From f8fb18f53f6a54a2122797db98140d4592f34ef9 Mon Sep 17 00:00:00 2001 From: Raphael Buechi Date: Wed, 28 Aug 2024 16:35:54 +0200 Subject: [PATCH] BPA added entra id validations --- Config/AXE-TENANT.BPATemplate.json | 89 ++++++++++++++++++++++++++---- 1 file changed, 77 insertions(+), 12 deletions(-) diff --git a/Config/AXE-TENANT.BPATemplate.json b/Config/AXE-TENANT.BPATemplate.json index 3f0a9573bc34..c716d0b4ead2 100644 --- a/Config/AXE-TENANT.BPATemplate.json +++ b/Config/AXE-TENANT.BPATemplate.json @@ -218,6 +218,23 @@ } ] }, + { + "name": "BasicAuthDisabled", + "API": "Exchange", + "Command": "Get-TransportConfig", + "ExtractFields": [ + "SmtpClientAuthenticationDisabled" + ], + "StoreAs": "bool", + "FrontendFields": [ + { + "name": "SMTP Basic Auth Disabled", + "desc": "Check if SMTP Basic Authentication is disabled for Exchange Online", + "value": "BasicAuthDisabled", + "formatter": "bool" + } + ] + }, { "name": "MessageCopyforSentAsDisabled", "API": "Exchange", @@ -342,26 +359,74 @@ ] }, { - "name": "SharePointSyncSettings", - "API": "CIPPFunction", - "Command": "Get-CIPPSPOTenant", - "Parameters": {}, - "ExtractFields": [ - "OneDriveAddShortcutButtonDisabled", - "HideSyncButtonOnDocLib" - ], - "StoreAs": "JSON", + "name": "OneDriveAddShortcutButtonDisabled", + "StoreAs": "bool", + "UseExistingInfo": true, "FrontendFields": [ { "name": "SPO: Add Shortcut Button Disabled", "desc": "Check if the Add Shortcut button is disabled for OneDrive", - "value": "SharePointSyncSettings.OneDriveAddShortcutButtonDisabled", + "value": "OneDriveAddShortcutButtonDisabled", "formatter": "bool" - }, + } + ] + }, + { + "name": "HideSyncButtonOnDocLib", + "StoreAs": "bool", + "UseExistingInfo": true, + "FrontendFields": [ { "name": "SPO: Sync Button shown", "desc": "Check if the Sync button is shown for document libraries", - "value": "SharePointSyncSettings.HideSyncButtonOnDocLib", + "value": "HideSyncButtonOnDocLib", + "formatter": "reverseBool" + } + ] + }, + { + "name": "LAPSEnabled", + "API": "Graph", + "URL": "https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy", + "ExtractFields": [ + "localAdminPassword.isEnabled" + ], + "StoreAs": "bool", + "FrontendFields": [ + { + "name": "LAPS: Enabled", + "desc": "Check if Local Admin Password Solution is enabled", + "value": "LAPSEnabled", + "formatter": "bool" + } + ] + }, + { + "name": "UnifiedGroupCreationAllowed", + "StoreAs": "bool", + "UseExistingInfo": true, + "FrontendFields": [ + { + "name": "Unified Group Creation Disabled", + "desc": "Check if users are allowed to create unified groups (Microsoft 365 Groups)", + "value": "DisableM365GroupUsers", + "formatter": "bool" + } + ] + }, + { + "name": "SecurityGroupCreationAllowed", + "API": "Graph", + "URL": "https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy", + "ExtractFields": [ + "defaultUserRolePermissions.allowedToCreateSecurityGroups" + ], + "StoreAs": "bool", + "FrontendFields": [ + { + "name": "Security Group Creation Disabled", + "desc": "Check if users are allowed to create security groups", + "value": "SecurityGroupCreationAllowed", "formatter": "reverseBool" } ]