What happened?
The internal function that manages plugins is case sensitive, so is returning an empty array when the string passed to the -Analysis variable does not match.

How to reproduce it
The following command will fail, because a capital letter in "SharePointOnline" is wrong.

Invoke-Monkey365 -Instance Microsoft365 -Analysis SharePointOnline -Verbose -Debug -InformationAction Continue -ExportTo HTML

As a workaround, the following command can be used (Please, note the lack of capital letter in SharePointOnline):

Invoke-Monkey365 -Instance Microsoft365 -Analysis SharepointOnline -ExportTo HTML

Indeed this module as a file is found in two places in the Modules directory. One in the directory MonkeyhtmlPrivate\Utils and the other in the directory MonkeyutilsPublic.

Moreover the method is used in the main loading module (Monkey365.psm1) but this one only loads the "*.ps1" files in all the directories listed in the declared Module array. At no time the call to the Modules in the Core\Modules directory is made so this method is not executed.

I know you call this method on PSM for HTML module and you declare it on PSD file for Monkeyutils and it's not the same visibility access (Private for one and Public for other) it's even to avoid maintain two versions my 2 cents. :)

Thank you. Franck.

Is your feature request related to a problem? Please describe.
Remote PowerShell (RPS) protocol is deprecated and will be decommissioned in the near future (October 2023). Monkey365 is still connecting to Security and Compliance through Remote PowerShell (RPS) and therefore should be migrated to REST API.

Describe the solution you'd like
Migrate all Security and Compliance related plugins and update Monkey365 codebase to use the new REST endpoints

Additional context
Deprecation of Remote PowerShell (RPS) Protocol in Security and Compliance PowerShell

What happened?
When I run monkey365 scan for m365 with params, I have a lot of error message (see screenshot)

How to reproduce it
Steps to reproduce the behavior:

1. What command are you running?
   Invoke-Monkey365 @param
2. See error

Expected behavior
No error and Monkey works :)

Screenshots or Logs

From where are you running Monkey365?
Please, complete the following information:

• Resource: Virutalbox VM
• OS: Windows 10
• PowerShell Version [$PsVersionTable]: 5.x or 7.x is the same
• Monkey365 Version: latest
• Others:

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
There is no option to remove or to list all available plugins

Describe the solution you'd like
The plugin feature should be improved to allow users to exclude some plugins from being executed, or to list all available plugins.

Is your feature request related to a problem? Please describe.
I often find myself needing to transfer the output of Monkey365 from machine to machine. To do that I have to find the various bits of output, the log file and zip them up myself. That all takes time.

Describe the solution you'd like
An additional value for ExportTo, for example ZIP, that generates HTML, JSON and CSV output, then zips it up together with any log files pertaining to the run, and either puts it in OutDir or in a system temporary directory, for example /tmp/ on a Linux system. Monkey365 should report the full path to the output zip file at the end of the run.

Describe alternatives you've considered
Zipping it up myself (see above), which is what I do at the moment.

What happened?
Hi ! I want to produce a report with an analysis of Kubernetes but when I try with the "Kubernetes" parameter it doesn't work. There is a problem in the exportation, no matter to what I export it. I noticed in the code of the function "Invoke-Monkey365" that Kubernetes is missing, I don't know if the problem is from here or from my configuration (I am novice). If I change the "Kubernetes" with any other analysis's parameter, it works very well and if I use "All", I don't have the Kubernetes in my report.

Is your feature request related to a problem? Please describe.
Remote PowerShell (RPS) protocol is deprecated and will be decommissioned in the near future (July 1, 2023). Monkey365 is still connecting to Exchange Online through Remote PowerShell (RPS) and therefore should be migrated to REST API.

Describe the solution you'd like
Migrate all Exchange Online related plugins and update Monkey365 codebase to use the new EXO REST endpoints

Additional context
Remote PowerShell Deprecation

What happened?
Monkey365 console log shows a large number of 404 errors when querying resources for Azure Diagnostic Settings.

How to reproduce it
Steps to reproduce the behavior:

1. Execute Monkey365 in a subscription with resources that do not have support for diagnostic settings.
2. See console log errors

Expected behavior
Monkey365 should try to get information from diagnostic settings if the resource supports it.

From where are you running Monkey365?
Please, complete the following information:

• Resource: Docker container, workstation
• OS: Windows and Linux
• PowerShell Version: All PowerShell versions
• Monkey365 Version: latest

Additional context
The latest version of Monkey365 is using a json file with well-know resources that do not have support for diagnostic settings. Logic must be redesigned in order to be able to discover which resource is supporting diagnostic settings, and which resources not.
More information regarding available operations per resource can be seen here.

What happened?
Importing the Monkey365 PowerShell module takes a long time on NIX OS. It gives results from 100 to 300 seconds using PowerShell 7.3.3.

PS /home/silverhack> Measure-Command -Expression {Import-Module /mnt/c/monkey365}

Days              : 0
Hours             : 0
Minutes           : 4
Seconds           : 45
Milliseconds      : 873
Ticks             : 2858730254
TotalDays         : 0.00330871557175926
TotalHours        : 0.0794091737222222
TotalMinutes      : 4.76455042333333
TotalSeconds      : 285.8730254
TotalMilliseconds : 285873.0254

How to reproduce it
Steps to reproduce the behavior:
Import Monkey365 on NIX environments

Expected behavior
Monkey365 should load in a reasonable time.

Additional context
Some internal modules seem to load in reasonable time, so I believe it is an issue with Get-ChildItem command. Monkey365 has to dot-source every single internal function (more than 400), and the first time will iterate over directories by using Get-ChildItem cmdLet.

Additional Urls

Why is Get-ChildItem so Slow?
Windows Defender and PowerShell

Hi, is possbile to execute more than one "Analysis" with one comand execution ?

