Updated sample reports for 1.5.0

PowerShell/ScubaGear/Sample-Reports/ActionPlan.csv

@@ -1,5 +1,6 @@
 "Control ID","Requirement","Result","Criticality","Details","Non-Compliance Reason","Remediation Completion Date","Justification"
 "MS.AAD.3.1v1","Phishing-resistant MFA SHALL be enforced for all users.","Fail","Shall","0 conditional access policy(s) found that meet(s) all requirements. "," "," "," "
+"MS.AAD.3.3v1","If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information.","Fail","Shall","Requirement not met"," "," "," "
 "MS.AAD.3.4v1","The Authentication Methods Manage Migration feature SHALL be set to Migration Complete.","Fail","Shall","Requirement not met"," "," "," "
 "MS.AAD.3.6v1","Phishing-resistant MFA SHALL be required for highly privileged roles.","Fail","Shall","0 conditional access policy(s) found that meet(s) all requirements. "," "," "," "
 "MS.AAD.5.2v1","Only administrators SHALL be allowed to consent to applications.","Fail","Shall","1 authorization policies found that allow non-admin users to consent to third-party applications: authorizationPolicy"," "," "," "
@@ -12,7 +13,7 @@
 "MS.AAD.7.7v1","Eligible and Active highly privileged role assignments SHALL trigger an alert.","Fail","Shall","6 role(s) or group(s) without notification e-mail configured for role assignments found: Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Global Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)"," "," "," "
 "MS.DEFENDER.1.4v1","Sensitive accounts SHALL be added to Exchange Online Protection in the strict preset security policy.","Fail","Shall","Requirement not met"," "," "," "
 "MS.DEFENDER.1.5v1","Sensitive accounts SHALL be added to Defender for Office 365 protection in the strict preset security policy.","Fail","Shall","Requirement not met"," "," "," "
-"MS.DEFENDER.6.2v1","Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.","Fail","Shall","Requirement not met. 81 tenant users without M365 Advanced Auditing feature assigned. To review and assign users the Microsoft 365 Advanced Auditing feature, see Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1. To get a list of all users without the license feature run the following: Get-MgBetaUser -Filter ""not assignedPlans/any(a:a/servicePlanId eq 2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')"" -ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName"," "," "," "
+"MS.DEFENDER.6.2v1","Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.","Fail","Shall","Requirement not met. 84 tenant users without M365 Advanced Auditing feature assigned. To review and assign users the Microsoft 365 Advanced Auditing feature, see Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1. To get a list of all users without the license feature run the following: Get-MgBetaUser -Filter ""not assignedPlans/any(a:a/servicePlanId eq 2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')"" -ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName"," "," "," "
 "MS.EXO.4.1v1","A DMARC policy SHALL be published for every second-level domain.","Fail","Shall","2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com"," "," "," "
 "MS.EXO.4.2v1","The DMARC message rejection option SHALL be p=reject.","Fail","Shall","2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com"," "," "," "
 "MS.EXO.4.3v1","The DMARC point of contact for aggregate reports SHALL include `[email protected]`.","Fail","Shall","2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com"," "," "," "

