Pivoted view, duplicate detection, local styling, CSV and Json exports.#13
Draft
joelst wants to merge 15 commits intodougsbaker:mainfrom
Draft
Pivoted view, duplicate detection, local styling, CSV and Json exports.#13joelst wants to merge 15 commits intodougsbaker:mainfrom
joelst wants to merge 15 commits intodougsbaker:mainfrom
Conversation
Author
|
I really liked your scripts. I wanted a couple of additional features, like exporting the data to a CSV so that I can do some work on the data in Excel. I started making a few tweaks and then ended up adding more and more tweaks. You do not have to accept the changes. I am just sharing my changes to allow others to use them. You may not like that I pivoted the view on the
|
… export improvements
- Add -RawInputFile offline mode: accepts prior *_raw.json, skips Graph calls & module init, rehydrates policies for HTML/CSV/JSON/recommendations.
- Bump script version to 3.3 and document offline behavior in README.
- Add parameter hardening: PolicyID GUID validation, OutputPath validation and default, placeholder param for removed -Quiet to avoid positional shift.
- Improve Graph module initialization & import: prefer TLS1.2, handle PSGallery trust, install modules without -SkipPublisherCheck, better error handling and verbose messages.
- Harden Connect-GraphContext and Invoke-SafeGet with clearer try/catch structure and required-scope check.
- Add a suite of helper functions:
- Test-PolicyTargetsAdminRoles, Initialize-AuthStrengthCache, Get-AssignedAuthStrengthObject,
Test-IsPhishResistantStrength, Test-PolicyRequiresMfaForAdmins, Test-PolicyRequiresPhishResistantMfaForAdmins
- Test-OverlapIncludeExclude, New-TokenSet, Protect-RecNote, Get-NormalizedPolicyHash
- Consolidated CA check functions (Test-CA00..Test-CA12) for testability.
- Duplicate detection: extract normalization & hashing into Get-NormalizedPolicyHash and use for IsDuplicate/ContentHash.
- Name / Block mismatch analysis: flag policies whose name implies allow/block that contradicts grant control; surface in HTML with visual indicators.
- Recommendations inlined (removed external PSD1): sanitized notes, enriched CA-05 phish-resistant logic now inspects Authentication Strength AllowedCombinations.
- Lookup/enrichment improvements: resilient role resolution (directory roles, role definitions, static template fallback), improved user/group/app/location/TOU enrichment and offline skips.
- HTML UI enhancements:
- Overlap legend chip + row highlighting for include/exclude intersections; per-policy overlap detail in recommendation cards.
- Lazy JSON loading for per-policy Mutated/Original JSON to reduce initial payload; client-side RawPolicyDataIndex for on-demand original snapshots.
- Accessibility and styling tweaks: improved header, policy-link controls, name-mismatch styles, legend chips, buttons and ARIA live announcements.
- Sanitize recommendation HTML via Protect-RecNote (strip scripts/styles/handlers) while preserving curated markup.
- Export robustness:
- JSON/RAW write error handling improved.
- CSV selection logic validates requested columns and warns on unknown columns.
- Pivot CSV and CSV export flow clarified and error-handled.
- Tests: add Pester tests (tests/Export-CAPolicyWithRecs.Tests.ps1) covering normalized hashing, phish-resistant checks and representative CA checks.
- README: fix typos, document new features (offline mode, phish-resistant details, overlap/UI notes), and update version history.
Misc: many whitespace/formatting cleanups and defensive null/empty checks across functions to improve readability and reliability.
…fix CA checks and recommendation text - Render multi-row table header with grouped category spans and per-column classes for consistent color palette and improved readability - Adjust sticky positions to account for two-row header stack and move header colors into group-specific CSS classes - Update header generation logic to map columns to group classes and include sanity comment - Fix Test-CA07 condition (one-line formatting) and correct property casing for IncludeGuestsOrExternalUsers - Rename CA-06 recommendation title for clarity and correct "Passsword" -> "Password" typo in CA-09 link text
…policies; adjust HTML/CSS - Update CA-06 and CA-07 recommendation text for clearer messaging. - Differentiate recommendation pass/fail rendering by policy state (enabledForReportingButNotEnforced vs enabled), adding semantic classes (.success-report, .success-enabled, .warning-report, .warning-enabled) and adjusting status logic. - Tweak HTML/CSS: reduce various font sizes, adjust responsive breakpoints, update summary table and back-to-top sizing, and minor layout/style refinements for improved readability.
…abled' state to distinct success/warning classes and add .policy-item.success-disabled/.policy-item.warning-disabled styles
…/IncludeGroups/IncludeRoles and GuestOrExternalUserTypes to robustly handle null, empty or whitespace values
…den CA07 checks - Remove unused placeholder parameter and obsolete $script:QuietPreference variable. - Harden Test-CA07 user checks: simplify null/empty checks for IncludeUsers/IncludeGroups/IncludeRoles and treat IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes as null when absent. - Consolidate and compact ID collection loops for users/groups/roles/apps/locations/termsOfUse; use Test-IsGuid for GUID-only collections. - Build RawPolicyIndex directly from $CAPolicy (remove shallow clone) and produce rawIndexJson from $CAPolicy for the HTML lazy-load payload. - Remove nested New-TokenSet definition from the HTML generation block and perform minor formatting/clarity cleanups.
…t-Process on Windows/PS<=5, open on macOS, xdg-open on Linux) and emit info fallback when unsupported
…simplify UI/JS - Clean up cmdlet parameter help text and JSON description. - Tighten helper function signatures/formatting and harden CA checks (null/whitespace handling). - Replace fixed recommended-name id with randomized 3-digit token; minor naming tweaks. - Remove content-based duplicate normalization/hash detection and name-mismatch analysis (cleanup of related fields/columns). - Simplify CAExport shape: remove raw ID columns, fold/resurface assignment columns, normalize column names. - Improve HTML report UI/CSS: - Add status filter control and accessible live-region feedback. - Replace ID-column / overlap / duplicate toggles with streamlined layout and assignment truncation/expand. - Add compact status labels/pills and grant/block visuals. - Various CSS/layout refinements for sticky headers and responsive tables. - Simplify client JS: remove value-match/column select/overlap features, implement lazy JSON handling and assignment expand, persist status filter. - Refactor module/Graph init and error handling messages; minor NuGet/PSGallery install messages. - Adjust CSV/pivot defaults and CSV export column selection logic; minor JSON/CSV write error handling improvements.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces improvements to the CA Export toolset with new functionality and better error handling.
New Features & Enhancements
New Parameters for
Export-CAPolicywithRecs.ps1NoBrowserswitch to generate HTML without auto-launching browserOutputPathparameter for custom output directory specificationCsvPivotswitch for wide-format CSV suitable for Excel/BI toolsCsvColumnsparameter for custom column selection and orderingNoRecommendationsswitch to skip analysis for faster exports in large tenantsImproved Module Management
Initialize-GraphModulefunction automatically installs/imports required Microsoft Graph modulesEnhanced Data Structure
[PSCustomObject][ordered]@{}for consistent property orderingExport Control
Data View
Export-CAPolicywithRecs.ps1has each policy on a separate row instead of in columns.Export-CAPolicy.ps1has the original data format.Technical Improvements
Code Quality & Maintainability
Invoke-SafeGetwrapper for graceful failuresPerformance & Reliability
Repository Organization
File Management
.gitignoreto exclude*.csvfilesimages/directoryCAExportRecs_<TenantName>_YYYYMMDD_HHMMSS.*CAExport_<TenantName>_YYYYMMDD_HHMMSS.*Documentation Updates
Version Information