Skip to content

Commit

Permalink
- Implemented new feature for user authentication method retrieval
Browse files Browse the repository at this point in the history 
- Improved error handling in authentication method configuration
- Updated documentation for clarity on usage
  • Loading branch information
@PrzemyslawKlys
PrzemyslawKlys committed Mar 4, 2025
1 parent 836908f commit c083ae7
Showing 1 changed file with 84 additions and 62 deletions.
146 changes: 84 additions & 62 deletions Public/Show-MyConditionalAccess.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,46 +237,47 @@
@(
foreach ($Method in $AuthMethods.Methods.Keys) {
[PSCustomObject]@{
Method = $Method
State = $AuthMethods.Methods.$Method.State
ExcludedGroups = ($AuthMethods.Methods.$Method.ExcludeTargets | Where-Object { $_.TargetType -eq 'group' } | ForEach-Object { $_.DisplayName }) -join ', '
ConfigurationDetails = switch ($Method) {
'Authenticator' {
$config = $AuthMethods.Methods.$Method
"Number Matching: $($config.RequireNumberMatching)"
}
'FIDO2' {
$config = $AuthMethods.Methods.$Method
"Attestation Enforced: $($config.IsAttestationEnforced)" + $(
if ($config.KeyRestrictions) {
"`nKey Restrictions:`n" +
"- Enforcement: $($config.KeyRestrictions.EnforcementType)" +
"- Enforced: $($config.KeyRestrictions.IsEnforced)" +
$(if ($config.KeyRestrictions.AAGUIDs) { "`n- AAGUIDs: $($config.KeyRestrictions.AAGUIDs)" })
}
)
}
'TemporaryAccess' {
$config = $AuthMethods.Methods.$Method
"Default Length: $($config.DefaultLength), Lifetime: $($config.DefaultLifetimeInMinutes)m"
}
'Email' {
$config = $AuthMethods.Methods.$Method
"External ID OTP: $($config.AllowExternalIdToUseEmailOtp)"
}
'WindowsHello' {
$config = $AuthMethods.Methods.$Method
"Security Keys: $($config.SecurityKeys)"
}
'X509' {
$config = $AuthMethods.Methods.$Method
$bindings = $config.CertificateUserBindings | ForEach-Object {
"$($_.X509Field)->$($_.UserProperty) (Priority:$($_.Priority))"
}
"Bindings: " + ($bindings -join '; ')
}
default { "Standard configuration" }
}
Method = $Method
State = $AuthMethods.Methods.$Method.State
ExcludedTargets = $AuthMethods.Methods.$Method.ExcludeTargets -join ", "
ExcludedGroups = ($AuthMethods.Methods.$Method.ExcludeTargets | Where-Object { $_.TargetType -eq 'group' } | ForEach-Object { $_.DisplayName }) -join ', '
# ConfigurationDetails = switch ($Method) {
# 'Authenticator' {
# $config = $AuthMethods.Methods.$Method
# "Number Matching: $($config.RequireNumberMatching)"
# }
# 'FIDO2' {
# $config = $AuthMethods.Methods.$Method
# $restrictions = if ($config.KeyRestrictions) {
# "Key Restrictions:`n" +
# "- Enforcement: $($config.KeyRestrictions.EnforcementType)" +
# "- Enforced: $($config.KeyRestrictions.IsEnforced)" +
# $(if ($config.KeyRestrictions.AAGUIDs) { "`n- AAGUIDs: $($config.KeyRestrictions.AAGUIDs)" })
# }
# "Attestation Enforced: $($config.IsAttestationEnforced)" +
# $(if ($restrictions) { "`n$restrictions" })
# }
# 'TemporaryAccess' {
# $config = $AuthMethods.Methods.$Method
# "Default Length: $($config.DefaultLength), Lifetime: $($config.DefaultLifetimeInMinutes)m"
# }
# 'Email' {
# $config = $AuthMethods.Methods.$Method
# "External ID OTP: $($config.AllowExternalIdToUseEmailOtp)"
# }
# 'WindowsHello' {
# $config = $AuthMethods.Methods.$Method
# "Security Keys: $($config.SecurityKeys)"
# }
# 'X509' {
# $config = $AuthMethods.Methods.$Method
# $bindings = $config.CertificateUserBindings | ForEach-Object {
# "$($_.X509Field)->$($_.UserProperty) (Priority:$($_.Priority))"
# }
# "Bindings: " + ($bindings -join '; ')
# }
# default { "Standard configuration" }
# }
}
}
)
Expand All @@ -291,32 +292,53 @@
foreach ($Method in $AuthMethods.Methods.Keys) {
$MethodConfig = $AuthMethods.Methods.$Method
New-HTMLSection -HeaderText $Method -CanCollapse {
if ($Method -eq 'X509') {
New-HTMLTable -DataTable $MethodConfig.CertificateUserBindings -Filtering -DataStore JavaScript -DataTableID "TableAuthMethod$($Method)Bindings" -ScrollX -WarningAction SilentlyContinue
} elseif ($MethodConfig.ExcludeTargets) {
New-HTMLTable -DataTable $(
$MethodConfig.PSObject.Properties | Where-Object { $_.Name -ne 'ExcludeTargets' } | ForEach-Object {
switch ($Method) {
'X509' {
New-HTMLTable -DataTable $MethodConfig.CertificateUserBindings -Filtering -DataStore JavaScript -DataTableID "TableAuthMethod$($Method)Bindings" -ScrollX -WarningAction SilentlyContinue
}
'FIDO2' {
New-HTMLTable -DataTable $(
[PSCustomObject]@{
Setting = $_.Name
Value = $_.Value
Setting = 'State'
Value = $MethodConfig.State
}
}
) -Filtering -DataStore JavaScript -DataTableID "TableAuthMethod$($Method)Settings" -ScrollX -WarningAction SilentlyContinue

