ZeroTrustAssessment

1.2.1-preview

private/tests/Invoke-ZtTests.ps1

                                <#

.SYNOPSIS

    Runs all the Zero Trust Assessment tests.

#>

function Invoke-ZtTests {

    [CmdletBinding()]

    param (

        $Database

    )

    # Maybe optimize in future to run tests in parallel, show better progress etc.

    # We could also run all the cmdlets in this folder that start with Test-

    # For now, just run all tests sequentially

    Test-InactiveAppDontHaveHighPrivGraphPerm -Database $Database

    Test-InactiveAppDontHaveHighPrivEntraRole -Database $Database

    Test-AppDontHaveSecrets -Database $Database

    Test-AppDontHaveCertsWithLongExpiry -Database $Database

    ## Test-PrivilegedUsersSignInPhishResistant (Blocked by lack of sign in log filter)

    Test-PrivilegedUsersCaAuthStrengthPhishResistant

    Test-PrivilegedUsersPhishResistantMethodRegistered -Database $Database

    Test-UsersPhishResistantMethodRegistered -Database $Database

    Test-GuestCantInviteGuests

    Test-GuestHaveRestrictedAccess

    Test-BlockLegacyAuthCaPolicy

    Test-CreatingNewAppsRestrictedToPrivilegedUsers

    ## Test-GuestStrongAuthMethod # Not implemented - Blocked by lack of sign in log filter

    Test-DiagnosticSettingsConfiguredEntraLogs

    Test-St0002AppsNotUsedInLast90Days -Database $Database

    #Test-St0024MfaForAllUsers

}