Open twneale opened 7 months ago
Met with Thom today and he has completed almost all of the actions documented in the issue opener above. Excellent work! The only pending item is to get the POC working with service principal - currently there is an error related to consent that we need to work through.
Thom answered the questions below:
Once this issue completed, the plan is to meet with CISA to determine if making changes to ScubaGear to acquire the missing fields is feasible.
I met with Thom today to chart a set of next steps. Here is a summary with action items.
I verified that setting MS.SHAREPOINT.4.1v1 has been removed from the MS Sharepoint admin portal so we will be removing it from the baseline. That leaves the list of settings that could potentially be retrieved by an alternative way of calling the Sharepoint REST API to a total of 3 settings. Refer to this table in an earlier issue for a list of the remaining policies that we might be able to grab from Sharepoint if we created a custom MSAL authentication and the undocumented Sharepoint XML endpoint.
Moving this to next release because I am continuing to test this and had to deprioritize due to functional test fixes and other bugs that came up, as well as deprecated features.
@tkol2022 Do we want to throw this back into the backlog for the time being? Or is this still reasonable to include in Jellyfish?
I was not able to finish testing and analysis of the code that was developed yet, due to other priorities such as bug fixes and preparing for a big government release. Now that I am resuming, this is simply a place I can keep my most current notes on using the .NET MSAL library to authenticate to M365 REST endpoints.
đź’ˇ Summary
Issue #143 identified a way to invoke REST endpoints for Sharepoint / OneDrive fields we cannot get from the current PnP and Sharepoint modules by obtaining an access token from Microsoft using MSAL DLLs. This issue is to code a proof of concept and then present the solution to CISA for a decision on whether or not we should pursue integrating this into the ScubaGear codebase.
The solution developed in this issue would replace the existing dependencies on the PnP and Sharepoint Powershell modules with custom code that calls the Sharepoint APIs directly and authenticates using the MSAL dll (which mimics what cmdlets such as Connect-SPOService do internally).
Motivation
Implementation notes
Develop a proof of concept with the following characteristics