⭐️ Adding conditional Access - Named location part (#4632)

* ⭐️ Adding conditional Access - Named location part

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* adding the support for multiple NamedLocation

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* Improving the comments

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* improvements by making it visible

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* improvements

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* improvements

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* improvements

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* rebase

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* Improved to include the trusted

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

* removed log parts

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

---------

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>

providers/azure/resources/azure.lr

@@ -1520,7 +1520,7 @@ private azure.subscription.keyVaultService.vault @defaults("vaultName type vault
 
 // Azure Key Vault key auto-rotation
 private azure.subscription.keyVaultService.key.autorotation @defaults("enabled") {
- // Key ID (Key Identifier)
+ // Key ID
  kid string
  // Auto-rotation enabled status
  enabled bool

providers/ms365/resources/conditional-access.go

@@ -0,0 +1,57 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package resources
+
+import (
+ "context"
+
+ "github.com/microsoftgraph/msgraph-sdk-go/models"
+ "go.mondoo.com/cnquery/v11/llx"
+ "go.mondoo.com/cnquery/v11/providers/ms365/connection"
+)
+
+func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error) {
+ conn := a.MqlRuntime.Connection.(*connection.Ms365Connection)
+ graphClient, err := conn.GraphClient()
+ if err != nil {
+ return nil, err
+ }
+
+ ctx := context.Background()
+ namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Get(ctx, nil)
+ if err != nil {
+ return nil, transformError(err)
+ }
+
+ var locationDetails []interface{}
+ for _, location := range namedLocations.GetValue() {
+ if ipLocation, ok := location.(*models.IpNamedLocation); ok {
+ displayName := ipLocation.GetDisplayName()
+ isTrusted := ipLocation.GetIsTrusted()
+
+ if displayName != nil {
+ trusted := false
+ if isTrusted != nil {
+ trusted = *isTrusted
+ }
+
+ locationInfo, err := CreateResource(a.MqlRuntime, "microsoft.conditionalAccess.ipNamedLocation",
+ map[string]*llx.RawData{
+ "name": llx.StringDataPtr(displayName),
+ "trusted": llx.BoolData(trusted),
+ })
+ if err != nil {
+ return nil, err
+ }
+ locationDetails = append(locationDetails, locationInfo)
+ }
+ }
+ }
+
+ if len(locationDetails) == 0 {
+ return nil, nil
+ }
+
+ return locationDetails, nil
+}

providers/ms365/resources/ms365.lr

@@ -56,6 +56,20 @@ microsoft.tenant @defaults("name") {
  subscriptions() []dict
 }
 
+// Microsoft Conditional Access Policies
+microsoft.conditionalAccess {
+ // IP named location
+ namedLocations() []microsoft.conditionalAccess.ipNamedLocation
+}
+
+// Microsoft Conditional Access IP named location
+microsoft.conditionalAccess.ipNamedLocation @defaults("name trusted") {
+ // Named location name
+ name string
+ // Whether the location is marked as trusted
+ trusted bool
+}
+
 // Microsoft Entra ID user
 private microsoft.user @defaults("id displayName userPrincipalName") {
  // User Object ID

providers/ms365/resources/ms365.lr.manifest.yaml

@@ -5,6 +5,8 @@ resources:
  microsoft:
  fields:
  applications: {}
+ conditionalAccess:
+ min_mondoo_version: 9.0.0
  domains: {}
  enterpriseApplications:
  min_mondoo_version: latest
@@ -118,6 +120,22 @@ resources:
  value: {}
  is_private: true
  min_mondoo_version: 9.0.0
+ microsoft.conditionalAccess:
+ fields:
+ name: {}
+ namedLocations: {}
+ trusted: {}
+ min_mondoo_version: 9.0.0
+ microsoft.conditionalAccess.ipNamedLocation:
+ fields:
+ name: {}
+ trusted: {}
+ min_mondoo_version: 9.0.0
+ microsoft.conditionalAccess.namedLocation:
+ fields:
+ name: {}
+ trusted: {}
+ min_mondoo_version: 9.0.0
  microsoft.devicemanagement:
  fields:
  deviceCompliancePolicies: {}