cisagov / ScubaGear

Automation to assess the state of your M365 tenant against CISA's baselines
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
Creative Commons Zero v1.0 Universal
1.64k stars 220 forks source link

Azure AD policy (MS.AAD.5.2v1) instructions need an update. #1044

Closed nanda-katikaneni closed 4 months ago

nanda-katikaneni commented 7 months ago

🐛 Summary

Currently the MS.AAD.5.2v1 policy Instructions are inconsistent with M365 Identity UI (it is also inconsistent with other related policies 5.3v1 and 5.4v1).

In the current instructions for this policy, step 1 says: In Azure Active Directory under Manage, select Enterprise Applications.

Change this to: In Azure Active Directory under Applications, select Enterprise Applications.

To reproduce

Steps to reproduce the behavior:

  1. Open the Azure AD secure baseline configurations and observe the instruction steps for MS.AAD.5.2v1

Expected behavior

Modified instructions to align with new UI buttonology.

tkol2022 commented 6 months ago

@ahuynhMITRE As I was working in the Entra ID portal I noticed that the user interface has changes, albeit slightly. For example now the menu items are not collapsed by default. I think it would be good to go through all of the AAD policy instructions and update the relevant buttonology as necessary. If you feel that is outside the scope of this issue, create another one.