AzureADAssessment

2.2.30-preview

New-AADAssessmentRecommendations.ps1

                                <#

.SYNOPSIS

    Produces the Azure AD Assessment recommendations from collected data.

.DESCRIPTION

    This cmdlet reads data collected and generates recommendations accordingly.

.EXAMPLE

    PS C:\> New-AADAssessmentRecommendations

    Collect and package assessment data from "C:\AzureADAssessment" and generate recommendations in the same folder.

.EXAMPLE

    PS C:\> New-AADAssessmentRecommendations -OutputDirectory "C:\Temp"

    Collect and package assessment data from "C:\Temp" and generate recommendations in the same folder.

#>

function New-AADAssessmentRecommendations {

    [CmdletBinding()]

    param (

        # Specifies a path where extracted data resides (folder)

        [Parameter(Mandatory = $false)]

        [string] $Path = (Join-Path $env:SystemDrive 'AzureADAssessment'),

        # Full path of the directory where the output files will be copied.

        [Parameter(Mandatory = $false)]

        [string] $OutputDirectory = (Join-Path $env:SystemDrive 'AzureADAssessment'),

        [Parameter(Mandatory = $false)]

        [switch] $SkipExpand = $false,

        # Path to the spreadsheet with the interview answers

        [Parameter(Mandatory = $false)]

        [string] $InterviewSpreadsheetPath

    )

    #Start-AppInsightsRequest $MyInvocation.MyCommand.Name

    ## Expand extracted data

    if (-not $SkipExpand) {

        $Archives = Get-ChildItem -Path $Path | Where-Object {$_.Name -like "AzureADAssessmentData-*.zip" }

        $ExtractedDirectories = @()

        foreach($Archive in $Archives) {

            $OutputDirectoryData = Join-Path $OutputDirectory ([IO.Path]::GetFileNameWithoutExtension($Archive.Name))

            Expand-Archive -Path $Archive.FullName -DestinationPath $OutputDirectoryData -Force -ErrorAction Stop

            $ExtractedDirectories += $OutputDirectoryData

        }

    }

    ## Determine folder contents

    $TenantDirectoryData = $null

    $AADCDirecotryData = @()

    $ADFSDirectoryData = @()

    $AADAPDirectoryData = @()

    foreach($Directory in Get-ChildItem -Path $Path -Directory) {

        Switch -Wildcard ($Directory.Name) {

            "AzureADAssessmentData-*.onmicrosoft.com" {

                $TenantDirectoryData = $Directory.FullName

            }

            "AzureADAssessmentData-AADC-*" {

                $AADCDirecotryData += $Directory.FullName

            }

            "AzureADAssessmentData-ADFS-*" {

                $ADFSDirectoryData += $Directory.FullName

            }

            "AzureADAssessmentData-AADAP-*" {

                $AADAPDirectoryData += $Directory.FullName

            }

            default {

                Write-Warning "Unrecognized directory $($Directory.Name)"

            }

        }

    }

    # Generate recommendations from tenant data

    if (![String]::IsNullOrWhiteSpace($TenantDirectoryData)) {

        $data = @{}

        ### Load all the data on AAD

        # Load Interview questions

        if($null -ne $InterviewSpreadsheetPath){

            $interviewQna = Get-SpreadsheetJson $InterviewSpreadsheetPath

            $interviewQnaPath = Join-Path $TenantDirectoryData "QnA.json"

            $interviewQna | ConvertTo-Json | Out-File $interviewQnaPath

            $data['QnA.json'] = $interviewQna

        }

        # Prepare paths

        $AssessmentDetailPath = Join-Path $TenantDirectoryData "AzureADAssessment.json"

        # Read assessment data

        $AssessmentDetail = Get-Content $AssessmentDetailPath -Raw | ConvertFrom-Json

        # Generate AAD data path

        $AADPath = Join-Path $TenantDirectoryData "AAD-$($AssessmentDetail.AssessmentTenantDomain)"

        <# do not load file before hand but only when necessary

        $files = get-childitem -Path $AADPath -File

        foreach($file in $files) {

            switch -Wildcard ($file.Name) {

                "*.json" {

                    $data[$file.Name] = get-content -Path $file.FullName | ConvertFrom-Json

                }

                "*.csv" {

                    $data[$file.Name] = Import-Csv -Path $file.FullName

                }

                "*.xml" {

                    $data[$file.Name] = Import-Clixml -Path $file.FullName

                }

                default {

                    Write-Warning "Unsupported data file format: $($file.Name)"

