bmsimp
diff --git a/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21883.ps1‎
Lines changed: 40 additions & 16 deletions b/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21883.ps1‎
Lines changed: 40 additions & 16 deletions
diff --git a/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21886.ps1‎
Lines changed: 2 additions & 2 deletions b/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21886.ps1‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21889.ps1‎
Lines changed: 40 additions & 16 deletions b/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21889.ps1‎
Lines changed: 40 additions & 16 deletions
diff --git a/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21892.ps1‎
Lines changed: 40 additions & 16 deletions b/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21892.ps1‎
Lines changed: 40 additions & 16 deletions
diff --git a/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21941.ps1‎
Lines changed: 41 additions & 17 deletions b/‎Modules/CIPPCore/Public/Tests/Invoke-CippTestZTNA21941.ps1‎
Lines changed: 41 additions & 17 deletions
@@ -17,17 +17,25 @@ function Invoke-CippTestZTNA21883 {
         [Parameter(Mandatory = $true)]
         [string]$Tenant
     )
-
+    #tested
     try {
         # Get Conditional Access policies from cache
         $Policies = New-CIPPDbRequest -TenantFilter $Tenant -Type 'ConditionalAccessPolicies'
 
         if (-not $Policies) {
-            Add-CippTestResult -TestId 'ZTNA21883' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status 'Skipped' `
-                -ResultMarkdown 'No Conditional Access policies found in cache.' `
-                -Risk 'Medium' -Name 'Workload identities configured with risk-based policies' `
-                -UserImpact 'High' -ImplementationEffort 'Low' `
-                -Category 'Access control'
+            $TestParams = @{
+                TestId               = 'ZTNA21883'
+                TenantFilter         = $Tenant
+                TestType             = 'ZeroTrustNetworkAccess'
+                Status               = 'Skipped'
+                ResultMarkdown       = 'No Conditional Access policies found in cache.'
+                Risk                 = 'Medium'
+                Name                 = 'Workload identities configured with risk-based policies'
+                UserImpact           = 'High'
+                ImplementationEffort = 'Low'
+                Category             = 'Access control'
+            }
+            Add-CippTestResult @TestParams
             return
         }
 
@@ -92,18 +100,34 @@ function Invoke-CippTestZTNA21883 {
             $ResultMarkdown += 'Workload identities should be protected by policies that block authentication when service principal risk is detected.'
         }
 
-        Add-CippTestResult -TestId 'ZTNA21883' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status $Status `
-            -ResultMarkdown $ResultMarkdown `
-            -Risk 'Medium' -Name 'Workload identities configured with risk-based policies' `
-            -UserImpact 'High' -ImplementationEffort 'Low' `
-            -Category 'Access control'
+        $TestParams = @{
+            TestId               = 'ZTNA21883'
+            TenantFilter         = $Tenant
+            TestType             = 'ZeroTrustNetworkAccess'
+            Status               = $Status
+            ResultMarkdown       = $ResultMarkdown
+            Risk                 = 'Medium'
+            Name                 = 'Workload identities configured with risk-based policies'
+            UserImpact           = 'High'
+            ImplementationEffort = 'Low'
+            Category             = 'Access control'
+        }
+        Add-CippTestResult @TestParams
 
     } catch {
-        Add-CippTestResult -TestId 'ZTNA21883' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status 'Failed' `
-            -ResultMarkdown "❌ **Error**: $($_.Exception.Message)" `
-            -Risk 'Medium' -Name 'Workload identities configured with risk-based policies' `
-            -UserImpact 'High' -ImplementationEffort 'Low' `
-            -Category 'Access control'
+        $TestParams = @{
+            TestId               = 'ZTNA21883'
+            TenantFilter         = $Tenant
+            TestType             = 'ZeroTrustNetworkAccess'
+            Status               = 'Failed'
+            ResultMarkdown       = "❌ **Error**: $($_.Exception.Message)"
+            Risk                 = 'Medium'
+            Name                 = 'Workload identities configured with risk-based policies'
+            UserImpact           = 'High'
+            ImplementationEffort = 'Low'
+            Category             = 'Access control'
+        }
+        Add-CippTestResult @TestParams
         Write-LogMessage -API 'ZeroTrustNetworkAccess' -tenant $Tenant -message "Test ZTNA21883 failed: $($_.Exception.Message)" -sev Error
     }
 }
@@ -1,6 +1,6 @@
 function Invoke-CippTestZTNA21886 {
     param($Tenant)
-
+    #Tested
     try {
         $ServicePrincipals = New-CIPPDbRequest -TenantFilter $Tenant -Type 'ServicePrincipals'
         if (-not $ServicePrincipals) {
@@ -29,7 +29,7 @@ function Invoke-CippTestZTNA21886 {
 
