Feature/265 feature migrate get hawkuserhiddenrule to microsoft graph apisdk

[jonnybottles]

Pull Request: Add UAL-based Inbox Rule Analysis Functions

Description

This PR addresses the EWS dependency issue in the deprecated Get-HawkUserHiddenRule function by introducing three new UAL-based inbox rule analysis functions that provide a more comprehensive and modern approach to detecting suspicious inbox rule activity.

New Functions

• Get-HawkUserUALInboxRuleCreation: Analyzes audit logs for inbox rules created by specific users.
• Get-HawkUserUALInboxRuleModification: Analyzes audit logs for inbox rules modified by specific users.
• Get-HawkUserUALInboxRuleRemoval: Analyzes audit logs for inbox rules removed by specific users.

Permissions

• This pulls from the UAL, thus requires no new permissions changes / updates.

Changes

• Added three new user-focused functions for inbox rule audit analysis.
• Each function maintains consistent logging patterns, error handling, and output conventions with other Hawk functions.
• All functions use Get-AllUnifiedAuditLogEntry to retrieve complete audit log data.
• Leverages existing Test-SuspiciousInboxRule helper function for identifying suspicious activities.

Benefits

• Replaces dependency on deprecated EWS Managed API with modern UAL-based approach.
• Eliminates security concerns from basic authentication usage.
• Aligns with Microsoft's long-term API direction.
• Provides a more comprehensive approach to inbox rule analysis.

Testing

• Tested with multiple user accounts.
• Verified proper handling of suspicious rule detection.
• Confirmed consistent output formatting with other Hawk functions.

[bastienperez]

Is there any new information on this?