From ab20659a53736830110513720f93b01b56b31c6c Mon Sep 17 00:00:00 2001 From: Thomas Naunheim Date: Fri, 26 Jul 2024 07:23:34 +0200 Subject: [PATCH] Added links and updated description on EIDSCA --- build/eidsca/Update-EidscaTests.ps1 | 2 +- powershell/internal/eidsca/Test-MtEidscaAF01.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAF02.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAF03.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAF04.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAF05.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAF06.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAG01.md | 2 +- powershell/internal/eidsca/Test-MtEidscaAG01.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAG02.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAG03.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAM01.md | 2 +- powershell/internal/eidsca/Test-MtEidscaAM02.md | 2 +- powershell/internal/eidsca/Test-MtEidscaAM02.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAM03.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAM04.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAM06.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAM07.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAM09.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAM10.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAP01.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAP04.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAP05.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAP06.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAP07.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAP08.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAP09.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAP10.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAP14.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAT01.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaAT02.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaAV01.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaCP01.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaCP03.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaCP04.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaCR01.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaCR02.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaCR03.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaCR04.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaPR01.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaPR02.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaPR03.ps1 | 1 - powershell/internal/eidsca/Test-MtEidscaPR05.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaPR06.ps1 | 3 +-- powershell/internal/eidsca/Test-MtEidscaST08.md | 2 +- powershell/internal/eidsca/Test-MtEidscaST08.ps1 | 5 ++--- powershell/internal/eidsca/Test-MtEidscaST09.ps1 | 3 +-- website/docs/tests/eidsca/EIDSCA.AG01.md | 2 +- website/docs/tests/eidsca/EIDSCA.AM01.md | 2 +- website/docs/tests/eidsca/EIDSCA.AM02.md | 2 +- website/docs/tests/eidsca/EIDSCA.ST08.md | 4 ++-- website/docs/tests/eidsca/EIDSCA.ST09.md | 2 +- 52 files changed, 33 insertions(+), 75 deletions(-) diff --git a/build/eidsca/Update-EidscaTests.ps1 b/build/eidsca/Update-EidscaTests.ps1 index 7e046eb9..a3493580 100644 --- a/build/eidsca/Update-EidscaTests.ps1 +++ b/build/eidsca/Update-EidscaTests.ps1 @@ -344,7 +344,7 @@ function UpdateTemplate($template, $control, $controlItem, $docName, $isDoc) { if (-not [string]::IsNullOrWhiteSpace($controlItem.SkipCondition) ) { $SkipCheck = "if ( $($controlItem.SkipCondition) ) { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason '$($controlItem.SkipReason)' - return " + '$null' + " ` + return " + '$null' +"` }" $output = $output -replace '%SkipCheck%', "$($SkipCheck)" diff --git a/powershell/internal/eidsca/Test-MtEidscaAF01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF01.ps1 index 61a28d3f..91e45fbd 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAF01.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAF01.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAF01 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta [string]$tenantValue = $result.state diff --git a/powershell/internal/eidsca/Test-MtEidscaAF02.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF02.ps1 index 06ff46ce..953f7fc0 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAF02.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAF02.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAF02 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta [string]$tenantValue = $result.isSelfServiceRegistrationAllowed diff --git a/powershell/internal/eidsca/Test-MtEidscaAF03.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF03.ps1 index a7157d29..0495013f 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAF03.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAF03.