Implement MS.AAD.3.4v1 - Migration Authentication Method policy #445

crutchfield · 2023-07-18T13:46:15Z

🗣 Description

Implements MS.AAD.3.4v1

closes #411

💭 Motivation and context

Implement secure baseline policy.

🧪 Testing

Added Rego unit test
Tenant, y2zj1, passes MS.AAD.3.4v1; All others fail

📷 Screenshots (if appropriate)

✅ Pre-approval checklist

This PR has an informative and human-readable title.
Changes are limited to a single goal - eschew scope creep!
All future TODOs are captured in issues, which are referenced
in code comments.
All relevant type-of-change labels have been added.
All relevant repo and/or project documentation has been updated
to reflect the changes in this PR.
Tests have been added and/or modified to cover the changes in this PR.
All new and existing tests pass or have related issue.

✅ Pre-merge checklist

Revert dependencies to default branches.
Finalize version.

✅ Post-merge checklist

Create a release.

tkol2022 · 2023-07-18T16:09:45Z

Important instructions for testers

Please do not alter the state of the Manage Migration option in the tenant. This has the potential to lock out users.

Test tenant 3 (E5) is the only one that has the configuration set to a compliant state. Any other tenant should produce a Fail.

* Remove MS Graph 2.0 * Add MS Graph 2.0 removal to SmokeTest * Add path to run smoke test * Fix YAML error

* Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]>

* initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]>

* Add quiet option

* Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]>

* Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]>

* Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]>

@Sloane4

* update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]>

* Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]>

* Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update

…baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header

* Fix CAP table check * Fix lint issue

…iod (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]>

@Sloane4

* Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * WIP * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * wip * Implemented AAD 3.1 * WIP * wip * Implemented AAD 3.1 * Update Rego/AADConfig.rego * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Adjudicate review comments * WIP * wip * Implemented AAD 3.1 * WIP * wip * Update Rego/AADConfig.rego * Adjudicate review comments --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]>

crutchfield · 2023-07-24T18:02:06Z

ONLY AADConfig.rego and AADConfig_03_test.rego were changed. Other files are from rebase to resolve merge conflicts. :(

…into ManageMigration

ssatyapal123

Confirmed only y2zj1 passes.

crutchfield · 2023-08-07T15:41:16Z

@nanda-katikaneni Looks like this is ready to merge into Emerald.

@Sloane4

* Implement AAD 3.4 * Remove MS Graph 2.0 from GitHub Action, Run PowerShell Tests (#446) * Remove MS Graph 2.0 * Add MS Graph 2.0 removal to SmokeTest * Add path to run smoke test * Fix YAML error * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Implement MS.AAD.3.1v1 phishing resistant mfa for all users (#433) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * WIP * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * wip * Implemented AAD 3.1 * WIP * wip * Implemented AAD 3.1 * Update Rego/AADConfig.rego * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Adjudicate review comments * WIP * wip * Implemented AAD 3.1 * WIP * wip * Update Rego/AADConfig.rego * Adjudicate review comments --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> * Implement AAD 3.4 --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]>

@Sloane4

* Implement AAD 3.4 * Remove MS Graph 2.0 from GitHub Action, Run PowerShell Tests (#446) * Remove MS Graph 2.0 * Add MS Graph 2.0 removal to SmokeTest * Add path to run smoke test * Fix YAML error * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Implement MS.AAD.3.1v1 phishing resistant mfa for all users (#433) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * WIP * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * wip * Implemented AAD 3.1 * WIP * wip * Implemented AAD 3.1 * Update Rego/AADConfig.rego * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Adjudicate review comments * WIP * wip * Implemented AAD 3.1 * WIP * wip * Update Rego/AADConfig.rego * Adjudicate review comments --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> * Implement AAD 3.4 --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]>

