands/Get-MailAuthenticationRecord +#> +function Get-MailAuthenticationRecord { [OutputType([pscustomobject])] [cmdletbinding()] param( diff --git a/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 b/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 index a541f2ec..d888ac67 100644 --- a/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 +++ b/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 @@ -9,8 +9,10 @@ .EXAMPLE Resolve-SPFRecord microsoft.com -#> +.LINK + https://maester.dev/docs/commands/Resolve-SPFRecord +#> function Resolve-SPFRecord { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([spfrecord[]], [System.String])] diff --git a/powershell/public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 index c110483a..b500d267 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAntiSpamAllowList Returns true if no allowed IPs in anti-spam policy -#> -Function Test-MtCisaAntiSpamAllowList { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAntiSpamAllowList +#> +function Test-MtCisaAntiSpamAllowList { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 index fffc3e1d..0d6cafdb 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAntiSpamSafeList Returns true if Safe List is disabled in anti-spam policy -#> -Function Test-MtCisaAntiSpamSafeList { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAntiSpamSafeList +#> +function Test-MtCisaAntiSpamSafeList { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 index 74fe6c5f..d5900baf 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 @@ -10,9 +10,11 @@ Test-MtCisaAutoExternalForwarding Returns true if no domain is enabled for auto forwarding -#> -Function Test-MtCisaAutoExternalForwarding { +.LINK + https://maester.dev/docs/commands/Test-MtCisaAutoExternalForwarding +#> +function Test-MtCisaAutoExternalForwarding { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 b/powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 index c79b7fbd..e7c7d599 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 @@ -10,9 +10,11 @@ Test-MtCisaCalendarSharing Returns true if no sharing policies allow uncontrolled calendar sharing. -#> -Function Test-MtCisaCalendarSharing { +.LINK + https://maester.dev/docs/commands/Test-MtCisaCalendarSharing +#> +function Test-MtCisaCalendarSharing { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 b/powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 index 3d370ef5..79936eb3 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 @@ -10,9 +10,11 @@ Test-MtCisaContactSharing Returns true if no sharing policies allow uncontrolled contact sharing. -#> -Function Test-MtCisaContactSharing { +.LINK + https://maester.dev/docs/commands/Test-MtCisaContactSharing +#> +function Test-MtCisaContactSharing { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 index 2f3b99f3..ee23a949 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 @@ -10,9 +10,11 @@ Test-MtCisaDkim Returns true if DKIM record exists and EXO shows DKIM enabled -#> -Function Test-MtCisaDkim { +.LINK + https://maester.dev/docs/commands/Test-MtCisaDkim +#> +function Test-MtCisaDkim { [CmdletBinding()] [OutputType([bool])] param( diff --git a/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 index 2d6c1e5f..058104d1 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 @@ -10,9 +10,11 @@ Test-MtCisaDlp Returns true if -#> -Function Test-MtCisaDlp { +.LINK + https://maester.dev/docs/commands/Test-MtCisaDlp +#> +function Test-MtCisaDlp { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 index ea907c2c..7681f93f 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 @@ -15,9 +15,11 @@ Test-MtCisaDmarcAggregateCisa -Force Returns true if DMARC record with reject policy exists for every domain -#> -Function Test-MtCisaDmarcAggregateCisa { +.LINK + https://maester.dev/docs/commands/Test-MtCisaDmarcAggregateCisa +#> +function Test-MtCisaDmarcAggregateCisa { [CmdletBinding()] [OutputType([bool])] param( diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 index bb48ed77..b3ba038c 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 @@ -10,9 +10,11 @@ Test-MtCisaDmarcRecordExist Returns true if DMARC record exists for all 2LD -#> -Function Test-MtCisaDmarcRecordExist { +.LINK + https://maester.dev/docs/commands/Test-MtCisaDmarcRecordExist +#> +function Test-MtCisaDmarcRecordExist { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 index d432b5c3..b49af892 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 @@ -10,9 +10,11 @@ Test-MtCisaDmarcRecordExist Returns true if DMARC record with reject policy exists for every domain -#> -Function Test-MtCisaDmarcRecordReject { +.LINK + https://maester.dev/docs/commands/Test-MtCisaDmarcRecordReject +#> +function Test-MtCisaDmarcRecordReject { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 index a08d2507..58ece67c 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 @@ -10,9 +10,11 @@ Test-MtCisaDmarcReport Returns true if DMARC record inlcudes report targets within same domain -#> -Function Test-MtCisaDmarcReport { +.LINK + https://maester.dev/docs/commands/Test-MtCisaDmarcReport +#> +function Test-MtCisaDmarcReport { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 b/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 index b460e444..d20bf458 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 @@ -10,9 +10,11 @@ Test-MtCisaExternalSenderWarning Returns true if a transport policy appends a warning. -#> -Function Test-MtCisaExternalSenderWarning { +.LINK + https://maester.dev/docs/commands/Test-MtCisaExternalSenderWarning +#> +function Test-MtCisaExternalSenderWarning { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 b/powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 index e0cb4dbd..6ce956b8 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 @@ -10,9 +10,11 @@ Test-MtCisaMailboxAuditing Returns true if mailbox auditing is enabled. -#> -Function Test-MtCisaMailboxAuditing { +.LINK + https://maester.dev/docs/commands/Test-MtCisaMailboxAuditing +#> +function Test-MtCisaMailboxAuditing { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaSmtpAuthentication.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSmtpAuthentication.ps1 index 19ed98ec..65090ba6 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSmtpAuthentication.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSmtpAuthentication.ps1 @@ -9,9 +9,11 @@ Test-MtCisaSmtpAuthentication Returns true if SMTP authentication is disabled in Exchange Online. -#> -Function Test-MtCisaSmtpAuthentication { +.LINK + https://maester.dev/docs/commands/Test-MtCisaSmtpAuthentication +#> +function Test-MtCisaSmtpAuthentication { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 index 03753d6e..39fee657 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 @@ -10,9 +10,11 @@ Test-MtCisaSpfDirective Returns true if SPF record exists and has at least one directive -#> -Function Test-MtCisaSpfDirective { +.LINK + https://maester.dev/docs/commands/Test-MtCisaSpfDirective +#> +function Test-MtCisaSpfDirective { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 index 8c093285..27b37f37 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 @@ -10,9 +10,11 @@ Test-MtCisaSpfRestriction Returns true if SPF record exists and has a fail all modifier for all exo domains -#> -Function Test-MtCisaSpfRestriction { +.LINK + https://maester.dev/docs/commands/Test-MtCisaSpfRestriction +#> +function Test-MtCisaSpfRestriction { [CmdletBinding()] [OutputType([bool])] param() diff --git a/powershell/public/core/Get-MtHtmlReport.ps1 b/powershell/public/core/Get-MtHtmlReport.ps1 index 