Devolutions.CIEM

0.3.28

Cloud Infrastructure Entitlement Management (CIEM) module for Azure identity and access security checks. Provides 46 identity-focused checks for Entra ID, IAM/RBAC, KeyVault, and Storage services.

Minimum PowerShell version

7.4

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name Devolutions.CIEM

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name Devolutions.CIEM

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2025 Devolutions Inc. All rights reserved.

Package Details

Author(s)

  • Adam Bertram

Tags

Azure CIEM Security Identity IAM Entra RBAC Compliance PowerShellUniversal app

PSEditions

Core

Dependencies

This module has no dependencies.

Release Notes

## 0.2.65 - PSU Cache Configuration Storage
- Migrated configuration from config.json to PSU persistent cache
- Config is now stored in PSU cache with key 'CIEM:Config'
- Added Get-CIEMDefaultConfig (Private) - returns hardcoded defaults
- Added Reset-CIEMConfig (Public) - resets config to defaults
- Removed config.json file and Get-CIEMConfigPath function
- Configuration automatically initializes with defaults on first run

## 0.2.20 - Dashboard Function Scope Fix
- Fixed: Get-CIEMConfigPath not found at dashboard runtime
- Moved Get-CIEMConfigPath from nested function to Private module function
- Function is now dot-sourced at module load, available to PSU dashboard pages

## 0.2.19 - Code Quality Improvements
- Renamed Get-CIEMRequiredPermissions to Get-CIEMRequiredPermission (singular noun)
- Fixed PSScriptAnalyzer warnings for return statements
- Fixed helper function naming to avoid ShouldProcess requirements
- Improved code structure in Get-PSUInstalledEnvironment and Get-CIEMRequiredPermission
- Added proper begin/process block structure to Set-CIEMConfig
- Added suppression attributes for PSU dashboard callback return statements

## 0.2.14 - Multi-Provider Authentication Support
- Renamed "Azure Authentication" to "Cloud Provider Authentication"
- Added Provider dropdown (Azure enabled, AWS coming soon)
- Added comprehensive Azure authentication methods:
 - Current Context (existing Az PowerShell session)
 - Service Principal with Client Secret
 - Service Principal with Certificate (thumbprint or file path)
 - Managed Identity (system-assigned or user-assigned)
 - Device Code (for MFA/restricted environments)
 - Interactive Browser
- Dynamic input fields based on selected authentication method
- Updated config.json schema for multi-provider support
- Prepared AWS configuration structure for future release

## 0.2.12 - PSU Environment Auto-Detection
- Added Get-PSUInstalledEnvironment function to detect Azure Web App vs on-premises deployment
- Configuration page now displays deployment environment with visual indicator
- Managed Identity auth option shows warning when running on-premises
- Prevents saving Managed Identity configuration in unsupported environments

## 0.2.7 - PSResourceGet Publishing Fix
- Switched from Publish-Module to Publish-PSResource for publishing
- Root cause: PowerShellGet v2's Publish-Module uses Get-ChildItem WITHOUT -Force
- This excludes hidden directories (.universal) on Unix systems (macOS/Linux)
- PSResourceGet uses .NET Directory.GetFiles/GetDirectories which includes all files
- See: https://github.com/PowerShell/PowerShellGetv2/blob/master/src/PowerShellGet/public/psgetfunctions/Publish-Module.ps1

## 0.2.6 - FileList Fix for .universal Directory (Failed)
- Added explicit FileList to manifest to include .universal/dashboards.ps1
- Publish-Module was excluding dot-prefixed directories without FileList

## 0.2.5 - PSU App Auto-Registration (Republish)
- Republish to verify .universal directory is included in package

## 0.2.4 - PSU App Auto-Registration Fix
- Fixed: Include .universal directory in published module
- PSU now auto-discovers and creates the CIEM app when module is installed
- App registration uses -Module/-Command pattern for PSU Gallery compatibility

## 0.2.0 - PSU App Integration
- Added New-DevolutionsCIEMApp function for PSU module-based discovery
- Switched from -FilePath to -Module/-Command pattern for PSU Gallery compatibility
- App now auto-discovers when module is installed to PSU Modules directory

## 0.1.0 - Initial Release
- 46 Azure identity-focused security checks
- Entra ID: 15 checks (MFA, conditional access, security defaults, etc.)
- IAM/RBAC: 3 checks (custom roles, permissions)
- KeyVault: 10 checks (access policies, RBAC, expiration)
- Storage: 18 checks (access controls, encryption, network rules)
- Parallel check execution with ForEach-Object -Parallel
- Auto-detect Azure authentication (Managed Identity, CLI, Interactive)