Many Thanks,

Guido

What happened?
When running monkey365, I try different ExportTo options and none work, only when a single option is specified works.

How to reproduce it
Steps to reproduce the behavior:

1. What command are you running?
   $param = @{
   Instance = 'Azure';
   Analysis = 'All';
   PromptBehavior = 'SelectAccount';
   subscriptions = '000000-00000000-0000';
   TenantID = '000000-00000000-0000';
   ExportTo = "CSV,JSON,CLIXML,PRINT,EXCEL,HTML";
   }
   $assets = Invoke-Monkey365 @param
2. See error
   Invoke-Monkey365: Cannot validate argument on parameter 'ExportTo'. The argument "JCSV,JSON,CLIXML,PRINT,EXCEL,HTML" does not belong to the set "CSV,JSON,CLIXML,PRINT,EXCEL,HTML" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.
   Expected behavior
   Get output in the formats specified

From where are you running Monkey365?
Please, complete the following information:

• Resource: Workstation
• OS: Windows 10
• PowerShell Version [$PsVersionTable]: 7.2.6
• Monkey365 Version:
• Others:

What happened?
A clear and concise description of what the bug is or what is not working as expected
Trying to get compliance assessment from tenant via device auth code. But getting error as shown below.

How to reproduce it
Steps to reproduce the behavior:

1. What command are you running?

$param = @{
    Instance       = 'Microsoft365';
    Analysis       = 'PurView';
    DeviceCode     = $true;
    ExportTo       = @("CSV", "JSON", "HTML");
}
Invoke-Monkey365 @param

2. See error

pwsh:
Line |
 661 |              pwsh -args @($files) -Command $ScriptBlock
     |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [Microsoft.Identity.Client.PublicClientApplicationOptions].
InvalidOperation: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:40
Line |
  40 |  … lications = [System.Collections.Generic.List[Microsoft.Identity.Clien …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [System.Collections.Generic.List].
InvalidOperation: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:41
Line |
  41 |  … lications = [System.Collections.Generic.List[Microsoft.Identity.Clien …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [System.Collections.Generic.List].
New-Object: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:44
Line |
  44 |  … pMetadata = New-Object -TypeName "System.Management.Automation.Comman …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Exception calling ".ctor" with "1" argument(s): "Unable to find type [Microsoft.Identity.Client.AzureCloudInstance]."
PropertyNotFoundException: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:47
Line |
  47 |          $param = $msalAppMetadata.Parameters.Keys
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | The property 'Parameters' cannot be found on this object. Verify that the property exists.
InvalidOperation: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:48
Line |
  48 |          foreach($p in $param.GetEnumerator()){
     |                        ~~~~~~~~~~~~~~~~~~~~~~
     | You cannot call a method on a null-valued expression.
InvalidOperation:
Line |
  76 |          [Microsoft.Identity.Client.AzureCloudInstance]$Environment =  …
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [Microsoft.Identity.Client.AzureCloudInstance].
PropertyNotFoundException: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:65
Line |
  65 |              $O365Object.isConfidentialApp = -NOT $O365Object.msalappl …
     |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | The property 'isPublicApp' cannot be found on this object. Verify that the property exists.
New-Object: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:67
Line |
  67 |  … pMetadata = New-Object -TypeName "System.Management.Automation.Comman …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Exception calling ".ctor" with "1" argument(s): "Unable to find type [Microsoft.Identity.Client.AuthenticationResult]."
PropertyNotFoundException: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:70
Line |
  70 |              $param = $msalAppMetadata.Parameters.Keys
     |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | The property 'Parameters' cannot be found on this object. Verify that the property exists.
InvalidOperation: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:71
Line |
  71 |              foreach($p in $param.GetEnumerator()){
     |                            ~~~~~~~~~~~~~~~~~~~~~~
     | You cannot call a method on a null-valued expression.
InvalidOperation: /usr/local/microsoft/powershell/7/Modules/monkey365/core/init/Initialize-AuthenticationParam.ps1:84
Line |
  84 |  …             [void]$O365Object.msal_public_applications.Add($O365Objec …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | You cannot call a method on a null-valued expression.
InvalidOperation:
Line |
1645 |          [Microsoft.Identity.Client.AzureCloudInstance]$Environment =  …
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [Microsoft.Identity.Client.AzureCloudInstance]

Expected behavior
A clear and concise description of what you expected to happen.
Trying to get compliance assessment from tenant via device auth code.

Screenshots or Logs
If applicable, add screenshots to help explain your problem.
Also, you can add logs (Please anonymize them first!). The following command may help to share a log
Invoke-Monkey365 -Instance...... -Verbose -Debug -InformationAction Continue -WriteLog then attach here monkey365_exceptions_%date%.log
Log file is empty.

From where are you running Monkey365?
Please, complete the following information:

• Resource: [Docker container, workstation) workstation. Module installation path:

/usr/local/microsoft/powershell/7/Modules/monkey365

$env:PSModulePath -split ":"                                                                                                                                                                          
/usr/local/microsoft/powershell/7/Modules

• OS: MacOS 14.2.1
• PowerShell Version [$PsVersionTable]:

Name                           Value
----                           -----
PSVersion                      7.4.0
PSEdition                      Core
GitCommitId                    7.4.0
OS                             Darwin 23.2.0 Darwin Kernel Version 23.2.0: Wed Nov 15 21:53:18 PST 2023; root:xnu-10002.61.3~2/RELEASE_ARM64_T6000
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

• Monkey365 Version: v0.91.2-beta
• Others:

Additional context
Add any other context about the problem here.