63cdddb3..fc201836 100644 --- a/powershell/public/core/Get-MtHtmlReport.ps1 +++ b/powershell/public/core/Get-MtHtmlReport.ps1 @@ -20,9 +20,11 @@ $output | Out-File -FilePath $out.OutputHtmlFile -Encoding UTF8 This example shows how to generate the html report and save it to a file by using Invoke-Maester -#> -Function Get-MtHtmlReport { +.LINK + https://maester.dev/docs/commands/Get-MtHtmlReport +#> +function Get-MtHtmlReport { [CmdletBinding()] param( # The Maester test results returned from `Invoke-Pester -PassThru | ConvertTo-MtMaesterResult` diff --git a/powershell/public/core/Get-MtSession.ps1 b/powershell/public/core/Get-MtSession.ps1 index e241b1b5..69495267 100644 --- a/powershell/public/core/Get-MtSession.ps1 +++ b/powershell/public/core/Get-MtSession.ps1 @@ -10,8 +10,10 @@ Get-MtSession Returns the current Maester session information. -#> -Function Get-MtSession { +.LINK + https://maester.dev/docs/commands/Get-MtSession +#> +function Get-MtSession { Write-Output $__MtSession } \ No newline at end of file diff --git a/powershell/public/core/Install-MaesterTests.ps1 b/powershell/public/core/Install-MaesterTests.ps1 index 92fbc32f..9da3faf7 100644 --- a/powershell/public/core/Install-MaesterTests.ps1 +++ b/powershell/public/core/Install-MaesterTests.ps1 @@ -27,9 +27,11 @@ Install-MaesterTests -SkipPesterCheck Installs the latest Maester tests in the current directory. Skips the check for the required version of Pester. -#> -Function Install-MaesterTests { +.LINK + https://maester.dev/docs/commands/Install-MaesterTests +#> +function Install-MaesterTests { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'This command updates multiple tests')] [CmdletBinding()] diff --git a/powershell/public/core/Test-MtConnection.ps1 b/powershell/public/core/Test-MtConnection.ps1 index 0aafa82f..833c5737 100644 --- a/powershell/public/core/Test-MtConnection.ps1 +++ b/powershell/public/core/Test-MtConnection.ps1 @@ -14,8 +14,11 @@ Test-MtConnection -Service All Checks if the current session is connected to all services including Azure, Exchange and Microsoft Graph. + +.LINK + https://maester.dev/docs/commands/Test-MtConnection #> -Function Test-MtConnection { +function Test-MtConnection { [CmdletBinding()] param( # Checks if the current session is connected to the specified service diff --git a/powershell/public/core/Update-MaesterTests.ps1 b/powershell/public/core/Update-MaesterTests.ps1 index 5db54b4b..bc98b1b5 100644 --- a/powershell/public/core/Update-MaesterTests.ps1 +++ b/powershell/public/core/Update-MaesterTests.ps1 @@ -21,8 +21,10 @@ Install the latest set of Maester tests in the current directory. -#> +.LINK + https://maester.dev/docs/commands/Update-MaesterTests +#> function Update-MaesterTests { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'This command updates multiple tests')] diff --git a/powershell/public/eidsca/Test-MtEidscaControl.ps1 b/powershell/public/eidsca/Test-MtEidscaControl.ps1 index cbc51ccf..651e235e 100644 --- a/powershell/public/eidsca/Test-MtEidscaControl.ps1 +++ b/powershell/public/eidsca/Test-MtEidscaControl.ps1 @@ -9,9 +9,11 @@ Test-MtEidscaControl -CheckId AP01 Returns the result of the EIDSCA AP01 control check -#> -Function Test-MtEidscaControl { +.LINK + https://maester.dev/docs/commands/Test-MtEidscaControl +#> +function Test-MtEidscaControl { [CmdletBinding()] [OutputType([bool])] param( From a5c2c7dae74dd45ccd1c609443273433c2f412fb Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 20:23:52 +0000 Subject: [PATCH 04/11] Convert Get-MtSession to advanced function --- powershell/public/core/Get-MtSession.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/powershell/public/core/Get-MtSession.ps1 b/powershell/public/core/Get-MtSession.ps1 index 69495267..847beb16 100644 --- a/powershell/public/core/Get-MtSession.ps1 +++ b/powershell/public/core/Get-MtSession.ps1 @@ -15,5 +15,8 @@ https://maester.dev/docs/commands/Get-MtSession #> function Get-MtSession { + [CmdletBinding()] + param() + Write-Output $__MtSession } \ No newline at end of file From aed7e2f45f713e7b5f1b0ca0d9282611198ec576 Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 20:34:19 +0000 Subject: [PATCH 05/11] Fixing common function tests --- powershell/public/core/Get-MtHtmlReport.ps1 | 1 + powershell/public/core/Get-MtSession.ps1 | 1 + powershell/public/core/Update-MaesterTests.ps1 | 2 ++ powershell/public/eidsca/@Test-MtEidscaControl.txt | 1 + powershell/public/eidsca/Test-MtEidscaControl.ps1 | 1 + powershell/tests/functions/Common.Tests.ps1 | 7 ++++--- 6 files changed, 10 insertions(+), 3 deletions(-) diff --git a/powershell/public/core/Get-MtHtmlReport.ps1 b/powershell/public/core/Get-MtHtmlReport.ps1 index fc201836..70e2d169 100644 --- a/powershell/public/core/Get-MtHtmlReport.ps1 +++ b/powershell/public/core/Get-MtHtmlReport.ps1 @@ -32,6 +32,7 @@ function Get-MtHtmlReport { [psobject] $MaesterResults ) + Write-Verbose "Generating HTML report." $json = $MaesterResults | ConvertTo-Json -Depth 3 -WarningAction Ignore $htmlFilePath = Join-Path -Path $PSScriptRoot -ChildPath '../../assets/ReportTemplate.html' diff --git a/powershell/public/core/Get-MtSession.ps1 b/powershell/public/core/Get-MtSession.ps1 index 847beb16..3adce6f3 100644 --- a/powershell/public/core/Get-MtSession.ps1 +++ b/powershell/public/core/Get-MtSession.ps1 @@ -18,5 +18,6 @@ function Get-MtSession { [CmdletBinding()] param() + Write-Verbose 'Getting the current Maester session information.' Write-Output $__MtSession } \ No newline at end of file diff --git a/powershell/public/core/Update-MaesterTests.ps1 b/powershell/public/core/Update-MaesterTests.ps1 index bc98b1b5..9adf5759 100644 --- a/powershell/public/core/Update-MaesterTests.ps1 +++ b/powershell/public/core/Update-MaesterTests.ps1 @@ -35,7 +35,9 @@ function Update-MaesterTests { [Parameter(Mandatory = $false)] [string] $Path = '.\' ) + Write-Verbose 'Checking if newer version is availble.' Get-IsNewMaesterVersionAvailable | Out-Null + Write-Verbose "Updating Maester tests in '$Path'." Update-MtMaesterTests -Path $Path } diff --git a/powershell/public/eidsca/@Test-MtEidscaControl.txt b/powershell/public/eidsca/@Test-MtEidscaControl.txt index c8833586..4d64165e 100644 --- a/powershell/public/eidsca/@Test-MtEidscaControl.txt +++ b/powershell/public/eidsca/@Test-MtEidscaControl.txt @@ -22,5 +22,6 @@ Function Test-MtEidscaControl { $CheckId ) + Write-Verbose -Message "Invoking EIDSCA control check $CheckId." & "%InternalFunctionNameTemplate%" } \ No newline at end of file diff --git a/powershell/public/eidsca/Test-MtEidscaControl.ps1 b/powershell/public/eidsca/Test-MtEidscaControl.ps1 index 651e235e..1181e9a8 100644 --- a/powershell/public/eidsca/Test-MtEidscaControl.ps1 +++ b/powershell/public/eidsca/Test-MtEidscaControl.ps1 @@ -24,5 +24,6 @@ function Test-MtEidscaControl { $CheckId ) + Write-Verbose -Message "Invoking EIDSCA control check $CheckId." & "Test-MtEidsca$CheckId" } diff --git a/powershell/tests/functions/Common.Tests.ps1 b/powershell/tests/functions/Common.Tests.ps1 index 31b91336..e62afcc8 100644 --- a/powershell/tests/functions/Common.Tests.ps1 +++ b/powershell/tests/functions/Common.Tests.ps1 @@ -18,7 +18,7 @@ Describe 'Common function tests' -Tags 'Acceptance' -ForEach @{ exportedFunction } It ".ps1 should exist in public folder" { - $functionPath | Should -BeLike "/public/*/$($function.Name).ps1" + $functionPath | Should -BeLike "*/public/*$($function.Name).ps1" $functionPath | Should -Exist } @@ -28,8 +28,9 @@ Describe 'Common function tests' -Tags 'Acceptance' -ForEach @{ exportedFunction $function.ScriptBlock.Ast.Body.ParamBlock | Should -Not -BeNullOrEmpty -Because 'functions should have [CmdletBinding()] attribute for explicit advanced function' } - It "Should contain Write-Verbose blocks" { - $function.Definition | Should -Match 'Write-Verbose' -Because 'we like information when troubleshooting' + # Skipping for Cisa tests until they're updated + It "Should contain Write-Verbose logging" -Skip:($_.Name -match 'Cisa') { + $function.Definition -match 'Write-Verbose' | Should -BeTrue -Because 'we like information when troubleshooting' } # Not really necessary as we test exported commands meaning they were able to load From 242b55c4141654cfa0b3a662b1a69724d2b13251 Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 20:39:07 +0000 Subject: [PATCH 06/11] Update template for Test-MtEidscaControl --- powershell/public/eidsca/@Test-MtEidscaControl.