maester365
Various CISA tests has been fixed
The following tests has been hotfixed by changing -All to -Active until a bug regarding read-only permissions for roleEligibilityScheduleRequests is fixed. See: https://learn.microsoft.com/en-us/answers/questions/1656176/unable-to-get-rolemanagement-directory-roleeligibi
- Test-MtCisaCloudGlobalAdmin.ps1
- Test-MtCisaGlobalAdminCount.ps1
- Test-MtCisaGlobalAdminRatio.ps1
Test-MtCisaPermanentRoleAssignment.ps1 also fails due to above bug. This has been fixed by adding API permission "RoleManagement.Read.All" to Microsoft Graph scopes.
A divide by zero condition in Test-MtCisaGlobalAdminRatio.ps1 has been fixed. This occurs if no users exists in any other privileged assignments outside Global Administrators.
An output mistake in the following tests has been fixed.
- Test-MtCisaAppUserConsent.ps1
- Test-MtCisaCloudGlobalAdmin.ps1
- Test-MtCisaUnmanagedRoleAssignment.ps1
Test-MtCisaAppRegistration.Tests.ps1 used the wrong function to test with.
Skip conditions has been moved to Describe statement instead for the following tests, otherwise it would produce undesired markdown descriptions from Test-MtCisaPhishResistant.
- Test-MtCisaAuthenticatorContext.Tests.ps1
- Test-MtCisaMfa.Tests.ps1
Adjusted scopes in Get-MtGraphScope
- 'RoleManagement.Read.All' has been added.
- 'Policy.Read.ConditionalAccess' has been removed. It should not be required when 'Policy.Read.All' is already part of the scopes.
- '/maester/website/docs/sections/permissions.md' has been updated accordingly.
