functions/Tenant/Get-HawkTenantRbacChanges.ps1

# Search for any changes made to RBAC in the search window and report them
Function Get-HawkTenantRBACChanges {
<#
.SYNOPSIS
    Looks for any changes made to Roles Based Access Control
.DESCRIPTION
    Searches the EXO Audit logs for the following commands being run.
    New-ManagementRole
    Remove-ManagementRole
    New-ManagementRoleAssignment
    Remove-ManagementRoleAssignment
    Set-MangementRoleAssignment
    New-ManagementScope
    Remove-ManagementScope
    Set-ManagementScope
.OUTPUTS
 
    File: Simple_RBAC_Changes.csv
    Path: \
    Description: All RBAC cmdlets that were run in an easy to read format
 
    File: RBAC_Changes.csv
    Path: \
    Description: All RBAC changes in Raw format
 
    File: RBAC_Changes.xml
    Path: \XML
    Description: All RBAC changes as a CLI XML
.EXAMPLE
    Get-HawkTenantRBACChanges
 
    Looks for all RBAC changes in the tenant within the search window
#>


    Test-EXOConnection
    Send-AIEvent -Event "CmdRun"

    Out-LogFile "Gathering any changes to RBAC configuration" -action

    # Search EXO audit logs for any RBAC changes
    [array]$RBACChanges = Search-AdminAuditLog -Cmdlets New-ManagementRole, New-ManagementRoleAssignment, New-ManagementScope, Remove-ManagementRole, Remove-ManagementRoleAssignment, Set-MangementRoleAssignment, Remove-ManagementScope, Set-ManagementScope -StartDate $Hawk.StartDate -EndDate $Hawk.EndDate

    # If there are any results push them to an output file
    if ($RBACChanges.Count -gt 0) {
        Out-LogFile ("Found " + $RBACChanges.Count + " Changes made to Roles Based Access Control")
        $RBACChanges | Get-SimpleAdminAuditLog | Out-MultipleFileType -FilePrefix "Simple_RBAC_Changes" -csv -json
        $RBACChanges | Out-MultipleFileType -FilePrefix "RBAC_Changes" -csv -xml -json
    }
    # Otherwise report no results found
    else {
        Out-LogFile "No RBAC Changes found."
    }
}