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/powershell/public/eidsca/@Test-MtEidscaControl.txt b/powershell/public/eidsca/@Test-MtEidscaControl.txt index 4d64165e..490176cd 100644 --- a/powershell/public/eidsca/@Test-MtEidscaControl.txt +++ b/powershell/public/eidsca/@Test-MtEidscaControl.txt @@ -9,9 +9,11 @@ Test-MtEidscaControl -CheckId AP01 Returns the result of the EIDSCA AP01 control check -#> -Function Test-MtEidscaControl { +.LINK + https://maester.dev/docs/commands/Test-MtEidscaControl +#> +function Test-MtEidscaControl { [CmdletBinding()] [OutputType([bool])] param( From 4238cfb93deb0fc00bd54d40292ebd51513b8f18 Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 20:42:42 +0000 Subject: [PATCH 07/11] Add missing description to public functions --- powershell/public/Get-MtConditionalAccessPolicy.ps1 | 1 + powershell/public/Get-MtGroupMember.ps1 | 1 + powershell/public/Get-MtRole.ps1 | 1 + 3 files changed, 3 insertions(+) diff --git a/powershell/public/Get-MtConditionalAccessPolicy.ps1 b/powershell/public/Get-MtConditionalAccessPolicy.ps1 index 086d60fe..fc883bfd 100644 --- a/powershell/public/Get-MtConditionalAccessPolicy.ps1 +++ b/powershell/public/Get-MtConditionalAccessPolicy.ps1 @@ -3,6 +3,7 @@ Returns all the conditional access policies in the tenant. .Description + Returns all the conditional access policies in the tenant. .Example Get-MtConditionalAccessPolicy diff --git a/powershell/public/Get-MtGroupMember.ps1 b/powershell/public/Get-MtGroupMember.ps1 index cb60c469..bd19a84f 100644 --- a/powershell/public/Get-MtGroupMember.ps1 +++ b/powershell/public/Get-MtGroupMember.ps1 @@ -3,6 +3,7 @@ Returns all the members of the specific group ID. .Description + Returns all the members of the specific group ID. .Example Get-MtGroupMember diff --git a/powershell/public/Get-MtRole.ps1 b/powershell/public/Get-MtRole.ps1 index 789634a7..62b2827f 100644 --- a/powershell/public/Get-MtRole.ps1 +++ b/powershell/public/Get-MtRole.ps1 @@ -3,6 +3,7 @@ Returns all the role definitions in the tenant. .Description + Returns all the role definitions in the tenant. .Parameter CisaHighlyPrivilegedRoles Filters the returned roles to only those described From 589f50856345082d940d9c04dcfc125c9bc18421 Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 21:24:49 +0000 Subject: [PATCH 08/11] Add missing parameter help --- powershell/public/Add-MtTestResultDetail.ps1 | 2 ++ powershell/public/Compare-MtTestResult.ps1 | 3 +++ .../public/Get-MtAuthenticationMethodPolicyConfig.ps1 | 1 + powershell/public/Get-MtGroupMember.ps1 | 8 +++++--- powershell/public/Get-MtRoleMember.ps1 | 2 +- powershell/public/Test-MtCaAllAppsExists.ps1 | 2 +- .../Test-MtCaEnforceNonPersistentBrowserSession.ps1 | 1 + powershell/public/Test-MtCaEnforceSignInFrequency.ps1 | 1 + powershell/public/Test-MtPimAlertsExists.ps1 | 5 ++++- powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 | 4 +++- .../cisa/entra/Test-MtCisaActivationNotification.ps1 | 2 +- powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 | 2 +- .../cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 | 1 + .../exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 | 5 +++++ .../ConvertFrom-MailAuthenticationRecordDmarc.ps1 | 4 ++++ .../exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 | 4 ++++ .../exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 | 4 ++++ .../public/cisa/exchange/Get-MailAuthenticationRecord.ps1 | 6 ++++++ powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 | 1 + .../cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 | 1 + powershell/tests/general/Help.Tests.ps1 | 2 +- 21 files changed, 51 insertions(+), 10 deletions(-) diff --git a/powershell/public/Add-MtTestResultDetail.ps1 b/powershell/public/Add-MtTestResultDetail.ps1 index fb7f11db..8afe2f08 100644 --- a/powershell/public/Add-MtTestResultDetail.ps1 +++ b/powershell/public/Add-MtTestResultDetail.ps1 @@ -68,9 +68,11 @@ function Add-MtTestResultDetail { [ValidateSet('NotConnectedAzure', 'NotConnectedExchange', 'NotDotGovDomain', 'NotLicensedEntraIDP1', 'NotConnectedSecurityCompliance', 'NotLicensedEntraIDP2', 'NotLicensedEntraIDGovernance', 'NotLicensedEntraWorkloadID', "LicensedEntraIDPremium", 'NotSupported', 'Custom' )] + # Common reasons for why the test was skipped. [string] $SkippedBecause, [Parameter(Mandatory = $false)] + # A custom reason for why the test was skipped. Requires `-SkippedBecause Custom`. [string] $SkippedCustomReason ) diff --git a/powershell/public/Compare-MtTestResult.ps1 b/powershell/public/Compare-MtTestResult.ps1 index 9ddf3f16..beb6ed82 100644 --- a/powershell/public/Compare-MtTestResult.ps1 +++ b/powershell/public/Compare-MtTestResult.ps1 @@ -20,10 +20,13 @@ function Compare-MtTestResult { [CmdletBinding()] param ( [Parameter(ParameterSetName="Directory",Position=0,Mandatory=$true)] + # Path to folder where test results are located. The two newest results will be compared. $BaseDir, [Parameter(ParameterSetName="Files",Position=0,Mandatory=$true)] + # Path to the previous test result JSON-file to be used as a reference. $PriorTest, [Parameter(ParameterSetName="Files",Position=1,Mandatory=$true)] + # Path to the newer test result JSON-file to be used as the current result. $NewTest ) diff --git a/powershell/public/Get-MtAuthenticationMethodPolicyConfig.ps1 b/powershell/public/Get-MtAuthenticationMethodPolicyConfig.ps1 index dabb8d97..17dea585 100644 --- a/powershell/public/Get-MtAuthenticationMethodPolicyConfig.ps1 +++ b/powershell/public/Get-MtAuthenticationMethodPolicyConfig.ps1 @@ -17,6 +17,7 @@ function Get-MtAuthenticationMethodPolicyConfig { param( [Parameter(Mandatory = $false)] [ValidateSet("Enabled", "Disabled")] + # Only return methods in the spcecified state. Can be Enabled or Disabled. [string]$State ) diff --git a/powershell/public/Get-MtGroupMember.ps1 b/powershell/public/Get-MtGroupMember.ps1 index bd19a84f..06e22b7a 100644 --- a/powershell/public/Get-MtGroupMember.ps1 +++ b/powershell/public/Get-MtGroupMember.ps1 @@ -15,14 +15,16 @@ function Get-MtGroupMember { [CmdletBinding()] param( [Parameter(Position=0,mandatory=$true)] - [guid]$groupId, + # ID for the Entra group to return members for. + [guid]$GroupId, + # Include indirect members through nested groups. [switch]$Recursive ) Write-Verbose -Message "Getting group members." $members = @() - $members += Invoke-MtGraphRequest -RelativeUri "groups/$groupId/members" -ApiVersion v1.0 + $members += Invoke-MtGraphRequest -RelativeUri "groups/$GroupId/members" -ApiVersion v1.0 if(-not $recursive){ return $members @@ -31,7 +33,7 @@ function Get-MtGroupMember { $members | Where-Object {` $_.'