Modify MS.AAD.6.1 to account for federated domains

[mitchelbaker-cisa]

🗣 Description

Modified the rule for MS.AAD.6.1 such that federated domains are excluded from the check. Only domains with AuthenticationType = "Managed" will be considered.

That being said, detailed reporting is expanded to indicate to the user if federated domains are present. Users should refer to their identity provider on how to configure these domains in a federated context.

💭 Motivation and context

Resolves #1080

🧪 Testing

From .\Testing run

.\RunUnitTests.ps1 -p aad -c 6

To run functional tests copy/paste into a PS script:

$TestContainers = @() 
$TestContainers += New-PesterContainer -Path "Testing/Functional/Products" `
-Data @{ 
    Thumbprint = "<thumbprint>"; 
    TenantDomain = "<domain>"; 
    TenantDisplayName = "<display-name>"; 
    AppId = "<app-id>"; 
    ProductName = "aad"; 
    M365Environment = "gcc"
} 
$PesterConfig = @{
        Run = @{Container = $TestContainers}
        Filter = @{Tag = @("MS.AAD.6.1v1")}
        Output = @{Verbosity = 'Detailed'}
    }

$Config = New-PesterConfiguration -Hashtable $PesterConfig 
Invoke-Pester -Configuration $Config

✅ Pre-approval checklist

• [x] This PR has an informative and human-readable title.
• [x] PR targets the correct parent branch (e.g., main or release-name) for merge.
• [x] Changes are limited to a single goal - eschew scope creep!
• [x] Changes are sized such that they do not touch excessive number of files.
• [x] All future TODOs are captured in issues, which are referenced in code comments.
• [x] These code changes follow the ScubaGear content style guide.
• [x] Related issues these changes resolve are linked preferably via closing keywords.
• [x] All relevant type-of-change labels added.
• [x] All relevant project fields are set.
• [x] All relevant repo and/or project documentation updated to reflect these changes.
• [x] Unit tests added/updated to cover PowerShell and Rego changes.
• [x] Functional tests added/updated to cover PowerShell and Rego changes.
• [x] All relevant functional tests passed.
• [x] All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

• [ ] PR passed smoke test check.

• [ ] Feature branch has been rebased against changes from parent branch, as needed

  Use Rebase branch button below or use this reference to rebase from the command line.

• [ ] Resolved all merge conflicts on branch
• [ ] Notified merge coordinator that PR is ready for merge via comment mention

✅ Post-merge checklist

• [ ] Feature branch deleted after merge to clean up repository.
• [ ] Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

[tkol2022]

@mitchelbaker-cisa your unit test for AAD policy 3.2 was failing the unit test so I looked into it. I compared your AAD Rego code to main and you are out of synch. Need to rebase maybe.

[mitchelbaker-cisa]

@tkol2022 Thanks for catching that, must have slipped through when rebasing. Reverted so it matches main.