You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Major Changes
Use cmdlet Invoke-SCuBA to start an assessment. Removed RunSCuBA.ps1. See README for more.
Added GCC-H/DOD endpoints. Use the -M365Environment parameter.
Exchange, Defender for Office 365, and Teams can now be run with the Global Reader role instead of administrator permissions.
Removed Graph API Scope Policy.ReadWRITE.AuthenticationMethod.
Added Disconnect-SCuBATenant cmdlet and Invoke-SCuBA -DisconnectOnExit option to help manage connections to multiple tenants. Using either method will make your next run connect to a new tenant.
Documentation
Significant changes to the README for clarity and new usage examples and a cool diagram.
Updated links in the HTML report to reference CISA's SCuBA website and the baseline documents.
Added the tenant name and tenantId to the HTML report to help determine which tenant was assessed.
AAD report now includes a warning that exclusions to Conditional Access Policies are not evaluated and that may impact your compliance with certain controls.
Added a sample-report folder to the repository that will be updated with the latest report template each release. Thanks to public suggestion. #2
Code
Refactored the Power Platform exclusive -Endpoint parameter to the -M365Environment parameter to support connecting to different endpoints for any product.
Required dependencies are now checked on module import.
Added * parameter to the ProductNames parameter in Invoke-SCuBA to run all products
Setup.ps1 now only installs modules if they are not already installed based on a minimum version.
Improved error handling in some providers. Others will be updated in the next release.
Improved code documentation to enable Get-Help functionality.
Tool now increases PowerShell's $MaximumFunctionCount to support all the cmdlets exported by MS Graph.
Fixed bug with Teams provider and JSON parsing. See: #12
Rego/Policies
Fixed Rego check for OneDrive policy 2.4, which resulted in incorrect results.
Fixed Rego check for Defender 2.7 and 2.8, which resulted in incorrect results.
Added support for Exchange policy 2.6 bullet 8, which was not previously implemented.
Removed automation support for part of SharePoint policy 2.5 (Prevent users from running custom script on personal sites), due to a bug with comparison logic. Hope to have it added back in the next release.
Baselines
No changes. We do not anticipate making edits to the baseline documents until Q2 2023.