         $SSOByType = $AppsWithSSO | Group-Object -Property preferredSingleSignOnMode
         foreach ($Group in $SSOByType) {
-            $ResultLines += ""
+            $ResultLines += ''
             $ResultLines += "**$($Group.Name.ToUpper()) SSO** ($($Group.Count) app(s)):"
             $Top5 = $Group.Group | Select-Object -First 5
             foreach ($App in $Top5) {
 
@@ -15,17 +15,25 @@ function Invoke-CippTestZTNA21889 {
         [Parameter(Mandatory = $true)]
         [string]$Tenant
     )
-
+    #tested
     try {
         # Get authentication methods policy from cache
         $AuthMethodsPolicy = New-CIPPDbRequest -TenantFilter $Tenant -Type 'AuthenticationMethodsPolicy'
 
         if (-not $AuthMethodsPolicy) {
-            Add-CippTestResult -TestId 'ZTNA21889' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status 'Skipped' `
-                -ResultMarkdown 'Unable to retrieve authentication methods policy from cache.' `
-                -Risk 'High' -Name 'Reduce the user-visible password surface area' `
-                -UserImpact 'Medium' -ImplementationEffort 'Medium' `
-                -Category 'Access control'
+            $TestParams = @{
+                TestId = 'ZTNA21889'
+                TenantFilter = $Tenant
+                TestType = 'ZeroTrustNetworkAccess'
+                Status = 'Skipped'
+                ResultMarkdown = 'Unable to retrieve authentication methods policy from cache.'
+                Risk = 'High'
+                Name = 'Reduce the user-visible password surface area'
+                UserImpact = 'Medium'
+                ImplementationEffort = 'Medium'
+                Category = 'Access control'
+            }
+            Add-CippTestResult @TestParams
             return
         }
 
@@ -106,18 +114,34 @@ function Invoke-CippTestZTNA21889 {
         $AuthStatus = if ($AuthValid) { '✅ Pass' } else { '❌ Fail' }
         $ResultMarkdown += "| Microsoft Authenticator | $AuthState | $AuthTargetsDisplay | $AuthModeDisplay | $AuthStatus |`n"
 
-        Add-CippTestResult -TestId 'ZTNA21889' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status $Status `
-            -ResultMarkdown $ResultMarkdown `
-            -Risk 'High' -Name 'Reduce the user-visible password surface area' `
-            -UserImpact 'Medium' -ImplementationEffort 'Medium' `
-            -Category 'Access control'
+        $TestParams = @{
+            TestId = 'ZTNA21889'
+            TenantFilter = $Tenant
+            TestType = 'ZeroTrustNetworkAccess'
+            Status = $Status
+            ResultMarkdown = $ResultMarkdown
+            Risk = 'High'
+            Name = 'Reduce the user-visible password surface area'
+            UserImpact = 'Medium'
+            ImplementationEffort = 'Medium'
+            Category = 'Access control'
+        }
+        Add-CippTestResult @TestParams
 
