Comments (10)
- I will look at the inspectors if there is anything wrong with them.
- All inspectors that I used are custom written, based on CIS standards.
- The incorrect blank returns might be because of multi object values or incorrect return values. I will check every inspector I made and will come back to this when I have the results :)
- I will use the ToString() value then to parse output to a string object instead of multiple objects that will cause an error. When I have this covered I again will come back with a new reply below.
I think the example code will come in handy. Thank you.
from 365inspect.
{
"FindingName": "[VULNERABLE] - Tenant contains users without MFA. Considering enabling MFA for all users.",
"Description": "No Exchange Online Transport Rules are in place to block email auto-forwarding. Cyber adversaries often configure compromised Office 365 accounts to forward emails to external persons. It is therefore advisable to configure an Exchange transport rule that blocks auto forwarded emails.",
"Remediation": "Navigate to portal.azure.com > Azure Active Directory > Enterprise Applications > Security > Conditional Access > New Policy > 2. Cloud apps or action > All cloud apps (and don't exclude any apps) > 3. Assignments > Users and groups > Include > select All users (and do not exclude any user) > 4. Access Controls > Grant > Require multi-factor authentication (and nothing else) > Conditions > Client Apps > Configure (Yes) > Explicitly select Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, and Other clients. > 5. Leave all other conditions blank and make sure the policy is enabled and proceed creating the policy. ",
"Impact": "High",
"AffectedObjects": "",
"References": [
{
"Url": "CIS_Microsoft_365_Foundations_Benchmark_v1.4.0.pdf",
"Text": "(L2) Ensure multifactor authentication is enabled for all users in all roles (Manual)"
}
]
}
from 365inspect.
Update: about the .json script. It seems that the .json and file itself has some issues. So I have excluded that Inspector.
But the other error MethodCount does keep appearing. I cannot find out why it is erroring all the time.
from 365inspect.
Can you provide the ps1 script that accompanies this json?
That error is usually due to the PowerShell script returning a multi-part value.
from 365inspect.
I solved that issue with Line 172 char 32. This was related to a .ps1 but the other one I can't seem to find where the other error is related to.
from 365inspect.
Cannot find an overload for "Replace" and the argument count: "2".
At line:184 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Line:
$affected_object_html += $templates.AffectedObjectsTemplate.Replace("{{AFFECTED_OBJECT}}", $affected_object)
from 365inspect.
This is due to the script trying to parse a multi-valued object returned from the PowerShell script. You would need to specify an element to return for the json file to parse it correctly. If you can post the relevant PowerShell, I can help you determine why the error is occurring.
The json you posted looks like you are duplicating checks for MFA also. The two inspectors included that assess MFA check for the existence of Conditional Access Policies that enforce MFA, and if none are found, will assess the values of Per-User MFA configurations.
function Inspect-UsersWithNoMFAConfigured {
$conditionalAccess = Get-AzureADMSConditionalAccessPolicy
$flag = $false
Foreach ($policy in $conditionalAccess) {
If (($policy.conditions.users.includeusers -eq "All") -and ($policy.grantcontrols.builtincontrols -like "Mfa")){
$flag = $true
}
}
If (!$flag){
$unenabled_users = (Get-MsolUser -All | Where-Object {($_.isLicensed -eq $true) -and ($_.StrongAuthenticationMethods.Count -eq 0) -and ($_.BlockCredential -eq $False) -and ($_.StrongAuthenticationRequirements.State -NE "Enforced")}).UserPrincipalName
If ($unenabled_users -ne 0) {
return $unenabled_users.count
}
}
return $null
}
return Inspect-UsersWithNoMFAConfigured
Specifically, this section:
$conditionalAccess = Get-AzureADMSConditionalAccessPolicy
$flag = $false
Foreach ($policy in $conditionalAccess) {
If (($policy.conditions.users.includeusers -eq "All") -and ($policy.grantcontrols.builtincontrols -like "Mfa")){
$flag = $true
}
}
from 365inspect.
Yes, I think there are more multi-valued objects in scripts that I've written. The problem is that when I removed the MFA script the error was still there. It did go through all the inspectors. I also stumbled upon the following as I said in an earlier submitted issue:
- First item is duplicate, but the difference between those items is that one does have an affected object and the other one is empty. The rest of the text is all the same. Screenshot: Duplicate First Entry
- Some items do display as vulnerable objects but do not display any data. (This is also due the scripts that might not return correct data. I have to look at this what data it might return or if it does return data at all).
- Some Affected objects do display incorrect data. This is due an issue I need to look upon myself. Could be caused by a wrong return.
Cannot find an overload for "Replace" and the argument count: "2".
At line:184 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
This error indeed is causes by multiple objects that are being returned to 'affected-objects', but isn't there a way to return those multiple object into one object to mitigate this error. If not I will try to do a trial-on-error at the scripts to see what the problem is.
from 365inspect.
The duplicate first entry is something that I cannot replicate to observe, and as stated in that thread, will vary depending on what finding is returned. I would need to know what your specific finding is and any relevant screenshots or code supplied to determine a fix.
Items lacking any returned data would also need to be accompanied by relevant screenshots or code - are these the included inspectors or custom written scripts that are causing the blank returns?
Same question for the incorrectly returned data - included scripts or custom written?
The multi-valued items would need to be exported to an output file. The way that the parser works isn't designed to handle large data sets with multi-part arrays. The design of the tool was intended to give the reviewer a quick glance at configuration issues with supporting data over a certain size being output into a file for review. If you wish to return information into the report as it is currently written, you'd need to select a value, or select a few different values and output to string.
Something like this would work:
$data = @()
Foreach ($result in $findings){
$data += "$($result.Property1), $($result.Property2)"
}
Return $data
There are several examples of such output in the included inspectors.
from 365inspect.
Since the issues raised are with custom work scripts, and not the tool or provided inspectors, I'm going to close this out.
from 365inspect.
Related Issues (20)
- CSV and XML Problems with various columns HOT 3
- Could not connect to SharePoint Online HOT 2
- Bug running script on PowerShell 7.3.4 HOT 3
- Script does not work in pwsh 7.3.4 HOT 7
- Sharepoint Module may not connect if Exchange Hybrid is present
- Inspect-AZPSAssignment and Inspect-AZPSModules: Microsoft Graph PowerShell renamed to Microsoft Graph Command Line Tools
- Module Loading Errors HOT 6
- Report HTML contains broken links to txt-files HOT 1
- Parameter incorrectly set
- When excuting The term 'Select-MgProfile' is not recognized HOT 13
- Excessive Privilege -> Not Using Microsoft Graph HOT 2
- Inspector - AdminUsersWithNoMFAEnforced.ps1 - Returns Error HOT 6
- Using Oauth access token to run script on behalf of client HOT 1
- Does this work in M365 GCC High? HOT 4
- Connecting to Exchange Online Failed
- Output Report.html: no work in oder device HOT 6
- Error executing main script HOT 6
- Unable to run script - complains that Connect-PnPOnline is not recognised, even though it has been verified earlier in the script HOT 8
- bug due to exchange online update
- Microsoft 365 Assessment can't export the data HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 365inspect.