@odata.type' -eq "#microsoft.graph.group" } | ForEach-Object {` - $members += Get-MtGroupMember -groupId $_.id -Recursive + $members += Get-MtGroupMember -GroupId $_.id -Recursive } return $members diff --git a/powershell/public/Get-MtRoleMember.ps1 b/powershell/public/Get-MtRoleMember.ps1 index 5a120b7d..7eab160b 100644 --- a/powershell/public/Get-MtRoleMember.ps1 +++ b/powershell/public/Get-MtRoleMember.ps1 @@ -119,7 +119,7 @@ function Get-MtRoleMember { $groups = $assignments | Where-Object { $_.'@odata.type' -eq "#microsoft.graph.group" } $groups | ForEach-Object {` #5/10/2024 - Entra ID Role Enabled Security Groups do not currently support nesting - $assignments += Get-MtGroupMember -groupId $_.id + $assignments += Get-MtGroupMember -GroupId $_.id } } diff --git a/powershell/public/Test-MtCaAllAppsExists.ps1 b/powershell/public/Test-MtCaAllAppsExists.ps1 index 1f32be15..591ca6fe 100644 --- a/powershell/public/Test-MtCaAllAppsExists.ps1 +++ b/powershell/public/Test-MtCaAllAppsExists.ps1 @@ -27,8 +27,8 @@ function Test-MtCaAllAppsExists { [CmdletBinding()] [OutputType([bool])] param ( - [Parameter(Position = 0)] + # Do not check for All Users target in policy. [switch] $SkipCheckAllUsers = $false ) diff --git a/powershell/public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 b/powershell/public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 index a9c0451e..a19790d9 100644 --- a/powershell/public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 +++ b/powershell/public/Test-MtCaEnforceNonPersistentBrowserSession.ps1 @@ -19,6 +19,7 @@ function Test-MtCaEnforceNonPersistentBrowserSession { [OutputType([bool])] param ( [Parameter()] + # Ignore device filters for compliant devices. [switch]$AllDevices ) diff --git a/powershell/public/Test-MtCaEnforceSignInFrequency.ps1 b/powershell/public/Test-MtCaEnforceSignInFrequency.ps1 index 840ed051..53394e9d 100644 --- a/powershell/public/Test-MtCaEnforceSignInFrequency.ps1 +++ b/powershell/public/Test-MtCaEnforceSignInFrequency.ps1 @@ -19,6 +19,7 @@ function Test-MtCaEnforceSignInFrequency { [OutputType([bool])] param ( [Parameter()] + # Ignore device filters for compliant devices. [switch]$AllDevices ) diff --git a/powershell/public/Test-MtPimAlertsExists.ps1 b/powershell/public/Test-MtPimAlertsExists.ps1 index 848de8e5..d0d0a552 100644 --- a/powershell/public/Test-MtPimAlertsExists.ps1 +++ b/powershell/public/Test-MtPimAlertsExists.ps1 @@ -9,7 +9,7 @@ Test-MtPimAlertsExists -FilteredAccessLevel "ControlPlane" -AlertId "RolesAssignedOutsidePimAlert" .LINK - https://maester.dev/docs/commands/Test-MtPimAlertsExists + https://maester.dev/docs/commands/Test-MtPimAlertsExists #> function Test-MtPimAlertsExists { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = 'Exists is not a plurality')] @@ -19,13 +19,16 @@ function Test-MtPimAlertsExists { param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)] [ValidateSet("RedundantAssignmentAlert", "RolesAssignedOutsidePimAlert", "SequentialActivationRenewalsAlert", "TooManyGlobalAdminsAssignedToTenantAlert", "StaleSignInAlert")] + # ID for the alert to test. [string[]]$AlertId, [Parameter(ValueFromPipelineByPropertyName = $true, Position = 1)] [ValidateSet("ControlPlane", "ManagementPlane")] + # Filter based on Enterprise Access Model Tiering. Can be 'ControlPlane' and/or 'ManagementPlane'. [string[]]$FilteredAccessLevel = $null, [Parameter(ValueFromPipelineByPropertyName = $true, Position = 2)] + # Specify break glass accounts to exclude. Defaults to automatic detection based on conditional access policy exclusions. [object[]]$FilteredBreakGlass = (Get-MtUser -UserType EmergencyAccess) ) diff --git a/powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 b/powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 index 1aa41ed8..8723434e 100644 --- a/powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 +++ b/powershell/public/Test-MtPrivPermanentDirectoryRole.ps1 @@ -9,7 +9,7 @@ Test-MtPrivPermanentDirectoryRole -FilteredAccessLevel "ControlPlane" -FilterPrincipal "ExternalUser" .LINK - https://maester.dev/docs/commands/Test-MtPrivPermanentDirectoryRole + https://maester.dev/docs/commands/Test-MtPrivPermanentDirectoryRole #> function Test-MtPrivPermanentDirectoryRole { [OutputType([bool])] @@ -17,10 +17,12 @@ function Test-MtPrivPermanentDirectoryRole { param ( [Parameter(ValueFromPipelineByPropertyName = $true)] [ValidateSet("ControlPlane", "ManagementPlane")] + # Filter based on Enterprise Access Model Tiering. Can be 'ControlPlane' and/or 'ManagementPlane'. [string[]]$FilteredAccessLevel = $null, [Parameter(ValueFromPipelineByPropertyName = $true, Mandatory)] [ValidateSet("ExternalUser", "HybridUser", "ServicePrincipalClientSecret", "ServicePrincipalObject", "UserMailbox")] + # Filter based on principal types. Accepted values are 'ExternalUser', 'HybridUser', 'ServicePrincipalClientSecret', 'ServicePrincipalObject' and/or 'UserMailbox'. [object[]]$FilterPrincipal ) diff --git a/powershell/public/cisa/entra/Test-MtCisaActivationNotification.ps1 b/powershell/public/cisa/entra/Test-MtCisaActivationNotification.ps1 index 1d097778..3a00b86e 100644 --- a/powershell/public/cisa/entra/Test-MtCisaActivationNotification.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaActivationNotification.ps1 @@ -3,7 +3,6 @@ Checks for notification on role activation .DESCRIPTION - User activation of the Global Administrator role SHALL trigger an alert. User activation of other highly privileged roles SHOULD trigger an alert. @@ -24,6 +23,7 @@ function Test-MtCisaActivationNotification { [CmdletBinding()] [OutputType([bool])] param( + # Check Global Administrator role only [switch]$GlobalAdminOnly ) diff --git a/powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 b/powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 index e7e73062..3726942a 100644 --- a/powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaManagedDevice.ps1 @@ -3,7 +3,6 @@ Checks if Conditional Access Policy requiring managed device is enabled .DESCRIPTION - Managed devices SHOULD be required for authentication. .EXAMPLE @@ -18,6 +17,7 @@ function Test-MtCisaManagedDevice { [CmdletBinding()] [OutputType([bool])] param( + # Do not check if Hybrid Joined devices are accepted. [switch]$SkipHybridJoinCheck ) diff --git a/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 b/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 index 5ec3fd17..7ad3e815 100644 --- a/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 @@ -18,6 +18,7 @@ function Test-MtCisaManagedDeviceRegistration { [CmdletBinding()] [OutputType([bool])] param( + # Do not check if Hybrid Joined devices are accepted. [switch]$SkipHybridJoinCheck ) diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 index 01b6a71a..a60f4ab2 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 @@ -35,14 +35,19 @@ function ConvertFrom-MailAuthenticationRecordDkim { [cmdletbinding()] param( [Parameter(Mandatory)] + # Domain name to check. [string]$DomainName, + # DNS-server to use for lookup. [ipaddress]$DnsServerIpAddress = "1.1.1.1", + # Selector-name for the DKIM record to retrieve. [string]$DkimSelector = "selector1", + # Use a shorter timeout value for the DNS lookup. [switch]$QuickTimeout, + # Ignore hosts file for domain lookup. [switch]$NoHostsFile ) diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 index 140b5f5d..2edb0dae 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 @@ -40,12 +40,16 @@ function ConvertFrom-MailAuthenticationRecordDmarc { [cmdletbinding()] param( [Parameter(Mandatory)] + # Domain name to check. [string]$DomainName, + # DNS-server to use for lookup. [ipaddress]$DnsServerIpAddress = "1.1.1.1", + # Use a