AsBuiltReport.Microsoft.EntraID

0.1.20

Src/Private/Get-AbrEntraIDSections.ps1

                                #region --- Section Orchestrators ---

function Get-AbrEntraIDIdentitySection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    # Only create the Identity heading section if at least one sub-section is enabled

    if ($InfoLevel.Users -lt 1 -and $InfoLevel.Groups -lt 1) { return }

    Section -Style Heading1 'Identity' {

        Paragraph "The following section provides a summary of the Identity configuration for tenant $TenantId."

        BlankLine

        if ($InfoLevel.Users -ge 1) {

            Write-Host '    - Working on Users sub-section.'

            Get-AbrEntraIDUsers -TenantId $TenantId

        }

        if ($InfoLevel.Groups -ge 1) {

            Write-Host '    - Working on Groups sub-section.'

            Get-AbrEntraIDGroups -TenantId $TenantId

        }

    }

}

function Get-AbrEntraIDSecuritySection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    $anyEnabled = ($InfoLevel.MFA -ge 1 -or $InfoLevel.AuthenticationMethods -ge 1 -or

                   $InfoLevel.ConditionalAccess -ge 1 -or $InfoLevel.Roles -ge 1 -or

                   $InfoLevel.SSPR -ge 1 -or $InfoLevel.IdentityProtection -ge 1)

    if (-not $anyEnabled) { return }

    Section -Style Heading1 'Security' {

        Paragraph "The following section provides a summary of the Security configuration for tenant $TenantId."

        BlankLine

        if ($InfoLevel.MFA -ge 1) {

            Write-Host '    - Working on MFA sub-section.'

            Get-AbrEntraIDMFA -TenantId $TenantId

        }

        if ($InfoLevel.AuthenticationMethods -ge 1) {

            Write-Host '    - Working on Authentication Methods sub-section.'

            Get-AbrEntraIDAuthMethods -TenantId $TenantId

        }

        if ($InfoLevel.ConditionalAccess -ge 1) {

            Write-Host '    - Working on Conditional Access sub-section.'

            Get-AbrEntraIDConditionalAccess -TenantId $TenantId

        }

        if ($InfoLevel.Roles -ge 1) {

            Write-Host '    - Working on Directory Roles sub-section.'

            Get-AbrEntraIDRoles -TenantId $TenantId

        }

        # SSPR and Identity Protection logically belong under Security

        if ($InfoLevel.SSPR -ge 1) {

            Write-Host '    - Working on SSPR sub-section.'

            Get-AbrEntraIDSSPR -TenantId $TenantId

        }

        if ($InfoLevel.IdentityProtection -ge 1) {

            if ($script:TenantHasP2 -or $script:TenantHasP2 -eq $null) {

                Write-Host '    - Working on Identity Protection sub-section.'

                Get-AbrEntraIDIdentityProtection -TenantId $TenantId

            } else {

                Write-Host '    - Skipping Identity Protection (no Entra ID P2 licence detected).' -ForegroundColor Yellow

            }

        }

    }

}

function Get-AbrEntraIDSecurityPostureSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    # Security Posture depends on CA and MFA data -- only run if at least one is enabled

    if ($InfoLevel.MFA -lt 1 -and $InfoLevel.ConditionalAccess -lt 1) { return }

    Get-AbrEntraIDSecurityPosture -TenantId $TenantId

}

function Get-AbrEntraIDApplicationsSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.Applications -lt 1 -and $InfoLevel.ServicePrincipals -lt 1) { return }

    Section -Style Heading1 'Applications' {

        Paragraph "The following section provides a summary of the Application configuration for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Applications sub-section.'

        Get-AbrEntraIDApplications -TenantId $TenantId

    }

}

function Get-AbrEntraIDDevicesSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.Devices -lt 1) { return }

    Section -Style Heading1 'Devices' {

        Paragraph "The following section provides a summary of the Device configuration for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Devices sub-section.'

        Get-AbrEntraIDDevices -TenantId $TenantId

    }

}

#endregion

function Get-AbrEntraIDGovernanceSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.Governance -lt 1) { return }

    if (-not ($script:TenantHasGovernance -or $script:TenantHasGovernance -eq $null)) {

        Write-Host '- Skipping Identity Governance section (no Governance licence detected).' -ForegroundColor Yellow

        return

    }

    Get-AbrEntraIDGovernance -TenantId $TenantId

}

function Get-AbrEntraIDIdentityProtectionSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.IdentityProtection -lt 1) { return }

    Get-AbrEntraIDIdentityProtection -TenantId $TenantId

}

function Get-AbrEntraIDTenantSettingsSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.TenantSettings -lt 1) { return }

    Section -Style Heading1 'Tenant Settings' {

        Paragraph "The following section documents the tenant-level security settings configured in $TenantId."

        BlankLine

        Get-AbrEntraIDTenantSettings -TenantId $TenantId

    }

}

function Get-AbrEntraIDSSPRSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.SSPR -lt 1) { return }

    Get-AbrEntraIDSSPR -TenantId $TenantId

}

function Get-AbrEntraIDDiagnosticsSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.Diagnostics -lt 1) { return }

    Get-AbrEntraIDDiagnostics -TenantId $TenantId

}