[Enhancement] GR7 PROTECTION OF DATA-IN-TRANSIT (M) Remove Management…

… Group Evaluation (#377)

* remove management group evaluation

* switch to recommended control

setup/IaC/modules/automationaccount.bicep

@@ -222,7 +222,7 @@ resource guardrailsAC 'Microsoft.Automation/automationAccounts@2021-06-22' = if
     properties: {
       contentLink: {
         uri: '${ModuleBaseURL}/Check-ProtectionOfDataInTransit.zip'
-        version: '1.2.6'
+        version: '1.2.7'
       }
     }
   }

setup/modules.json

@@ -577,7 +577,7 @@
     "Control": "Guardrails7",
     "ModuleType": "Builtin",
     "Status": "Enabled",
-    "Required": "True",
+    "Required": "False",
     "Profiles": [2, 3, 4, 5, 6],
     "Script": "Verify-ProtectionDataInTransit -ControlName $msgTable.CtrName7 -ItemName $msgTable.dataInTransit -PolicyID $vars.pbmmpolicyID -MsgTable $msgTable  -ReportTime $ReportTime -CBSSubscriptionName $vars.cbssubscriptionName -itsgcode $vars.itsgcode -CloudUsageProfiles $cloudUsageProfilesString -ModuleProfiles $ModuleProfilesString",
     "variables": [

src/GUARDRAIL 7 PROTECTION OF DATA-IN-TRANSIT/Audit/Check-ProtectionOfDataInTransit.psd1

@@ -14,7 +14,7 @@
 RootModule = 'Check-ProtectionOfDataInTransit'
 
 # Version number of this module.
-ModuleVersion = '1.2.6'
+ModuleVersion = '1.2.7'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()

src/GUARDRAIL 7 PROTECTION OF DATA-IN-TRANSIT/Audit/Check-ProtectionOfDataInTransit.psm1

@@ -124,21 +124,7 @@ function Verify-ProtectionDataInTransit {
     $FinalObjectList = [System.Collections.ArrayList]@()
     $ErrorList = [System.Collections.ArrayList]@()
     $grRequiredPolicies=@("FunctionAppShouldOnlyBeAccessibleOverHttps","WebApplicationShouldOnlyBeAccessibleOverHttps", "ApiAppShouldOnlyBeAccessibleOverHttps", "OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","SecureTransferToStorageAccountsShouldBeEnabled")
-    #Check management groups
-    try {
-        $objs = Get-AzManagementGroup -ErrorAction Stop
-    }
-    catch {
-        $Errorlist.Add("Failed to execute the 'Get-AzManagementGroup' command--verify your permissions and the installion of the Az.Resources module; returned error message: $_")
-        throw "Error: Failed to execute the 'Get-AzManagementGroup' command--verify your permissions and the installion of the Az.Resources module; returned error message: $_"
-    }
-    [string]$type = "Management Group"
-    if($EnableMultiCloudProfiles) {
-        $FinalObjectList+=Check-StatusDataInTransit -objList $objs -objType $type -itsgcode $itsgcode -requiredPolicyExemptionIds $grRequiredPolicies -PolicyID $PolicyID -ReportTime $ReportTime -ItemName $ItemName -LogType $LogType -msgTable $msgTable -ControlName $ControlName -CloudUsageProfiles $CloudUsageProfiles -ModuleProfiles $ModuleProfiles -EnableMultiCloudProfiles
-    }
-    else {
-        $FinalObjectList+=Check-StatusDataInTransit -objList $objs -objType $type -itsgcode $itsgcode -requiredPolicyExemptionIds $grRequiredPolicies -PolicyID $PolicyID -ReportTime $ReportTime -ItemName $ItemName -LogType $LogType -msgTable $msgTable -ControlName $ControlName
-    }
+
     #Check Subscriptions
     try {
         $objs = Get-AzSubscription -ErrorAction Stop | Where-Object {$_.State -eq "Enabled"}