silverhack
diff --git a/‎.gitignore‎
Lines changed: 6 additions & 0 deletions b/‎.gitignore‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎Invoke-Monkey365.ps1‎
Lines changed: 131 additions & 12 deletions b/‎Invoke-Monkey365.ps1‎
Lines changed: 131 additions & 12 deletions
diff --git a/‎docs/assets/images/listcollector.png‎
143 KB b/‎docs/assets/images/listcollector.png‎
143 KB
diff --git a/‎docs/assets/images/listrules.png‎
242 KB b/‎docs/assets/images/listrules.png‎
242 KB
diff --git a/‎docs/assets/images/monkey365_permissions.png‎
194 KB b/‎docs/assets/images/monkey365_permissions.png‎
194 KB
diff --git a/‎docs/authentication/authFlows/ropc.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/authentication/authFlows/ropc.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/authentication/limitations.md‎
Lines changed: 11 additions & 5 deletions b/‎docs/authentication/limitations.md‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎docs/authentication/overview.md‎
Lines changed: 14 additions & 1 deletion b/‎docs/authentication/overview.md‎
Lines changed: 14 additions & 1 deletion
diff --git a/‎docs/authentication/sp_authentication/automatic_setup.md‎
Lines changed: 55 additions & 0 deletions b/‎docs/authentication/sp_authentication/automatic_setup.md‎
Lines changed: 55 additions & 0 deletions
@@ -1,9 +1,15 @@
 # logs
+azurereview.log
 /log/*.log
 
 # Data folder
 monkey-reports*
 
+# Azurite
+__azurite_db_queue__.json
+__azurite_db_queue_extent__.json
+
+site/
 *.csv
 *bak
 *.ps1.bak
 
@@ -224,7 +224,7 @@ Function Invoke-Monkey365{
 
         # Secure secret of the client requesting the token.
         [Parameter(Mandatory = $true, ParameterSetName = 'ClientSecret-App')]
-        [securestring]$ClientSecret,
+        [System.Security.SecureString]$ClientSecret,
 
         # Secure secret of the client requesting the token.
         [Parameter(Mandatory = $true, ParameterSetName = 'ClientSecret-InputObject', HelpMessage = 'PsCredential')]
@@ -255,7 +255,7 @@ Function Invoke-Monkey365{
 
         # Secure password of the certificate
         [Parameter(Mandatory = $false,ParameterSetName = 'ClientAssertionCertificate-File', HelpMessage = 'Certificate password')]
-        [Security.SecureString]$CertFilePassword,
+        [System.Security.SecureString]$CertFilePassword,
 
         [parameter(Mandatory= $false, HelpMessage= "json file with all rules")]
         [ValidateScript({
@@ -306,7 +306,13 @@ Function Invoke-Monkey365{
         [Switch]$ForceMSALDesktop,
 