shorter timeout value for the DNS lookup. [switch]$QuickTimeout, + # Ignore hosts file for domain lookup. [switch]$NoHostsFile ) diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 index 5a592b95..ac919c1d 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 @@ -22,12 +22,16 @@ function ConvertFrom-MailAuthenticationRecordMx { [cmdletbinding()] param( [Parameter(Mandatory)] + # Domain name to check. [string]$DomainName, + # DNS-server to use for lookup. [ipaddress]$DnsServerIpAddress = "1.1.1.1", + # Use a shorter timeout value for the DNS lookup. [switch]$QuickTimeout, + # Ignore hosts file for domain lookup. [switch]$NoHostsFile ) diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 index 822fb85a..f913bee8 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 @@ -29,12 +29,16 @@ function ConvertFrom-MailAuthenticationRecordSpf { [cmdletbinding()] param( [Parameter(Mandatory)] + # Domain name to check. [string]$DomainName, + # DNS-server to use for lookup. [ipaddress]$DnsServerIpAddress = "1.1.1.1", + # Use a shorter timeout value for the DNS lookup. [switch]$QuickTimeout, + # Ignore hosts file for domain lookup. [switch]$NoHostsFile ) diff --git a/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 b/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 index 9d841c9d..a2787b84 100644 --- a/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 +++ b/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 @@ -25,17 +25,23 @@ function Get-MailAuthenticationRecord { [cmdletbinding()] param( [Parameter(Mandatory)] + # Domain name to check. [string]$DomainName, + # DNS-server to use for lookup. [ipaddress]$DnsServerIpAddress = "1.1.1.1", + # Selector-name for the DKIM record to retrieve. [string]$DkimSelector = "selector1", [ValidateSet("All", "DKIM", "DMARC", "MX", "SPF")] + # Specify which records should be retrieved. Accepted values are 'All', 'DKIM', 'DMARC', 'MX' and/or 'SPF'. [string[]]$Records = "All", + # Use a shorter timeout value for the DNS lookup. [switch]$QuickTimeout, + # Ignore hosts file for domain lookup. [switch]$NoHostsFile ) diff --git a/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 index ee23a949..2aa7e4aa 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 @@ -18,6 +18,7 @@ function Test-MtCisaDkim { [CmdletBinding()] [OutputType([bool])] param( + # Selector-name for the DKIM record to test.. [string]$Selector = "selector1" ) diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 index 7681f93f..b516d88b 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 @@ -23,6 +23,7 @@ function Test-MtCisaDmarcAggregateCisa { [CmdletBinding()] [OutputType([bool])] param( + # Check all domains, not only .gov domains. [switch]$Force ) diff --git a/powershell/tests/general/Help.Tests.ps1 b/powershell/tests/general/Help.Tests.ps1 index 5537cd75..fc3355c4 100644 --- a/powershell/tests/general/Help.Tests.ps1 +++ b/powershell/tests/general/Help.Tests.ps1 @@ -51,7 +51,7 @@ Describe 'Testing module help' -Tag 'Help','Acceptance' -ForEach @{ exportedComm $parametersMissingHelp | Should -Be @() } else { - Set-ItResult -Skipped -Because 'no static parameters to test' + # no static parameters to test. pass. } } } From cc2ca7408cbe1deeb5bd45b50ac36d24b3d56a0a Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 21:44:46 +0000 Subject: [PATCH 09/11] Cleanup blank lines in help --- powershell/public/Add-MtTestResultDetail.ps1 | 1 - powershell/public/Disconnect-Maester.ps1 | 1 - powershell/public/Get-MtRoleMember.ps1 | 1 - powershell/public/Get-MtUser.ps1 | 1 - powershell/public/Invoke-MtGraphRequest.ps1 | 2 -- powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 | 1 - .../public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 | 1 - .../public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 | 1 - .../public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 | 1 - .../public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 | 2 -- powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 | 2 -- powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 | 1 - .../public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaMfa.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 | 1 - .../public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 | 1 - .../public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 | 2 +- .../public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 | 1 - .../public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 | 1 - powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 | 1 - .../public/cisa/exchange/Get-MailAuthenticationRecord.ps1 | 1 - powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 | 2 -- .../public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 | 1 - .../public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 | 1 - .../public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 | 1 - .../public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 | 1 - .../public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 | 1 - powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 | 1 - powershell/public/core/Update-MaesterTests.ps1 | 1 - 50 files changed, 1 insertion(+), 54 deletions(-) diff --git a/powershell/public/Add-MtTestResultDetail.ps1 b/powershell/public/Add-MtTestResultDetail.ps1 index 8afe2f08..f28a1de5 100644 --- a/powershell/public/Add-MtTestResultDetail.ps1 +++ b/powershell/public/Add-MtTestResultDetail.ps1 @@ -30,7 +30,6 @@ This example shows how to use the Add-MtTestResultDetail function to add rich markdown content to the test results with deep links to the admin portal. - .LINK https://maester.dev/docs/commands/Add-MtTestResultDetail #> diff --git a/powershell/public/Disconnect-Maester.ps1 b/powershell/public/Disconnect-Maester.ps1 index 5cfa2845..ca10442e 100644 --- a/powershell/public/Disconnect-Maester.ps1 +++ b/powershell/public/Disconnect-Maester.ps1 @@ -19,7 +19,6 @@ .Example Disconnect-MtMaester - .LINK https://maester.dev/docs/commands/Disconnect-Maester #> diff --git a/powershell/public/Get-MtRoleMember.ps1 b/powershell/public/Get-MtRoleMember.ps1 index 7eab160b..f6eb5f9b 100644 --- a/powershell/public/Get-MtRoleMember.ps1 +++ b/powershell/public/Get-MtRoleMember.ps1 @@ -35,7 +35,6 @@ Returns all the currently active members of the role with the specified RoleId. - .LINK https://maester.dev/docs/commands/Get-MtRoleMember #> diff --git a/powershell/public/Get-MtUser.ps1 b/powershell/public/Get-MtUser.ps1 index 02be8544..675f1b93 100644 --- a/powershell/public/Get-MtUser.ps1 +++ b/powershell/public/Get-MtUser.ps1 @@ -19,7 +19,6 @@ Get-MtUser -Count 5 -UserType Member # Get 5 Member users from the tenant. - .LINK https://maester.dev/docs/commands/Get-MtUser #> diff --git a/powershell/public/Invoke-MtGraphRequest.ps1 b/powershell/public/Invoke-MtGraphRequest.ps1 index c775537d..5087551e 100644 --- a/powershell/public/Invoke-MtGraphRequest.ps1 +++ b/powershell/public/Invoke-MtGraphRequest.ps1 @@ -16,12 +16,10 @@ ::: .Example - Invoke-MtGraph -RelativeUri "users" -Filter "displayName eq 'John Doe'" -Select "displayName" -Top 10 Get all users with a display name of "John Doe" and return the first 10 results. - .LINK https://maester.dev/docs/commands/Invoke-MtGraphRequest #> diff --git a/powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 index 0ef8482f..f43f4172 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppAdminConsent.ps1 @@ -3,7 +3,6 @@ Checks if admin consent workflow is configured with reviewers .DESCRIPTION - An admin consent workflow SHALL be configured for applications. