Get-SecurityGroups returns all groups, not just security groups

[rieck-srlabs]

According to the name, Get-SecurityGroups should only return security groups. However, it currently returns all Entra ID groups.

This is because the group filter is incorrectly applied in the code:

    $graphApiUrl = "https://graph.microsoft.com/v1.0"
    $groupsUrl = "$graphApiUrl/groups?$filter=securityEnabled eq true"

Because $filter is not escaped, it is treated as a variable expansion and replaced with the empty string at runtime. The resulting URL is https://graph.microsoft.com/v1.0/groups?=securityEnabled eq true, which does not filter the results.

[rieck-srlabs]

@dafthack any news on this issue and the associated PR?