diff --git a/powershell/public/Invoke-Maester.ps1 b/powershell/public/Invoke-Maester.ps1 index f2275eda..3642f8b9 100644 --- a/powershell/public/Invoke-Maester.ps1 +++ b/powershell/public/Invoke-Maester.ps1 @@ -142,7 +142,7 @@ Function Invoke-Maester { function ValidateAndSetOutputFiles($out) { $result = $null if (![string]::IsNullOrEmpty($out.OutputHtmlFile)) { - if ($out.OutputFile.EndsWith(".html") -eq $false) { + if ($out.OutputHtmlFile.EndsWith(".html") -eq $false) { $result = "The OutputHtmlFile parameter must have an .html extension." } } @@ -156,9 +156,11 @@ Function Invoke-Maester { $result = "The OutputJsonFile parameter must have a .json extension." } } - if ([string]::IsNullOrEmpty($out.OutputFolder) -or ` - (!$PassThru -and [string]::IsNullOrEmpty($out.OutputFolder) -and [string]::IsNullOrEmpty($out.OutputHtmlFile) ` - -and [string]::IsNullOrEmpty($out.OutputMarkdownFile) -and [string]::IsNullOrEmpty($out.OutputJsonFile))) { + + $someOutputFileHasValue = ![string]::IsNullOrEmpty($out.OutputHtmlFile) -or ` + ![string]::IsNullOrEmpty($out.OutputMarkdownFile) -or ![string]::IsNullOrEmpty($out.OutputJsonFile) + + if ([string]::IsNullOrEmpty($out.OutputFolder) -and !$someOutputFileHasValue) { # No outputs specified. Set default folder. $out.OutputFolder = "./test-results" } diff --git a/tests/Maester/Entra/Test-EntraRecommendations.Tests.ps1 b/tests/Maester/Entra/Test-EntraRecommendations.Tests.ps1 index 3fbad18f..0ae972e3 100644 --- a/tests/Maester/Entra/Test-EntraRecommendations.Tests.ps1 +++ b/tests/Maester/Entra/Test-EntraRecommendations.Tests.ps1 @@ -1,15 +1,29 @@ BeforeDiscovery { $EntraIDPlan = Get-MtLicenseInformation -Product "EntraID" - $EntraRecommendations = Invoke-MtGraphRequest -DisableCache -ApiVersion beta -RelativeUri 'directory/recommendations' -OutputType Hashtable + $EntraRecommendations = Invoke-MtGraphRequest -DisableCache -ApiVersion beta -RelativeUri 'directory/recommendations?$expand=impactedResources' -OutputType Hashtable Write-Verbose "Found $($EntraRecommendations.Count) Entra recommendations" } Describe "Entra Recommendations" -Tag "Entra", "Security", "All", "Recommendation" -ForEach $EntraRecommendations { It "MT.1024: Entra Recommendation - . See https://maester.dev/docs/tests/MT.1024" -Tag "MT.1024" { #region Add detailed test description - $ActionSteps = $actionSteps | Sort-Object -Property 'stepNumber' | Select-Object -ExpandProperty text -EA SilentlyContinue + $ActionSteps = $actionSteps | Sort-Object -Property 'stepNumber' | ForEach-Object { + $_.text + "[$($_.actionUrl.displayName)]($($_.actionUrl.url))." + } $ActionSteps = $ActionSteps -join "`n`n" - $ResultMarkdown = $insights + "`n`nRemediation actions:`n`n" + $ActionSteps + if ($status -ne 'completedBySystem' -and $impactedResources) { + $impactedResourcesList = "`n`n#### Impacted resources`n`n | Status | Name | First detected| `n" + $impactedResourcesList += "| --- | --- | --- |`n" + foreach ($resource in $impactedResources) { + if ($resource.status -eq 'completedBySystem') { + $resourceResult = "✅ Pass" + } else { + $resourceResult = "❌ Fail" + } + $impactedResourcesList += "| $($resourceResult) | [$($resource.displayName)]($($resource.portalUrl)) | $($resource.addedDateTime) | `n" + } + } + $ResultMarkdown = $insights + $impactedResourcesList + "`n`n#### Remediation actions:`n`n" + $ActionSteps Add-MtTestResultDetail -Description $benefits -Result $ResultMarkdown #endregion # Actual test diff --git a/website/docs/tests/maester/MT.1003.md b/website/docs/tests/maester/MT.1003.md index 6ce58531..c7d504ca 100644 --- a/website/docs/tests/maester/MT.1003.md +++ b/website/docs/tests/maester/MT.1003.md @@ -20,6 +20,6 @@ This practice ensures you Create a conditional access policy that applies to `All cloud apps`, and then exclude applications that you don't want the policy to apply to. -## Learn more - +## Related links +- [Entra admin center - Conditional Access | Policies](https://entra.microsoft.com/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Overview/fromNav/) - [Apply Conditional Access policies to every app](https://learn.microsoft.com/entra/identity/conditional-access/plan-conditional-access#apply-conditional-access-policies-to-every-app)