         [Parameter(Mandatory=$false, HelpMessage="List available collectors")]
-        [Switch]$ListCollector
+        [Switch]$ListCollector,
+
+        [Parameter(Mandatory=$false, HelpMessage="List available rules")]
+        [Switch]$ListRule,
+
+        [Parameter(Mandatory=$false, HelpMessage="List available frameworks")]
+        [Switch]$ListFramework
     )
     dynamicparam{
         # Set available instance class
@@ -389,7 +395,7 @@ Function Invoke-Monkey365{
             $paramDictionary.Add($rsrc_pname, $rsrc_type_dynParam)
         }
         #Add parameters for Microsoft365 instance
-        if($null -ne (Get-Variable -Name Instance -ErrorAction Ignore) -and $Instance -eq 'Microsoft365'){
+        If($null -ne (Get-Variable -Name Instance -ErrorAction Ignore) -and $Instance -eq 'Microsoft365'){
             #Create the -ScanSites string parameter
             $attributeCollection = New-Object -TypeName System.Collections.ObjectModel.Collection[System.Attribute]
             # define a new parameter attribute
@@ -400,6 +406,43 @@ Function Invoke-Monkey365{
             $rg_type_dynParam = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameter($rg_pname,
             [string[]], $attributeCollection)
             $paramDictionary.Add($rg_pname, $rg_type_dynParam)
+            #Add PowerBI/Fabric ClientId parameter attribute
+            $clientIdAttr = New-Object System.Management.Automation.ParameterAttribute
+            $clientIdAttr.Mandatory = $false
+            $clientIdAttrCollection = New-Object -Type System.Collections.ObjectModel.Collection[System.Attribute]
+            $clientIdAttrCollection.Add($clientIdAttr)
+            $clientIdParam = New-Object System.Management.Automation.RuntimeDefinedParameter('PowerBIClientId', [System.String], $clientIdAttrCollection)
+            $paramDictionary.Add('PowerBIClientId', $clientIdParam)
+            #Add PowerBI/Fabric Client Secret parameter attribute
+            $clientSecretAttr = New-Object System.Management.Automation.ParameterAttribute
+            $clientSecretAttr.Mandatory = $false
+            $clientSecretAttrCollection = New-Object -Type System.Collections.ObjectModel.Collection[System.Attribute]
+            $clientSecretAttrCollection.Add($clientSecretAttr)
+            $clientSecretParam = New-Object System.Management.Automation.RuntimeDefinedParameter('PowerBIClientSecret', [System.Security.SecureString], $clientSecretAttrCollection)
+            $paramDictionary.Add('PowerBIClientSecret', $clientSecretParam)
+            #Add PowerBI/Fabric PSCredential parameter attribute
+            $pscredAttr = New-Object System.Management.Automation.ParameterAttribute
+            $pscredAttr.Mandatory = $false
+            $pscredAttrCollection = New-Object -Type System.Collections.ObjectModel.Collection[System.Attribute]
+            $pscredAttrCollection.Add($pscredAttr)
+            $pscredParam = New-Object System.Management.Automation.RuntimeDefinedParameter('PowerBIClientCredentials', [System.Management.Automation.PSCredential], $pscredAttrCollection)
+            $paramDictionary.Add('PowerBIClientCredentials', $pscredParam)
+            #Add PowerBI/Fabric Certificate parameter attribute
+            $certFileAttr = New-Object System.Management.Automation.ParameterAttribute
+            $certFileAttr.Mandatory = $false
+            $certFileAttrCollection = New-Object -Type System.Collections.ObjectModel.Collection[System.Attribute]
+            $certFileAttrCollection.Add($certFileAttr)
+            $validateScriptAttr = New-Object System.Management.Automation.ValidateScriptAttribute({ Test-Path -Path $_ -PathType Leaf })
+            $certFileAttrCollection.Add($validateScriptAttr)
+            $certFileParam = New-Object System.Management.Automation.RuntimeDefinedParameter('PowerBICertificateFile', [System.IO.FileInfo], $certFileAttrCollection)
+            $paramDictionary.Add('PowerBICertificateFile', $certFileParam)
+            #Add PowerBI/Fabric Certificate password parameter attribute
+            $certPassAttr = New-Object System.Management.Automation.ParameterAttribute
+            $certPassAttr.Mandatory = $false
+            $certPassAttrCollection = New-Object -Type System.Collections.ObjectModel.Collection[System.Attribute]
+            $certPassAttrCollection.Add($certPassAttr)
+            $passParam = New-Object System.Management.Automation.RuntimeDefinedParameter('PowerBICertificatePassword', [System.Security.SecureString], $certPassAttrCollection)
+            $paramDictionary.Add('PowerBICertificatePassword', $passParam)
         }
         # return the collection of dynamic parameters
         $paramDictionary
@@ -428,10 +471,10 @@ Function Invoke-Monkey365{
             #Get command Metadata
             $MetaData = New-Object -TypeName "System.Management.Automation.CommandMetaData" (Get-Command -Name "Format-MonkeyCollector")
             $newPsboundParams = [ordered]@{}
-            if($null -ne $MetaData){
+            If($null -ne $MetaData){
                 $param = $MetaData.Parameters.Keys
-                foreach($p in $param.GetEnumerator()){
-                    if($PSBoundParameters.ContainsKey($p)){
+                ForEach($p in $param.GetEnumerator()){
