CAOptics import plugin #61
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CAOptics import plugin added
Bug fixes in the _update_term_users() method.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Intro
I created a plugin that generates a report containing the per-user MFA status of every user in a given tenant, based in Conditional Access Policies instead of the legacy per-user MFA system. My intention is to publish a more detailed post about how it works but meanwhile I make a brief explanation here about how to use it.
The plugin imports the CSV report generated from CAOptics for a given tenant, then it takes this data and the actual Conditional Access Policies stored in the ROADrecon database. The plugin processes these two sources to get a deterministic per-user MFA status (Enabled/Disabled/Conditional) given by Conditional Access, which is independent from the original per-user MFA mechanisms that ROADrecon implements right now.
Usage
A CAOptics report with the --allTerminations flag is required to launch the plugin. It can be retrieved with the following command:
node ./ca/main.js --mapping --clearTokenCache --clearMappingCache --allTerminationsAfter that, locate the CSV report and note its name (let's call it caoptics_report.csv here).
Then, sign-in in ROADrecon with a user with the
policy.read.allprivilege assigned through a role such asGlobal Reader:python .\roadrecon\roadtools\roadrecon\main.py auth --device-codeGather the tenant information with the
gathercommand:python .\roadrecon\roadtools\roadrecon\main.py gather --mfaFinally, launch the plugin by specifying the CAOptics report path with the
--input_fileflag:python .\roadrecon\roadtools\roadrecon\main.py plugin caopticsimport --input_file caoptics_report.csvThe final report will be written in a separate CSV file called
output_report.csvby default, although this can be changed with the--output_fileflag. There is also an option of getting a console output by specifying the--printflag, which displays a color code depending on the MFA status, but skips some additonal info such as conditions and CAP lists.