v2.1.6

What's Changed

• [Bugfix] GR1 V6 Handling duplicate UPN by @dutt0 in #359
• [Bug fix] GR1 V6 Fix non-compliant duplicate message by @dutt0 in #362
• [Bugfix] GR1 V6 Fix compliance status for single column UPN list by @dutt0 in #364
• [Update] GR11 Validation 5 Remove module entirely by @dutt0 in #365
• [BugFix] - GR4 | FinOps Control | Incorrect comment when the FinOps SPN tool does not exist in environment by @singhgss in #370
• [BugFix] GR1 | Validation 5 | Comment for Action Group Missing on BreakGlass Account Alert Bug by @alalvi00 in #372
• [Enhancement] - GR5 Allowed Location Check + Policy Compliance Status Information by @alalvi00 in #371
• Compliance Data Aggregation on Client Side and Central View by @dutt0 in #373
• [Enhancement] GR7 PROTECTION OF DATA-IN-TRANSIT (M) Remove Management Group Evaluation by @dutt0 in #377
• GR4 | Validation 2 | FinOps control needs to be "recommended" until/ if it becomes mandated by @alalvi00 in #378
• GR7 | Validation 1 Bugfix Compliance Result by @dutt0 in #368
• [Enhancement] - GR9 | Validation 3 | Logic Shift - Independent Subscription Compliance to Tenant Wide Compliance by @singhgss in #374
• Pre-release v2.1.6 by @alalvi00 in #379
• Update Modules Pre Release by @github-actions in #380

Full Changelog: v2.1.5...v2.1.6

v2.1.5

What's Changed

• GR2 Validation 1 CAP Without Reference to any User Group by @dutt0 in #326
• [Update] GR11 Archiving (R) Controls by @dutt0 in #327
• [Update] GR7 V3 Improve Error Handling by @dutt0 in #328
• [Cleanup] GR7 Removing old attestation control by @dutt0 in #341
• [Update] GR8 Validation 1 HighLevelDesign expected format by @dutt0 in #342
• [Bugfix] GR2 Validation 6 Banned Password List by @dutt0 in #340
• [Update] GR2 V3 itemName update by @dutt0 in #343
• [Bugfix] GR1 V6 Remove duplicate comment by @dutt0 in #345
• [Update] GR1 V1 Retrieve guest user information with user type by @dutt0 in #347
• [BugFix] GR5 | Validation 1 | AllowedLocationInitiativeId config.json field by @alalvi00 in #348
• [Update] Rename Resource group name by @dutt0 in #355
• [BugFix] GR3 | Validation 1 | Compliance Status Unchanged Despite Meeting the Requirements Developed by @alalvi00 in #357
• [BUGFIX]- Central Reporting Erroring Out Fix and GR13 addition to aggregation by @singhgss in #358
• Pre-release v2.1.5 by @dutt0 in #360
• Update Modules Pre Release by @github-actions in #361

Full Changelog: v2.1.4...v2.1.5

v2.1.4

What's Changed

• [BugFix] Disable timezone module due to required priviledged access for VMs by @singhgss in #321
• [Enhancement] Encrypted Standard String by @singhgss in #316
• Pre-release v2.1.4 by @singhgss in #323
• Update Modules Pre Release by @github-actions in #324