FileList

Version History

Version Downloads Last updated
0.3.28 (current version) 6 2/6/2026
0.3.27 4 2/6/2026
0.3.26 6 2/6/2026
0.3.25 3 2/6/2026
0.3.24 3 2/6/2026
0.3.23 4 2/6/2026
0.3.22 5 2/6/2026
0.3.21 4 2/6/2026
0.3.20 3 2/6/2026
0.3.19 3 2/6/2026
0.3.18 3 2/6/2026
0.3.17 3 2/6/2026
0.3.16 3 2/6/2026
0.3.15 4 2/6/2026
0.3.14 4 2/5/2026
0.3.13 3 2/5/2026
0.3.12 3 2/5/2026
0.3.11 3 2/5/2026
0.3.10 3 2/5/2026
0.3.9 3 2/5/2026
0.3.8 3 2/5/2026
0.3.7 3 2/5/2026
0.3.6 5 2/4/2026
0.3.5 3 2/4/2026
0.3.4 3 2/4/2026
0.3.3 3 2/4/2026
0.3.2 3 2/4/2026
0.3.1 3 2/4/2026
0.3.0 3 2/4/2026
0.2.108 3 2/4/2026
0.2.107 3 2/4/2026
0.2.106 3 2/4/2026
0.2.105 3 2/4/2026
0.2.104 3 2/4/2026
0.2.103 3 2/4/2026
0.2.102 3 2/4/2026
0.2.101 3 2/4/2026
0.2.100 3 2/4/2026
0.2.99 5 2/4/2026
0.2.98 5 2/4/2026
0.2.97 4 2/3/2026
0.2.96 3 2/3/2026
0.2.95 4 2/3/2026
0.2.94 2 2/3/2026
0.2.93 2 2/3/2026
0.2.92 4 2/3/2026
0.2.91 3 2/3/2026
0.2.90 3 2/3/2026
0.2.89 4 2/3/2026
0.2.88 3 2/3/2026
0.2.86 2 2/3/2026
0.2.85 3 2/3/2026
0.2.84 3 2/3/2026
0.2.83 3 2/3/2026
0.2.82 4 2/3/2026
0.2.81 3 2/3/2026
0.2.80 3 2/3/2026
0.2.79 3 2/3/2026
0.2.78 3 2/3/2026
0.2.77 3 2/3/2026
0.2.76 3 2/2/2026
0.2.75 3 2/2/2026
0.2.74 3 2/2/2026
0.2.73 3 2/2/2026
0.2.72 3 2/2/2026
0.2.71 3 2/2/2026
0.2.70 3 2/2/2026
0.2.69 3 2/2/2026
0.2.68 3 2/2/2026
0.2.67 3 2/2/2026
0.2.66 10 2/2/2026
0.2.64 13 2/2/2026
0.2.63 13 2/2/2026
0.2.61 6 2/2/2026
0.2.60 9 1/30/2026
0.2.59 4 1/30/2026
0.2.58 3 1/30/2026
0.2.57 3 1/30/2026
0.2.56 3 1/30/2026
0.2.55 3 1/30/2026
0.2.54 4 1/30/2026
0.2.53 3 1/30/2026
0.2.52 3 1/30/2026
0.2.51 3 1/30/2026
0.2.50 4 1/30/2026
0.2.49 3 1/30/2026
0.2.48 3 1/30/2026
0.2.47 4 1/30/2026
0.2.46 3 1/30/2026
0.2.45 3 1/30/2026
0.2.44 4 1/30/2026
0.2.43 3 1/30/2026
0.2.42 3 1/30/2026
0.2.41 5 1/29/2026
0.2.40 5 1/29/2026
0.2.39 4 1/29/2026
0.2.38 4 1/29/2026
0.2.37 4 1/29/2026
0.2.36 5 1/29/2026
0.2.35 3 1/29/2026
0.2.34 4 1/29/2026
0.2.33 3 1/29/2026
0.2.32 4 1/29/2026
0.2.31 4 1/29/2026
0.2.30 5 1/29/2026
0.2.29 5 1/29/2026
0.2.28 3 1/29/2026
0.2.27 5 1/29/2026
0.2.26 5 1/29/2026
0.2.24 4 1/29/2026
0.2.23 5 1/29/2026
0.2.22 3 1/29/2026
0.2.21 6 1/28/2026
0.2.18 4 1/28/2026
0.2.17 5 1/28/2026
0.2.15 4 1/28/2026
0.2.13 5 1/28/2026
0.2.11 5 1/28/2026
0.2.10 3 1/28/2026
0.2.9 4 1/28/2026
0.2.7 6 1/27/2026
0.2.5 4 1/27/2026
0.2.4 7 1/27/2026
0.2.3 4 1/27/2026
0.2.1 6 1/27/2026
0.2.0 4 1/27/2026
0.1.1 5 1/27/2026
0.1.0-alpha 3 1/27/2026
Show more