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAF03 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta [string]$tenantValue = $result.isAttestationEnforced diff --git a/powershell/internal/eidsca/Test-MtEidscaAF04.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF04.ps1 index 5e90228b..e96499ef 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAF04.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAF04.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAF04 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta [string]$tenantValue = $result.keyRestrictions.isEnforced diff --git a/powershell/internal/eidsca/Test-MtEidscaAF05.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF05.ps1 index 54947f80..a2e86cc2 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAF05.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAF05.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAF05 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled and key restriction not enforced.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta [string]$tenantValue = $result.keyRestrictions.aaGuids -notcontains $null diff --git a/powershell/internal/eidsca/Test-MtEidscaAF06.ps1 b/powershell/internal/eidsca/Test-MtEidscaAF06.ps1 index a1d30f31..782d1381 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAF06.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAF06.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAF06 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of FIDO2 security keys is not enabled and key restriction not enforced.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta [string]$tenantValue = $result.keyRestrictions.aaGuids -notcontains $null -and ($result.keyRestrictions.enforcementType -eq 'allow' -or $result.keyRestrictions.enforcementType -eq 'block') diff --git a/powershell/internal/eidsca/Test-MtEidscaAG01.md b/powershell/internal/eidsca/Test-MtEidscaAG01.md index ac131327..9c4cff52 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAG01.md +++ b/powershell/internal/eidsca/Test-MtEidscaAG01.md @@ -1,6 +1,6 @@ The state of migration of the authentication methods policy from the legacy multifactor authentication and self-service password reset (SSPR) policies. In January 2024, the legacy multifactor authentication and self-service password reset policies will be deprecated and you'll manage all authentication methods here in the authentication methods policy. Use this control to manage your migration from the legacy policies to the new unified policy. -In January 2024, the legacy multifactor authentication and self-service password reset policies will be deprecated and you'll manage all authentication methods here in the authentication methods policy. Use this control to manage your migration from the legacy policies to the new unified policy. +On September 30th, 2025, the legacy multifactor authentication and self-service password reset policies will be deprecated and you'll manage all authentication methods here in the authentication methods policy. Use this control to manage your migration from the legacy policies to the new unified policy. #### Test script ``` diff --git a/powershell/internal/eidsca/Test-MtEidscaAG01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAG01.ps1 index 4c616d10..026dd5d8 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAG01.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAG01.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAG01 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy" -ApiVersion beta [string]$tenantValue = $result.policyMigrationState diff --git a/powershell/internal/eidsca/Test-MtEidscaAG02.ps1 b/powershell/internal/eidsca/Test-MtEidscaAG02.ps1 index bfc95f83..78a1bf33 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAG02.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAG02.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAG02 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy" -ApiVersion beta [string]$tenantValue = $result.reportSuspiciousActivitySettings.state diff --git a/powershell/internal/eidsca/Test-MtEidscaAG03.ps1 b/powershell/internal/eidsca/Test-MtEidscaAG03.ps1 index 908072ab..7ecac9cb 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAG03.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAG03.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAG03 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy" -ApiVersion beta [string]$tenantValue = $result.reportSuspiciousActivitySettings.includeTarget.id diff --git a/powershell/internal/eidsca/Test-MtEidscaAM01.md b/powershell/internal/eidsca/Test-MtEidscaAM01.md index cdeee3a8..4b9c44e1 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM01.md +++ b/powershell/internal/eidsca/Test-MtEidscaAM01.md @@ -12,7 +12,7 @@ https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authentica - [Open in Graph Explorer](https://developer.microsoft.com/en-us/graph/graph-explorer?request=policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')&method=GET&version=beta&GraphUrl=https://graph.microsoft.com) - [microsoftAuthenticatorAuthenticationMethodConfiguration resource type - Microsoft Graph v1.0 | Microsoft Learn](https://learn.microsoft.com/en-us/graph/api/resources/microsoftauthenticatorauthenticationmethodconfiguration) - +- [View in Microsoft Entra admin center](https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods) %TestResult% diff --git a/powershell/internal/eidsca/Test-MtEidscaAM02.md b/powershell/internal/eidsca/Test-MtEidscaAM02.md index 099fb5ce..d43f2b61 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM02.md +++ b/powershell/internal/eidsca/Test-MtEidscaAM02.md @@ -12,7 +12,7 @@ https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authentica - [Open in Graph Explorer](https://developer.microsoft.com/en-us/graph/graph-explorer?request=policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')&method=GET&version=beta&GraphUrl=https://graph.microsoft.com) - [microsoftAuthenticatorAuthenticationMethodConfiguration resource type - Microsoft Graph v1.0 | Microsoft Learn](https://learn.microsoft.com/en-us/graph/api/resources/microsoftauthenticatorauthenticationmethodconfiguration) - +- [View in Microsoft Entra admin center](https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods) %TestResult% diff --git a/powershell/internal/eidsca/Test-MtEidscaAM02.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM02.ps1 index 506d66e9..5ddbe2f2 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM02.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAM02.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAM02 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta [string]$tenantValue = $result.state diff --git a/powershell/internal/eidsca/Test-MtEidscaAM03.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM03.ps1 index 03bfae95..683bbaac 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM03.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAM03.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAM03 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta [string]$tenantValue = $result.featureSettings.numberMatchingRequiredState.state diff --git a/powershell/internal/eidsca/Test-MtEidscaAM04.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM04.ps1 index e2250537..cabbb08b 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM04.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAM04.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAM04 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta [string]$tenantValue = $result.featureSettings.numberMatchingRequiredState.includeTarget.id diff --git a/powershell/internal/eidsca/Test-MtEidscaAM06.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM06.ps1 index ce163167..ca4de961 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM06.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAM06.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAM06 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta [string]$tenantValue = $result.featureSettings.displayAppInformationRequiredState.state diff --git a/powershell/internal/eidsca/Test-MtEidscaAM07.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM07.ps1 index c78cddd6..e3345a1d 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM07.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAM07.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAM07 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta [string]$tenantValue = $result.featureSettings.displayAppInformationRequiredState.includeTarget.id diff --git a/powershell/internal/eidsca/Test-MtEidscaAM09.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM09.ps1 index 36db67fa..5ac4083b 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM09.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAM09.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAM09 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta [string]$tenantValue = $result.featureSettings.displayLocationInformationRequiredState.state diff --git a/powershell/internal/eidsca/Test-MtEidscaAM10.ps1 b/powershell/internal/eidsca/Test-MtEidscaAM10.ps1 index 1e9e5d19..8ee11cdd 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAM10.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAM10.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAM10 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta [string]$tenantValue = $result.featureSettings.displayLocationInformationRequiredState.includeTarget.id diff --git a/powershell/internal/eidsca/Test-MtEidscaAP01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP01.ps1 index 1a8fedfd..e0bdbc38 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP01.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP01.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP01 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.allowedToUseSSPR diff --git a/powershell/internal/eidsca/Test-MtEidscaAP04.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP04.ps1 index 1addffc8..6c10ccaf 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP04.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP04.