     } catch {
-        Add-CippTestResult -TestId 'ZTNA21889' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status 'Failed' `
-            -ResultMarkdown "❌ **Error**: $($_.Exception.Message)" `
-            -Risk 'High' -Name 'Reduce the user-visible password surface area' `
-            -UserImpact 'Medium' -ImplementationEffort 'Medium' `
-            -Category 'Access control'
+        $TestParams = @{
+            TestId = 'ZTNA21889'
+            TenantFilter = $Tenant
+            TestType = 'ZeroTrustNetworkAccess'
+            Status = 'Failed'
+            ResultMarkdown = "❌ **Error**: $($_.Exception.Message)"
+            Risk = 'High'
+            Name = 'Reduce the user-visible password surface area'
+            UserImpact = 'Medium'
+            ImplementationEffort = 'Medium'
+            Category = 'Access control'
+        }
+        Add-CippTestResult @TestParams
         Write-LogMessage -API 'ZeroTrustNetworkAccess' -tenant $Tenant -message "Test ZTNA21889 failed: $($_.Exception.Message)" -sev Error
     }
 }
@@ -18,17 +18,25 @@ function Invoke-CippTestZTNA21892 {
         [Parameter(Mandatory = $true)]
         [string]$Tenant
     )
-
+    #tested
     try {
         # Get Conditional Access policies from cache
         $Policies = New-CIPPDbRequest -TenantFilter $Tenant -Type 'ConditionalAccessPolicies'
 
         if (-not $Policies) {
-            Add-CippTestResult -TestId 'ZTNA21892' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status 'Skipped' `
-                -ResultMarkdown 'No Conditional Access policies found in cache.' `
-                -Risk 'High' -Name 'All sign-in activity comes from managed devices' `
-                -UserImpact 'High' -ImplementationEffort 'High' `
-                -Category 'Access control'
+            $TestParams = @{
+                TestId               = 'ZTNA21892'
+                TenantFilter         = $Tenant
+                TestType             = 'ZeroTrustNetworkAccess'
+                Status               = 'Skipped'
+                ResultMarkdown       = 'No Conditional Access policies found in cache.'
+                Risk                 = 'High'
+                Name                 = 'All sign-in activity comes from managed devices'
+                UserImpact           = 'High'
+                ImplementationEffort = 'High'
+                Category             = 'Access control'
+            }
+            Add-CippTestResult @TestParams
             return
         }
 
@@ -112,18 +120,34 @@ function Invoke-CippTestZTNA21892 {
             $ResultMarkdown += 'Organizations should enforce that all sign-ins come from managed devices (compliant or hybrid Azure AD joined) to ensure security controls are applied.'
         }
 
-        Add-CippTestResult -TestId 'ZTNA21892' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status $Status `
-            -ResultMarkdown $ResultMarkdown `
-            -Risk 'High' -Name 'All sign-in activity comes from managed devices' `
-            -UserImpact 'High' -ImplementationEffort 'High' `
-            -Category 'Access control'
+        $TestParams = @{
+            TestId               = 'ZTNA21892'
+            TenantFilter         = $Tenant
+            TestType             = 'ZeroTrustNetworkAccess'
+            Status               = $Status
+            ResultMarkdown       = $ResultMarkdown
+            Risk                 = 'High'
+            Name                 = 'All sign-in activity comes from managed devices'
+            UserImpact           = 'High'
+            ImplementationEffort = 'High'
+            Category             = 'Access control'
+        }
+        Add-CippTestResult @TestParams
 
     } catch {
-        Add-CippTestResult -TestId 'ZTNA21892' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status 'Failed' `
-            -ResultMarkdown "❌ **Error**: $($_.Exception.Message)" `
-            -Risk 'High' -Name 'All sign-in activity comes from managed devices' `
-            -UserImpact 'High' -ImplementationEffort 'High' `
-            -Category 'Access control'
+        $TestParams = @{
+            TestId               = 'ZTNA21892'
+            TenantFilter         = $Tenant
+            TestType             = 'ZeroTrustNetworkAccess'
+            Status               = 'Failed'
+            ResultMarkdown       = "❌ **Error**: $($_.Exception.Message)"
+            Risk                 = 'High'
+            Name                 = 'All sign-in activity comes from managed devices'
+            UserImpact           = 'High'
+            ImplementationEffort = 'High'
+            Category             = 'Access control'
+        }
+        Add-CippTestResult @TestParams
         Write-LogMessage -API 'ZeroTrustNetworkAccess' -tenant $Tenant -message "Test ZTNA21892 failed: $($_.Exception.Message)" -sev Error
     }
 }
@@ -22,11 +22,19 @@ function Invoke-CippTestZTNA21941 {
         $CAPolicies = New-CIPPDbRequest -TenantFilter $Tenant -Type 'ConditionalAccessPolicies'
 