+                    If($PSBoundParameters.ContainsKey($p)){
                         $newPsboundParams.Add($p,$PSBoundParameters[$p])
                     }
                 }
@@ -452,7 +495,87 @@ Function Invoke-Monkey365{
                     [void]$newPsboundParams.Add('Provider',$PSBoundParameters['Instance']);
                 }
                 #Execute command
-                Format-MonkeyCollector @newPsboundParams
+                $a = Format-MonkeyCollector @newPsboundParams
+                Write-Output $a -NoEnumerate
+            }
+            return
+        }
+        #Check if list collectors
+        If($PSBoundParameters.ContainsKey('ListRule') -and $PSBoundParameters['ListRule'].IsPresent){
+            #Get command Metadata
+            $MetaData = New-Object -TypeName "System.Management.Automation.CommandMetaData" (Get-Command -Name "Get-Rule")
+            $newPsboundParams = [ordered]@{}
+            if($null -ne $MetaData){
+                $param = $MetaData.Parameters.Keys
+                foreach($p in $param.GetEnumerator()){
+                    if($PSBoundParameters.ContainsKey($p)){
+                        $newPsboundParams.Add($p,$PSBoundParameters[$p])
+                    }
+                }
+                #Add verbose, debug
+                $newPsboundParams.Add('Verbose',$O365Object.verbose)
+                $newPsboundParams.Add('Debug',$O365Object.debug)
+                $newPsboundParams.Add('InformationAction',$O365Object.InformationAction)
+                #Add pretty print
+                [void]$newPsboundParams.Add('Pretty',$true);
+                #Add RulesPath
+                If($newPsboundParams.Contains('RulesPath')){
+                    $newPsboundParams.RulesPath = $O365Object.rulesPath;
+                }
+                Else{
+                    [void]$newPsboundParams.Add('RulesPath',$O365Object.rulesPath);
+                }
+                #Remove RuleSet if null
+                If($newPsboundParams.Contains('RuleSet') -and $null -eq $newPsboundParams['RuleSet']){
+                    [void]$newPsboundParams.Remove('RuleSet');
+                }
+                #Remove instance if EntraID is selected
+                If($newPsboundParams.Contains('Instance') -and $newPsboundParams['Instance'] -eq 'EntraID'){
+                    [void]$newPsboundParams.Remove('Instance');
+                }
+                #Remove Instance if null
+                If($newPsboundParams.Contains('Instance') -and $null -eq $newPsboundParams['Instance']){
+                    [void]$newPsboundParams.Remove('Instance');
+                }
+                #Execute command
+                Get-Rule @newPsboundParams
+            }
+            return
+        }
+        #Check if list collectors
+        If($PSBoundParameters.ContainsKey('ListFramework') -and $PSBoundParameters['ListFramework'].IsPresent){
+            #Get command Metadata
+            $MetaData = New-Object -TypeName "System.Management.Automation.CommandMetaData" (Get-Command -Name "Get-Framework")
+            $newPsboundParams = [ordered]@{}
+            If($null -ne $MetaData){
+                $param = $MetaData.Parameters.Keys
+                ForEach($p in $param.GetEnumerator()){
+                    If($PSBoundParameters.ContainsKey($p)){
+                        $newPsboundParams.Add($p,$PSBoundParameters[$p])
+                    }
+                }
+                #Add verbose, debug
+                $newPsboundParams.Add('Verbose',$O365Object.verbose)
+                $newPsboundParams.Add('Debug',$O365Object.debug)
+                $newPsboundParams.Add('InformationAction',$O365Object.InformationAction)
+                #Remove Ruleset if not present
+                If($null -eq $newPsboundParams.Item('RuleSet')){
+                    [void]$newPsboundParams.Remove('RuleSet');
+                }
+                #Remove RulesPath if not present
+                If($null -eq $newPsboundParams.Item('RulesPath')){
+                    [void]$newPsboundParams.Remove('RulesPath');
+                }
+                #Remove Ruleset when RulesPath is also selected
+                If($null -ne $newPsboundParams.Item('RuleSet') -and $null -ne $newPsboundParams.Item('RulesPath')){
+                    [void]$newPsboundParams.Remove('RuleSet');
+                }
+                #If none is present, add default path
+                If($newPsboundParams.Keys -notcontains "RuleSet" -and $newPsboundParams.Keys -notcontains "RulesPath"){
+                    [void]$newPsboundParams.Add('RulesPath',$O365Object.rulesPath);
+                }
+                #Execute command
+                Get-Framework @newPsboundParams
             }
             return
         }
@@ -525,10 +648,6 @@ Function Invoke-Monkey365{
             Remove-Variable -Name OutFolder -Scope Script -Force -ErrorAction Ignore
             #Remove returnData variable
             Remove-Variable -Name returnData -Scope Script -Force -ErrorAction Ignore
-            #Remove LogQueue
-            Remove-Variable -Name MonkeyLogQueue -Scope Global -ErrorAction Ignore -Force
-            #collect garbage
-            [System.GC]::GetTotalMemory($true) | out-null
         }
     }
 }
@@ -6,8 +6,8 @@ author: Juan Garrido
 
