diff --git a/Tests/Consistency.Tests.ps1 b/Tests/Consistency.Tests.ps1 index b694b47..46c73d0 100644 --- a/Tests/Consistency.Tests.ps1 +++ b/Tests/Consistency.Tests.ps1 @@ -64,6 +64,7 @@ Describe 'Consistency contract' { 'Get-IntuneAnomaliesReport' = @('ExportPath') 'Get-EntraAdminRolesReport' = @('ExportPath') 'Get-M365LicenseAssignmentReport' = @('ExportPath') + 'Get-CustomSecurityAttributesReport' = @('AttributeSet', 'ExportPath') } } diff --git a/docs/PERMISSIONS.md b/docs/PERMISSIONS.md index 3ee53d4..82c6be0 100644 --- a/docs/PERMISSIONS.md +++ b/docs/PERMISSIONS.md @@ -11,6 +11,7 @@ Use these when registering an app in Azure AD / Entra ID or when calling `Connec | Permission | Used by | |------------|---------| | **AuditLog.Read.All** | Get-EntraAdminRolesReport, Get-M365LicenseAssignmentReport | +| **CustomSecAttributeAssignment.Read.All** | Get-CustomSecurityAttributesReport | | **CloudLicensing.Read** | Get-M365LicenseAssignmentReport | | **CloudPC.Read.All** | Get-IntuneEnrollmentFlowsReport, Get-IntuneAnomaliesReport | | **Device.Read.All** | Get-IntuneEnrollmentFlowsReport | @@ -21,13 +22,13 @@ Use these when registering an app in Azure AD / Entra ID or when calling `Connec | **Directory.Read.All** | Get-IntuneAnomaliesReport, Get-EntraAdminRolesReport, Get-M365LicenseAssignmentReport | | **Group.Read.All** | Get-IntuneEnrollmentFlowsReport, Get-M365LicenseAssignmentReport | | **GroupMember.Read.All** | Get-M365LicenseAssignmentReport | -| **Mail.Send** | Get-IntuneAnomaliesReport, Get-EntraAdminRolesReport, Get-M365LicenseAssignmentReport (optional, for email report) | -| **Organization.Read.All** | Get-EntraAdminRolesReport, Get-M365LicenseAssignmentReport | +| **Mail.Send** | Get-IntuneAnomaliesReport, Get-EntraAdminRolesReport, Get-M365LicenseAssignmentReport, Get-CustomSecurityAttributesReport (optional, for email report) | +| **Organization.Read.All** | Get-EntraAdminRolesReport, Get-M365LicenseAssignmentReport, Get-CustomSecurityAttributesReport | | **PrivilegedEligibilitySchedule.Read.AzureADGroup** | Get-EntraAdminRolesReport | | **RoleAssignmentSchedule.Read.Directory** | Get-EntraAdminRolesReport | | **RoleManagement.Read.Directory** | Get-EntraAdminRolesReport, Get-M365LicenseAssignmentReport | | **User.Read** | Get-IntuneAnomaliesReport (minimum for interactive) | -| **User.Read.All** | Get-IntuneEnrollmentFlowsReport, Get-IntuneAnomaliesReport, Get-M365LicenseAssignmentReport | +| **User.Read.All** | Get-IntuneEnrollmentFlowsReport, Get-IntuneAnomaliesReport, Get-M365LicenseAssignmentReport, Get-CustomSecurityAttributesReport | --- @@ -54,7 +55,8 @@ Default `-RequiredScopes` is the **union** of all scopes below so one connection - PrivilegedEligibilitySchedule.Read.AzureADGroup - Mail.Send - CloudLicensing.Read -- CloudPC.Read.All +- CloudPC.Read.All +- CustomSecAttributeAssignment.Read.All --- @@ -110,6 +112,15 @@ Default `-RequiredScopes` is the **union** of all scopes below so one connection --- +### Get-CustomSecurityAttributesReport + +- CustomSecAttributeAssignment.Read.All +- User.Read.All +- Organization.Read.All +- Mail.Send + +--- + ## Notes - **Application vs Delegated:** These are typically **Application** or **Delegated** depending on whether you connect with client secret/certificate (application) or interactive/device code (delegated). Configure the same permission names in the Azure app registration under Microsoft Graph. diff --git a/docs/superpowers/plans/2026-05-03-report-rebrand-integration.md b/docs/superpowers/plans/2026-05-03-report-rebrand-integration.md new file mode 100644 index 0000000..fb93e2a --- /dev/null +++ b/docs/superpowers/plans/2026-05-03-report-rebrand-integration.md @@ -0,0 +1,205 @@ +# Report Rebrand + Custom Security Attributes Integration + +> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. + +**Goal:** Create a shared HTML report template with rksolutions.nl branding, integrate Get-CustomSecurityAttributesReport, and migrate all existing reports to the shared template. + +**Architecture:** A single `New-RKSolutionsReportTemplate` PowerShell function provides the full HTML shell (head, CSS, JS, brand elements). Each report only builds its unique content (stats cards, tables, filters) and passes it to the template. The new Custom Security Attributes report is built on the template from the start; existing reports are migrated one at a time. + +**Tech Stack:** PowerShell 7.0+, Microsoft Graph API, HTML5/CSS3/JS, Bootstrap 5, DataTables, Google Fonts (Playfair Display, Source Serif 4, JetBrains Mono) + +**Spec:** `docs/superpowers/specs/2026-05-03-report-integration-rebrand-design.md` + +--- + +### Task 1: Create Shared HTML Report Template + +**Files:** +- Create: `module/Private/New-RKSolutionsReportTemplate.ps1` + +This is the foundation. Every subsequent task depends on it. + +- [ ] **Step 1: Create `New-RKSolutionsReportTemplate.ps1`** + +The function accepts: `$TenantName`, `$ReportTitle`, `$ReportSlug`, `$Eyebrow`, `$Lede`, `$StatsCardsHtml`, `$BodyContentHtml`, `$CustomCss`, `$ReportDate`, `$Tags`. + +Returns a complete HTML document string via expandable here-string with: +- Google Fonts + CDN links (Bootstrap 5, DataTables, Font Awesome, jQuery, jszip, pdfmake) +- CSS custom properties for light (`:root`) and dark (`[data-theme="dark"]`) themes using the validated brand tokens from the spec +- Shared CSS: typography (Playfair Display for titles, Source Serif 4 for body, JetBrains Mono for monospace), breadcrumb pill, eyebrow line, title block, stat tile colors (rust/olive/steel/rose), filter bar, table styles, status badges, tag pills, theme toggle, DataTables overrides, PS prompt footer +- `$CustomCss` injected inside ` - -
- -Show all entries
-| Principal | -Display Name | -Principal Type | -Account Status | -Assigned Role | -Role Scope | -Assignment Type | -Start Date | -End Date | -
|---|
Show all entries
-| Principal | -Display Name | -Principal Type | -Account Status | -Assigned Role | -Role Scope | -Assignment Type | -Start Date | -End Date | -
|---|
Show all entries
-| Principal | -Display Name | -Principal Type | -Account Status | -Assigned Role | -Role Scope | -Assignment Type | -Start Date | -End Date | -Members | -Activated Members | -
|---|
Show all entries
-| Principal | -Display Name | -Principal Type | -Account Status | -Assigned Role | -Role Scope | -Assignment Type | -Start Date | -End Date | -
|---|
Show all entries
-| Date/Time | -Initiated By | -Operation Type | -Initiator Type | -Role | -Target | -Operation | -Result | -Role Properties | -Justification | -
|---|