Merge branch 'maester365:main' into exoDns

powershell/public/Invoke-Maester.ps1

@@ -142,7 +142,7 @@ Function Invoke-Maester {
     function ValidateAndSetOutputFiles($out) {
         $result = $null
         if (![string]::IsNullOrEmpty($out.OutputHtmlFile)) {
-            if ($out.OutputFile.EndsWith(".html") -eq $false) {
+            if ($out.OutputHtmlFile.EndsWith(".html") -eq $false) {
                 $result = "The OutputHtmlFile parameter must have an .html extension."
             }
         }
@@ -156,9 +156,11 @@ Function Invoke-Maester {
                 $result = "The OutputJsonFile parameter must have a .json extension."
             }
         }
-        if ([string]::IsNullOrEmpty($out.OutputFolder) -or `
-            (!$PassThru -and [string]::IsNullOrEmpty($out.OutputFolder) -and [string]::IsNullOrEmpty($out.OutputHtmlFile) `
-                    -and [string]::IsNullOrEmpty($out.OutputMarkdownFile) -and [string]::IsNullOrEmpty($out.OutputJsonFile))) {
+
+        $someOutputFileHasValue = ![string]::IsNullOrEmpty($out.OutputHtmlFile) -or `
+            ![string]::IsNullOrEmpty($out.OutputMarkdownFile) -or ![string]::IsNullOrEmpty($out.OutputJsonFile)
+
+        if ([string]::IsNullOrEmpty($out.OutputFolder) -and !$someOutputFileHasValue) {
             # No outputs specified. Set default folder.
             $out.OutputFolder = "./test-results"
         }

tests/Maester/Entra/Test-EntraRecommendations.Tests.ps1

@@ -1,15 +1,29 @@
 BeforeDiscovery {
     $EntraIDPlan = Get-MtLicenseInformation -Product "EntraID"
-    $EntraRecommendations = Invoke-MtGraphRequest -DisableCache -ApiVersion beta -RelativeUri 'directory/recommendations' -OutputType Hashtable
+    $EntraRecommendations = Invoke-MtGraphRequest -DisableCache -ApiVersion beta -RelativeUri 'directory/recommendations?$expand=impactedResources' -OutputType Hashtable
     Write-Verbose "Found $($EntraRecommendations.Count) Entra recommendations"
 }
 
 Describe "Entra Recommendations" -Tag "Entra", "Security", "All", "Recommendation" -ForEach $EntraRecommendations {
     It "MT.1024: Entra Recommendation - <displayName>. See https://maester.dev/docs/tests/MT.1024" -Tag "MT.1024" {
         #region Add detailed test description
-        $ActionSteps = $actionSteps | Sort-Object -Property 'stepNumber' | Select-Object -ExpandProperty text -EA SilentlyContinue
+        $ActionSteps = $actionSteps | Sort-Object -Property 'stepNumber' | ForEach-Object {
+            $_.text + "[$($_.actionUrl.displayName)]($($_.actionUrl.url))."
+        }
         $ActionSteps = $ActionSteps -join "`n`n"
-        $ResultMarkdown = $insights + "`n`nRemediation actions:`n`n" + $ActionSteps
+        if ($status -ne 'completedBySystem' -and $impactedResources) {
+            $impactedResourcesList = "`n`n#### Impacted resources`n`n | Status | Name | First detected| `n"
+            $impactedResourcesList += "| --- | --- | --- |`n"
+            foreach ($resource in $impactedResources) {
+                if ($resource.status -eq 'completedBySystem') {
+                    $resourceResult = "✅ Pass"
+                } else {
+                    $resourceResult = "❌ Fail"
+                }
+                $impactedResourcesList += "| $($resourceResult) | [$($resource.displayName)]($($resource.portalUrl)) | $($resource.addedDateTime) | `n"
+            }
+        }
+        $ResultMarkdown = $insights + $impactedResourcesList + "`n`n#### Remediation actions:`n`n" + $ActionSteps
         Add-MtTestResultDetail -Description $benefits -Result $ResultMarkdown
         #endregion
         # Actual test

website/docs/tests/maester/MT.1003.md

@@ -20,6 +20,6 @@ This practice ensures you
 
 Create a conditional access policy that applies to `All cloud apps`, and then exclude applications that you don't want the policy to apply to.
 
-## Learn more
-
+## Related links
+- [Entra admin center - Conditional Access | Policies](https://entra.microsoft.com/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Overview/fromNav/)
 - [Apply Conditional Access policies to every app](https://learn.microsoft.com/entra/identity/conditional-access/plan-conditional-access#apply-conditional-access-policies-to-every-app)