What happened?
If you run Monkey365 without console output options you may see these warnings during executions:

Expected behavior
Monkey365 should replace those warnings with a more verbose messages - i.e. messages with a suggested solution - in an effort to reduce the warning fatigue.

Additional context
While this is not critical, it can cause warning fatigue, resulting in valid warnings being missed. Also, warnings in plugins should be improved in order to avoid false-positives where there really isn't a problem with the plugin itself. For example, Monkey365 is raising warnings, even if resources are not used.

What happened?
Error occurred while running the Invoke-Monkey365 cmdlet with Cert based auth on a Service principal with the required graph permissions:

`
Exception calling "ToBase64String" with "1" argument(s): "Value cannot be null.
Parameter name: inArray"
At line:13260 char:16
return [Convert]::ToBase64String($profilePhoto)

• CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  + FullyQualifiedErrorId : ArgumentNullException
  `

WARNING: [20:07:40:683] - [Invoke-ClientRequest] - [ServiceUnavailable] https://demo.sharepoint.com/_vti_bin/client.sv
c/ProcessQuery - info - EXCALIBUR -
New-SideBar : Cannot bind argument to parameter 'items' because it is null.
At line:6850 char:39

•     $sidebar = New-SideBar -items $matched
  

•                                   ~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [New-SideBar], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,New-SideBar

How to reproduce it
Steps to reproduce the behavior:

1. Invoke-Monkey365 -Instance 'Microsoft365' -Analysis 'SharePointOnline' -TenantId 'xxxx-xxxx-xxxx-xxxx-xxxx' -ExportTo 'HTML' -Certificate $certificate -CertFilePassword $CertFilePassword -ClientId 'xxxx-xxxx-xxxx-xxxxx-xxxx'

2. See error

Expected behavior
A clear and concise description of what you expected to happen.
An HTML File is generated with the list of recommendations and checks performed on the current config

Please, complete the following information:

• Resource: Workstation
• OS: Windows
• PowerShell Version : 5.1.22621.1778
• Monkey365 Version: 0.8.5-beta
• Others:
  Certificate Based Authentication is being used

Additional context
We faced the same issue in Powershell 7.3.7 as well

https://github.com/silverhack/monkey365/blob/main/rules/conditions/aad-privileged-roles.json is missing multiple privileged roles, such as user administrator

I am receiving the following error after completing the interactive login/MFA:

AADSTS50011: The redirect URI 'https://login.microsoftonline.us/organizations' specified in the request does not match the redirect URIs configured for the application 'fb78d390-0c51-40cd-8e17-fdbfab77341b'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.

This occurs when I run

$param = @{
Instance = 'Microsoft365';
Analysis = 'ExchangeOnline';
PromptBehavior = 'SelectAccount';
Environment = 'AzureUSGovernment';
ExportTo = 'HTML';
}
Invoke-Monkey365 @param

I don't see app fb78d390-0c51-40cd-8e17-fdbfab77341bin Azure AD at all

• Improve documentation on regulatory compliance checks, supported regulatory standards, etc..
• Improve Readme.md and docs
• Improve documentation on how to configure service principals for existing workloads

Monkey365 will fetch data from services, even if connection is not available by any reason (time-out, authentication failures, etc..).

Monkey365 should only fetch data when the service state is connected, and should prevent loading service related plugins.

What happened?
A clear and concise description of what the bug is or what is not working as expected
PurView report was not created.

How to reproduce it
Steps to reproduce the behavior:

1. What command are you running?

$param = @{
    Instance       = 'Microsoft365';
    Analysis       = 'PurView';
    DeviceCode     = $true;
    ExportTo       = @("CSV", "JSON", "HTML");
}

Invoke-Monkey365 @param -Verbose

2. See error
   

Expected behavior
A clear and concise description of what you expected to happen.
Collect information and export it as a selected format.

Screenshots or Logs
If applicable, add screenshots to help explain your problem.
Also, you can add logs (Please anonymize them first!). The following command may help to share a log
Invoke-Monkey365 -Instance...... -Verbose -Debug -InformationAction Continue -WriteLog then attach here monkey365_exceptions_%date%.log
Log file is empty, attached is a screen with verbose.

From where are you running Monkey365?
Please, complete the following information:

• Resource: [Docker container, workstation) CloudPC (Virtual workstation)
• OS: [e.g. Windows, Linux, etc. ] Windows 11
• PowerShell Version [$PsVersionTable]:

Name                           Value
----                           -----
PSVersion                      5.1.22621.2506
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2506
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

also tested with PS Core on Windows

Name                           Value
----                           -----
PSVersion                      7.4.0
PSEdition                      Core
GitCommitId                    7.4.0
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

• Monkey365 Version: Monkey365 v0.91.2-beta
• Others:

Additional context
Add any other context about the problem here.

Hi Silverhack,

Thank you for the quick release, i tested the new Microsoft365 scan and it works.
Just wanted to let you know, the following parameter is giving an errors.

• all_subscriptions

Let me know if i can help with anything.

Regards,
Spanjoekel

What happened?

Depending on the scopes defined in the Azure AD application, the Client Credentials grant type will be unable to connect to specific resources. Monkey365 relies also on metadata from the old Microsoft Graph to get information from tenants. Right now client credentials grant type is affected by this issue.

How to reproduce it

Execute Monkey365 with the Client Credential authentication Flow and include SharePointOnline, ExchangeOnline, Purview in the analysis parameter
Multiple 401 and 403 status code are returned by Monkey365

Expected behavior
The Client Credentials authentication flow is supported by both, the deprecated old Graph and Microsoft Graph API. Monkey365 should migrate from old Graph api to Microsoft Graph.

Applications with Graph API permissions are not affected by this issue.

This issuance is not about a bug in the application, but as an issue I'm having in my specific use case. It must be an error on my side and something I'm not doing right.

