internal/eidsca/Test-MtEidscaAF01.ps1
|
<# .SYNOPSIS Checks if Authentication Method - FIDO2 security key - State is set to 'enabled' .DESCRIPTION Whether the FIDO2 security keys is enabled in the tenant. Queries policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2') and returns the result of graph/policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2').state -eq 'enabled' .EXAMPLE Test-MtEidscaAF01 Returns the result of graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2').state -eq 'enabled' #> function Test-MtEidscaAF01 { [CmdletBinding()] [OutputType([bool])] param() $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')" -ApiVersion beta [string]$tenantValue = $result.state $testResult = $tenantValue -eq 'enabled' $tenantValueNotSet = ($null -eq $tenantValue -or $tenantValue -eq "") -and 'enabled' -notlike '*$null*' if($testResult){ $testResultMarkdown = "Well done. The configuration in your tenant and recommended value is **'enabled'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')**" } elseif ($tenantValueNotSet) { $testResultMarkdown = "Your tenant is **not configured explicitly**.`n`nThe recommended value is **'enabled'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')**. It seems that you are using a default value by Microsoft. We recommend to set the setting value explicitly since non set values could change depending on what Microsoft decides the current default should be." } else { $testResultMarkdown = "Your tenant is configured as **$($tenantValue)**.`n`nThe recommended value is **'enabled'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')**" } Add-MtTestResultDetail -Result $testResultMarkdown -Severity 'High' return $tenantValue } |