⭐️ Microsoft 365 user resource improvements incl. authentication methods

.github/actions/spelling/expect.txt

@@ -89,6 +89,7 @@ spo
 sqli
 sqlimatchstatement
 sqlserver
+SSPR
 targetgroup
 tde
 testutils

providers/ms365/resources/errors.go

@@ -17,3 +17,8 @@ func transformError(err error) error {
  }
  return err
 }
+
+func isOdataError(err error) (*odataerrors.ODataError, bool) {
+ oDataErr, ok := err.(*odataerrors.ODataError)
+ return oDataErr, ok
+}

providers/ms365/resources/ms365.lr

@@ -46,41 +46,41 @@ private microsoft.organization @defaults("displayName") {
 
 // Microsoft Entra ID user
 private microsoft.user @defaults("id displayName userPrincipalName") {
- // User ID
+ // User Object ID
  id string
  // Whether the user account is enabled
  accountEnabled bool
  // User city
  city string
- // User company name
+ // Deprecated: use job.companyName instead
  companyName string
- // User country
+ // Deprecated: use contact.country instead
  country string
  // User create time
  createdDateTime time
- // User department
+ // Deprecated: use job.department instead
  department string
  // User display name
  displayName string
- // User employee ID
+ // Deprecated: use job.employeeId instead
  employeeId string
  // User given name
  givenName string
- // User job title
+ // Deprecated: use job.title instead
  jobTitle string
- // User email
+ // Deprecated: use contact.email instead
  mail string
- // User mobile phone
+ // Deprecated: use contact.mobilePhone instead
  mobilePhone string
- // List of other email addresses
+ // Deprecated: use contact.otherMails instead
  otherMails []string
- // User office location
+ // Deprecated: use job.officeLocation instead
  officeLocation string
- // User postal code
+ // Deprecated: use contact.postalCode instead
  postalCode string
- // User state
+ // Deprecated: use contact.state instead
  state string
- // User street address
+ // Deprecated: use contact.streetAddress instead
  streetAddress string
  // User surname
  surname string
@@ -90,6 +90,34 @@ private microsoft.user @defaults("id displayName userPrincipalName") {
  userType string
  // User settings
  settings() dict
+ // Job information
+ job() dict
+ // Contact information
+ contact() dict
+ // Authentication information
+ authMethods() microsoft.user.authenticationMethods
+}
+
+// Microsoft Entra authentication methods
+private microsoft.user.authenticationMethods @defaults("count") {
+ // Count of authentication methods
+ count int
+ // Phone number and type registered to a user
+ phoneMethods []dict
+ // Email authentication method for self-service password reset (SSPR)
+ emailMethods []dict
+ // FIDO2 security key registered to a user
+ fido2Methods []dict
+ // Software OATH token registered to a user
+ softwareMethods []dict
+ // Microsoft Authenticator app registered to a user
+ microsoftAuthenticator []dict
+ // User password authentication method
+ passwordMethods []dict
+ // Temporary Access Pass registered to a user
+ temporaryAccessPassMethods []dict
+ // Windows Hello for Business authentication method registered to a user
+ windowsHelloMethods []dict
 }
 
 // Microsoft group

providers/ms365/resources/ms365.lr.manifest.yaml

@@ -332,15 +332,21 @@ resources:
  microsoft.user:
  fields:
  accountEnabled: {}
+ authMethods:
+ min_mondoo_version: 9.0.0
  city: {}
  companyName: {}
+ contact:
+ min_mondoo_version: 9.0.0
  country: {}
  createdDateTime: {}
  department: {}
  displayName: {}
  employeeId: {}
  givenName: {}
  id: {}
+ job:
+ min_mondoo_version: 9.0.0
  jobTitle: {}
  mail: {}
  mobilePhone: {}
@@ -355,6 +361,19 @@ resources:
  userType: {}
  is_private: true
  min_mondoo_version: 5.15.0
+ microsoft.user.authenticationMethods:
+ fields:
+ count: {}
+ emailMethods: {}
+ fido2Methods: {}
+ microsoftAuthenticator: {}
+ passwordMethods: {}
+ phoneMethods: {}
+ softwareMethods: {}
+ temporaryAccessPassMethods: {}
+ windowsHelloMethods: {}
+ is_private: true
+ min_mondoo_version: 9.0.0
  ms365.exchangeonline:
  fields:
  adminAuditLogConfig: {}