Full Changelog: v2.1.3...v2.1.4

v2.1.3

What's Changed

• [BugFix] - MCUP Format Issue During Installation by @singhgss in #280
• [New control] GR7V1 and GR9V4 | Validation for storage account TLS version by @dutt0 in #275
• [New control] GR7 V1 App Service HTTPS Configuration (M) by @dutt0 in #281
• [New control] GR7 V1 Function App HTTPS Configuration (M) by @dutt0 in #282
• [New Control] - GR4 | FinOps Controls by @singhgss in #247
• [New control] GR2 V3 Automated Role Reviews: Role Assignments for Users and Global Administrators (M) by @dutt0 in #260
• [New Control] - GR11 | Validation 5 | Time Zone Configuration Consistency Check (M) by @singhgss in #274
• [New Control] GR11 V4 Service Health Alerts and Events Check by @alalvi00 in #289
• Adding manual deployment to dev for testing by @singhgss in #294
• [New Control] GR11 V4 Microsoft Defender for Cloud Alerts and Events Check by @alalvi00 in #295
• [BugFix] GR1 Validation 6 Fix comment by @dutt0 in #300
• [BugFIx] - Central Reporting: v2.0 data is not being collected automatically by @singhgss in #302
• [Code Cleanup] Fix function duplication by @dutt0 in #303
• [BugFix ]MsgTable didnt have correct name for message for English Translation by @singhgss in #304
• [New control ] GR2 Validation 10 Automated Guest User Reviews: Role Assignments and Access Requirements by @dutt0 in #286
• [Fix/Update] GR2 Validation 3 Automated User Role Reviews logic update around compliance by @dutt0 in #299
• [BugFix] - GR7 | V3 Incorrect messaging when Application Gateway but no SSL Certificates in a listener by @singhgss in #305
• [Fix] Added appropriate messaging for uploaded file with incorrect extension by @dutt0 in #307
• [BugFix] - GR9 | V3 Missing ItemName and Subscription Columns in the client workbook by @singhgss in #310
• [Fix] GR1 V6 and GR7 V3 Added appropriate messaging for uploaded file with incorrect extension and a few misc. update by @dutt0 in #309
• [Bugfix] GR8 V1 & V2 Missing ItemName in client workbook by @dutt0 in #317
• [Bugfix] GR13 V3 SignIn Logs logic with consideration of retention period and misc. error handling update by @dutt0 in #315
• [BugFix] GR1 V5 Compliance Messages and Code Logic Update by @alalvi00 in #318
• Pre-release v2.1.3 by @dutt0 in #319
• Update Modules Pre Release by @github-actions in #320

Full Changelog: v2.1.2...v2.1.3

v2.1.2

What's Changed

• [New Control] GR1 | Validation 5 | Alerts to Flag Misuse and Suspicious Activities (M) by @alalvi00 in #264
• [BugFix] GR1 V5 Added versioning and removed duplicate messages by @alalvi00 in #266
• [New Control] GR9 | Validation 3 | Tools In Use For Limiting Access To Authorized Source IP Addresses (M) by @singhgss in #265
• [Bugfix] GR1 V5 MUC alert monitor control profile in workbook by @dutt0 in #269
• [BugFix] - Multi-cloud Usage Bug: Missing Subscription Tags by @singhgss in #270
• [New Control] GR13 | Validation 2 | Alerts to Flag Misuse and Suspicious Activities by @dutt0 in #268
• [Bugfix] GR2 | Validation 9 | Fixed Main runbook error by @dutt0 in #271
• Pre-release v2.1.2 by @dutt0 in #272
• Update Modules Pre Release by @github-actions in #273