         if (-not $CAPolicies) {
-            Add-CippTestResult -TestId 'ZTNA21941' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status 'Skipped' `
-                -ResultMarkdown 'Unable to retrieve Conditional Access policies from cache.' `
-                -Risk 'High' -Name 'Implement token protection policies' `
-                -UserImpact 'Medium' -ImplementationEffort 'Medium' `
-                -Category 'Access control'
+            $TestParams = @{
+                TestId               = 'ZTNA21941'
+                TenantFilter         = $Tenant
+                TestType             = 'ZeroTrustNetworkAccess'
+                Status               = 'Skipped'
+                ResultMarkdown       = 'Unable to retrieve Conditional Access policies from cache.'
+                Risk                 = 'High'
+                Name                 = 'Implement token protection policies'
+                UserImpact           = 'Medium'
+                ImplementationEffort = 'Medium'
+                Category             = 'Access control'
+            }
+            Add-CippTestResult @TestParams
             return
         }
 
@@ -38,7 +46,7 @@ function Invoke-CippTestZTNA21941 {
 
         # Filter for policies with Windows platform and secureSignInSession control
         $TokenProtectionPolicies = [System.Collections.Generic.List[object]]::new()
-        
+
         foreach ($policy in $CAPolicies) {
             # Check if policy has Windows platform
             $hasWindows = $false
@@ -144,25 +152,41 @@ function Invoke-CippTestZTNA21941 {
                 $usersIcon = if ($policy.HasUsers) { '✅' } else { '❌' }
                 $appsIcon = if ($policy.HasRequiredApps) { '✅' } else { '❌' }
                 $statusIcon = if ($policy.Status -eq 'Pass') { '✅' } else { '❌' }
-                
+
                 $ResultMarkdown += "| $($policy.Name) | $stateIcon $($policy.State) | $usersIcon | $appsIcon | $statusIcon $($policy.Status) |`n"
             }
 
             $ResultMarkdown += "`n[Review policies](https://entra.microsoft.com/#view/Microsoft_AAD_ConditionalAccess/ConditionalAccessBlade/~/Policies)"
         }
 
-        Add-CippTestResult -TestId 'ZTNA21941' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status $Status `
-            -ResultMarkdown $ResultMarkdown `
-            -Risk 'High' -Name 'Implement token protection policies' `
-            -UserImpact 'Medium' -ImplementationEffort 'Medium' `
-            -Category 'Access control'
+        $TestParams = @{
+            TestId               = 'ZTNA21941'
+            TenantFilter         = $Tenant
+            TestType             = 'ZeroTrustNetworkAccess'
+            Status               = $Status
+            ResultMarkdown       = $ResultMarkdown
+            Risk                 = 'High'
+            Name                 = 'Implement token protection policies'
+            UserImpact           = 'Medium'
+            ImplementationEffort = 'Medium'
+            Category             = 'Access control'
+        }
+        Add-CippTestResult @TestParams
 
     } catch {
-        Add-CippTestResult -TestId 'ZTNA21941' -TenantFilter $Tenant -TestType 'ZeroTrustNetworkAccess' -Status 'Failed' `
-            -ResultMarkdown "❌ **Error**: $($_.Exception.Message)" `
-            -Risk 'High' -Name 'Implement token protection policies' `
-            -UserImpact 'Medium' -ImplementationEffort 'Medium' `
-            -Category 'Access control'
+        $TestParams = @{
+            TestId               = 'ZTNA21941'
+            TenantFilter         = $Tenant
+            TestType             = 'ZeroTrustNetworkAccess'
+            Status               = 'Failed'
+            ResultMarkdown       = "❌ **Error**: $($_.Exception.Message)"
+            Risk                 = 'High'
+            Name                 = 'Implement token protection policies'
+            UserImpact           = 'Medium'
+            ImplementationEffort = 'Medium'
+            Category             = 'Access control'
+        }
+        Add-CippTestResult @TestParams
         Write-LogMessage -API 'ZeroTrustNetworkAccess' -tenant $Tenant -message "Test ZTNA21941 failed: $($_.Exception.Message)" -sev Error
     }
 }