Framework/Core/SVT/AAD/AAD.Device.ps1
Set-StrictMode -Version Latest class Device: SVTBase { hidden [PSObject] $ResourceObject; #static [int] $InactiveDaysLimit = 180; #BUGBUG: statics ok? (in-session tenant change?) Device([string] $tenantId, [SVTResource] $svtResource): Base($tenantId, $svtResource) { $objId = $svtResource.ResourceId $this.ResourceObject = Get-AzureADDevice -ObjectId $objId } hidden [PSObject] GetResourceObject() { return $this.ResourceObject; } hidden [ControlResult] CheckStaleDevices([ControlResult] $controlResult) { $d = $this.GetResourceObject() $lastLoginDateTime = $d[0].ApproximateLastLogonTimeStamp $inactiveDaysLimit = $this.ControlSettings.Device.InactiveDeviceLimitInDays; $inactiveThreshold = ([DateTime]::Today).AddDays(-$inactiveDaysLimit) if($lastLoginDateTime -lt $inactiveThreshold) { $controlResult.AddMessage([VerificationResult]::Failed, [MessageData]::new("Device [$($d.DisplayName)] appears to be a stale entry. Last login was at: $lastLoginDateTime.`nConsider removing it from the directory.")); } else { $controlResult.AddMessage([VerificationResult]::Passed, [MessageData]::new("Device appears to be active (not stale). Last login: $lastLoginDateTime")); } return $controlResult; } } |