Consider Decoupling EXO/Teams from Defender

[adhilto]

💡 Summary

Currently, for EXO/Teams controls that are implemented in Defender (or optionally by third party software), ScubaGear simply informs the user to check the Defender report and doesn't perform the appropriate check in-place. In the interest of reducing the number of grayed out results, we could consider performing the appropriate checks in-place, with a config option that switches off the tests if they are using a third party.

Motivation and context

Pros of doing the checks in-place:

• Less gray results
• User wouldn't need to switch back and forth between the reports
• Now that the Defender baseline recommends using the preset policies, there is no longer a clean 1:1 mapping between the EXO/Teams "third-party" policies.

Cons of doing the checks in-place:

• Extra login needed for EXO/Teams for Connect-IPPSSession
• Increased code duplication

Acceptance criteria

• [ ] Reach a consensus on the path we want to take
• [ ] Create an issue to refactor the code if appropriate

[schrolla]

I'd note that in future releases, now that Security & Compliance is nearly fully moved to REST API, the extra login for Connect-IPPSSession will go away. Just not yet, but once we update our requirements to use v3.2.0 or newer cmdlet and update our code to login to Defender using REST APIs (perhaps in Flipper).

[tkol2022]

@schrolla @buidav This doesn't seem like something we are going to resolve in time for Emerald. Please place into the backlog if it makes sense.

[schrolla]

@adhilto Are there any updates needed for this to be workable? Things like policy omission are now configurable and may meet some of the requirements, for example.