Maester

1.3.114-preview

internal/eidsca/Test-MtEidscaAM02.ps1

                                <#

.SYNOPSIS

    Checks if Authentication Method - Microsoft Authenticator - Allow use of Microsoft Authenticator OTP is set to 'false'

.DESCRIPTION

    Defines if users can use the OTP code generated by the Authenticator App.

    Queries policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')

    and returns the result of

     graph/policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator').isSoftwareOathEnabled -eq 'false'

.EXAMPLE

    Test-MtEidscaAM02

    Returns the result of graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator').isSoftwareOathEnabled -eq 'false'

#>

function Test-MtEidscaAM02 {

    [CmdletBinding()]

    [OutputType([bool])]

    param()

    if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) {

            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.'

            return $null

    }

    $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta

    [string]$tenantValue = $result.isSoftwareOathEnabled

    $testResult = $tenantValue -eq 'false'

    $tenantValueNotSet = ($null -eq $tenantValue -or $tenantValue -eq "") -and 'false' -notlike '*$null*'

    if($testResult){

        $testResultMarkdown = "Well done. The configuration in your tenant and recommended value is **'false'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')**"

    } elseif ($tenantValueNotSet) {

        $testResultMarkdown = "Your tenant is **not configured explicitly**.`n`nThe recommended value is **'false'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')**. It seems that you are using a default value by Microsoft. We recommend to set the setting value explicitly since non set values could change depending on what Microsoft decides the current default should be."

    } else {

        $testResultMarkdown = "Your tenant is configured as **$($tenantValue)**.`n`nThe recommended value is **'false'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')**"

    }

    Add-MtTestResultDetail -Result $testResultMarkdown -Severity 'High'

    return $tenantValue

}