Prerequisites

• This issue has an informative and human-readable title.

ScubaGear Version

1.6.0

Operating System

Windows 11

PowerShell Version

5.1

M365 Environment and License(s)

M365Environment: Comm, GCC
License: G5

🐛 Summary

The Defender baseline configuration contains an inconsistency:

• The documentation in the full configuration states that ExcludedGroups must use GUIDs.
• However, Defender actually requires DisplayName with FQDN (e.g., GroupName@domain.onmicrosoft.com), not GUIDs.

This mismatch causes incorrect validation results and confusion when building baseline configurations.

Steps to reproduce

1. Create or load a Defender baseline config file with an ExcludedGroups section.
2. Provide the SensitiveAccount ExcludedGroup value in the correct format (DisplayName@fqdn) in yaml.
3. Run:
   Invoke-SCuBA -ProductNames defender -ConfigFilePath <yourconfig>.yaml
4. Inspect the json export which shows displayname with fqdn.

Expected behavior

• The full config and defender sample config should reflect that ExcludedGroups uses DisplayName with FQDN, not GUIDs.
• ScubaGear should validate FQDN-formatted DisplayNames correctly.
• Documentation and examples should be updated.
• Validation should not fail when using the correct DisplayName@domain format.

Output from Initialize-SCuBA (optional)

No response