I was installing Monkey365 for the first time and trying to use it against a test M365 account, NOT on Azure. The user has Global Reader for Microsoft 365 tenant, not on Azure. This user does not have access to any Azure service.

When I try to authenticate using Monkey365, I get an authentication error, stating the Sign-in was successful but there are no sufficient permissions.

• Client PC running Monkey365: Windows 10 Pro VM
• Permissions on user: Microsoft 365 only, Global reader & Security reader
• Versions: Latest Powershell and latest Monkey365 (I just installed it from Main branch on 22 Nov)

The Monkey365 Docs does not state additional permissions, Conditional Access allowance, etc. That I should kick the tires on before I use it.

Monkey365 states that users can audit Microsoft 365 OR Azure. That's why I think I should be able authenticate and review a Microsoft 365 Tenant without the need for any Azure authentication, but Monkey365 is using Azure Powershell (Image no. 3)

Image 1: Screenshot for Monkey365 authentication & Error:

Image 2: Upon reviewing the alerts in the Microsoft Console (Admin center), I see the following marker, which is interesting:

Image 3: Full error log on Authentication error:

What happened?

I cloned the main branch, imported the module and invoked it as per the instructions.

How to reproduce it

Steps to reproduce the behavior:

PS /home/user> Import-Module monkey365
pwsh:
Line |
  64 |              pwsh -args @($files) -Command $ScriptBlock
     |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [Microsoft.Identity.Client.PublicClientApplicationOptions].
PS /home/user> **$param = @{
>>     Instance = 'Microsoft365';
>>     Analysis = 'Microsoft365';
>>     IncludeAzureAD = $true;
>>     DeviceCode = $true;
>>     OutDir = '/home/user/m365';
>>     ExportTo = @('HTML','JSON','CSV');
>> }**
PS /home/user> Invoke-Monkey365 @param -Verbose
InvalidOperation:
Line |
 954 |  … lications = [System.Collections.Generic.List[Microsoft.Identity.Clien …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [System.Collections.Generic.List].
InvalidOperation:
Line |
 955 |  … lications = [System.Collections.Generic.List[Microsoft.Identity.Clien …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [System.Collections.Generic.List].
InvalidOperation:
Line |
 436 |          [Microsoft.Identity.Client.AzureCloudInstance]$Environment =  …
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [Microsoft.Identity.Client.AzureCloudInstance].
InvalidOperation:
Line |
1038 |              [void]$O365Object.msal_public_applications.Add($O365Objec …
     |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | You cannot call a method on a null-valued expression.

Expected behavior

I expected the module to load and run correctly without errors.

From where are you running Monkey365?

Please, complete the following information:

• Resource: Workstation
• OS: Debian 12 (Linux)
• PowerShell Version [$PsVersionTable]:

PS /home/user> $PsVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.0
PSEdition                      Core
GitCommitId                    7.4.0
OS                             Debian GNU/Linux 12 (bookworm)
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

• Monkey365 Version: v0.91.1-beta
• Others:

user@debian12:~$ dotnet --list-sdks
7.0.404 [/usr/share/dotnet/sdk]
8.0.100 [/usr/share/dotnet/sdk]
user@debian12:~$ dotnet --list-runtimes
Microsoft.AspNetCore.App 7.0.14 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 8.0.0 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 7.0.14 [/usr/share/dotnet/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.0 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

Additional context

The same problem occurs when running the module in Azure Cloud Shell

From where are you running Monkey365?
Please, complete the following information:

• Resource: [workstation]
• OS: [Windows 11 [version 10.0.22000.856] ]
• PowerShell Version Both 7.x and 5.1:
  Name Value

PSVersion 7.2.6
PSEdition Core
GitCommitId 7.2.6
OS Microsoft Windows 10.0.22000
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

Name Value

PSVersion 5.1.22000.832
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22000.832
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

• Monkey365 Version: Latest

• Others:
  Release NetFramework

528449 4.8

=========================================================
The issue is inside the file PSM1 during the installation of the module.
In the loop to go to load depending on whether it is a directory or not and if we are in the directories that have PSMs to declare.

Indeed, when The file or directory will not be indexed by the operating system's content indexing service.
You receive this as result: "Directory, NotContentIndexed" and not just: "Directory" when you call the static GetAttributes() method. Moreover, your $metadata variable gets the return type of the method which is an Enum type and not a String type.
You can see it here: https://referencesource.microsoft.com/#mscorlib/system/io/fileattributes.cs

$metadata = [System.IO.File]::GetAttributes(("{0}{1}" -f $PSScriptRoot, $module.value))
[[  if($metadata -eq "Directory")  ]]

In this case the equation does not work because the "-eq" returns false.

$Modules = @{
    utils = "/core/utils/"
    azure_api = "/core/api/azure/"
    init = "/core/init/"
    runspaces = "/core/tasks/"
    auth = "/core/api/auth/"
    analysis = "/core/analysis/"
    office = "/core/office/"
    html = "/core/html/"
    o365_api = "/core/api/o365/"
    watcher = "/core/watcher/"
    output = "/core/output/"
    import = "/core/import/"
}
#Import modules
foreach($module in $Modules.GetEnumerator()){
    $metadata = ([System.IO.File]::GetAttributes(("{0}{1}" -f $PSScriptRoot, $module.value))).ToString()
    if($metadata.split(",")[0] -eq "Directory"){
        $all_files = Get-ChildItem -Recurse -Path ("{0}{1}" -f $PSScriptRoot, $module.value) -File -Include "*.ps1" -ErrorAction SilentlyContinue
        if($null -ne $all_files){
            foreach ($mod in $all_files){
                Write-Verbose ("Loading {0} module" -f $mod.FullName)
                . $mod.FullName
            }
        }
    }
    else{
        Write-Verbose ("Loading {0} module" -f $module.Name)
        $tmp_module = ("{0}{1}" -f $PSScriptRoot, $module.value)
        . $tmp_module.ToString()
    }
}

This results in not loading all *.ps1 files in the respective directories. Since it passes in the Else to load modules.