@Sloane4

* Implement AAD 3.4 * Remove MS Graph 2.0 from GitHub Action, Run PowerShell Tests (#446) * Remove MS Graph 2.0 * Add MS Graph 2.0 removal to SmokeTest * Add path to run smoke test * Fix YAML error * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Implement MS.AAD.3.1v1 phishing resistant mfa for all users (#433) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * WIP * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * wip * Implemented AAD 3.1 * WIP * wip * Implemented AAD 3.1 * Update Rego/AADConfig.rego * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Adjudicate review comments * WIP * wip * Implemented AAD 3.1 * WIP * wip * Update Rego/AADConfig.rego * Adjudicate review comments --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> * Implement AAD 3.4 --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]>

@Sloane4

* Implement AAD 3.4 * Remove MS Graph 2.0 from GitHub Action, Run PowerShell Tests (#446) * Remove MS Graph 2.0 * Add MS Graph 2.0 removal to SmokeTest * Add path to run smoke test * Fix YAML error * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Implement MS.AAD.3.1v1 phishing resistant mfa for all users (#433) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Add quiet mode for invoke-scuba (#357) * Add quiet option * Invert Stance on Defender Preset Policies in Markdown (#355) * Inverted 2.1, removed applicable controls * Ironed out baselines for the using the preset policies * Minor wording updates to MS.DEFENDER.1.1v1 rationale * Minor wording updates to MS.DEFENDER.2.3v1 policy statement * Minor wording updates to MS.DEFENDER.2.3v1 rationale * Update to MS.DEFENDER.2.4v1 license restrictions in GCC high and DoD regions * Minor wording updates to MS.DEFENDER.3.1v1 rationale * Minor wording update to MS.DEFENDER.2.3v1 rationale * Minor wording change to Safe Attachments group text * Remove hyphen from Safe Attachments policy group title. * Added new policy item 1.1v1 and renumered others; added sensitive accounts language --------- Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Addam Schroll <[email protected]> * Substantiative changes to Sharepoint Baseline minus Rationale (#360) * Structural baseline updates (cleaned up) (#334) --------- * Split policies for testing purposes * Addition for github issue: Add a new SharePoint Guest sign in Policy #307 * Updated for github issue: Direct the user to save in policy implementation SharePoint #301 * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Update for github issue Sharepoint 2.3 Sharing settings cannot be more restrictive than the tenant level #288 * Updat for github issue Update SharePoint Policy 2.4 Code #300 * Additional changes for #288 * Update with correct implementations * Update for github issue #303 * Added some rational & fixed policy numbers * Split policy 5 to improve setting check & report. * Updated for duplicates with onedrive * Add resource for details about reauthentication github issue #299 * Removed Should & Shall from intro paragraphs. * Split implementation for each policy item * Updated code to match baseline TODO Unit tests * Updated unit tests * Fixed policy 4 * Update commandlet for MS.SHAREPOINT.5.2v1 * Updated content style guide for new rego structure * Readded comments to MS.SHAREPOINT.5.2v1 * Baseline updated with requested fixes (addam) * Move updates to content style guide to new branch (not part of current scope) * Update ErrMsg for MS.SHAREPOINT.4 to be more readable --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Richard Crutchfield <[email protected]> * Fix test location file path (#367) * Enhanced smoke test - check for missing results (#356) * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Initial drop of secure baseline automation (#336) * initial teams drop * Add markdown check * Fix spelling * Check action * Test Action * Check version * Fix Markdown test * Add path *.md * Update anchor func * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * WIP * WIP * WIP * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * initial teams drop * Update AAD * WIP * Structural baseline updates (cleaned up) (#334) * Update aad.md all updates * Update defender.md all updates * Update exchange.md all updates * Rename exchange.md to exo.md * Update onedrive.md * Update powerbi.md all updates * Update powerplatform.md all updates * Update sharepoint.md all updates * Update teams.md all updates * Update baselines/defender.md good catch! Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/powerbi.md Co-authored-by: Addam Schroll <[email protected]> * Update baselines/aad.md Co-authored-by: Addam Schroll <[email protected]> * Update aad.md referenced old policy number * Update powerbi.md --------- Co-authored-by: Addam Schroll <[email protected]> * Fix UT errors * Default baseline for testing * Updates based on review comments * Call Import-SecureBaseline once * Update for review comments * Review updates * Add help comment * remove unused import * Fix OPA check issues * fix opa tests action * Update action to test * Action update * Sum PS/Bug as Errors * Update darkmode colors * Fix UT after Rebase * Fix UT * Fix error log * Update UT for NewReport * Update link color --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * Check if missing reported * Change missing to warning * Fix UT for warning * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Update Testing/Unit/PowerShell/CreateReport/New-Report.Tests.ps1 * Align with updated defender.md * Update to match defender --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> * One drive baseline (#370) * update onedrive baseline * remove should shall language * remove Configuring On-Premises Devices session at the end of the doc * Update wording for policy1 Co-authored-by: Addam Schroll <[email protected]> * Update policy 2 to keep consistency Co-authored-by: Addam Schroll <[email protected]> * Update wording for note Co-authored-by: Addam Schroll <[email protected]> * Spelling error fix Co-authored-by: Addam Schroll <[email protected]> * spelling fix Co-authored-by: Addam Schroll <[email protected]> * change name to match with sharepoint * Update onedrive.md remove MS.ONEDRIVE.3.1v1 because it is actually duplicate of policy MS.ONEDRIVE.1.1v1 @Sloane4 Might want to remove the reference in MS.SHAREPOINT.2.1v1 * Update onedrive.md revert changes --------- Co-authored-by: Addam Schroll <[email protected]> * DLP policy group additions and updates (#381) * Adjudicate Substantive AAD Baseline Comments (#379) * Updated to reflect phishing-resistant preferences * Updated to reflect phishing resistant pref'starting * Updates to AAD Policy 2.4 * Updates to aad policies * Updates to aad markdown * aad updates * aad baseline updates * aad baseline update (2.10) * aad baseline updates (removed 2.9) * updates to aad baseline (16.2) * aad 4.1 implementation updates * updates to aad 4 baseline policy implementations * Updates to aad policy 14 * updates to aad baseline * updates to aad.4.7v1 implementation * updates to aad.4.7v1 * Consolidated highly privileged user policies * fixes to aad.11.x * updates to policy 7 * Update to AAD 11 policy front matter (intro text) * updates to aad baseline * testing write to GitHub * backup of revisions 062223 * backup 062323 6:47 * backup 062623 --------- Co-authored-by: Ted Kolovos <[email protected]> * Added SharePoint to MS.DEFENDER.4.2v1 locations (#402) * Update aad scubagear code to align to revised baseline (#408) * Rearranged policies to match baseline updates * Added versioning for duplicate unit test title * Removed unused import * Updated MS.AAD.7.1v1 from less than 5 to less than 9 * Updated comment? * Updated yaml file * Comment update * Differentiate policy id vs implementation (#414) * WIP * Updated ReportDetails on tests to match patch results (#426) * Address Power Platform pilot comments and substantive changes in the baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header * wip * Implemented AAD 3.1 * WIP * wip * Implemented AAD 3.1 * Update Rego/AADConfig.rego * Update Smoke Test to handle CAP (#418) * Fix CAP table check * Fix lint issue * update MS.AAD.7.6v1 to only check for global admin (#428) * Combine Sharepoint with OneDrive and address feedback from review period (#393) * draft update & merge of Sharepoint OneDrive * fixed policies wrong spelling * fixed note indent formatting * delete onedrive md file - have a combined file now * missing heading for some implementations * Added rationales for all policy items. * spelling errors and removed instructions comma * changed IDs to SHAREPOINT based on team vote * fixed duplicate ID in instructions --------- Co-authored-by: Addam Schroll <[email protected]> * Adjudicate review comments * WIP * wip * Implemented AAD 3.1 * WIP * wip * Update Rego/AADConfig.rego * Adjudicate review comments --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> * Implement AAD 3.4 --------- Co-authored-by: Andrew Huynh <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Sloane4 <[email protected]> Co-authored-by: Alden Hilton <[email protected]> Co-authored-by: Addam Schroll <[email protected]> Co-authored-by: Cassandra Diaz <[email protected]> Co-authored-by: Dylan Gao <[email protected]> Co-authored-by: Shanti Satyapal <[email protected]> Co-authored-by: Ted Kolovos <[email protected]> Co-authored-by: David Bui <[email protected]> Co-authored-by: Ted Kolovos <[email protected]>

