public/Invoke-ZtAssessment.ps1
<# .SYNOPSIS Runs the Zero Trust Assessment against the signed in tenant and generates a report of the findings. .DESCRIPTION This function is only a sample Advanced function that returns the Data given via parameter Data. .EXAMPLE Invoke-ZeroTrustAssessment Run the Zero Trust Assessment against the signed in tenant and generates a report of the findings. #> function Invoke-ZtAssessment { [Alias('Invoke-ZeroTrustAssessment')] [CmdletBinding()] param ( # The path to the folder folder to output the report to. If not specified, the report will be output to the current directory. [string] $Path = "./ZeroTrustReport", # Optional. Number of days (between 1 and 30) to query sign-in logs. Defaults to last two days. [ValidateScript({ $_ -ge 1 -and $_ -le 30 }, ErrorMessage = "Logs are only available for 30 days. Please enter a number between 1 and 30.")] [int] $Days = 30, # Optional. The maximum time (in minutes) the assessment should spend on querying sign-in logs. Defaults to collecting sign logs for 60 minutes. Set to 0 for no limit. [int] $MaximumSignInLogQueryTime = 60, # If specified, the previously exported data will be used to generate the report. [switch] $Resume, # If specified, the script will output a high level summary of log messages. Useful for debugging. Use -Verbose and -Debug for more detailed logs. [switch] $ShowLog, # If specified, writes the log to a file. [switch] $ExportLog ) $banner = @" +-------------------------------------------------------------+ | Microsoft Zero Trust Assessment v2.0 | +-------------------------------------------------------------+ "@ #$ExportLog = $true # Always create support package during public preview TODO: Remove this line after public preview if ($ShowLog) { $null = New-PSFMessageLevelModifier -Name ZeroTrustAssessmentV2.VeryVerbose -Modifier -1 -IncludeModuleName ZeroTrustAssessmentV2 } else { Get-PSFMessageLevelModifier -Name ZeroTrustAssessmentV2.VeryVerbose | Remove-PSFMessageLevelModifier } Write-Host $banner -ForegroundColor Cyan $exportPath = Join-Path $Path "zt-export" # Stop if folder has items inside it if (!$Resume.IsPresent -and (Test-Path $Path)) { if ((Get-ChildItem $Path).Count -gt 0) { # Prompt user if it's okay to delete the folder and get confirmation Write-Host "`nFolder $Path is not empty. Do you want to delete the contents and continue (y/n)?" -ForegroundColor Yellow -NoNewline $deleteFolder = Read-Host if ($deleteFolder -eq "y") { Remove-Item -Path $Path -Recurse -Force -ErrorAction Stop | Out-Null } else { Write-Error "Folder $Path is not empty. Please provide a path to an empty folder." return } } } if (!(Test-ZtContext)) { return } Clear-ZtModuleVariable # Reset the graph cache and urls to avoid stale data Write-PSFMessage 'Creating report folder $Path' New-Item -ItemType Directory -Path $Path -Force -ErrorAction Stop | Out-Null # Collect data Export-TenantData -ExportPath $exportPath -Days $Days -MaximumSignInLogQueryTime $MaximumSignInLogQueryTime $db = Export-Database -ExportPath $exportPath # Run the tests Invoke-ZtTests -Database $db Invoke-ZtTenantInfo -Database $db $assessmentResults = Get-ZtAssessmentResults Disconnect-Database -Db $db $assessmentResultsJson = $assessmentResults | ConvertTo-Json -Depth 10 $resultsJsonPath = Join-Path $Path "ZeroTrustAssessmentReport.json" $assessmentResultsJson | Out-File -FilePath $resultsJsonPath Write-ZtProgress -Activity "Creating html report" $htmlReportPath = Join-Path $Path "ZeroTrustAssessmentReport.html" $output = Get-HtmlReport -AssessmentResults $assessmentResultsJson -Path $Path $output | Out-File -FilePath $htmlReportPath -Encoding UTF8 Write-Host Write-Host "🛡️ Zero Trust Assessmet report generated at $htmlReportPath" -ForegroundColor Green Write-Host Invoke-Item $htmlReportPath | Out-Null if ($ExportLog) { Write-ZtProgress -Activity "Creating support package" $logPath = Join-Path $Path "log" if(!(Test-Path $logPath)) { New-Item -ItemType Directory -Path $logPath -Force -ErrorAction Stop | Out-Null } New-PSFSupportPackage -Path $logPath } } |