By the way, if I can add another concern that is related to this one, it is that I don't think you need to do this Conditional Statements since you load your modules afterwards in the New-O365Object.ps1 file.

So I was going to tell you to do a ".ToString()" behind your GetAttributes() and then do a "-like" or rather a "split()" on your $metadata variable.

But then you don't put the Modules directory in your list anymore and everything else is really folders with ".ps1" files to load so I think just putting your loop with the Core of the first IF would be enough I think like this:

$all_files = Get-ChildItem -Recurse -Path ("{0}{1}" -f $PSScriptRoot, $module.value) -File -Include "*.ps1" -ErrorAction SilentlyContinue
if($null -ne $all_files){
    foreach ($mod in $all_files){
        Write-Verbose ("Loading {0} module" -f $mod.FullName)
        . $mod.FullName
    }
}

I was able to test it on an indexed and non-indexed machine and it works in both Posh 7.x and 5.x.

If you agree with my observation I can do the PR if you want if not I let you correct it.

I remind you that you remove the indexing as I did when you have SSDs disks in the machine and as much in VMs with SSD. You would have had the problem one day or another.

A few other bugs I'll reference later and separate them for you but really an amazing super job.
Have a great day. Franck.

From where are you running Monkey365?
Please, complete the following information:

Resource: [workstation]
OS: [Windows 11 [version 10.0.22000.856] ]
PowerShell Version Both 7.x and 5.1:
Name Value
PSVersion 7.2.6
PSEdition Core
GitCommitId 7.2.6
OS Microsoft Windows 10.0.22000
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

Name Value

PSVersion 5.1.22000.832
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22000.832
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Monkey365 Version: Latest

Others:
Release NetFramework
528449 4.8

====================================== The error

WARNING: [17:27:48:634] - [Invoke-HtmlReport] - Monkey365/core/html/htmlconf/charts does not exists -
WARNING: [17:27:48:636] - [Invoke-HtmlReport] - Monkey365/core/html/htmlconf/dashboards does not exists -

I think you are rewriting or refactoring because in the Core\htmlconf directory actually there is only the tables directory with subdirectories and declarative json files.

I think you must be referring to the files that are now in the Modules\monkeyhtml directory and in the private subdirectory there are two directories respectively htmlcharts and htmldashboard.

This is in your Config Monkey Json file because in the current version there are inserted:

"htmlSettings": {
        "tableformat": "core/html/htmlconf/tables",
        "chartformat": "core/html/htmlconf/charts",
        "dashboardformat": "core/html/htmlconf/dashboards"
    },

This is strange since since the initial commit these directories never existed. On the other hand, in Invoke-HtmlReport there is the code to test and load it as for the Dashboard part.

$chartPath = $O365Object.internal_config.htmlSettings.chartformat
$isRoot = [System.IO.Path]::IsPathRooted($chartPath)
if(-NOT $isRoot){
       $chartPath = ("{0}/{1}" -f $O365Object.Localpath, $chartPath)
}
if (!(Test-Path -Path $chartPath)){
       Write-Warning ("{0} does not exist" -f $chartPath)
}

We fall directly into the warning.

The same goes for the DashboardPath.
$dashboardPath = $O365Object.internal_config.htmlSettings.dashboardformat

Finally it follows the same path as in Table in the code which works very well.
Is it still useful ? Or are there any files missing? Or did you do something different?
Thank you. Franck.

What happened?

When running Monkey365 with the -JSON output option, one of the JSON files produced, aad_domains.json, produces an ambiguous attribute type under attribute "supportedServices".

In the event of no supported services, it presents an array type:

"supportedServices": [],

In the event of supported services being present, it presents as a single comma delimited string:

"supportedServices": "Email,OfficeCommunicationsOnline",

How to reproduce it
Steps to reproduce the behavior:

1. Invoke-Monkey365 -ExportTo JSON ........ .......
2. Open result file aad_domains.json in a text editor.

Expected behavior
Expectation 1: An type should be returned in either case:

"supportedServices": [],
-OR-
"supportedServices": ["Email","OfficeCommunicationsOnline","Intune"],

Expectation 2: A string type should be returned in either case:

"supportedServices": "",
-OR-
"supportedServices": "Email,OfficeCommunicationsOnline,Intune",

From where are you running Monkey365?
Please, complete the following information:

• Resource: Workstation
• OS: Win10
• PowerShell Version : 5.1.19041.3031
• Monkey365 Version: 0.85

What happened?
When I import monkey365 with command "Import-Module .\monkey365.psm1" I have an error message about Get-AstFunction

How to reproduce it
Steps to reproduce the behavior:

1. What command are you running?
   Import-Module .\monkey365.psm1
2. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots or Logs

From where are you running Monkey365?
Please, complete the following information:

• Resource: VirtualBox VM
• OS: Windows 10
• PowerShell Version [$PsVersionTable]: 5.1.19041.2673
• Monkey365 Version: latest
• Others:

Additional context
Add any other context about the problem here.

What happened?
Monkey365 is causing crash when an empty object is passed to the Html report module.

How to reproduce it
Steps to reproduce the behavior:

1. Scan an Azure resource without security rules
2. Invoke-Monkey365 -Instance Azure -Analysis Kubernetes -PromptBehavior SelectAccount -ExportTo HTML
3. some exceptions are unhandled

Expected behavior
Monkey365 should shutdown gracefully when an empty object is returned from ruleset, and a check would be needed to ensure that object values are present before creating a new html report.