PowerShell/ScubaGear/Sample-Reports/ScubaResults.csv

@@ -5,7 +5,7 @@
 "MS.AAD.2.3v1","Sign-ins detected as high risk SHALL be blocked.","Pass","Shall","1 conditional access policy(s) found that meet(s) all requirements: MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked. "
 "MS.AAD.3.1v1","Phishing-resistant MFA SHALL be enforced for all users.","Fail","Shall","0 conditional access policy(s) found that meet(s) all requirements. "
 "MS.AAD.3.2v1","If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.","Pass","Shall","1 conditional access policy(s) found that meet(s) all requirements: MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users. "
-"MS.AAD.3.3v1","If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information.","Pass","Shall","Requirement met"
+"MS.AAD.3.3v1","If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information.","Fail","Shall","Requirement not met"
 "MS.AAD.3.4v1","The Authentication Methods Manage Migration feature SHALL be set to Migration Complete.","Fail","Shall","Requirement not met"
 "MS.AAD.3.5v1","The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled.","N/A","Shall/Not-Implemented","This policy is only applicable if the tenant has their Manage Migration feature set to Migration Complete. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#msaad34v1 for more info"
 "MS.AAD.3.6v1","Phishing-resistant MFA SHALL be required for highly privileged roles.","Fail","Shall","0 conditional access policy(s) found that meet(s) all requirements. "
@@ -47,7 +47,7 @@
 "MS.DEFENDER.5.1v1","At a minimum, the alerts required by the CISA M365 Secure Configuration Baseline for Exchange Online SHALL be enabled.","Pass","Shall","Requirement met"
 "MS.DEFENDER.5.2v1","The alerts SHOULD be sent to a monitored address or incorporated into a Security Information and Event Management (SIEM).","N/A","Should/Not-Implemented","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender52v1 for instructions on manual check"
 "MS.DEFENDER.6.1v1","Microsoft Purview Audit (Standard) logging SHALL be enabled.","Pass","Shall","Requirement met"
-"MS.DEFENDER.6.2v1","Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.","Fail","Shall","Requirement not met. 81 tenant users without M365 Advanced Auditing feature assigned. To review and assign users the Microsoft 365 Advanced Auditing feature, see Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1. To get a list of all users without the license feature run the following: Get-MgBetaUser -Filter ""not assignedPlans/any(a:a/servicePlanId eq 2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')"" -ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName"
+"MS.DEFENDER.6.2v1","Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.","Fail","Shall","Requirement not met. 84 tenant users without M365 Advanced Auditing feature assigned. To review and assign users the Microsoft 365 Advanced Auditing feature, see Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1. To get a list of all users without the license feature run the following: Get-MgBetaUser -Filter ""not assignedPlans/any(a:a/servicePlanId eq 2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')"" -ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName"
 "MS.DEFENDER.6.3v1","Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31.","N/A","Shall/Not-Implemented","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender63v1 for instructions on manual check"
 "MS.EXO.1.1v1","Automatic forwarding to external domains SHALL be disabled.","Pass","Shall","Requirement met"
 "MS.EXO.2.2v2","An SPF policy SHALL be published for each domain that fails all non-approved senders.","Pass","Shall","Requirement met"
@@ -93,7 +93,7 @@
 "MS.POWERPLATFORM.1.1v1","The ability to create production and sandbox environments SHALL be restricted to admins.","Pass","Shall","Requirement met"
 "MS.POWERPLATFORM.1.2v1","The ability to create trial environments SHALL be restricted to admins.","Pass","Shall","Requirement met"
 "MS.POWERPLATFORM.2.1v1","A DLP policy SHALL be created to restrict connector access in the default Power Platform environment.","Pass","Shall","Requirement met"
-"MS.POWERPLATFORM.2.2v1","Non-default environments SHOULD have at least one DLP policy affecting them.","Pass","Should","Requirement met"
+"MS.POWERPLATFORM.2.2v1","Non-default environments SHOULD have at least one DLP policy affecting them.","Warning","Should","1 Subsequent environments without DLP policies: 407cbeff-b477-e3b4-9ca7-097888a9ec4e"
 "MS.POWERPLATFORM.3.1v1","Power Platform tenant isolation SHALL be enabled.","Pass","Shall","Requirement met"
 "MS.POWERPLATFORM.3.2v1","An inbound/outbound connection allowlist SHOULD be configured.","N/A","Should/Not-Implemented","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform32v1 for instructions on manual check"
 "MS.POWERPLATFORM.4.1v1","Content Security Policy (CSP) SHALL be enforced for model-driven and canvas Power Apps.","N/A","Shall/Not-Implemented","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform41v1 for instructions on manual check"