                }

            }

        }#>

        ### Load configuration file

        $recommendations = Select-Xml -Path (Join-Path $PSScriptRoot "AADRecommendations.xml") -XPath "/recommendations"

        $recommendationList = @()

        $idUniqueCheck = @{} # Hashtable to validate that IDs are unique

        foreach($recommendationDef in $recommendations.Node.recommendation) {

            if($idUniqueCheck.ContainsKey($recommendationDef.ID)){

                Write-Error "Found duplicate recommendation $($recommendationDef.ID)"

            }

            else {

                $idUniqueCheck.Add($recommendationDef.ID, $recommendationDef.ID)

            }

            if(Get-ObjectPropertyValue $recommendationDef 'Sources'){

                # make sure necessary files are loaded

                $fileMissing = $false

                foreach($fileName in $recommendationDef.Sources.File) {

                    $filePath = Join-Path $AADPath $fileName

                    if (!(Test-Path -Path $filePath)) {

                        Write-Warning "File not found: $filePath"

                        $fileMissing = $true

                        break

                    }

                    if ($fileName -in $data.Keys) {

                        continue

                    }

                    switch -Wildcard ($fileName) {

                        "*.json" {

                            $data[$fileName] = get-content -Path $filePath | ConvertFrom-Json

                        }

                        "*.csv" {

                            $data[$fileName] = Import-Csv -Path $filePath

                        }

                        "*.xml" {

                            $data[$fileName] = Import-Clixml -Path $filePath

                        }

                        default {

                            Write-Warning "Unsupported data file format: $($fileName)"

                        }

                    }

                }

                if ($fileMissing) {

                    write-warning "A necessary file is missing"

                    continue

                }

            }

            $recommendation = $recommendationDef | select-object ID,Category,Area,Name,Summary,Recommendation,Priority,Data,SortOrder

            # Manual checks won't have a PowerShell script to run

            if(Get-ObjectPropertyValue $recommendationDef 'PowerShell'){

                $scriptblock = [Scriptblock]::Create($recommendationDef.PowerShell)

                $result = Invoke-Command -ScriptBlock $scriptblock -ArgumentList $Data

                $recommendation.Priority = $result.Priority

                $recommendation.Data = $result.Data    

            }

            else {

                if((Get-ObjectPropertyValue $recommendationDef 'Type') -eq 'QnA'){

                    Set-TypeQnAResult $data $recommendationDef $recommendation

                }

            }

            Set-SortOrder $recommendation

            $recommendationList += $recommendation

        }

        #Set-Content -Value ($idUniqueCheck.GetEnumerator()  | Sort-Object name | Select-Object name) -Path ./log.txt

        #Write-Output "Total checks: $($idUniqueCheck.Count)"

        Write-Output "Completed $($recommendationList.Length) checks."

        Write-Verbose "Writing recommendations"

        Write-RecommendationsReport $data $recommendationList

        Write-Verbose "Recommendations written"

        # generate Trusted network locations

        #Get-TrustedNetworksRecommendation -Path $TenantDirectoryData

    } else {

        Write-Error "No Tenant Data found"

    }

    #Complete-AppInsightsRequest $MyInvocation.MyCommand.Name -Success $?

}

function Set-TypeQnAResult($data, $recommendationDef, $recommendation){

    $qnaData = $data['QnA.json']

    $qnaReco = Get-ObjectPropertyValue $recommendationDef 'QnA'

    $namedRange = Get-ObjectPropertyValue $qnaReco 'Name'

    $userValue = Get-ObjectPropertyValue $qnaData[$namedRange] 'Value'