Implement AAD 3.4

d7c3257

crutchfield added the enhancement This issue or pull request will add new or improve existing functionality label Jul 18, 2023

crutchfield added this to the Emerald milestone Jul 18, 2023

crutchfield requested review from Sloane4 and ssatyapal123 July 18, 2023 13:46

crutchfield self-assigned this Jul 18, 2023

crutchfield and others added 21 commits July 20, 2023 15:04

Remove MS Graph 2.0 from GitHub Action, Run PowerShell Tests (#446)

fef4691

* Remove MS Graph 2.0 * Add MS Graph 2.0 removal to SmokeTest * Add path to run smoke test * Fix YAML error

Add quiet mode for invoke-scuba (#357)

6f38629

* Add quiet option

Fix test location file path (#367)

bbe8541

DLP policy group additions and updates (#381)

c613ff7

Added SharePoint to MS.DEFENDER.4.2v1 locations (#402)

3fec594

Differentiate policy id vs implementation (#414)

bed9249

Updated ReportDetails on tests to match patch results (#426)

d6a4499

Address Power Platform pilot comments and substantive changes in the …

bcee282

…baseline document Part 2 (#424) * power platform baseline doc refactor * address Grant's comments * forgot to update this header * consistent Policies header

Update Smoke Test to handle CAP (#418)

1cc8b23

* Fix CAP table check * Fix lint issue

update MS.AAD.7.6v1 to only check for global admin (#428)

d595a40

Implement AAD 3.4

33b4380

crutchfield force-pushed the ManageMigration branch from d7c3257 to 33b4380 Compare July 21, 2023 11:24

schrolla changed the base branch from main to emerald July 24, 2023 19:44

Richard Crutchfield and others added 3 commits July 24, 2023 16:10

Merge branch 'ManageMigration' of https://github.com/cisagov/ScubaGear …

f95a409

…into ManageMigration

Merge branch 'emerald' into ManageMigration

76b5482

Merge branch 'emerald' into ManageMigration

46b221f

Sloane4 approved these changes Jul 27, 2023

View reviewed changes

ssatyapal123 approved these changes Aug 2, 2023

View reviewed changes

nanda-katikaneni merged commit abfb0a5 into emerald Aug 7, 2023
3 of 9 checks passed

crutchfield mentioned this pull request Aug 7, 2023

Implement new AAD Rego policy MS.AAD.3.4v1 Manage Migration feature SHALL be set to Migration Complete #411

Closed

2 tasks

schrolla deleted the ManageMigration branch August 7, 2023 20:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement MS.AAD.3.4v1 - Migration Authentication Method policy #445

Implement MS.AAD.3.4v1 - Migration Authentication Method policy #445

crutchfield commented Jul 18, 2023

tkol2022 commented Jul 18, 2023

crutchfield commented Jul 24, 2023

ssatyapal123 left a comment

crutchfield commented Aug 7, 2023

Implement MS.AAD.3.4v1 - Migration Authentication Method policy #445

Implement MS.AAD.3.4v1 - Migration Authentication Method policy #445

Conversation

crutchfield commented Jul 18, 2023

🗣 Description

💭 Motivation and context

🧪 Testing

📷 Screenshots (if appropriate)

✅ Pre-approval checklist

✅ Pre-merge checklist

✅ Post-merge checklist

tkol2022 commented Jul 18, 2023

Important instructions for testers

crutchfield commented Jul 24, 2023

ssatyapal123 left a comment

Choose a reason for hiding this comment

crutchfield commented Aug 7, 2023