if ($MethodConfig.ExcludeTargets.Count -gt 0) {
New-HTMLSection -HeaderText "Excluded Targets" {
New-HTMLTable -DataTable $MethodConfig.ExcludeTargets -Filtering -DataStore JavaScript -DataTableID "TableAuthMethod$($Method)Excludes" -ScrollX -WarningAction SilentlyContinue
}
}
} else {
New-HTMLTable -DataTable $(
$MethodConfig.PSObject.Properties | ForEach-Object {
[PSCustomObject]@{
Setting = $_.Name
Value = $_.Value
Setting = 'Attestation Enforced'
Value = $MethodConfig.IsAttestationEnforced
}
}
) -Filtering -DataStore JavaScript -DataTableID "TableAuthMethod$Method" -ScrollX -WarningAction SilentlyContinue
if ($MethodConfig.KeyRestrictions) {
[PSCustomObject]@{
Setting = 'Key AAGUIDs'
Value = $MethodConfig.KeyRestrictions.AAGUIDs
}
[PSCustomObject]@{
Setting = 'Key Enforcement Type'
Value = $MethodConfig.KeyRestrictions.EnforcementType
}
[PSCustomObject]@{
Setting = 'Key Restrictions Enforced'
Value = $MethodConfig.KeyRestrictions.IsEnforced
}
}
) -Filtering -DataStore JavaScript -DataTableID "TableAuthMethod$($Method)Settings" -ScrollX -WarningAction SilentlyContinue
}
default {
New-HTMLTable -DataTable $(
$MethodConfig.PSObject.Properties | ForEach-Object {
if ($_.Name -ne 'ExcludeTargets') {
[PSCustomObject]@{
Setting = $_.Name
Value = $_.Value
}
}
}
) -Filtering -DataStore JavaScript -DataTableID "TableAuthMethod$($Method)Settings" -ScrollX -WarningAction SilentlyContinue
}
}
if ($MethodConfig.ExcludeTargets -and $MethodConfig.ExcludeTargets.Count -gt 0) {
New-HTMLSection -HeaderText "Excluded Targets" {
New-HTMLTable -DataTable $MethodConfig.ExcludeTargets -Filtering -DataStore JavaScript -DataTableID "TableAuthMethod$($Method)Excludes" -ScrollX -WarningAction SilentlyContinue
}
}
}
}
Expand Down

0 comments on commit c083ae7

Please sign in to comment.