maester icon indicating copy to clipboard operation
maester copied to clipboard

Published 20 hours ago verified publisher icon maester365

Corrections on findings

Open ThoughtContagion opened this issue 10 months ago • 10 comments

Not sure if this in intentional or not, but I've found several instances of failed tests where the configured setting is the recommended setting. I will gather the list of these findings and place them in a comment when I finish reviewing the generated report. image

There are also some findings that return a value of **** where the setting does not exist as its queried in the tenant image image

I'm also unsure what some findings are looking for as they trigger a failed result, but the policies/configurations are there. For example image image

This looks like a fantastic tool, thank you for all your hard work!

ThoughtContagion avatar Apr 10 '24 19:04 ThoughtContagion

Additional findings that are marked 'Failed' when the recommended setting is configured: EIDSCA.AT02: Authentication Method - Temporary Access Pass - One-time.

ThoughtContagion avatar Apr 10 '24 20:04 ThoughtContagion

Thank you @ThoughtContagion we will take a closer look

f-bader avatar Apr 11 '24 04:04 f-bader

+1 I have experienced these same findings. I ran connected with a Global Admin account.

J-Hoff389 avatar Apr 11 '24 16:04 J-Hoff389

Just wanted to fill in with some more findings @f-bader : EIDSCA.PR02,03,05,06 show as failed if they haven't been touched (meaning they're undefined/null in Graph, default values are also what's recommended). image

Same applies to EIDSCA.ST08 & EIDSCA.ST09.

Below probably needs to be $testResult = $tenantValue -eq 'True' -or '' since empty string being returned should mean default behaviour (True?) aswell. image

dnsinit avatar May 07 '24 14:05 dnsinit

@Cloud-Architekt let us discuss how to fix this without manually changing the tests, as they would be overwritten when generated. Maybe there needs to be an adjustment in the original JSON as well as the generator to allow default values

f-bader avatar May 18 '24 19:05 f-bader

@Cloud-Architekt We will implement a check if the recommended value != null and the tenant value == null that the text will reflect this more clearly and will ask the user to manually set the value, since non set values could change depending on what Microsoft decides the current default should be.

f-bader avatar Jun 06 '24 12:06 f-bader

At least for "MS.AAD.1.1: Legacy authentication SHALL be blocked", looking at the code in Test-MtCisaBlockLegacyAuth.ps1, line 29, the test fails (at least on PS 5.1) because $blockPolicies.Count doesn't return 1 when there is only one policy. The code that works for me is $testResult = @($blockPolicies).Count -ge 1.

christiannancy avatar Jul 25 '24 03:07 christiannancy

@christiannancy are you possibly using an older version, that bug should have been resolved in v0.0.131 but is resolved in prerelease.

https://github.com/maester365/maester/commit/23a61562363159e0e86b97f86274475751edbf9f

Snozzberries avatar Jul 28 '24 01:07 Snozzberries

@christiannancy are you possibly using an older version, that bug should have been resolved in v0.0.131 but is resolved in prerelease.

23a6156

Ah, my bad, you are correct.

christiannancy avatar Jul 29 '24 18:07 christiannancy

No stress, glad it was an easy answer.

Snozzberries avatar Jul 30 '24 01:07 Snozzberries