From ab6e92dbaaed1a954b47d689d9bc8897609bd21d Mon Sep 17 00:00:00 2001 From: Richard Crutchfield Date: Mon, 7 Aug 2023 12:20:25 -0400 Subject: [PATCH] Implement MS.AAD.3.4v1 - Migration Authentication Method policy (#445) * Implement AAD 3.4 * Remove MS Graph 2.0 from GitHub Action, Run PowerShell Tests (#446) * Remove MS Graph 2.0 * Add MS Graph 2.0 removal to SmokeTest * Add path to run smoke test * Fix YAML error * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Addam Schroll * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Richard Crutchfield * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update wording for note Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Spelling error fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * spelling fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll * Implement MS.AAD.3.1v1 phishing resistant mfa for all users (#433) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Addam Schroll * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Richard Crutchfield * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/aad.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update wording for note Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Spelling error fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * spelling fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * WIP * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * wip * Implemented AAD 3.1 * WIP * wip * Implemented AAD 3.1 * Update Rego/AADConfig.rego * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll * Adjudicate review comments * WIP * wip * Implemented AAD 3.1 * WIP * wip * Update Rego/AADConfig.rego * Adjudicate review comments --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: Addam Schroll Co-authored-by: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Co-authored-by: Dylan Gao <107067015+Dylan-MITRE@users.noreply.github.com> Co-authored-by: Shanti Satyapal <78565245+ssatyapal123@users.noreply.github.com> Co-authored-by: Ted Kolovos Co-authored-by: David Bui <105074908+buidav@users.noreply.github.com> Co-authored-by: Ted Kolovos <107076927+tkol2022@users.noreply.github.com> * Implement AAD 3.4 --------- Co-authored-by: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Co-authored-by: Sloane4 Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: Addam Schroll Co-authored-by: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Co-authored-by: Dylan Gao <107067015+Dylan-MITRE@users.noreply.github.com> Co-authored-by: Shanti Satyapal <78565245+ssatyapal123@users.noreply.github.com> Co-authored-by: Ted Kolovos Co-authored-by: David Bui <105074908+buidav@users.noreply.github.com> Co-authored-by: Ted Kolovos <107076927+tkol2022@users.noreply.github.com> --- .../Modules/Providers/ExportAADProvider.psm1 | 4 +++ Rego/AADConfig.rego | 16 +++++----- Testing/Unit/Rego/AAD/AADConfig_03_test.rego | 31 +++++++++++++++++-- 3 files changed, 40 insertions(+), 11 deletions(-) diff --git a/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 b/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 index 4300b176e5..fc7770eea4 100644 --- a/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 +++ b/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 @@ -100,6 +100,9 @@ function Export-AADProvider { # 2.7 Policy Bullet 2] $AdminConsentReqPolicies = ConvertTo-Json @($Tracker.TryCommand("Get-MgPolicyAdminConsentRequestPolicy")) + # Read the properties and relationships of an authentication method policy + $AuthenticationMethodPolicy = ConvertTo-Json @($Tracker.TryCommand("Get-MgPolicyAuthenticationMethodPolicy")) + $SuccessfulCommands = ConvertTo-Json @($Tracker.GetSuccessfulCommands()) $UnSuccessfulCommands = ConvertTo-Json @($Tracker.GetUnSuccessfulCommands()) @@ -113,6 +116,7 @@ function Export-AADProvider { "privileged_roles": $PrivilegedRoles, "service_plans": $ServicePlans, "directory_settings": $DirectorySettings, + "authentication_method": $AuthenticationMethodPolicy, "aad_successful_commands": $SuccessfulCommands, "aad_unsuccessful_commands": $UnSuccessfulCommands, "@ diff --git a/Rego/AADConfig.rego b/Rego/AADConfig.rego index 7ad6abea15..83e6f1170c 100644 --- a/Rego/AADConfig.rego +++ b/Rego/AADConfig.rego @@ -361,15 +361,15 @@ tests[{ #-- # At this time we are unable to test for X because of NEW POLICY tests[{ - "PolicyId": PolicyId, - "Criticality" : "Should/Not-Implemented", - "Commandlet" : [], - "ActualValue" : [], - "ReportDetails" : NotCheckedDetails(PolicyId), - "RequirementMet" : false + "PolicyId": "MS.AAD.3.4v1", + "Criticality" : "Shall", + "Commandlet" : ["Get-MgPolicyAuthenticationMethodPolicy"], + "ActualValue" : [Policy.PolicyMigrationState], + "ReportDetails" : ReportDetailsBoolean(Status), + "RequirementMet" : Status }] { - PolicyId := "MS.AAD.3.4v1" - true + Policy := input.authentication_method[_] + Status := Policy.PolicyMigrationState == "migrationComplete" } #-- diff --git a/Testing/Unit/Rego/AAD/AADConfig_03_test.rego b/Testing/Unit/Rego/AAD/AADConfig_03_test.rego index d564073f08..657b78e5f6 100644 --- a/Testing/Unit/Rego/AAD/AADConfig_03_test.rego +++ b/Testing/Unit/Rego/AAD/AADConfig_03_test.rego @@ -1,6 +1,7 @@ package aad import future.keywords import data.report.utils.NotCheckedDetails +import data.report.utils.ReportDetailsBoolean # @@ -1285,16 +1286,40 @@ test_NotImplemented_Correct_V2 if { # # MS.AAD.3.4v1 #-- -test_NotImplemented_Correct_V3 if { +test_Migrated_Correct if { PolicyId := "MS.AAD.3.4v1" - Output := tests with input as { } + Output := tests with input as { + "authentication_method": [ + { + "PolicyMigrationState": "migrationComplete" + } + ] + } + + RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + + count(RuleOutput) == 1 + RuleOutput[0].RequirementMet + RuleOutput[0].ReportDetails == ReportDetailsBoolean(true) +} + +test_Migrated_Incorrect if { + PolicyId := "MS.AAD.3.4v1" + + Output := tests with input as { + "authentication_method": [ + { + "PolicyMigrationState": "preMigration" + } + ] + } RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet - RuleOutput[0].ReportDetails == NotCheckedDetails(PolicyId) + RuleOutput[0].ReportDetails == ReportDetailsBoolean(false) } #--