Workaround
The following command can be used to export data to any other format:
Invoke-Monkey365 -Instance Azure -Analysis Kubernetes -PromptBehavior SelectAccount -ExportTo CSV

What happened?
After downloading Monkey365 v0.91-beta and extracting to C:\Temp. Errors are encountered when trying to Import the monkey365 module. I downloaded the previous version (Monkey365 0.85-beta) which imported the Monkey365 module correctly.

How to reproduce it
Steps to reproduce the behavior:

1. Download Monkey365 v0.91-beta from https://github.com/silverhack/monkey365/releases/tag/v0.91-beta.
2. Extract to C:\Temp
3. Open powershell version 7.3
4. Change execution policy
5. Unblock files
6. Import-Module
7. Receive Error

Expected behavior
The expected behaviour is for the monkey365 module to be imported into memory.

Screenshots or Logs
Please see screenshot below.

From where are you running Monkey365?
Please, complete the following information:

• Resource: [workstation)
• OS: [Windows]
• PowerShell Version [PSVersion 7.3.6]:
• Monkey365 Version: [Monkey365 v0.91]

• Improve documentation on regulatory compliance checks, supported regulatory standards, etc..
• Improve Readme.md and docs
• Improve documentation on how to enable/disable plugins
• Improve documentation on how to excluding resources from scanning

What happened?
Some queries against Azure and Microsoft 365 will return multiple pages of data due to server-side paging. When more than 999 records are returned, Microsoft Graph returns an @odata.nextLink property in the response that contains a URL to the next page of results. When this happens, an infinite recursion is triggered in Monkey365 when parsing a response that contains a @odata.NextLink.

How to reproduce it
This only happens when more than 999 records are returned.

What happened?
A clear and concise description of what the bug is or what is not working as expected

while opening monkey365.html on an Azure Storage Blob, the 10221 Azure Active Directory,svg is not show. The URL link to the file contains a capital I instead of an i. Storage blob is sensitive. On Windows no issue.

fix
Correct typo to all lowercase in Links.

What happened?
Monkey365 is unable to connect SharePoint Online when a non-valid TenantId (e.g. a valid domain name) is passed.

How to reproduce it
Steps to reproduce the behavior:

$p= @{
ClientId = '00000000-0000-0000-0000-000000000000';
certificate = 'C:\monkey365\testapp.pfx';
CertFilePassword = ("MySuperCertSecret" | ConvertTo-SecureString -AsPlainText -Force);
Instance = 'Microsoft365';
Analysis = 'SharePointOnline';
TenantID = 'mydomain.com';
ExportTo = @("HTML");
Environment = 'AzurePublic';
InformationAction = 'Continue';
IncludeAzureAD = $true;
Verbose = $true;
Debug = $true;
}

Invoke-Monkey365 @p

Monkey365 is unable to get data from Microsoft Graph.

Expected behavior

Monkey365 should get data from Microsoft Graph, even if a domain name is passed as a valid TenantId.

From where are you running Monkey365?
Please, complete the following information:

• Resource: all resources
• OS: all
• PowerShell Version : All Powershell versions
• Monkey365 Version: latest

What happened?
t seems that when the monkey365 is placed in %ProgramFiles%\WindowsPowerShell\Modules there are some internal methods that are not available for an object. On the other hand, the internal search criteria fails, because monkey365 module place all internal modules in a folder called modules, and it breaks all things when the module is located in a path with a folder called "Modules".

A fast solution would be to not place monkey365 in a path with a folder called modules, such as %ProgramFiles%\WindowsPowerShell\Modules and instead place the module in the user profile, i.e. %HOMEDRIVE%%HOMEPATH%\Documents or another directory within your profile which not include a folder called modules.

Special thanks to nickchristie who discovered this issue.

How to reproduce it
Steps to reproduce the behavior:

1. Place monkey365 in %ProgramFiles%\WindowsPowerShell\Modules
2. Monkey365 is not imported correctly

What happened?
PostgreSQL configuration check for log_retention have the same description of log_disconnection

How to reproduce it
Just compare the two links below

• https://github.com/silverhack/monkey365/blob/7cd95c1f5ccfe828075ddfd1e90031ce0a72e2ca/rules/findings/Azure/Databases/PostgreSQL/CIS1.4/azure-postgresql-log-retention-days.json
• https://github.com/silverhack/monkey365/blob/main/rules/findings/Azure/Databases/PostgreSQL/CIS1.4/azure-postgresql-log-disconnections-disabled.json

Expected behavior
PostGre SQL should have another description

Screenshots or Logs
n/a

From where are you running Monkey365?
Please, complete the following information:

• Resource: workstation
• OS: windows
• PowerShell Version [$PsVersionTable]: PowerShell 7.3.4
• Monkey365 Version: latest
• Others:

Additional context
n/a

What happened?
There are some endpoints in which the Client Credentials grant type is not supported. One of them is the Azure AAD Portal API (Azure Ibiza UX). This hidden API is not supporting the Client Credentials flow, and only interactive users are allowed to access this endpoint, as described here:

https://github.com/Azure/portaldocs/blob/main/portal-sdk/generated/top-extensions-authentication-flow.md

How to reproduce it
Steps to reproduce the behavior:

1. Execute Monkey365 with the Client Credential authentication Flow and include the Azure Active Directory flag
2. Data and metadata regarding Azure AD is empty and multiple 401 and 403 status code are returned by Monkey365

Expected behavior
The Client Credentials authentication flow is supported by both, the deprecated old Graph and Microsoft Graph API. Monkey365 should switch between Graph/Microsoft Graph and Azure AAD portal API in cases in which the grant type is not supported.