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP04 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.allowInvitesFrom diff --git a/powershell/internal/eidsca/Test-MtEidscaAP05.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP05.ps1 index af8cfbac..2e3e0570 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP05.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP05.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP05 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.allowedToSignUpEmailBasedSubscriptions diff --git a/powershell/internal/eidsca/Test-MtEidscaAP06.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP06.ps1 index 7a817102..d1323bca 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP06.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP06.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP06 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.allowEmailVerifiedUsersToJoinOrganization diff --git a/powershell/internal/eidsca/Test-MtEidscaAP07.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP07.ps1 index 90702277..0ab9f710 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP07.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP07.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP07 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.guestUserRoleId diff --git a/powershell/internal/eidsca/Test-MtEidscaAP08.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP08.ps1 index 652a97b0..db5e43ff 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP08.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP08.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP08 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.permissionGrantPolicyIdsAssignedToDefaultUserRole | Sort-Object -Descending | select-object -first 1 diff --git a/powershell/internal/eidsca/Test-MtEidscaAP09.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP09.ps1 index 39ed0ea8..dfb4bd12 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP09.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP09.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP09 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.allowUserConsentForRiskyApps diff --git a/powershell/internal/eidsca/Test-MtEidscaAP10.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP10.ps1 index a5c7329d..48c61153 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP10.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP10.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP10 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.defaultUserRolePermissions.allowedToCreateApps diff --git a/powershell/internal/eidsca/Test-MtEidscaAP14.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP14.ps1 index badaa225..9779f074 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAP14.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAP14.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAP14 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta [string]$tenantValue = $result.defaultUserRolePermissions.allowedToReadOtherUsers diff --git a/powershell/internal/eidsca/Test-MtEidscaAT01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAT01.ps1 index c160d2b1..5a29b9d4 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAT01.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAT01.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAT01 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('TemporaryAccessPass')" -ApiVersion beta [string]$tenantValue = $result.state diff --git a/powershell/internal/eidsca/Test-MtEidscaAT02.ps1 b/powershell/internal/eidsca/Test-MtEidscaAT02.ps1 index fcc63372..648bc784 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAT02.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAT02.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaAT02 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Temporary Access Pass is not enabled.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('TemporaryAccessPass')" -ApiVersion beta [string]$tenantValue = $result.isUsableOnce diff --git a/powershell/internal/eidsca/Test-MtEidscaAV01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAV01.ps1 index 3fca4d2e..1c88e3a7 100644 --- a/powershell/internal/eidsca/Test-MtEidscaAV01.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaAV01.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaAV01 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Voice')" -ApiVersion beta [string]$tenantValue = $result.state diff --git a/powershell/internal/eidsca/Test-MtEidscaCP01.ps1 b/powershell/internal/eidsca/Test-MtEidscaCP01.ps1 index 965cca5e..7b10cfb8 100644 --- a/powershell/internal/eidsca/Test-MtEidscaCP01.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaCP01.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaCP01 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'EnableGroupSpecificConsent' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaCP03.ps1 b/powershell/internal/eidsca/Test-MtEidscaCP03.ps1 index 0c0cb775..b04f52dc 100644 --- a/powershell/internal/eidsca/Test-MtEidscaCP03.