Full Changelog: v2.1.1...v2.1.2

v2.1.1

What's Changed

• [New control ] GR8 V2 Cloud Infrastructure Deployment Guide or Applicable Landing Zone Details by @dutt0 in #212
• [Enhancement] GR8 V1 Update control for Network diagram and high level design doc by @dutt0 in #213
• [NEW CONTROL] GR1 V2 - All Cloud User Accounts MFA Conditional Access Policy Check by @alalvi00 in #217
• [New Control] Guardrail Validation 6 Checkonlineattackcountermeasures by @singhgss in #203
• [BugFix] Handle error when sub doesn't exist in check-cbsensor by @singhgss in #226
• [BugFix] Pipeline times out fix using OIDC reverting to using service principal credentials by @singhgss in #224
• [Fix] GR1V4 Fixed the control's required param to mandatory control by @dutt0 in #227
• [New control] GR1 V6 dedicated User Account for Admin by @dutt0 in #223
• [BugFix] GR1 | Validation 4 | Error Handling for non-existent LAW by @singhgss in #231
• [BugFix] - GR1 | Validation 4 | Comment Mismatch for Missing Lock by @singhgss in #232
• GR1 V3 Bugfix for GA Count for maximum 5 and MFA validation by @dutt0 in #233
• [Update] Remove signing from non-production workflow by @dutt0 in #235
• [New control] GR11 | Validation 1,2,3 | User Account GC Event Logging Check by @dutt0 in #236
• [BugFix] - Error in the Workbook for guardrails 1,2,3,4,5,6,7 by @singhgss in #237
• [New module] GR11 Validation 6 Monitoring Checklist: Use Cases by @dutt0 in #241
• [New Module] GR13 Validation 4 Valid Signatures and Approvals for Break Glass Account Procedure by @dutt0 in #242
• [Update] GR11 V6 and GR13 V4: French ItemName update by @dutt0 in #244
• [New Control] - GR7 | Validation 3 | Certificate Validity: Application Gateway (M) by @singhgss in #225
• [New control] GR2 | Validation 7 | Authentication Mechanisms: Risk Based Conditional Access Policies by @dutt0 in #245
• [Bug Fix] GR3 V1- Small bug fix to check count for device and location policies by @alalvi00 in #253
• [Bugfix] GR2 | Validation 2 and Validation 4 | Questions/ Clarifications by @dutt0 in #252
• [Bugfix] GR1 V1 V6 misc. bugfix by @dutt0 in #255
• [Bugfix] GR2 V1 User groups use-case - exclude mailbox as user by @dutt0 in #256
• [BugFix] - Multi-Profile Feature Not Updating Workbook/ Log Results Based on Subscription Tags by @singhgss in #257
• [New control] GR13 V3 Break Glass Account Testing Cadence by @dutt0 in #258
• [Enhancement ] Removing existing 1.0 non-required controls by @dutt0 in #261
• Pre-release v2.1.1 by @dutt0 in #259
• Update Modules Pre Release by @github-actions in #263

Full Changelog: v2.1.0...v2.1.1

v2.1.0

What's Changed

• [New Control] GR1 V1 All Cloud User Accounts MFA Check by @dutt0 in #183
• [Update] GR1 V1 All Cloud User Accounts MFA Check by @dutt0 in #184
• [Bugfix] GR2 V9 Privileged role status with multiple role assigned by @dutt0 in #185
• [Enhancement] - Multi Cloud usage profiles by @singhgss in #161
• [Bugfix] GR1 V1 MFA reporting for guest user by @dutt0 in #187
• [Enhancement] - MultiCloud Usage Profile integration to all Guardrails and Workbook by @singhgss in #188
• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #191
• [Bugfix] Dont project profile column if not present by @singhgss in #192
• BugFix - Update upload and download artifact version to V4 by @singhgss in #195
• [Enhancement] GR1 V3 MFA and Count for Global Administrator Accounts by @dutt0 in #194
• [Bugfix] Fix module.json by @dutt0 in #196
• Created a new control for Conditional Access Policy - Admin Access Users by @alalvi00 in #197
• [Enhancement] - GR1 | Validation 4 | User Account GC Event Logging Check (M) by @singhgss in #202
• GR2 V1 Account Management: User Groups by @dutt0 in #198
• GR2 V1 compliance message update by @dutt0 in #204
• Pre-release v2.1.0 by @dutt0 in #205
• Update Modules Pre Release by @github-actions in #206
• [BugFix] - Fix Release pipeline - remove artifact requirement completely by @singhgss in #207
• [BugFix] Use zip instead of compress-archive for creating zip for release by @singhgss in #208
• [BugFix] - Fix release pipeline by @singhgss in #209
• [BugFix] Fix signing release pipeline by @singhgss in #210
• [BugFix] - Add compress archive for zipping release artifact by @singhgss in #211