I use this script

$assets = Invoke-Monkey365 -ExportTo PRINT -PromptBehavior SelectAccount -IncludeAzureActiveDirectory -Instance Microsoft365 -Analysis SharePointOnline

I get these results

WARNING: [12:30:47:141] - [Get-MonkeyADApplication] - The Applications Role Assignments query did not return any data in 00000-xxxx-xxx tenant - warning - - AzureGraphAppRBACEmptyResponse
WARNING: [12:31:08:500] - [Get-MonkeyADPasswordPolicy] - The Azure AD password template policy query did not return any data in 00000-xxxx-xxx tenant - warning - - AzurePortalTemplatePolicyEmptyResponse
WARNING: [12:31:10:193] - [Get-MonkeyADPortalDeviceSetting] - The Azure AD device settings query did not return any data in 00000-xxxx-xxx-tenant - warning - # - AzurePortalDevicesEmptyResponse
WARNING: [12:31:12:544] - [Get-MonkeyADDirectoryProperty] - The Azure AD B2B directory properties query did not return any data in 00000-xxxx-xxx- tenant - warning - - AzurePortalEmptyResponse
WARNING: [12:31:13:903] - [Get-MonkeyADRoamingInfo] - The Azure AD Roaming properties query did not return any data in 00000-xxxx-xxx- tenant - warning - - AzurePortalRoamingEmptyResponse
WARNING: [12:31:14:627] - [Get-MonkeySPSWebsForUser] - Unable to get site properties for - warning - - SPSUnableToGetSites
WARNING: [12:31:15:689] - [Get-MonkeySharePointOnlineExternalLink] - The SharePoint Online external links query did not return any data in 00000-xxxx-xxx tenant - warning - - SPSExternalLinksEmptyResponse
WARNING: [12:31:15:879] - [Get-MonkeySPSWebsForUser] - Unable to get site properties for - warning - - SPSUnableToGetSites

Account has Global Administrator Role

It is a common request to have a compliance report separated in CSV or JSON output, rather than exported in single RAW files, for easier consumption by other tools. Actually, CSV, JSON and CLIXML output are a bit redundant and probably not useful, so instead saving metadata into RAW files, it would be nice to be able to export pass/fails compliance results into a well formatted CSV and JSON files.

On the other hand, the output should be consistent across all formats. As an improvement, CSV and JSON outputs should contain the same fields and same field name in both cases. That consolidated output could then be used for further processing and for easier consumption by other tools.

Finally, the Excel output was deprecated in Monkey365 and will be removed two releases later (0.91.4).

What happened?
DEBUG messages are displayed when running Azure ALL scan

How to reproduce it
Run a a scan with Instance=Azure, Analysis=All

Expected behavior
I think this message are not necessary for standard users, or maybe a -Debug option should be added

Screenshots or Logs

From where are you running Monkey365?
Please, complete the following information:

• Resource: workstation)
• OS: Windows
• PowerShell Version [$PsVersionTable]: 7.3.4
• Monkey365 Version: 0.85 beta
• Others:

Additional context
Add any other context about the problem here.

What happened?
It seems that Microsoft is blocking some Microsoft's first-party apps from connecting SharePoint Online.
1950a258-227b-4e31-a9cf-717495945fc2

How to reproduce it
Monkey365 fails with authorization error after successfully connecting to SharePoint Online, due that the ClientId used (Microsoft Azure PowerShell ClientId) is blocked by Microsoft. The following error response is returned:

{"error":"invalid_request","error_description":"App is not allowed to call SPO with user_impersonation scope"}

Additional context
Both Client credentials and certificate authentication flows are not affected by this issue.

What happened?
Using the Device code option in Monkey365 and then set the Analysis to multiple services, such as ExchangeOnline and SharePointOnline, the first request will correctly obtain a token through a two-step process (Print an access code and then log in through a browser). The subsequent login requests will fail with a 401 Unauthorized response because DeviceCode parameter is not populated.

Device code authentication flow is a flow that is widely used in systems with no desktop/browser, such a docker container or server core.

How to reproduce it

1. Set the Analysis to ExchangeOnline and SharePointOnline in Monkey365 and ensure that -DeviceCode authentication flow is used
2. Complete login on first authentication
3. Subsequent login requests will fail with a 401 Unauthorized response

VERBOSE: [08:28:35:979] - [Get-MonkeyMSALToken] - No account was found on public application - verbose - 4d507d001fe7 -
WARNING: Acquire token failed. Unable to open a web page using xdg-open, gnome-open, kfmclient or wslview tools. See inner exception for details. Possible causes for this error are: tools are not installed or they cannot open a URL. Make sure you can open a web page by invoking from a terminal: xdg-open

Expected behavior
Authentication parameters must be populated for all selected services

From where are you running Monkey365?
Please, complete the following information:

• Resource: Docker container
• OS: Windows
• PowerShell Version 7.3.6
• Monkey365 Version: 0.85-beta

Udpate your documentation because there is a little error on https://silverhack.github.io/monkey365/configuration/general-options/

under -Instance
change the value from Office365 to Microsoft365.

What happened?

When I run Monkey365 using .NET 8, several exceptions are raised. The error message is:

[Copy-psObject] - System.Management.Automation.MethodInvocationException: Exception calling "Serialize" with "2" argument(s): "BinaryFormatter serialization and deserialization are disabled within this application. See https://aka.ms/binaryformatter for more information."

