Devolutions.CIEM

0.1.0-alpha

Checks/Azure/Test-EntraSecurityDefaultsEnabled.ps1

function Test-EntraSecurityDefaultsEnabled {
    <#
    .SYNOPSIS
        Tests if Security Defaults is enabled in Microsoft Entra ID.

    .DESCRIPTION
        This check verifies that Security Defaults is enabled. Security Defaults provide
        a basic level of security including:
        - Requiring all users and admins to register for MFA
        - Challenging users with MFA when necessary
        - Disabling legacy authentication clients

    .PARAMETER CheckMetadata
        Hashtable containing check metadata including id and severity.

    .EXAMPLE
        Test-EntraSecurityDefaultsEnabled -CheckMetadata $metadata
    #>
    [CmdletBinding()]
    [OutputType([PSCustomObject[]])]
    param(
        [Parameter(Mandatory)]
        [hashtable]$CheckMetadata
    )

    $ErrorActionPreference = 'Stop'

    if (-not $script:EntraService.SecurityDefaults) {
        $params = @{
            CheckMetadata  = $CheckMetadata
            Status         = 'SKIPPED'
            StatusExtended = 'Unable to retrieve Security Defaults policy - missing permissions'
            ResourceId     = 'N/A'
            ResourceName   = 'Security Defaults'
        }
        New-CIEMFinding @params
    }
    else {
        $securityDefaults = $script:EntraService.SecurityDefaults
        $isEnabled = $securityDefaults.isEnabled -eq $true

        if ($isEnabled) {
            $params = @{
                CheckMetadata  = $CheckMetadata
                Status         = 'PASS'
                StatusExtended = 'Entra security defaults is enabled.'
                ResourceId     = $securityDefaults.id
                ResourceName   = 'Security Defaults'
            }
            New-CIEMFinding @params
        }
        else {
            $params = @{
                CheckMetadata  = $CheckMetadata
                Status         = 'FAIL'
                StatusExtended = 'Entra security defaults is disabled.'
                ResourceId     = $securityDefaults.id
                ResourceName   = 'Security Defaults'
            }
            New-CIEMFinding @params
        }
    }
}