New Contributors

• @dependabot made their first contribution in #191

Full Changelog: v2.0.0...v2.1.0

v2.0.0

What's Changed

• Update azure/login and azure/powershell to version 2.0 by @alalvi00 in #135
• Updated azure/login and azure/powershell -Test pipeline by @alalvi00 in #138
• Updated azure/login to v2 - Release pipeline by @alalvi00 in #137
• [Enhancement] GR6 Data at Rest - added additional policy check and resource based compliance status by @dutt0 in #139
• [Enhancement] GR6 - update PBMM SC-28 required policy check by @dutt0 in #146
• [Enhancement] Updated the file and access path the department list by @dutt0 in #147
• [Fix] Updated the url to retrieve list from main branch by @dutt0 in #148
• [Fix] Fixed the url to retrieve list from main branch by @dutt0 in #149
• [Enhancement] Introducing new control for GR13 by @dutt0 in #153
• [Enhancement] Add pipeline concurrency handling for Dev and Test deployment by @singhgss in #155
• [Enhancement] GR2 validation 8 Guest user accounts by @dutt0 in #156
• [Enhancement] GR2 validation 9 Privileged Guest user accounts by @dutt0 in #162
• [Fix] GR2 V9 Added Guest user email address to the table by @dutt0 in #164
• [Enhancement] update to v2.0 control names by @dutt0 in #166
• [Enhancement] Update document storage compliance msgs by @dutt0 in #167
• [Enhancement] GR5 remove PBMM check by @dutt0 in #172
• [Enhancement] GR6 PBMM policy check iteration 2 by @dutt0 in #173
• Allowed Initiatives - GR5 by @alalvi00 in #171
• [Fix] Removed unnecessary zip psmodules by @dutt0 in #175
• Pre-release v2.0.0 by @dutt0 in #176
• Update Modules Pre Release by @github-actions in #177

Full Changelog: v1.2.3...v2.0.0

v1.2.3

What's Changed

• [Bug fix] Reading GlobalAdminstratorsUPN file extension by @dutt0 in #123
• [Bug fix] GR11 defender monitoring typo fix compliance status by @dutt0 in #124
• [Bug fix] Fixing GR4 module compliance status by @dutt0 in #125
• [Enhancement] Update dev pipeline for CaC solution version upgrade preserving attestations by @dutt0 in #127
• [Code cleanup] Remove attestation reference by @dutt0 in #128
• Pre-release v1.2.3 by @dutt0 in #130
• Update Modules Pre Release by @github-actions in #131

Full Changelog: v1.2.2...v1.2.3

v1.2.2

What's Changed

• [Feature enhancement] GR1 & Gr3 - list the UPNs having non-enabled MFA by @dutt0 in #88
• [Bug Fix] GR1 & Gr3 - list the UPNs which have non-enabled MFA by @dutt0 in #92
• [Enhancement] Adding more error handling to GR1 & GR3 GA MFA by @dutt0 in #94
• [Bug fix] Update code for Get-AzSecurityContact error - introduced due to PS module bug by @dutt0 in #98
• [Update] README file with updated documentation by @dutt0 in #102
• [Update] Replace configs with Env vars by @dutt0 in #106
• [Code-fix] Fixing module version miss-match by @dutt0 in #108
• Created test cases for GR1 by @alalvi00 in #100
• [Enhancement] Multiple format document upload by @dutt0 in #110
• [Enhancement] Documentation update by @dutt0 in #111
• [Enhancement] GR12 marketplace logic update by @dutt0 in #112
• DEV Pipeline by @alalvi00 in #114
• [Enhancement] Update document contents by @dutt0 in #115
• Dev pipeline to be triggered upon completion of release by @alalvi00 in #117
• Pre-release v1.2.2 by @dutt0 in #118
• Update Modules Pre Release by @github-actions in #120

Full Changelog: v1.2.1...v1.2.2