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 index 919449f6..6e41f648 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 @@ -3,7 +3,6 @@ Checks if group owners can consent to apps .DESCRIPTION - Group owners SHALL NOT be allowed to consent to applications. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 index e8614c8e..5d466be6 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppRegistration.ps1 @@ -3,7 +3,6 @@ Checks if user app registration is prevented .DESCRIPTION - Only administrators SHALL be allowed to register applications. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 index a7d8263e..96e88a4b 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppUserConsent.ps1 @@ -3,7 +3,6 @@ Checks if user app consent is prevented .DESCRIPTION - Only administrators SHALL be allowed to consent to applications. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 b/powershell/public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 index 2c5b1c1d..f1597874 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAssignmentNotification.ps1 @@ -3,7 +3,6 @@ Checks for notification on role assignments .DESCRIPTION - Eligible and Active highly privileged role assignments SHALL trigger an alert. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 b/powershell/public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 index 253c15f9..8b5a48a4 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAuthenticatorContext.ps1 @@ -3,7 +3,6 @@ Checks if the Authentication Methods policy for Microsoft Authenticator is set appropriately .DESCRIPTION - If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 b/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 index af08cc67..926bc5ab 100644 --- a/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskSignIn.ps1 @@ -3,7 +3,6 @@ Checks if Sign-In Risk Based Policies - MS.AAD.2.3 is set to 'blocked' .DESCRIPTION - Sign-ins detected as high risk SHALL be blocked. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 b/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 index ff591ef4..ad9e16cd 100644 --- a/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaBlockHighRiskUser.ps1 @@ -3,7 +3,6 @@ Checks if User Risk Based Policies - MS.AAD.2.1 is set to 'blocked' .DESCRIPTION - Users detected as high risk SHALL be blocked. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 b/powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 index 85ce7541..86b79e5e 100644 --- a/powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaBlockLegacyAuth.ps1 @@ -3,7 +3,6 @@ Checks if Baseline Policies Legacy Authentication - MS.AAD.1.1v1 is set to 'blocked' .DESCRIPTION - Legacy authentication SHALL be blocked. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 b/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 index 4966c1ce..bebfb537 100644 --- a/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 @@ -3,7 +3,6 @@ Checks if Global Admins are cloud users .DESCRIPTION - Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 b/powershell/public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 index 0e599057..bf242048 100644 --- a/powershell/public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaCrossTenantInboundDefault.ps1 @@ -3,7 +3,6 @@ Checks cross-tenant default inbound access configuration .DESCRIPTION - Guest invites SHOULD only be allowed to specific external domains that have been authorized by the agency for legitimate business purposes. .EXAMPLE @@ -11,7 +10,6 @@ Returns true if cross-tenant default inbound access is set to block. - .LINK https://maester.dev/docs/commands/Test-MtCisaCrossTenantInboundDefault #> diff --git a/powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 b/powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 index 41071d25..efb19ab1 100644 --- a/powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1 @@ -3,7 +3,6 @@ Checks for configuration of Entra diagnostic settings .DESCRIPTION - Security logs SHALL be sent to the agency's security operations center for monitoring. .EXAMPLE @@ -11,7 +10,6 @@ Returns true if diagnostic settings for the appropriate logs are configured - .LINK https://maester.dev/docs/commands/Test-MtCisaDiagnosticSettings #> diff --git a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 index 5119389e..a439c1d5 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 @@ -3,7 +3,6 @@ Checks if Global Admins is an acceptable number .DESCRIPTION - A minimum of two users and a maximum of eight users SHALL be provisioned with the Global Administrator role. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 index 3b41a7fc..1d13f98a 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 @@ -3,7 +3,6 @@ Checks the ratio of global admins to privileged roles .DESCRIPTION - Privileged users SHALL be provisioned with finer-grained roles instead of Global Administrator. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 b/powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 index 7bb82ea3..80ecf408 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGuestInvitation.ps1 @@ -3,7 +3,6 @@ Checks if guest invitiations are restricted to admins .DESCRIPTION - Only users with the Guest Inviter role SHOULD be able to invite guest users. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 b/powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 index dad1bee3..b0779147 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGuestUserAccess.ps1 @@ -3,7 +3,6 @@ Checks if guests use proper role template .DESCRIPTION - Guest users SHOULD have limited or restricted access to Azure AD directory objects. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 b/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 index 7ad3e815..bf75d012 100644 --- a/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaManagedDeviceRegistration.ps1 @@ -3,7 +3,6 @@ Checks if a policy is enabled requiring a managed device for registration .DESCRIPTION - Managed Devices SHOULD be required to register MFA. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 b/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 index 4db5f3e6..163bdf73 100644 --- a/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 @@ -3,7 +3,6 @@ Checks if migration to Authentication Methods is complete .DESCRIPTION - The Authentication Methods Manage Migration feature SHALL be set to Migration Complete. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaMfa.ps1 b/powershell/public/cisa/entra/Test-MtCisaMfa.ps1 index 37e05fb5..c61bf805 100644 --- a/powershell/public/cisa/entra/Test-MtCisaMfa.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaMfa.ps1 @@ -3,7 +3,6 @@ Checks if Conditional Access Policy requiring MFA is enabled .DESCRIPTION - If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 b/powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 index 385c2733..6d215217 100644 --- a/powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaNotifyHighRisk.ps1 @@ -3,7 +3,6 @@ Checks if Risk Based Policies - MS.AAD.2.2v1 has recipients .DESCRIPTION - A notification SHOULD be sent to the administrator when high-risk users are detected. Queries /identityProtection/settings/notifications diff --git a/powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 b/powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 index 7e194001..fe74562b 100644 --- a/powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaPasswordExpiration.ps1 @@ -3,7 +3,6 @@ Checks if passwords are set to not expire .DESCRIPTION - User passwords SHALL NOT expire. