This is flag is for use cases when the ScubaGear operator is unable to inspect the exclusions of the conditional access policies of the tenant being assessed and add those exclusions to the config file.
We can leave the default value as -Strict but have the option for the user to pass in -Strict:$false to turn off the evaluation.
We can reuse this flag if/when we start assessing exclusions for Teams and Defender policies.
Motivation and context
Give the option for certain ScubaGear users to run the tool without having to account for exclusions.
Implementation notes
Add the switch as a variable inserted into the Provider JSON
Use that variable to toggle assessment of exclusions in the Rego.
Acceptance criteria
Users are able to toggle the strict assessment of certain policies on or off.
💡 Summary
This is flag is for use cases when the ScubaGear operator is unable to inspect the exclusions of the conditional access policies of the tenant being assessed and add those exclusions to the config file.
We can leave the default value as
-Strict
but have the option for the user to pass in-Strict:$false
to turn off the evaluation. We can reuse this flag if/when we start assessing exclusions for Teams and Defender policies.Motivation and context
Give the option for certain ScubaGear users to run the tool without having to account for exclusions.
Implementation notes
Acceptance criteria
Users are able to toggle the strict assessment of certain policies on or off.