Merge pull request #65 from JulianHayward/v6_major_20211018_1

v6_major_20211018_1
JulianHayward · Oct 18, 2021 · 1980d09 · 1980d09
2 parents a480000 + 0b415be
commit 1980d09
Show file tree

Hide file tree

Showing 12 changed files with 3,752 additions and 3,231 deletions.
diff --git a/README.md b/README.md
diff --git a/history.md b/history.md
@@ -2,6 +2,20 @@
 
 ## AzGovViz version history
 
+### AzGovViz version 6
+
+__Release v6 Changes__
+
+* Removed usage of Azure PowerShell cmdlet 'Get-AzRoleAssignment' / preparing for upcoming deprecation of 'Azure Active Directory Graph' API ([announcement](https://azure.microsoft.com/en-us/updates/update-your-apps-to-use-microsoft-graph-before-30-june-2022/))
+* Management Group diagnostic setting - reflect inheritance of diagnostic settings from upper Management Group scopes
+* __TenantSummary__ Policy assignments - resolve Managed Identity (if Policy assignment effect is DeployIfNotExists (DINE) or Modify)
+* Removed __TenantSummary__ RBAC Classic Role assignments
+* Improved AzAPICall error handling and output
+* Azure DevOps pipeline (yml) updated prerequisites to include Repository 'contribute' permission check
+* Added Application Insights [stats](#stats)
+* Performance optimization
+* Bugfixes
+
 ### AzGovViz version 5
 
 __Changes__ (2021-Sep-19 / Major)

diff --git a/img/aadpermissionsportal.jpg b/img/aadpermissionsportal.jpg
diff --git a/img/caf.png b/img/caf.png
diff --git a/img/identifier.jpg b/img/identifier.jpg
diff --git a/img/permissions.png b/img/permissions.png
diff --git a/img/stats.jpg b/img/stats.jpg
diff --git a/pipeline/AzGovViz.yml b/pipeline/AzGovViz.yml
@@ -1,11 +1,11 @@
-# AzGovViz v5_major_20210907_1
+# AzGovViz v6_major_20211018_1
 # First things first: 
-# 1. edit line 60 and line 61 
-# 2. check line 75 and 86 if branch 'master' is applicable 
+# 1. edit line 59 and line 60 
+# 2. check line 74 and 85 if branch 'master' is applicable 
 # Documentation: https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting
 # Also check https://www.azadvertizer.net - AzAdvertizer helps you to keep up with the pace by providing overview and insights on new releases and changes/updates for Azure Governance capabilities such as Azure Policy's policy definitions, initiatives (set definitions), aliases and Azure RBAC's role definitions and resource provider operations.
 # 
-# Parameters reference (use in line 111)
+# Parameters reference (use in line 108)
 # LimitCriticalPercentage | default is '80' | example: -LimitCriticalPercentage 90  | WhatDoesItDo? marks capabilities that approch limits e.g. limit 100, usage 80 will mark with warning
 # SubscriptionQuotaIdWhitelist | default is 'undefined' | example: -SubscriptionQuotaIdWhitelist MSDN_, EnterpriseAgreement_ | WhatDoesItDo? processes only Subscriptions that startWith the given QuotaIds
 # HierarchyMapOnly | switch | example: -HierarchyMapOnly | WhatDoesItDo? only creates the Hierarchy Tree
@@ -15,8 +15,6 @@
 # NoPolicyComplianceStates | example: -NoPolicyComplianceStates | WhatDoesItDo? will not query policy compliance states
 # NoResourceDiagnosticsPolicyLifecycle | example: -NoResourceDiagnosticsPolicyLifecycle | WhatDoesItDo? will not create Resource Diagnostics Policy Lifecycle recommendations
 # NoAADGroupsResolveMembers | example: -NoAADGroupsResolveMembers | WhatDoesItDo? will not resolve Azure Active Directory Group memberships for Role assignments where identity type is 'Group'
-# NoAADGuestUsers | example: -NoAADGuestUsers | WhatDoesItDo? will not resolve Azure Active Directory User type (Guest or Member) for Role assignments where identity type is 'User'
-# NoAADServicePrincipalResolve | example: -NoAADServicePrincipalResolve | WhatDoesItDo? disables resolving ServicePrincipals
 # AADServicePrincipalExpiryWarningDays | example: -AADServicePrincipalExpiryWarningDays 21 | WhatDoesItDo? define warning period for Service Principal secret and certificate expiry; default is 14 days
 # NoAzureConsumption | example: -NoAzureConsumption | WhatDoesItDo? Azure Consumption data will not be collected/reported
 # AzureConsumptionPeriod | example: -AzureConsumptionPeriod 7 | WhatDoesItDo? define for which time period Azure Consumption data should be gathered; default is 1 day
@@ -41,6 +39,7 @@
 # HtmlTableRowsLimit | example: -HtmlTableRowsLimit | WhatDoesItDo? Although the parameter -LargeTenant was introduced recently, still the html output may become too large to be processed properly. The new parameter defines the limit of rows - if for the html processing part the limit is reached then the html table will not be created (csv and json output will still be created). Default rows limit is 40.000
 # AADGroupMembersLimit | example: -AADGroupMembersLimit 333 | WhatDoesItDo? Defines the limit (default=500) of AAD Group members; For AAD Groups that have more members than the defined limit Group members will not be resolved
 # NoResources | example: -NoResources | WhatDoesItDo? Will speed up the processing time but information like Resource diagnostics capability and resource type stats (featured for large tenants)
+# StatsOptOut | example: -StatsOptOut | WhatDoesItDo? Will opt-out sending stats
 
 trigger: none
 
@@ -93,15 +92,13 @@ jobs:
     vmImage: 'ubuntu-18.04'
 
   steps:
-  - powershell: |
-      write-host "#################################"
-      write-host "Ensure AzGovViz prerequisites"
-      write-host "#################################"
-      write-host "wiki dir check"
-      if(!(test-path $(System.DefaultWorkingDirectory)/$(WikiDir))){New-Item -ItemType Directory -Force -Path $(System.DefaultWorkingDirectory)/$(WikiDir)}
-    displayName: 'Ensure AzGovViz v5 prerequisites'
+  - task: PowerShell@2
+    inputs:
+      targetType: 'filePath'
+      filePath: $(System.DefaultWorkingDirectory)/$(ScriptDir)/prerequisites.ps1
+    displayName: 'Prerequisites check'
     env:
-      workingdirectory: $(Agent.BuildDirectory)
+      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
   - task: AzurePowerShell@4
     inputs:
       azureSubscription: '$(ServiceConnection)'