 The Microsoft identity platform supports the OAuth 2.0 Resource Owner Password Credentials (ROPC) grant, which allows an application to sign in the user by directly handling their password. In this flow, client identification (e.g. user's email address) and user's credentials is sent to the identity server, and then a token is received.
 
-## Security Note
-There are multiple scenarios in which ROPC is not supported, such as hybrid identity federation access (Azure AD and ADFS) or when conditional access policies are enabled. There are more secure and available recommended alternatives, such as [Interactive authentication](interactive.md) or [Service Principal](sp.md). 
+???+ Warning "Security Note"
+	There are multiple scenarios in which ROPC is not supported, such as hybrid identity federation access (Entra ID and ADFS) or when conditional access policies are enabled. There are more secure and available recommended alternatives, such as [Interactive authentication](interactive.md) or [Service Principal](sp.md). 
 
 ## Usage Examples
 
 
@@ -8,15 +8,21 @@ Review the following sections to learn about current limitations of Monkey365 on
 
 ## SharePoint Online in PowerShell Core
 
-Monkey365 is using the **SharePoint Online Management Shell** ClientId when Interactive authentication flow is used. In order to give support to .NET Core, developers must set the reply URI to **http://localhost**, because .NET Core does not have an integrated UI. Due to **SharePoint Online Management Shell** is not configured to use **http://localhost** in the reply URI, authentication methods such as [Interactive browser authentication](authFlows/interactive.md) or [Authentication with a username and password](authFlows/ropc.md) are not supported in SharePoint Online when Monkey365 is executed using PowerShell Core (PowerShell 6 or later and PowerShell in NIX environments). The following options are available to avoid authentication issues:
+When using the Interactive authentication flow, Monkey365 relies on the **SharePoint Online Management Shell ClientId**. To support .NET Core, which lacks a built-in user interface, developers must configure the reply URI as `http://localhost`. However, since the SharePoint Online Management Shell is not set up to accept `http://localhost` as a reply URI, certain authentication methods like [Interactive browser authentication](authFlows/interactive.md) or [Authentication with a username and password](authFlows/ropc.md) are not compatible with SharePoint Online when Monkey365 is run via PowerShell Core (PowerShell 6+, including NIX environments).
 
-### Change the authentication flow
+To avoid authentication issues, consider the following alternatives:
 
-* Change the authentication flow to [Device Code Authentication](authFlows/devicecode.md) or [Certificate-based Authentication](authFlows/sp.md).
+* Switch Authentication Flow
 
-* Execute Monkey365 using the PowerShell V5 Default version. <span style="color:red">*Only valid on Windows environments*</span>
+    Use [Device Code Authentication](authFlows/devicecode.md) or [Certificate-based Authentication](authFlows/sp.md) instead of the Interactive flow.
 