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaCP03.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaCP03 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'BlockUserConsentForRiskyApps' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaCP04.ps1 b/powershell/internal/eidsca/Test-MtEidscaCP04.ps1 index 1e817c16..237e1a28 100644 --- a/powershell/internal/eidsca/Test-MtEidscaCP04.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaCP04.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaCP04 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'EnableAdminConsentRequests' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaCR01.ps1 b/powershell/internal/eidsca/Test-MtEidscaCR01.ps1 index f2303aa9..54292359 100644 --- a/powershell/internal/eidsca/Test-MtEidscaCR01.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaCR01.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaCR01 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "policies/adminConsentRequestPolicy" -ApiVersion beta [string]$tenantValue = $result.isEnabled diff --git a/powershell/internal/eidsca/Test-MtEidscaCR02.ps1 b/powershell/internal/eidsca/Test-MtEidscaCR02.ps1 index a78acc8c..d5490688 100644 --- a/powershell/internal/eidsca/Test-MtEidscaCR02.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaCR02.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaCR02 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Admin Consent Workflow is not enabled' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/adminConsentRequestPolicy" -ApiVersion beta [string]$tenantValue = $result.notifyReviewers diff --git a/powershell/internal/eidsca/Test-MtEidscaCR03.ps1 b/powershell/internal/eidsca/Test-MtEidscaCR03.ps1 index ba916ca2..0f2476a4 100644 --- a/powershell/internal/eidsca/Test-MtEidscaCR03.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaCR03.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaCR03 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Admin Consent Workflow is not enabled' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/adminConsentRequestPolicy" -ApiVersion beta [string]$tenantValue = $result.notifyReviewers diff --git a/powershell/internal/eidsca/Test-MtEidscaCR04.ps1 b/powershell/internal/eidsca/Test-MtEidscaCR04.ps1 index c92983af..3f9197d3 100644 --- a/powershell/internal/eidsca/Test-MtEidscaCR04.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaCR04.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaCR04 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Admin Consent Workflow is not enabled' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "policies/adminConsentRequestPolicy" -ApiVersion beta [string]$tenantValue = $result.requestDurationInDays diff --git a/powershell/internal/eidsca/Test-MtEidscaPR01.ps1 b/powershell/internal/eidsca/Test-MtEidscaPR01.ps1 index 4bce675f..dbf08763 100644 --- a/powershell/internal/eidsca/Test-MtEidscaPR01.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaPR01.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaPR01 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'BannedPasswordCheckOnPremisesMode' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaPR02.ps1 b/powershell/internal/eidsca/Test-MtEidscaPR02.ps1 index bd7850a7..4e2827c7 100644 --- a/powershell/internal/eidsca/Test-MtEidscaPR02.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaPR02.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaPR02 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'EnableBannedPasswordCheckOnPremises' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaPR03.ps1 b/powershell/internal/eidsca/Test-MtEidscaPR03.ps1 index 1e03952a..444f3113 100644 --- a/powershell/internal/eidsca/Test-MtEidscaPR03.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaPR03.ps1 @@ -25,7 +25,6 @@ function Test-MtEidscaPR03 { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants.' return $null } - $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'EnableBannedPasswordCheck' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaPR05.ps1 b/powershell/internal/eidsca/Test-MtEidscaPR05.ps1 index de6e2b5d..b3fe78b5 100644 --- a/powershell/internal/eidsca/Test-MtEidscaPR05.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaPR05.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaPR05 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'LockoutDurationInSeconds' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaPR06.ps1 b/powershell/internal/eidsca/Test-MtEidscaPR06.ps1 index f8892a32..1a01a151 100644 --- a/powershell/internal/eidsca/Test-MtEidscaPR06.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaPR06.