Merge pull request #50 from JulianHayward/dev_v5_major_20210818_2

v5_major_20210818_2
JulianHayward · Aug 18, 2021 · 6d00450 · 6d00450
2 parents 1bc363f + 28db26b
commit 6d00450
Show file tree

Hide file tree

Showing 1,676 changed files with 600,651 additions and 510 deletions.
diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ __AzGovViz is intended to help you to get a holistic overview on your technical
 </td>
 </table>
 
-## Microsoft Cloud Adoption Framework - CAF
+## Microsoft Cloud Adoption Framework (CAF)
 
 <img align="left" height="80" src="img/caf.png"> Listed as tool for the Govern discipline in the Microsoft Cloud Adoption Framework!  
 https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/reference/tools-templates#govern
@@ -36,7 +36,7 @@ Included in the Microsoft Cloud Adoption Framework´s [Strategy-Plan-Ready-Gov](
 
 <hr>
 
-## Table of contents
+## Content
 * [Release history](#release-history)
 * [Demo](#demo)
   * [Media](#media)
@@ -63,46 +63,22 @@ Included in the Microsoft Cloud Adoption Framework´s [Strategy-Plan-Ready-Gov](
 
 ## Release history
 
-__Changes__ (2021-Aug-06 / Major)
+__Changes__ (2021-Aug-18 / Major)
 
-* Enriched Policy assignments with list of used parameters
-* Enriched Role assignments on Groups with Group member count
-* Optimize JSON outputs
-* CSP scenario error handling
+* Added ASC Secure Score for Management Groups
+* Policy Compliance - if API returns 'ResponseTooLarge' then flag Policy Compliance entries with 'skipped' for given scope
+* Added [demo-output](demo-output) folder containing all outputs (html, csv, md, json, log)
 * Bugfixes
-* Performance optimization
-
-__Changes__ (2021-July-28 / Major)
-
-* As demanded by the community reactivated parameters `-PolicyAtScopeOnly` and `-RBACAtScopeOnly`
-* New paramter `-AADGroupMembersLimit`. Defines the limit (default=500) of AAD Group members; For AAD Groups that have more members than the defined limit Group members will not be resolved 
-* New parameter `-JsonExportExcludeResourceGroups` - JSON Export will not include ResourceGroups (Policy & Role assignments)
-* New parameter `-JsonExportExcludeResources`- JSON Export will not include Resources (Role assignments)
-* Bugfixes
-* Performance optimization
-
-__Changes__ (2021-July-22 / Major)
-
-* Full blown JSON definition output. Leveraging Git with this new capability you can easily track any changes that occurred in between the previous and last AzGovViz run.  
-![newBuiltInRoleDefinition](img/gitdiff600.jpg)  
-_* a new BuiltIn RBAC Role definition was added_
-* Renamed parameter `-PolicyIncludeResourceGroups` to , `-DoNotIncludeResourceGroupsOnPolicy` (from now Policy assignments on ResourceGroups will be included by default)
-* Renamed parameter `-RBACIncludeResourceGroupsAndResources` to , `-DoNotIncludeResourceGroupsAndResourcesOnRBAC` (from now Role assignments on ResourceGroups and Resources will be included by default)
-* New parameter `-HtmlTableRowsLimit`. Although the parameter `-LargeTenant` was introduced recently, still the html output may become too large to be processed properly. The new parameter defines the limit of rows - if for the html processing part the limit is reached then the html table will not be created (csv and json output will still be created). Default rows limit is 40.000
-* Added NonCompliance Message for Policy assignments
-* Cosmetics
-* Bugfixes
-* Performance optimization
 
 [Release history](history.md)
 
 <hr>
 
 ## Demo
 
-<a href="https://www.azadvertizer.net/azgovvizv4/demo/AzGovViz_Enterprise-Scale_WingTip_v5_major_202107021_1.html" target="_blank">![Demo](img/demo4_66.png)</a>
+<a href="https://www.azadvertizer.net/azgovvizv4/demo/AzGovViz_Enterprise-Scale_WingTip_v5_major_20210818_2.html" target="_blank">![Demo](img/demo4_66.png)</a>
 
-[Demo (v5_major_20210721_1)](https://www.azadvertizer.net/azgovvizv4/demo/AzGovViz_Enterprise-Scale_WingTip_v5_major_202107021_1.html)  
+[Demo (v5_major_20210818_2)](https://www.azadvertizer.net/azgovvizv4/demo/AzGovViz_Enterprise-Scale_WingTip_v5_major_20210818_2.html)  
 Enterprise-Scale ([WingTip](https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/wingtip/README.md)) implementation
 
