Closed frisotrip closed 1 week ago
Hi @frisotrip ,
Yes, this is also possible, let me explain the appropriate parameter for you.
[Parameter(Mandatory = $true,
HelpMessage = 'Available Modules: Azure / Exchange / Office365 / Sharepoint / Teams / All')]
[ValidateSet('Azure', 'Exchange', 'Office365', 'Sharepoint', 'Teams', 'All', IgnoreCase = $true)]
[String[]]$Modules = "All",
In this case you should only select the Exchange
one and replace in the M365SATTester.ps1
file the current value with Exchange
.
If you are still experiencing issues, then please do provide me the following:
Exchange
parameter.The final parameter should look like in the m365sattester.ps1
Get-M365SATReport -OutPath "C:\Out" -Username "example@example.org" -EnvironmentType M365 -BenchmarkVersion "Latest" -Modules "Exchange" -LicenseMode "E3" -LicenseLevel "All" -reportType "HTML" -AllowLogging "Warning" -LocalMode -SkipChecks
Of course, replace example@example.org
with the appropriate account.
I hope this helps you.
Kind regards,
~LvdW
Leonardo
Clear. I see now that there is also an subscription Microsoft Entra ID P1. Should I then also enable Azure in the modules configuration?
Met vriendelijke groet,
Friso Trip
Hello @frisotrip ,
You can do that yes. Make sure if you want to actually audit the other Azure parts as well aside from only Entra to add AZURE
To the EnvironmentType
parameter as well.
In that case your M365SATTester.ps1
payload looks like this if you want to do the CIS v2.1.0 of Azure as well:
Get-M365SATReport -OutPath "C:\Out" -Username "example@example.org" -EnvironmentType "All" -BenchmarkVersion "Latest" -Modules Azure,Exchange -LicenseMode "E3" -LicenseLevel "All" -reportType "HTML" -AllowLogging "Warning" -LocalMode -SkipChecks
if you only want the M365 audit and include Azure you should use this:
The final parameter should look like in the m365sattester.ps1
Get-M365SATReport -OutPath "C:\Out" -Username "example@example.org" -EnvironmentType M365 -BenchmarkVersion "Latest" -Modules Azure,Exchange -LicenseMode "E3" -LicenseLevel "All" -reportType "HTML" -AllowLogging "Warning" -LocalMode -SkipChecks
Of course, replace example@example.org with the appropriate account.
Kind regards,
~LvdW
P.S. Keep in mind to put Azure
first, else the connection on Azure will fail due to Graph having some dependencies that need to be loaded after Azure, else they are loaded, and Azure cannot overwrite them. I am aware of this issue as I am phasing out the AzAccount connection as everything is moving to Graph and the MultiAPI is becoming independent regarding calling the Azure API's.
Hello
Another question if it is possible to run the script to as an example only exchange online. I did this, but it also gives results for teams and sharepoint. So question is can it meassure against only the apps in the subscription?
Thanx