6.3.4

Changes (2023-Nov-13 / 6.3.4 Minor)

• introduce new parameter -ARMLocation. Define the Azure Resource Manager (ARM) location to use (default is to use westeurope; this is used to optimize the built-in Azure RBAC Role definitions tracking)
• hardening the automated AzAPICall PowerShell module installation by adding retry mechanism in case of failure (Azure DevOps/GitHub)
• tolerating more up to date AzAPICall version when executing outside of Azure DevOps/GitHub
• update ARM API-version for Resources. Using 2023-07-01 instead of 2021-04-01
• update /.azuredevops/pipelines/AzGovViz.variables.yml
  • add parameter -ARMLocation
• update README.md
  • update API reference
• use AzAPICall PowerShell module version 1.1.84

6.3.3

Changes (2023-Oct-22 / 6.3.3 Minor)

• introduce new optional parameter -AzAPICallSkipAzContextSubscriptionValidation ref
• update ARM API-version for RBAC Role definitions. Using 2022-05-01-preview instead of 2018-11-01-preview. This will show us 'conditions' example
• update /.azuredevops/pipelines/AzGovViz.variables.yml
  • add parameter -AzAPICallSkipAzContextSubscriptionValidation
  • structure AzAPICall related variables
  • Azure Active Directory becomes Microsoft Entra ID
• update README.md and setup.md
  • OIDC for Azure DevOps
  • update API reference
  • Azure Active Directory becomes Microsoft Entra ID
• use AzAPICall PowerShell module version 1.1.83

6.3.2

Changes (2023-Sep-12 / 6.3.2 Minor)

• another fix for AzAPICall issue43. Use-case scenario will be documented in the near future. Kudos to Asbjørn Nielsen (fellowmind dk) @AsbjornNielsen
• use AzAPICall PowerShell module version 1.1.79

6.3.1

Changes (2023-Sep-04 / 6.3.1 Minor)

• introduce new optional parameter -TenantId4AzContext which makes it possible to set the Azure context to a different tenant. Fix for AzAPICall issue43. Use-case scenario will be documented in the near future. Kudos to Asbjørn Nielsen (fellowmind dk) @AsbjornNielsen
• update /.azuredevops/pipelines/AzGovViz.variables.yml
• use AzAPICall PowerShell module version 1.1.78

6.3.0

Changes (2023-Jul-19 / 6.3.0 Minor)

• update feature UserAssigned Managed Identities assigned to Resources / vice versa
  • show if UAMI is used cross subscription (TenantSummary, ScopeInsights & CSV output)

6.2.3

Changes (2023-Jun-23 / 6.2.3 Minor)

• fix feature 'network' - optimize handling of unknown Subscription Ids

6.2.1

Changes (2023-Jun-16 / 6.2.1 Minor)

• fix feature diagnostic capable resource name containing "+"

6.2.0

Changes (2023-Apr-24 / 6.2.0 Minor)

• fix handling of DisallowedProvider responses; issue #184

6.1.0

Changes (2023-Mar-30 / 6.1.0 Major)

• Update to semantic versioning
  • the version.txt becomes obsolete
  • the new file for version check is version.json
• Add updatedBy/updatedOn metadata for RBAC Role assignments
• Add least privilege check for script execution in the context of a user for Azure Resource permissions (at this time it only checks permissions on the target Management Group Id) - best practice is to execute as a Service Principal with least privilege
• Use AzAPICall PowerShell module version 1.1.72
  • add AzAPICall version information in AzAPICall outputs
  • if context is user then get the users objectId (required for least privilege check)

v6_major_20230320_1

Changes (2023-Mar-20 / Major)

• Fix/update feature Policy Remediation
  • Optimze the Azure Resource Graph query by adding sort, due to duplicates/missing entries for results > 1k
• Analysis on issue #175 (no real explanation, but fixed by using IsNullOrWhiteSpace instead of IsNullOrEmpty)

$htdetails0 = @"
{
    "then": {
        "details": [
            {
                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId",
                "value": "[parameters('workspaceId')]"
            }
        ]
    }
}
"@
$htdetails1 = @"
{
    "then": {
        "details": [
            {
                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId",
                "value": "[parameters('workspaceId')]"
            },
            {
                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceKey",
                "value": "[parameters('workspaceKey')]"
            }
        ]
    }
}
"@

$obj0 = $htdetails0 | ConvertFrom-Json
if (-not [string]::IsNullOrEmpty($obj0.then.details.roleDefinitionIds)) {
    Write-Host 'obj0 roleDefinitionIds not empty'
}
else {
    Write-Host 'obj0 roleDefinitionIds empty'
}

$obj1 = $htdetails1 | ConvertFrom-Json
if (-not [string]::IsNullOrEmpty($obj1.then.details.roleDefinitionIds)) {
    Write-Host 'obj1 roleDefinitionIds not empty'
}
else {
    Write-Host 'obj1 roleDefinitionIds empty'
}