internal/eidsca/Test-MtEidscaAM07.ps1
|
<# .SYNOPSIS Checks if Authentication Method - Microsoft Authenticator - Included users/groups to show application name in push and passwordless notifications is set to 'all_users' .DESCRIPTION Object Id or scope of users which will be showing app information in the Authenticator App. Queries policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator') and returns the result of graph/policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator').featureSettings.displayAppInformationRequiredState.includeTarget.id -eq 'all_users' .EXAMPLE Test-MtEidscaAM07 Returns the result of graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator').featureSettings.displayAppInformationRequiredState.includeTarget.id -eq 'all_users' #> function Test-MtEidscaAM07 { [CmdletBinding()] [OutputType([bool])] param() if ( $EnabledAuthMethods -notcontains 'MicrosoftAuthenticator' ) { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Authentication method of Microsoft Authenticator is not enabled.' return $null } $result = Invoke-MtGraphRequest -RelativeUri "policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')" -ApiVersion beta [string]$tenantValue = $result.featureSettings.displayAppInformationRequiredState.includeTarget.id $testResult = $tenantValue -eq 'all_users' $tenantValueNotSet = ($null -eq $tenantValue -or $tenantValue -eq "") -and 'all_users' -notlike '*$null*' if($testResult){ $testResultMarkdown = "Well done. The configuration in your tenant and recommended value is **'all_users'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')**" } elseif ($tenantValueNotSet) { $testResultMarkdown = "Your tenant is **not configured explicitly**.`n`nThe recommended value is **'all_users'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')**. It seems that you are using a default value by Microsoft. We recommend to set the setting value explicitly since non set values could change depending on what Microsoft decides the current default should be." } else { $testResultMarkdown = "Your tenant is configured as **$($tenantValue)**.`n`nThe recommended value is **'all_users'** for **policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')**" } Add-MtTestResultDetail -Result $testResultMarkdown -Severity 'High' return $tenantValue } |