search

asterictnl-lvdw / M365SAT

Microsoft 365 Security Assessment Tool - A Easy-To-Use Microsoft 365 Security Assessment Tool
MIT License
35 stars 16 forks source link

Running script amongs other subscriptions #51

Closed frisotrip closed 1 week ago

frisotrip commented 2 weeks ago

Hello

Another question if it is possible to run the script to as an example only exchange online. I did this, but it also gives results for teams and sharepoint. So question is can it meassure against only the apps in the subscription?

Thanx

asterictnl-lvdw commented 2 weeks ago

Hi @frisotrip ,

Yes, this is also possible, let me explain the appropriate parameter for you.

[Parameter(Mandatory = $true,
            HelpMessage = 'Available Modules: Azure / Exchange / Office365 / Sharepoint / Teams / All')]
        [ValidateSet('Azure', 'Exchange', 'Office365', 'Sharepoint', 'Teams', 'All', IgnoreCase = $true)]
        [String[]]$Modules = "All",

In this case you should only select the Exchange one and replace in the M365SATTester.ps1 file the current value with Exchange.

If you are still experiencing issues, then please do provide me the following:

The final parameter should look like in the m365sattester.ps1 Get-M365SATReport -OutPath "C:\Out" -Username "example@example.org" -EnvironmentType M365 -BenchmarkVersion "Latest" -Modules "Exchange" -LicenseMode "E3" -LicenseLevel "All" -reportType "HTML" -AllowLogging "Warning" -LocalMode -SkipChecks

Of course, replace example@example.org with the appropriate account.

I hope this helps you.

Kind regards,

~LvdW

frisotrip commented 2 weeks ago

Leonardo

Clear. I see now that there is also an subscription Microsoft Entra ID P1. Should I then also enable Azure in the modules configuration?

Met vriendelijke groet,

Friso Trip

asterictnl-lvdw commented 2 weeks ago

Hello @frisotrip ,

You can do that yes. Make sure if you want to actually audit the other Azure parts as well aside from only Entra to add AZURE To the EnvironmentType parameter as well.

In that case your M365SATTester.ps1 payload looks like this if you want to do the CIS v2.1.0 of Azure as well: Get-M365SATReport -OutPath "C:\Out" -Username "example@example.org" -EnvironmentType "All" -BenchmarkVersion "Latest" -Modules Azure,Exchange -LicenseMode "E3" -LicenseLevel "All" -reportType "HTML" -AllowLogging "Warning" -LocalMode -SkipChecks

if you only want the M365 audit and include Azure you should use this:

The final parameter should look like in the m365sattester.ps1 Get-M365SATReport -OutPath "C:\Out" -Username "example@example.org" -EnvironmentType M365 -BenchmarkVersion "Latest" -Modules Azure,Exchange -LicenseMode "E3" -LicenseLevel "All" -reportType "HTML" -AllowLogging "Warning" -LocalMode -SkipChecks

Of course, replace example@example.org with the appropriate account.

Kind regards,

~LvdW

P.S. Keep in mind to put Azure first, else the connection on Azure will fail due to Graph having some dependencies that need to be loaded after Azure, else they are loaded, and Azure cannot overwrite them. I am aware of this issue as I am phasing out the AzAccount connection as everything is moving to Graph and the MultiAPI is becoming independent regarding calling the Azure API's.