Skip to content

Add: MT.1181 Check if a Conditional Access policy is present that blocks high agent risk signins#1809

Open
ExeqZ wants to merge 8 commits into
maester365:mainfrom
ExeqZ:main
Open

Add: MT.1181 Check if a Conditional Access policy is present that blocks high agent risk signins#1809
ExeqZ wants to merge 8 commits into
maester365:mainfrom
ExeqZ:main

Conversation

@ExeqZ
Copy link
Copy Markdown

@ExeqZ ExeqZ commented May 29, 2026

Description

Checks whether your tenant has at least one enabled Conditional Access policy that blocks agent identities detected as high risk.

Files

powershell/public/maester/entra/Get-MtConditionalAccessPolicy.ps1

Validation

PowerShell parser: clean
PSScriptAnalyzer (Warning + Error): 0 issues

Additional Information

https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-agent-block-high-risk

@ExeqZ ExeqZ requested a review from a team as a code owner May 29, 2026 15:02
@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented May 29, 2026
edited
Loading

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

SamErde
SamErde reviewed May 30, 2026
View reviewed changes
Comment thread powershell/public/maester/entra/Test-MtCaAgentRiskBlockPolicy.md
SamErde
SamErde reviewed May 30, 2026
View reviewed changes
Comment thread powershell/public/maester/entra/Test-MtCaAgentRiskBlockPolicy.ps1 Outdated
SamErde
SamErde reviewed May 30, 2026
View reviewed changes
Comment thread powershell/public/maester/entra/Test-MtCaAgentRiskBlockPolicy.ps1
param ()

try {
$policies = Get-MtConditionalAccessPolicy | Where-Object { $_.state -eq 'enabled'}
Copy link
Copy Markdown
Contributor

@SamErde SamErde May 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@merill, do we have a function that gets all CA policies once in a cache so each CA test doesn't need to pull them all again?

SamErde
SamErde reviewed May 30, 2026
View reviewed changes
Comment thread powershell/public/maester/entra/Test-MtCaAgentRiskBlockPolicy.ps1 Outdated
SamErde
SamErde previously approved these changes May 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@SamErde SamErde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this, @ExeqZ! It looks good, although I would request a few very minor formatting changes for project consistency. 🙏

@SamErde SamErde added maester-test Related to a Maester test entra Microsoft Entra labels May 30, 2026
@SamErde SamErde requested a review from a team May 30, 2026 14:20
@ExeqZ
Update Test-MtCaAgentRiskBlockPolicy.ps1
d132381 
fixing files according to Sam's feedback
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SamErde SamErde SamErde left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

entra Microsoft Entra maester-test Related to a Maester test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ExeqZ @SamErde