🪲 Legacy protocols CA policy lacks looking for 'all cloud apps;

[shane-m1]

Thanks for reporting the bug. Please ensure you've gone through the following checklist before opening an issue:

• Make sure you can reproduce this issue using the latest released version of Maester.
• Please search the existing issues to see if there has been a similar issue filed.

Describe the bug

The code to test legacy protocols does not check that the resource is scoped to 'all cloud apps'. This means the CA policy will not stop legacy protocols from connecting. For example, exchange online would be used for exchange active sync. Confirmed in logs and whatif.

To Reproduce

Create a CA policy without resources set to 'all cloud apps'. Run invoke-maester and it will report success for CISA.MS.AAD.1.1.

Expected behavior

Test (legacy protocols) CISA.MS.AAD.1.1 should fail if the policy isn't scoped to all cloud apps.

Module Version

1.3.0

[merill]

This is a good catch. tx for reporting.