v0.2.0 — Mock mode + onboarding
Mock mode lands. Tool can now be tried end-to-end without any Azure access.
What's new
./examples/run-mock.ps1produces a complete sample report (30 findings across 5 domains) in ~5 seconds. No az login, no tenant, no permissions required.lib/MockClient.psm1provides drop-in mocks for Graph, ARM, DNS, and Exchange Online calls. All audit scripts route through it when-MockModeis set.examples/fixtures/ships 16 sanitized JSON fixtures representing a typical small-org tenant with realistic posture gaps. All identifiers synthetic.- README quickstart leads with the mock path. Live-tenant path is section 2.
What's preserved
- Live tenant audit (Phase 1 stabilization from v0.1.0) unchanged. Run with full
./run-audit.ps1 -TenantId ... -SubscriptionId ... -Domain .... - 114 Pester tests still passing.
- Schema v1.0.0 unchanged; mock-mode output is structurally identical to live-mode output.
Adoption barrier dropped
Before v0.2: clone + Azure subscription + Graph permissions + Exchange Online module + 5-10 minutes of setup → see what the tool does.
After v0.2: clone + ./examples/run-mock.ps1 → see exactly what the tool does in 5 seconds.
Next: v0.3 (Per-domain depth — Identity + DNS)
Per ROADMAP.md: expanding Identity audit by +15 checks (PIM eligibility, app consent, service principal audit, named locations, etc.) and DNS by +8 checks (DNSSEC, CAA, DKIM key strength, etc.) plus per-finding documentation_url field.