From 63365684a16c60f3786fa671d10b84447d99edd3 Mon Sep 17 00:00:00 2001 From: Hossein Rouhani Date: Fri, 6 Sep 2024 17:23:47 +0200 Subject: [PATCH 1/2] =?UTF-8?q?=E2=AD=90=EF=B8=8F=20Adding=20consent=20set?= =?UTF-8?q?tings?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Hossein Rouhani --- providers/ms365/resources/ms365.lr | 3 ++ .../ms365/resources/ms365.lr.manifest.yaml | 2 + providers/ms365/resources/policies.go | 37 +++++++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr index 395f75d446..5d8a0797a6 100644 --- a/providers/ms365/resources/ms365.lr +++ b/providers/ms365/resources/ms365.lr @@ -487,8 +487,11 @@ microsoft.policies { adminConsentRequestPolicy() dict // Permission grant policies permissionGrantPolicies() []dict + // Consent policy settings + consentPolicySettings() dict } + // Deprecated: use `microsoft.roles` instead microsoft.rolemanagement { // Deprecated: use `microsoft.roles` instead diff --git a/providers/ms365/resources/ms365.lr.manifest.yaml b/providers/ms365/resources/ms365.lr.manifest.yaml index 87d39b4c2c..086f2afd4d 100755 --- a/providers/ms365/resources/ms365.lr.manifest.yaml +++ b/providers/ms365/resources/ms365.lr.manifest.yaml @@ -234,6 +234,8 @@ resources: min_mondoo_version: 9.0.0 microsoft.policies: fields: + ConsentPolicySettings: + min_mondoo_version: 9.0.0 adminConsentRequestPolicy: {} authorizationPolicy: {} identitySecurityDefaultsEnforcementPolicy: {} diff --git a/providers/ms365/resources/policies.go b/providers/ms365/resources/policies.go index 1f253308ad..9b1026b173 100644 --- a/providers/ms365/resources/policies.go +++ b/providers/ms365/resources/policies.go @@ -73,3 +73,40 @@ func (a *mqlMicrosoftPolicies) permissionGrantPolicies() ([]interface{}, error) } return convert.JsonToDictSlice(newPermissionGrantPolicies(resp.GetValue())) } + +// https://learn.microsoft.com/en-us/graph/api/groupsetting-get?view=graph-rest-1.0&tabs=http + +func (a *mqlMicrosoftPolicies) consentPolicySettings() (interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.Ms365Connection) + graphClient, err := conn.GraphClient() + if err != nil { + return nil, err + } + + ctx := context.Background() + + groupSettings, err := graphClient.GroupSettings().Get(ctx, nil) + if err != nil { + return nil, transformError(err) + } + + actualSettingsMap := make(map[string]map[string]interface{}) + for _, setting := range groupSettings.GetValue() { + displayName := setting.GetDisplayName() + if displayName != nil { + if _, exists := actualSettingsMap[*displayName]; !exists { + actualSettingsMap[*displayName] = make(map[string]interface{}) + } + + for _, settingValue := range setting.GetValues() { + name := settingValue.GetName() + value := settingValue.GetValue() + if name != nil && value != nil { + actualSettingsMap[*displayName][*name] = *value + } + } + } + } + + return convert.JsonToDict(actualSettingsMap) +} From 1f5ade46eea4bf98f780c4080c6636f081880254 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Fri, 6 Sep 2024 09:05:48 -0700 Subject: [PATCH 2/2] Update providers/ms365/resources/ms365.lr --- providers/ms365/resources/ms365.lr | 1 - 1 file changed, 1 deletion(-) diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr index 5d8a0797a6..11a9973723 100644 --- a/providers/ms365/resources/ms365.lr +++ b/providers/ms365/resources/ms365.lr @@ -491,7 +491,6 @@ microsoft.policies { consentPolicySettings() dict } - // Deprecated: use `microsoft.roles` instead microsoft.rolemanagement { // Deprecated: use `microsoft.roles` instead