 ### Media
@@ -172,6 +148,7 @@ Short presentation on AzGovViz [Download](slides/AzGovViz_intro.pdf)
     * Advanced information on Role assignments
       * Role assignment scope (at scope / inheritance)
       * For Role Assignments on Groups the AAD Group members are fully resolved. With this capability AzGovViz can ultimately provide holistic insights on permissions granted
+      * For Role Assignments on Groups the AAD Group members count (transitive) will be reported
       * For identity-type == 'ServicePrincipal' the type (Application/ManagedIdentity) will be reported
       * For identity-type == 'User' the userType (Member/Guest) will be reported
       * Related Policy assignments (Policy assignment of a Policy definition that uses the DeployIfNotExists (DINE) effect)
@@ -280,7 +257,7 @@ markdown in Azure DevOps Wiki as Code
   * Browsers tested: Edge, new Edge and Chrome
 * MD (Markdown) file
   * for use with Azure DevOps Wiki leveraging the [Mermaid](https://docs.microsoft.com/en-us/azure/devops/release-notes/2019/sprint-158-update#mermaid-diagram-support-in-wiki) plugin
-* JSON folder containing 
+* JSON folder ([demo-output](demo-output)) containing 
   * all Policy and Role assignments (Scopes: Tenant, Management Groups and Subscriptions)
   * all BuiltIn and Custom Policy/Set definitions (Scopes: Management Groups and Subscriptions)
   * all BuiltIn and Custom Role definitions
@@ -425,13 +402,13 @@ This permission is <b>mandatory</b> in each and every scenario!
   * `-ManagementGroupId` Management Group Id (Root Management Group Id equals your Tenant Id)
   * `-CsvDelimiter` - The world is split into two kinds of delimiters - comma and semicolon - choose yours (default is semicolon ';')
   * `-OutputPath` 
-  * `-AzureDevOpsWikiAsCode` - Only use in Azure DevOps Pipeline
+  * `-AzureDevOpsWikiAsCode` - Use this parameter only when running AzGovViz in a Azure DevOps Pipeline
   * `-DoNotShowRoleAssignmentsUserData` - Scrub personally identifiable information (PII)
   * `-LimitCriticalPercentage` - Limit warning level, default is 80%
   * ~~`-HierarchyTreeOnly`~~ `-HierarchyMapOnly` - Output only the __HierarchyMap__ for Management Groups including linked Subscriptions
-  * `-SubscriptionQuotaIdWhitelist` - Process only Subscriptions with defined QuotaId(s)
+  * `-SubscriptionQuotaIdWhitelist` - Process only Subscriptions with defined QuotaId(s). Example: .\AzGovVizParallel.ps1 `-SubscriptionQuotaIdWhitelist MSDN_,Enterprise_`
   * `-NoResourceProvidersDetailed` - Disables output for ResourceProvider states for all Subscriptions in the __TenantSummary__ section, in large Tenants this can become time consuming
-  * `-NoASCSecureScore` - Disables ASC Secure Score request for Subscriptions. The used API is in preview you may want to disable this
+  * `-NoASCSecureScore` - Disables ASC Secure Score request for Subscriptions and Management Groups.
   * ~~`-DisablePolicyComplianceStates`~~ `-NoPolicyComplianceStates` - Will not query policy compliance states. You may want to use this parameter to accellerate script execution or when receiving error 'ResponseTooLarge'. 
   * `-NoResourceDiagnosticsPolicyLifecycle` - Disables Resource Diagnostics Policy Lifecycle recommendations
   * `-NoAADGroupsResolveMembers` - Disables resolving Azure Active Directory Group memberships
@@ -459,12 +436,12 @@ This permission is <b>mandatory</b> in each and every scenario!
   * `-HtmlTableRowsLimit` - Although the parameter `-LargeTenant` was introduced recently, still the html output may become too large to be processed properly. The new parameter defines the limit of rows - if for the html processing part the limit is reached then the html table will not be created (csv and json output will still be created). Default rows limit is 40.000
   * `-AADGroupMembersLimit` - Defines the limit (default=500) of AAD Group members; For AAD Groups that have more members than the defined limit Group members will not be resolved 
 
-* Passed tests: Powershell Core 7.1.2 on Windows
+* Passed tests: Powershell Core 7.1.3 on Windows
 * Passed tests: Powershell Core 7.1.3 Azure DevOps hosted ubuntu-18.04
 
 ## AzGovViz step by step
 
-Detailed __[Setup](setup.md) instructions__
+&#x1F4A1; Check the detailed __[Setup](setup.md)__ instructions
 
 ### AzGovViz in Azure DevOps