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaPR06 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'LockoutThreshold' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaST08.md b/powershell/internal/eidsca/Test-MtEidscaST08.md index e7c04ab1..3f19e2cb 100644 --- a/powershell/internal/eidsca/Test-MtEidscaST08.md +++ b/powershell/internal/eidsca/Test-MtEidscaST08.md @@ -1,4 +1,4 @@ -Indicating whether or not a guest user can be an owner of groups +Indicating whether or not a guest user can be an owner of groups, manage CISA SCuBA 2.18: Guest users SHOULD have limited access to Azure AD directory objects diff --git a/powershell/internal/eidsca/Test-MtEidscaST08.ps1 b/powershell/internal/eidsca/Test-MtEidscaST08.ps1 index 218acb86..523ee638 100644 --- a/powershell/internal/eidsca/Test-MtEidscaST08.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaST08.ps1 @@ -4,7 +4,7 @@ .DESCRIPTION - Indicating whether or not a guest user can be an owner of groups + Indicating whether or not a guest user can be an owner of groups, manage Queries settings and returns the result of @@ -21,8 +21,7 @@ function Test-MtEidscaST08 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'AllowGuestsToBeGroupOwner' | select-object -expand value diff --git a/powershell/internal/eidsca/Test-MtEidscaST09.ps1 b/powershell/internal/eidsca/Test-MtEidscaST09.ps1 index 81c3999e..e5ccd5e2 100644 --- a/powershell/internal/eidsca/Test-MtEidscaST09.ps1 +++ b/powershell/internal/eidsca/Test-MtEidscaST09.ps1 @@ -21,8 +21,7 @@ function Test-MtEidscaST09 { [OutputType([bool])] param() - - + $result = Invoke-MtGraphRequest -RelativeUri "settings" -ApiVersion beta [string]$tenantValue = $result.values | where-object name -eq 'AllowGuestsToAccessGroups' | select-object -expand value diff --git a/website/docs/tests/eidsca/EIDSCA.AG01.md b/website/docs/tests/eidsca/EIDSCA.AG01.md index 54ba9c83..c8259b43 100644 --- a/website/docs/tests/eidsca/EIDSCA.AG01.md +++ b/website/docs/tests/eidsca/EIDSCA.AG01.md @@ -22,7 +22,7 @@ The state of migration of the authentication methods policy from the legacy mult ### Details of configuration item | | | |-|-| -| **Recommendation** | In January 2024, the legacy multifactor authentication and self-service password reset policies will be deprecated and you'll manage all authentication methods here in the authentication methods policy. Use this control to manage your migration from the legacy policies to the new unified policy. | +| **Recommendation** | On September 30th, 2025, the legacy multifactor authentication and self-service password reset policies will be deprecated and you'll manage all authentication methods here in the authentication methods policy. Use this control to manage your migration from the legacy policies to the new unified policy. | | **Configuration** | policies/authenticationMethodsPolicy | | **Setting** | `policyMigrationState` | | **Recommended Value** | 'migrationComplete' | diff --git a/website/docs/tests/eidsca/EIDSCA.AM01.md b/website/docs/tests/eidsca/EIDSCA.AM01.md index a65b363f..69248f37 100644 --- a/website/docs/tests/eidsca/EIDSCA.AM01.md +++ b/website/docs/tests/eidsca/EIDSCA.AM01.md @@ -17,7 +17,7 @@ Whether the Authenticator App is enabled in the tenant. ## How to fix - +[Microsoft Learn - Enable Authenticator App](https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods-manage#authentication-methods-policy) ### Details of configuration item | | | diff --git a/website/docs/tests/eidsca/EIDSCA.AM02.md b/website/docs/tests/eidsca/EIDSCA.AM02.md index 0e005961..ab745cd2 100644 --- a/website/docs/tests/eidsca/EIDSCA.AM02.md +++ b/website/docs/tests/eidsca/EIDSCA.AM02.md @@ -17,7 +17,7 @@ Defines if users can use the OTP code generated by the Authenticator App. ## How to fix - +[Microsoft Learn - Enable OTP for Authenticator App](https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods-manage#authentication-methods-policy) ### Details of configuration item | | | diff --git a/website/docs/tests/eidsca/EIDSCA.ST08.md b/website/docs/tests/eidsca/EIDSCA.ST08.md index 1a1c4a16..cc95c18f 100644 --- a/website/docs/tests/eidsca/EIDSCA.ST08.md +++ b/website/docs/tests/eidsca/EIDSCA.ST08.md @@ -6,7 +6,7 @@ sidebar_class_name: hidden # Default Settings - Classification and M365 Groups - M365 groups - Allow Guests to become Group Owner -Indicating whether or not a guest user can be an owner of groups +Indicating whether or not a guest user can be an owner of groups, manage | | | |-|-| @@ -17,7 +17,7 @@ Indicating whether or not a guest user can be an owner of groups ## How to fix - +[Microsoft Learn - Microsoft Entra cmdlets for configuring group settings](https://learn.microsoft.com/en-us/entra/identity/users/groups-settings-cmdlets#update-settings-at-the-directory-level) ### Details of configuration item | | | diff --git a/website/docs/tests/eidsca/EIDSCA.ST09.md b/website/docs/tests/eidsca/EIDSCA.ST09.md index 4c3db7f0..d217f947 100644 --- a/website/docs/tests/eidsca/EIDSCA.ST09.md +++ b/website/docs/tests/eidsca/EIDSCA.ST09.md @@ -17,7 +17,7 @@ Indicating whether or not a guest user can have access to Microsoft 365 groups c ## How to fix - +[Microsoft Learn - Microsoft Entra cmdlets for configuring group settings](https://learn.microsoft.com/en-us/entra/identity/users/groups-settings-cmdlets#update-settings-at-the-directory-level) ### Details of configuration item | | |