This is a breaking change in .NET 8

https://learn.microsoft.com/en-us/dotnet/core/compatibility/serialization/8.0/binaryformatter-disabled

Previous behavior
In .NET 7, the BinaryFormatter.Serialize(Stream, Object) and BinaryFormatter.Deserialize(Stream) methods were marked obsolete and raised an error at compile time. However, if your application suppressed the obsoletion, it could still call the methods and they functioned properly in most project types (excluding ASP.NET, WASM, and MAUI). For example, the APIs functioned correctly in a console app.

New behavior
Starting in .NET 8, the affected methods throw a NotSupportedException at run time across all project types except Windows Forms and WPF. The APIs continue to remain obsolete (as error) across all project types, including Windows Forms and WPF.

How to reproduce it

Make sure your instance of Powershell is using the .NET 8 runtime:

user@debian12$ pwsh
PowerShell 7.4.0
PS /home/user> [System.Runtime.InteropServices.RuntimeInformation]::FrameworkDescription
.NET 8.0.0

then import and invoke the module in the usual way. The exceptions will be logged.

Expected behavior

No exceptions

Screenshots or Logs

[14:52:21:537] - [Copy-psObject] - System.Management.Automation.MethodInvocationException: Exception calling "Serialize" with "2" argument(s): "BinaryFormatter serialization and deserialization are disabled within this application. See https://aka.ms/binaryformatter for more information."
 ---> System.NotSupportedException: BinaryFormatter serialization and deserialization are disabled within this application. See https://aka.ms/binaryformatter for more information.
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph)
   at CallSite.Target(Closure, CallSite, Object, Object, Object)
   --- End of inner exception stack trace ---
   at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
   at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame). LineNumber:  - exception - debian12 -

From where are you running Monkey365?

Please, complete the following information:

• Resource: Workstation
• OS: Debian 12 Linux
• PowerShell Version:

PS /home/user> $PsVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.0
PSEdition                      Core
GitCommitId                    7.4.0
OS                             Debian GNU/Linux 12 (bookworm)
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

• Monkey365 Version: Monkey365 v0.91.1-beta

Additional context
I am using the PowerShell snap for Linux - the full package has not been fully tested on Debian 12

Is your feature request related to a problem? Please describe.
There is no option to exclude resources that are not managed by the company.

Describe the solution you'd like
Add an option to allow exclude resources that are owned or controlled by third party companies

Additional context
Add a global exclusion file that can be configured to customize exclusion list. JSON file would allow multiple exclusions. Also, attributes should be defined to distinguish exclusions.

What happened?
Had a finding reported for excessive number of global administrators and low number of global administrators

How to reproduce it
Run the tool against a tenant with 4 Global Administrators

Expected behavior
The two findings are mutually exclusive. This should not happen.

Screenshots or Logs
Global Admins present :

Report Findings

From where are you running Monkey365?
Please, complete the following information:

• OS: Windows
• PowerShell Version [$PsVersionTable]: 5.1.19041.1682
• Monkey365 Version: Latest download as of 09/08/2022
• Others:

What happened?
When running monkey365, following the examples and documentations i keep getting the following error:

"-Instance:
Line |
2 | -Instance Microsoft365 -Analysis SharePointOnline
| ~~~~~~~~~
| The term '-Instance' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again."

How to reproduce it
Steps to reproduce the behavior:

1. I used the following:

 $assets = Invoke-Monkey365 -ExportTo PRINT -PromptBehavior SelectAccount
>>     -Instance Microsoft365 -Analysis SharePointOnline

 $assets = Invoke-Monkey365 -ExportTo PRINT -PromptBehavior SelectAccount -IncludeAzureActiveDirectory
>>     -Instance Office365 -Analysis SharePointOnline

The above (second) one ran, and stopped once it got to the sharepoint scans.

Screenshots or Logs

PS C:\Users\me\Desktop\monkey365>  $assets = Invoke-Monkey365 -ExportTo PRINT -PromptBehavior SelectAccount -IncludeAzureActiveDirectory
>>     -Instance Office365 -Analysis SharePointOnline
WARNING: [01:44:35:295] - [Get-MonkeyADAuthenticationMethodsPolicy] - The Azure AD authentication policy query did not return any data in <tenantID> tenant - warning - <laptop> - AzurePortalAuthPolicyEmptyResponse
WARNING: [01:44:36:465] - [Get-MonkeyADPasswordPolicy] - The Azure AD password template policy query did not return any data in <tenantID> tenant - warning - <laptop> - AzurePortalTemplatePolicyEmptyResponse
WARNING: [01:44:51:229] - [Get-MonkeyADPortalDeviceSetting] - The Azure AD device settings query did not return any data in <tenantID> tenant - warning - <laptop> - AzurePortalDevicesEmptyResponse
WARNING: [01:44:54:575] - [Get-MonkeyADDirectoryProperty] - The Azure AD B2B directory properties query did not return any data in <tenantID> tenant - warning - <laptop> - AzurePortalEmptyResponse
WARNING: [01:53:21:311] - [Get-MonkeyADMFAConfiguration] - The Azure AD MFA settings query did not return any data in <tenantID> tenant - warning - <laptop> - AzurePortalMFAEmptyResponse
WARNING: [01:53:21:834] - [Get-MonkeyADRoamingInfo] - The Azure AD Roaming properties query did not return any data in <tenantID> tenant - warning - <laptop> - AzurePortalRoamingEmptyResponse
-Instance:
Line |
   2 |      -Instance Office365 -Analysis SharePointOnline
     |      ~~~~~~~~~
     | The term '-Instance' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

From where are you running Monkey365?
Please, complete the following information:

• Resource: Workstation
• OS: Windows 10
• PowerShell Version: PSVersion 7.2.6
• Monkey365 Version: v0.7-beta
• Others:

Additional context
Just want to say thanks for this tool !

Hi, this project is very important for my work, only one question, if have permission in my External user in Customer tenant, how i can login ?
Many Thanks