-* Use the `-ForceMSALDesktop` parameter will force PowerShell 6 and higher to load .NET MSAL libraries instead of .NET core versions. <span style="color:red">*Only valid on Windows environments*</span>
+* Run Monkey365 with PowerShell V5
+
+	This option is only applicable in Windows environments and allows compatibility with the default authentication setup.
+
+* Use the `-ForceMSALDesktop` Parameter
+
+	This forces PowerShell 6 and above to load the .NET MSAL desktop libraries instead of the .NET Core versions. This workaround is also limited to Windows environments.
 
 ## References
 
 
@@ -6,4 +6,17 @@ Monkey365 offers many ways to connect to both Azure and Microsoft 365 environmen
 * [Interactive browser authentication](authFlows/interactive.md) 
 * [Authentication with a username and password](authFlows/ropc.md)
 * [Device Code Authentication](authFlows/devicecode.md)
-* [Client Credential Authentication](authFlows/sp.md)
+* [Client Credential Authentication](authFlows/sp.md)
+
+## Using service principals
+
+Service principals in Microsoft Entra serve as representations of applications within a specific tenant. They outline the application's capabilities, the resources it can interact with, and the users permitted to utilize it. When an application is registered in Microsoft Entra ID, a service principal is automatically generated, enabling secure authentication and resource access for the application.
+
+To set up a service principal for use with Monkey365, you'll need to follow these steps:
+
+* Register an Application in Microsoft Entra ID
+* Create a Client Secret or Certificate
+* Assign API Permissions
+* Assign the required roles
+
+Check the [Service Principal authentication section](sp_authentication/getting_started.md) for manual steps. Additionally, Monkey365 includes a [built-in utility](sp_authentication/automatic_setup.md) that streamlines the creation and configuration of Entra ID applications.
@@ -0,0 +1,55 @@
+---
+author: Juan Garrido
+---
+
+# Getting Started
+
+Monkey365 includes a built-in utility that streamlines the creation and configuration of Entra ID applications for the following Microsoft services:
+
+* Microsoft Graph
+* Microsoft Teams
+* Exchange Online
+* SharePoint Online
+
+The utility automates the creation of an Entra ID application, configures permissions based on the selected services, and generates a certificate for authentication, which it then uploaded. It also assigns service-specific roles to the application. For instance, if SharePoint Online is chosen, the utility will grant the application the `SharePoint Online Administrator`role. If Exchange Online is chosen, the helper will grant the application the `Global Reader` role.
+
+# Automatic Application Setup with Monkey365
+
+## Running the Utility with Default Settings
+
+To run the utility with default settings from the Monkey365 installation directory, use the following:
+
+```PowerShell
+$p = @{
+    TenantId = '00000000-0000-0000-0000-000000000000';
+    Services = 'ExchangeOnline','MicrosoftGraph','MicrosoftTeams','SharePointOnline';
+}
+Register-Monkey365Application @p
+```
+
+## Customizing Parameters (e.g., Certificate)
+
+To override default settings—such as specifying a custom certificate—use this version of the script:
+
+```PowerShell
+$p = @{
+    TenantId = '00000000-0000-0000-0000-000000000000';
+    Services = 'ExchangeOnline','MicrosoftGraph','MicrosoftTeams','SharePointOnline';
+    Certificate = 'C:\Monkey365.cer'
+}
+Register-Monkey365Application @p
+```
+
+After registering the application, you may need to manually grant admin consent for required permissions. To do this, navigate to:
+
+	* Azure Entra ID > App registrations
+	* Select the Monkey365 app
+	* Go to API permissions, and click !Grant admin consent for *your organisation*.
+
+
+???+ note
+	You will need the following for Monkey365:
+	
+	- Tenant ID: Found under Azure Entra ID > Overview.
+	- Client ID: From the app registration overview.
+	- Certificate: The one you created earlier.