Feature/azdo tests update

[SebastianClaesson]

Description

This PR adds two new Azure DevOps tests and fixes return logic in three existing tests.

New tests:

• AZDO.1037 - Restrict Personal Access Token creation at the organization level
• AZDO.1038 - Block extensions from accessing local network resources (SSRF prevention)

Bug fixes:

• Test-AzdoExternalGuestAccess - Fixed inverted return value and improved result messages
• Test-AzdoSSHAuthentication - Changed from effectiveValue to value and corrected swapped result messages
• Test-AzdoThirdPartyAccessViaOauth - Corrected swapped result messages and fixed grammar

Other changes:

• Added (Tenant) / (Organization) scope labels to tests AZDO.1032-1038 for clarity
• Updated maester-config.json with new test entries and updated titles

Contribution Checklist

Before submitting this PR, please confirm you have completed the following:

• 📖 Read the guidelines for contributing to this repository.
• 🧪 Ensure the build and unit tests pass by running /powershell/tests/pester.ps1 on your local system.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}

[Copilot]

Pull request overview

Adds additional Azure DevOps security posture coverage and corrects pass/fail semantics in existing AZDO tests so that “secure configuration” consistently returns $true.

Changes:

• Fixes return logic / message polarity in Test-AzdoThirdPartyAccessViaOauth, Test-AzdoSSHAuthentication, and Test-AzdoExternalGuestAccess (and updates Pester assertions accordingly).
• Adds two new organization-scope tests: restricting PAT creation (AZDO.1037) and preventing extension local-network access (AZDO.1038).
• Updates maester-config.json titles (adds scope labels) and exports the new cmdlets via the module manifest.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
tests/Maester/AzureDevOps/Test-Azdo.Tests.ps1	Updates expected booleans for fixed tests; adds AZDO.1037/1038; adds scope labels to AZDO.1032–1036.
tests/maester-config.json	Adds entries for AZDO.1037/1038 and updates AZDO.1032–1036 titles with scope labels.
powershell/public/maester/azuredevops/Test-AzdoThirdPartyAccessViaOauth.ps1	Fixes result message polarity to match the returned boolean.
powershell/public/maester/azuredevops/Test-AzdoSSHAuthentication.ps1	Uses .value and corrects message polarity for the SSH policy result.
powershell/public/maester/azuredevops/Test-AzdoExternalGuestAccess.ps1	Fixes inverted return value and improves result messaging/grammar.
powershell/public/maester/azuredevops/Test-AzdoDisablePATCreation.ps1	New org-scope policy test for restricting PAT creation (AZDO.1037).
powershell/public/maester/azuredevops/Test-AzdoDisablePATCreation.md	Documentation/remediation guidance for AZDO.1037.
powershell/public/maester/azuredevops/Test-AzdoAllowExtensionsLocalNetworkAccess.ps1	New org-scope policy test for extension local-network access (AZDO.1038).
powershell/public/maester/azuredevops/Test-AzdoAllowExtensionsLocalNetworkAccess.md	Documentation/remediation guidance for AZDO.1038.
powershell/Maester.psd1	Exports the two new Test-Azdo* functions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[merill]

This is great. Thanks @SebastianClaesson!