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 b/powershell/public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 index ab59d8cd..274dbdc9 100644 --- a/powershell/public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaPermanentRoleAssignment.ps1 @@ -3,7 +3,6 @@ Checks for permanent active role assingments .DESCRIPTION - Permanent active role assignments SHALL NOT be allowed for highly privileged roles. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 b/powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 index e81598c9..2ca34425 100644 --- a/powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaPhishResistant.ps1 @@ -3,7 +3,6 @@ Checks if Conditional Access Policy using Phishing-Resistant Authentication Strengths is enabled .DESCRIPTION - Phishing-resistant MFA SHALL be enforced for all users .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 b/powershell/public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 index 1f8f5231..0ee0b357 100644 --- a/powershell/public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaPrivilegedPhishResistant.ps1 @@ -1,8 +1,8 @@ <# .SYNOPSIS Checks if Conditional Access Policy requiring phishing resistant authentication methods for privileged roles is enabled -.DESCRIPTION +.DESCRIPTION Phishing-resistant MFA SHALL be required for highly privileged roles. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 b/powershell/public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 index 6e427243..c51e8f1a 100644 --- a/powershell/public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaRequireActivationApproval.ps1 @@ -3,7 +3,6 @@ Checks for approval requirement on activation of Gloabl Admin role .DESCRIPTION - Activation of the Global Administrator role SHALL require approval. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 b/powershell/public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 index b5d700fb..32ee8323 100644 --- a/powershell/public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaUnmanagedRoleAssignment.ps1 @@ -3,7 +3,6 @@ Checks for active role assingments with no start time .DESCRIPTION - Provisioning users to highly privileged roles SHALL NOT occur outside of a PAM system. .EXAMPLE diff --git a/powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 b/powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 index 4043e2c3..dc181ade 100644 --- a/powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaWeakFactor.ps1 @@ -3,7 +3,6 @@ Checks if weak Authentication Methods are disabled .DESCRIPTION - The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 b/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 index a2787b84..954fcb49 100644 --- a/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 +++ b/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 @@ -3,7 +3,6 @@ Obtains and converts the mail authentication records of a domain .DESCRIPTION - Adapted from: - https://cloudbrothers.info/en/powershell-tip-resolve-spf/ - https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/Modules/Providers/ExportEXOProvider.psm1 diff --git a/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 b/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 index d888ac67..550691f6 100644 --- a/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 +++ b/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 @@ -3,13 +3,11 @@ Returns a list of all IP addresses from an SPF record .DESCRIPTION - https://cloudbrothers.info/en/powershell-tip-resolve-spf/ .EXAMPLE Resolve-SPFRecord microsoft.com - .LINK https://maester.dev/docs/commands/Resolve-SPFRecord #> diff --git a/powershell/public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 index b500d267..d9cbd628 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAntiSpamAllowList.ps1 @@ -3,7 +3,6 @@ Checks state of anti-spam policies .DESCRIPTION - IP allow lists SHOULD NOT be created. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 index 0d6cafdb..6e07e274 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAntiSpamSafeList.ps1 @@ -3,7 +3,6 @@ Checks state of anti-spam policies .DESCRIPTION - Safe lists SHOULD NOT be enabled. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 index d5900baf..0213fb20 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAutoExternalForwarding.ps1 @@ -3,7 +3,6 @@ Checks ... .DESCRIPTION - Automatic forwarding to external domains SHALL be disabled. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 b/powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 index e7c7d599..27d9b171 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1 @@ -3,7 +3,6 @@ Checks state of sharing policies .DESCRIPTION - Calendar details SHALL NOT be shared with all domains. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 b/powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 index 79936eb3..036868ab 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1 @@ -3,7 +3,6 @@ Checks state of sharing policies .DESCRIPTION - Contact folders SHALL NOT be shared with all domains. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 index 2aa7e4aa..21c3a453 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDkim.ps1 @@ -3,7 +3,6 @@ Checks state of DKIM for all EXO domains .DESCRIPTION - DKIM SHOULD be enabled for all domains. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 index 058104d1..549bdc4c 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 @@ -3,7 +3,6 @@ Checks state of DLP for EXO .DESCRIPTION - A DLP solution SHALL be used. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 index b516d88b..3d79b3a3 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcAggregateCisa.ps1 @@ -3,7 +3,6 @@ Checks state of DMARC records for all exo domains .DESCRIPTION - The DMARC point of contact for aggregate reports SHALL include reports@dmarc.cyber.dhs.gov. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 index b3ba038c..57673e84 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordExist.ps1 @@ -3,7 +3,6 @@ Checks state of DMARC records for all exo second level domains .DESCRIPTION - A DMARC policy SHALL be published for every second-level domain. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 index b49af892..86a4d1ba 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcRecordReject.ps1 @@ -3,7 +3,6 @@ Checks state of DMARC records for all exo domains .DESCRIPTION - The DMARC message rejection option SHALL be p=reject. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 index 58ece67c..06bc54d1 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDmarcReport.ps1 @@ -3,7 +3,6 @@ Checks state of DMARC records for all exo domains .DESCRIPTION - An agency point of contact SHOULD be included for aggregate and failure reports. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 b/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 index d20bf458..a2274d80 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.ps1 @@ -3,7 +3,6 @@ Checks state of transport policies .DESCRIPTION - External sender warnings SHALL be implemented. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 b/powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 index 6ce956b8..3a948eb3 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaMailboxAuditing.ps1 @@ -3,7 +3,6 @@ Checks state of mailbox auditing .DESCRIPTION - Mailbox auditing SHALL be enabled. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 index 39fee657..fa4da5e1 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSpfDirective.ps1 @@ -3,7 +3,6 @@ Checks state of SPF records for all exo domains .DESCRIPTION - An SPF policy SHALL be published for each domain, designating only these addresses as approved senders. .EXAMPLE diff --git a/powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 index 27b37f37..966201db 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1 @@ -3,7 +3,6 @@ Checks state of SPF records for all exo domains .DESCRIPTION - A list of approved IP addresses for sending mail SHALL be maintained. .EXAMPLE diff --git a/powershell/public/core/Update-MaesterTests.ps1 b/powershell/public/core/Update-MaesterTests.ps1 index 9adf5759..ebe1cfb7 100644 --- a/powershell/public/core/Update-MaesterTests.ps1 +++ b/powershell/public/core/Update-MaesterTests.ps1 @@ -21,7 +21,6 @@ Install the latest set of Maester tests in the current directory. - .LINK https://maester.dev/docs/commands/Update-MaesterTests #> From e6083ea1a80e9f8ae389723b92fdf42af204ac8e Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 21:45:19 +0000 Subject: [PATCH 10/11] Use codeblock for output in help description --- ...nvertFrom-MailAuthenticationRecordDkim.ps1 | 25 +++++++------- ...vertFrom-MailAuthenticationRecordDmarc.ps1 | 33 ++++++++++--------- ...ConvertFrom-MailAuthenticationRecordMx.ps1 | 9 ++--- ...onvertFrom-MailAuthenticationRecordSpf.ps1 | 11 ++++--- 4 files changed, 41 insertions(+), 37 deletions(-) diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 index a60f4ab2..d32551c1 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 @@ -3,23 +3,24 @@ Returns structured RFC compliant object from DKIM record .DESCRIPTION - Adapted from: - https://cloudbrothers.info/en/powershell-tip-resolve-spf/ - https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/Modules/Providers/ExportEXOProvider.psm1 - https://xkln.net/blog/getting-mx-spf-dmarc-dkim-and-smtp-banners-with-powershell/ - DKIM https://datatracker.ietf.org/doc/html/rfc6376 -record : v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPkb8bu8RGWeJGk3hJrouZXIdZ+HTp/azRp8IUOHp5wKvPUAi/54PwuLscUjRk4Rh3hjIkMpKRfJJXPxWbrT7eMLric - 7f/S0h+qF4aqIiQqHFCDAYfMnN6V3Wbke2U5EGm0H/cAUYkaf2AtuHJ/rdY/EXaldAm00PgT9QQMez66QIDAQAB; -keyType : rsa -hash : {sha1, sha256} -notes : -publicKey : MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPkb8bu8RGWeJGk3hJrouZXIdZ+HTp/azRp8IUOHp5wKvPUAi/54PwuLscUjRk4Rh3hjIkMpKRfJJXPxWbrT7eMLric7f/S0h+qF4aqIiQqHF - CDAYfMnN6V3Wbke2U5EGm0H/cAUYkaf2AtuHJ/rdY/EXaldAm00PgT9QQMez66QIDAQAB -validBase64 : True -services : {*} -flags : -warnings : + ``` + record : v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPkb8bu8RGWeJGk3hJrouZXIdZ+HTp/azRp8IUOHp5wKvPUAi/54PwuLscUjRk4Rh3hjIkMpKRfJJXPxWbrT7eMLric + 7f/S0h+qF4aqIiQqHFCDAYfMnN6V3Wbke2U5EGm0H/cAUYkaf2AtuHJ/rdY/EXaldAm00PgT9QQMez66QIDAQAB; + keyType : rsa + hash : {sha1, sha256} + notes : + publicKey : MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPkb8bu8RGWeJGk3hJrouZXIdZ+HTp/azRp8IUOHp5wKvPUAi/54PwuLscUjRk4Rh3hjIkMpKRfJJXPxWbrT7eMLric7f/S0h+qF4aqIiQqHF + CDAYfMnN6V3Wbke2U5EGm0H/cAUYkaf2AtuHJ/rdY/EXaldAm00PgT9QQMez66QIDAQAB + validBase64 : True + services : {*} + flags : + warnings : + ``` .EXAMPLE ConvertFrom-MailAuthenticationRecordDkim -DomainName "microsoft.com" diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 index 2edb0dae..91135722 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 @@ -3,28 +3,29 @@ Returns structured RFC compliant object for a DMARC record .DESCRIPTION - Adapted from: - https://cloudbrothers.info/en/powershell-tip-resolve-spf/ - https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/Modules/Providers/ExportEXOProvider.psm1 - https://xkln.net/blog/getting-mx-spf-dmarc-dkim-and-smtp-banners-with-powershell/ - DMARC https://datatracker.ietf.org/doc/html/rfc7489 -record : v=DMARC1; p=reject; pct=100; rua=mailto:itex-rua@microsoft.com; ruf=mailto:itex-ruf@microsoft.com; fo=1 -valid : True -policy : reject -policySubdomain : -percentage : 100 -reportAggregate : {DMARCRecordUri} -reportForensic : {DMARCRecordUri} -reportFailure : {1} -reportFailureFormats : {afrf} -reportFrequency : 86400 -alignmentDkim : r -alignmentSpf : r -version : DMARC1 -warnings : {sp: No subdomain policy set, adkim: No DKIM alignment set, defaults to relaxed, aspf: No SPF alignment set, defaults to relaxed, ri: No - report interval set, defaults to 86400 seconds…} + ``` + record : v=DMARC1; p=reject; pct=100; rua=mailto:itex-rua@microsoft.com; ruf=mailto:itex-ruf@microsoft.com; fo=1 + valid : True + policy : reject + policySubdomain : + percentage : 100 + reportAggregate : {DMARCRecordUri} + reportForensic : {DMARCRecordUri} + reportFailure : {1} + reportFailureFormats : {afrf} + reportFrequency : 86400 + alignmentDkim : r + alignmentSpf : r + version : DMARC1 + warnings : {sp: No subdomain policy set, adkim: No DKIM alignment set, defaults to relaxed, aspf: No SPF alignment set, defaults to relaxed, ri: No + report interval set, defaults to 86400 seconds…} + ``` .EXAMPLE ConvertFrom-MailAuthenticationRecordDmarc -DomainName "microsoft.com" diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 index ac919c1d..53bf0d22 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 @@ -3,10 +3,11 @@ A simple wrapper for Resolve-DnsName .DESCRIPTION - -Name Type TTL Section NameExchange Preference ----- ---- --- ------- ------------ ---------- -microsoft.com MX 1731 Answer microsoft-com.mail.protection.outlook.com 10 + ``` + Name Type TTL Section NameExchange Preference + ---- ---- --- ------- ------------ ---------- + microsoft.com MX 1731 Answer microsoft-com.mail.protection.outlook.com 10 + ``` .EXAMPLE ConvertFrom-MailAuthenticationRecordMx -DomainName "microsoft.com" diff --git a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 index f913bee8..42d1f46e 100644 --- a/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 +++ b/powershell/public/cisa/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 @@ -3,17 +3,18 @@ Returns a structured RFC compliant object for the supplied SPF record .DESCRIPTION - Adapted from: - https://cloudbrothers.info/en/powershell-tip-resolve-spf/ - https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/Modules/Providers/ExportEXOProvider.psm1 - https://xkln.net/blog/getting-mx-spf-dmarc-dkim-and-smtp-banners-with-powershell/ - SPF https://datatracker.ietf.org/doc/html/rfc7208 -record : v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com include:_spf-ssg-a.msft.net include:spf-a.hotmail.com - include:_spf1-meo.microsoft.com -all -terms : {SPFRecordTerm, SPFRecordTerm, SPFRecordTerm, SPFRecordTerm…} -warnings : + ``` + record : v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com include:_spf-ssg-a.msft.net include:spf-a.hotmail.com + include:_spf1-meo.microsoft.com -all + terms : {SPFRecordTerm, SPFRecordTerm, SPFRecordTerm, SPFRecordTerm…} + warnings : + ``` .EXAMPLE ConvertFrom-MailAuthenticationRecordSpf -DomainName "microsoft.com" From f6de490e1e83dea53e1986c1fc0aba88b15d2bb2 Mon Sep 17 00:00:00 2001 From: Frode Flaten <3436158+fflaten@users.noreply.github.com> Date: Sat, 20 Jul 2024 21:53:30 +0000 Subject: [PATCH 11/11] Normalize directory separator char in function test --- powershell/tests/functions/Common.Tests.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/powershell/tests/functions/Common.Tests.ps1 b/powershell/tests/functions/Common.Tests.ps1 index e62afcc8..534ec74a 100644 --- a/powershell/tests/functions/Common.Tests.ps1 +++ b/powershell/tests/functions/Common.Tests.ps1 @@ -18,7 +18,8 @@ Describe 'Common function tests' -Tags 'Acceptance' -ForEach @{ exportedFunction } It ".ps1 should exist in public folder" { - $functionPath | Should -BeLike "*/public/*$($function.Name).ps1" + # Normalize path in test to work cross-platform + $functionPath -replace '\\','/' | Should -BeLike "*/public/*$($function.Name).ps1" $functionPath | Should -Exist }