forked from KelvinTegelaar/CIPP-API
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into…
… dev
- Loading branch information
Showing
3 changed files
with
417 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,192 @@ | ||
| { | ||
| "name": "CIPP Best Practices v1.0 - Table view", | ||
| "style": "Table", | ||
| "Fields": [ | ||
| { | ||
| "name": "PasswordNeverExpires", | ||
| "API": "Graph", | ||
| "URL": "https://graph.microsoft.com/beta/domains", | ||
| "ExtractFields": "passwordValidityPeriodInDays", | ||
| "where": "$_.passwordValidityPeriodInDays -eq 2147483647", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Password Never Expires", | ||
| "value": "PasswordNeverExpires", | ||
| "formatter": "bool" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "OAuthAppConsent", | ||
| "API": "Graph", | ||
| "URL": "https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy", | ||
| "ExtractFields": "permissionGrantPolicyIdsAssignedToDefaultUserRole", | ||
| "where": "'ManagePermissionGrantsForSelf.microsoft-user-default-legacy' -notin $_.permissionGrantPolicyIdsAssignedToDefaultUserRole", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "OAuth App Consent", | ||
| "value": "OAuthAppConsent", | ||
| "formatter": "bool" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "UnifiedAuditLog", | ||
| "API": "Exchange", | ||
| "Command": "Get-AdminAuditLogConfig", | ||
| "ExtractFields": "UnifiedAuditLogIngestionEnabled", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Unified Audit Log", | ||
| "value": "UnifiedAuditLog", | ||
| "formatter": "bool" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "MFANudgeState", | ||
| "API": "Graph", | ||
| "URL": "https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy", | ||
| "ExtractFields": ["registrationEnforcement"], | ||
| "StoreAs": "bool", | ||
| "where": "$_.registrationEnforcement.authenticationMethodsRegistrationCampaign.state -eq 'Enabled'", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "MFA Registration Campaign Enabled", | ||
| "value": "MFANudgeState", | ||
| "formatter": "bool" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "TAPEnabled", | ||
| "API": "Graph", | ||
| "URL": "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/TemporaryAccessPass", | ||
| "ExtractFields": "State", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Temporary Access Pass Enabled", | ||
| "value": "TAPEnabled", | ||
| "formatter": "bool" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "SecureDefaultState", | ||
| "API": "Graph", | ||
| "URL": "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy", | ||
| "ExtractFields": "IsEnabled", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Secure Defaults State Enabled", | ||
| "value": "SecureDefaultState", | ||
| "formatter": "warnBool" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "AnonymousPrivacyReports", | ||
| "API": "Graph", | ||
| "URL": "https://graph.microsoft.com/beta/admin/reportSettings", | ||
| "ExtractFields": "displayConcealedNames", | ||
| "StoreAs": "bool", | ||
| "where": "$_.displayConcealedNames -eq $false", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Anonymous Privacy Reports", | ||
| "value": "AnonymousPrivacyReports", | ||
| "formatter": "reverseBool" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "MessageCopyforSentAsDisabled", | ||
| "API": "Exchange", | ||
| "Command": "Get-Mailbox", | ||
| "Parameters": { | ||
| "RecipientTypeDetails": "SharedMailbox" | ||
| }, | ||
| "where": "$_.MessageCopyForSentAsEnabled -eq $false", | ||
| "ExtractFields": ["userprincipalname", "messageCopyForSentAsEnabled"], | ||
| "StoreAs": "JSON", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Message Copy for Sent-As Disabled", | ||
| "formatter": "table", | ||
| "value": "MessageCopyforSentAsDisabled" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "SharedMailboxeswithenabledusers", | ||
| "API": "Exchange", | ||
| "Command": "Get-Mailbox", | ||
| "Parameters": { | ||
| "RecipientTypeDetails": "SharedMailbox" | ||
| }, | ||
| "where": "$_.accountDisabled -eq $false", | ||
| "ExtractFields": ["userprincipalname", "accountDisabled"], | ||
| "StoreAs": "JSON", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Shared Mailboxes with enabled users", | ||
| "formatter": "table", | ||
| "value": "SharedMailboxeswithenabledusers" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "Unusedlicenses", | ||
| "API": "CIPPFunction", | ||
| "Command": "Get-CIPPLicenseOverview", | ||
| "ExtractFields": [ | ||
| "License", | ||
| "TotalLicenses", | ||
| "availableUnits", | ||
| "CountUsed" | ||
| ], | ||
| "StoreAs": "JSON", | ||
| "where": "$_.availableUnits -gt 0", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Unused licenses", | ||
| "formatter": "table", | ||
| "value": "Unusedlicenses" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "CurrentSecureScore", | ||
| "API": "Graph", | ||
| "URL": "https://graph.microsoft.com/beta/security/secureScores?$top=1", | ||
| "Parameters": { | ||
| "Nopagination": true | ||
| }, | ||
| "ExtractFields": ["currentScore", "maxScore", "averageComparativeScores"], | ||
