v0.2.0 release

[ethanb-cisa]

v.0.2.0 release

Major Changes

• Use cmdlet Invoke-SCuBA to start an assessment. Removed RunSCuBA.ps1. See README for more.
• Added GCC-H/DOD endpoints. Use the -M365Environment parameter.
• Exchange, Defender for Office 365, and Teams can now be run with the Global Reader role instead of administrator permissions.
• Removed Graph API Scope Policy.ReadWRITE.AuthenticationMethod.
• Added Disconnect-SCuBATenant cmdlet and Invoke-SCuBA -DisconnectOnExit option to help manage connections to multiple tenants. Using either method will make your next run connect to a new tenant.

Documentation

• Significant changes to the README for clarity and new usage examples and a cool diagram.
• Updated links in the HTML report to reference CISA's SCuBA website and the baseline documents.
• Added the tenant name and tenantId to the HTML report to help determine which tenant was assessed.
• AAD report now includes a warning that exclusions to Conditional Access Policies are not evaluated and that may impact your compliance with certain controls.
• Added a sample-report folder to the repository that will be updated with the latest report template each release. Thanks to public suggestion. Sample Report Output #2

Code

• Refactored the Power Platform exclusive -Endpoint parameter to the -M365Environment parameter to support connecting to different endpoints for any product.
• Required dependencies are now checked on module import.
• Added * parameter to the ProductNames parameter in Invoke-SCuBA to run all products
• Setup.ps1 now only installs modules if they are not already installed based on a minimum version.
• Improved error handling in some providers. Others will be updated in the next release.
• Improved code documentation to enable Get-Help functionality.
• Tool now increases PowerShell's $MaximumFunctionCount to support all the cmdlets exported by MS Graph.
• Fixed bug with Teams provider and JSON parsing. See: Getting an unable to parse input: yaml error #12

Rego/Policies

• Fixed Rego check for OneDrive policy 2.4, which resulted in incorrect results.
• Fixed Rego check for Defender 2.7 and 2.8, which resulted in incorrect results.
• Added support for Exchange policy 2.6 bullet 8, which was not previously implemented.
• Removed automation support for part of SharePoint policy 2.5 (Prevent users from running custom script on personal sites), due to a bug with comparison logic. Hope to have it added back in the next release.

Baselines

• No changes. We do not anticipate making edits to the baseline documents until Q2 2023.

[gdasher]

LGTM

[buidav]

A new line was added from the merge with main. Doesn't look like it's breaking anything though, so just fix before merging.