| "StoreAs": "JSON", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Current Secure Score", | ||
| "value": "CurrentSecureScore.currentScore" | ||
| }, | ||
| { | ||
| "name": "Max Secure Score", | ||
| "value": "CurrentSecureScore.maxScore" | ||
| }, | ||
| { | ||
| "name": "Average Comparative Score (All Tenants)", | ||
| "value": "CurrentSecureScore.averageComparativeScores[0].averageScore" | ||
| }, | ||
| { | ||
| "name": "Average Comparative Score (Similiar Size Tenants)", | ||
| "value": "CurrentSecureScore.averageComparativeScores[1].averageScore" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,155 @@ | ||
| { | ||
| "name": "CIPP Best Practices v1.0 - Tenant view", | ||
| "style": "Tenant", | ||
| "Fields": [ | ||
| { | ||
| "name": "PasswordNeverExpires", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Password Never Expires", | ||
| "value": "PasswordNeverExpires", | ||
| "formatter": "bool", | ||
| "desc": "This setting shows if your environment has enabled the password never expires setting. This setting is expected to be set to 'No'" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "OAuthAppConsent", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "OAuth App Consent", | ||
| "value": "OAuthAppConsent", | ||
| "formatter": "bool", | ||
| "desc": "This setting shows if your environment has enabled OAuth App Consent. This setting is expected to be set to 'Yes'" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "UnifiedAuditLog", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Unified Audit Log", | ||
| "value": "UnifiedAuditLog", | ||
| "formatter": "bool", | ||
| "desc": "This setting shows if your environment has enabled the unified audit log. This setting is expected to be set to 'Yes'" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "MFANudgeState", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "MFA Registration Campaign Enabled", | ||
| "value": "MFANudgeState", | ||
| "formatter": "bool", | ||
| "desc": "This setting shows if your environment has enabled the MFA registration campaign, also known as the MFA Nudge. This setting is recommended to be set to 'Yes'" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "TAPEnabled", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Temporary Access Pass Enabled", | ||
| "value": "TAPEnabled", | ||
| "formatter": "bool", | ||
| "desc": "This setting shows if your environment has enabled the temporary access pass feature." | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "SecureDefaultState", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Secure Defaults State Enabled", | ||
| "value": "SecureDefaultState", | ||
| "formatter": "warnBool", | ||
| "desc": "This setting shows if your environment has enabled the secure defaults state. If you are using Conditional Access this setting may be set to `No`" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "AnonymousPrivacyReports", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "bool", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Anonymous Privacy Reports", | ||
| "value": "AnonymousPrivacyReports", | ||
| "formatter": "reverseBool", | ||
| "desc": "This setting shows if your environment has enabled the anonymous privacy reports, these will need to be disabled to be able to view mailboxes and onedrive reports" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "MessageCopyforSentAsDisabled", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "JSON", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Message Copy for Sent-As Disabled", | ||
| "formatter": "table", | ||
| "value": "MessageCopyforSentAsDisabled", | ||
| "desc": "These are the mailboxes that have the MessageCopyForSentAsDisabled setting enabled." | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "SharedMailboxeswithenabledusers", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "JSON", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Shared Mailboxes with enabled users", | ||
| "formatter": "table", | ||
| "value": "SharedMailboxeswithenabledusers", | ||
| "desc": "These are the shared mailboxes that have enabled users." | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "Unusedlicenses", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "JSON", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Unused licenses", | ||
| "formatter": "table", | ||
| "value": "Unusedlicenses", | ||
| "desc": "These are the licenses that are not assigned to an user, but have been purchased." | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "name": "CurrentSecureScore", | ||
| "UseExistingInfo": "true", | ||
| "StoreAs": "JSON", | ||
| "FrontendFields": [ | ||
| { | ||
| "name": "Current Secure Score", | ||
| "value": "CurrentSecureScore.currentScore", | ||
| "desc": "The current Secure Score for this tenant. This is the sum of all the individual controls that have been implemented.", | ||
| "formatter": "number" | ||
| }, | ||
| { | ||
| "name": "Max Secure Score", | ||
| "value": "CurrentSecureScore.maxScore", | ||
| "desc": "The maximum Secure Score for this tenant. This is the sum of all the individual controls that can be implemented.", | ||
| "formatter": "number" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.