    switch ($userValue) {

        '' { $recommendation.Priority = "Not Answered" }

        'Not Applicable' { $recommendation.Priority = "N/A" }

        Default {

            foreach($answer in $qnaReco.Answers.Answer){

                if($userValue -eq $answer.Value){

                    $recommendation.Priority = $answer.Priority

                }

            }    

        }

    }

}

# SIG # Begin signature block

# MIInvgYJKoZIhvcNAQcCoIInrzCCJ6sCAQExDzANBglghkgBZQMEAgEFADB5Bgor

# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG

# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD79uj0wJ7fxS1f

# MnPU6w9nHwn5I80BZtlrwOQ2Ihw9PKCCDYUwggYDMIID66ADAgECAhMzAAACU+OD

# 3pbexW7MAAAAAAJTMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD

# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p

# bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMzAwWhcNMjIwOTAxMTgzMzAwWjB0MQsw

# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u

# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB

# AQDLhxHwq3OhH+4J+SX4qS/VQG8HybccH7tnG+BUqrXubfGuDFYPZ29uCuHfQlO1

# lygLgMpJ4Geh6/6poQ5VkDKfVssn6aA1PCzIh8iOPMQ9Mju3sLF9Sn+Pzuaie4BN

# rp0MuZLDEXgVYx2WNjmzqcxC7dY9SC3znOh5qUy2vnmWygC7b9kj0d3JrGtjc5q5

# 0WfV3WLXAQHkeRROsJFBZfXFGoSvRljFFUAjU/zdhP92P+1JiRRRikVy/sqIhMDY

# +7tVdzlE2fwnKOv9LShgKeyEevgMl0B1Fq7E2YeBZKF6KlhmYi9CE1350cnTUoU4

# YpQSnZo0YAnaenREDLfFGKTdAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE

# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUlZpLWIccXoxessA/DRbe26glhEMw

# VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh

# dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzQ2NzU5ODAfBgNVHSMEGDAW

# gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v

# d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw

# MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov

# L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx

# XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB

# AKVY+yKcJVVxf9W2vNkL5ufjOpqcvVOOOdVyjy1dmsO4O8khWhqrecdVZp09adOZ

# 8kcMtQ0U+oKx484Jg11cc4Ck0FyOBnp+YIFbOxYCqzaqMcaRAgy48n1tbz/EFYiF

# zJmMiGnlgWFCStONPvQOBD2y/Ej3qBRnGy9EZS1EDlRN/8l5Rs3HX2lZhd9WuukR

# bUk83U99TPJyo12cU0Mb3n1HJv/JZpwSyqb3O0o4HExVJSkwN1m42fSVIVtXVVSa

# YZiVpv32GoD/dyAS/gyplfR6FI3RnCOomzlycSqoz0zBCPFiCMhVhQ6qn+J0GhgR

# BJvGKizw+5lTfnBFoqKZJDROz+uGDl9tw6JvnVqAZKGrWv/CsYaegaPePFrAVSxA

# yUwOFTkAqtNC8uAee+rv2V5xLw8FfpKJ5yKiMKnCKrIaFQDr5AZ7f2ejGGDf+8Tz

# OiK1AgBvOW3iTEEa/at8Z4+s1CmnEAkAi0cLjB72CJedU1LAswdOCWM2MDIZVo9j

# 0T74OkJLTjPd3WNEyw0rBXTyhlbYQsYt7ElT2l2TTlF5EmpVixGtj4ChNjWoKr9y

# TAqtadd2Ym5FNB792GzwNwa631BPCgBJmcRpFKXt0VEQq7UXVNYBiBRd+x4yvjqq

# 5aF7XC5nXCgjbCk7IXwmOphNuNDNiRq83Ejjnc7mxrJGMIIHejCCBWKgAwIBAgIK

# YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV

# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv

# c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm

# aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw

# OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE

# BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD

# VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG

# 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la

# UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc

# 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D

# dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+

# lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk

# kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6

# A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd

# X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL

# 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd

# sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3

# T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS

# 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI

# bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL

# BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD

# uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv

# c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf

# MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3

# dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf

# MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF

# BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h

# cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA

# YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn

# 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7

# v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b

# pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/

# KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy

# CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp

# mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi

# hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb

# BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS

# oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL

# gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX

# cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGY8wghmLAgEBMIGVMH4x

# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt

# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p

# Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAJT44Pelt7FbswAAAAA

# AlMwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw

# HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIBfH

# bX0LXBf5Tq92f/xONrI/kYmO2F/iuUNQYprYbOvkMEIGCisGAQQBgjcCAQwxNDAy

# oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j

# b20wDQYJKoZIhvcNAQEBBQAEggEAhRiT+jDX+0GEEdSFfeSEfjMfXA3uStvpX2kH

# l/2wh55KekDGp6e2KzkMxVqjkRBvqit4qTgiP8nmfSKsuqFHUvKngE5Ofz1Vh7DM

# Xxb6JLH1WU+5eKesBSqPSRAolI40CvACO/U0fA5MHzOYRxJtJYECXV479BEY3U0p

# mgKNnKDEFkesSbWqRUtLQ4zXKA4vouLbjBx7dFgJzRQjW22zAMf6hmqJe2zh7zKR

# jCyJStgTiTG0fyPQlMimLeqynb94jMrzGND0X+VFpxbyMRbIgyg975IO2WyHarQ4

# qu0WA6ih3GZuU57YmI3CLmeczVd9GIFvInMy+UEOFxfpJBH6gKGCFxkwghcVBgor

# BgEEAYI3AwMBMYIXBTCCFwEGCSqGSIb3DQEHAqCCFvIwghbuAgEDMQ8wDQYJYIZI

# AWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGE

# WQoDATAxMA0GCWCGSAFlAwQCAQUABCA6Qn9NtlcDlerGllRFHFd0vvv0rbZ++HF0

# 3bsLQWMHLQIGYhe3GqNeGBMyMDIyMDQyMTEyMDMxOC4xMzNaMASAAgH0oIHYpIHV

# MIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH

# UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL

# EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsT

# HVRoYWxlcyBUU1MgRVNOOjhENDEtNEJGNy1CM0I3MSUwIwYDVQQDExxNaWNyb3Nv

# ZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIRaDCCBxQwggT8oAMCAQICEzMAAAGILs3G

# gUHhvCoAAQAAAYgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNV

# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv

# c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg

# UENBIDIwMTAwHhcNMjExMDI4MTkyNzQwWhcNMjMwMTI2MTkyNzQwWjCB0jELMAkG

# A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx

# HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9z

# b2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMg

# VFNTIEVTTjo4RDQxLTRCRjctQjNCNzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt

# U3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrn

# EAgEJpHFx8g61eEvPFXiYNlxqjSnFqbK2qUShVnIYYy7H/zPVzfW4M5yzePAVzwL

# TpcKHnQdpDeG2XTz9ynUTW2KtbTRVIfFJ5owgq/goy5a4oB3JktEfq7DdoATF5Sx

# GYdlvwjrg/VTi7G9j9ow6eN91eK1AAFFvNjO64PNXdznHLTvtV1tYdxLW0LUukBJ

# MOg2CLr31+wMPI1x2Z7DLoD/GQNaLaa6UzVIf80Vguwicgc8pkCA0gnVoVXw+LIc

# XvkbOtWsX9u204OR/1f0pDXfYczOjav8tjowyqy7bjfYUud+evboUzUHgIQFQ33h

# 6RM5TL7Vzsl+jE5nt45x3Rz4+hi0/QDESKwH/eoT2DojxAbx7a4OjKYiN/pejZW0

# jrNevxU3pY09frHbFhrRU2b3mvaQKldWge/eWg5JmerEZuY7XZ1Ws36Fqx3d7w3o

# d+VldPL1uE5TnxHFdvim2oqz8WhZCePrZbCfjH7FTok6/2Zw4GjGh5886IHpSNwK

# Hw1PSE2zJE7U8ayz8oE20XbW6ba5y8wZ9o80eEyX5EKPoc1rmjLuTrTGYildiOTD

# tJtZirlAIKKvuONi8PAkLo/RAthfJ02yW9jXFA4Pu+HYCYrPz/AWvzq5cVvk64HO

# kzxsQjrU+9/VKnrJb1g+qzUOlBDvX+71g5IXdr7bAgMBAAGjggE2MIIBMjAdBgNV

# HQ4EFgQUZHm1UMSju867vfqNuxoz5YzJSkowHwYDVR0jBBgwFoAUn6cVXQBeYl2D

# 9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3Nv

# ZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy

# MDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDov

# L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1l

# LVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUE

# DDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAgEAQBBa2/tYCCbL/xii0ts2

# r5tnpNe+5pOMrugbkulYiLi9HttGDdnXV3olIRHYZNxUbaPxg/d5OUiMjSel/qfL

# kDDsSNt2DknchMyycIe/n7btCH/Mt8egCdEtXddjme37GKpYx1HnHJ3kvQ1qoqR5

# PLjPJtmWwYUZ1DfDOIqoOK6CRpmSmfRXPGe2RyYDPe4u3yMgPYSR9Ne89uVqwyZc

# WqQ+XZjMjcs83wFamgcnpgqAZ+FZEQhjSEsdMUZXG/d1uhDYSRdTQYzJd3ClRB1u

# HfGNDWYaXVw7Xi5PR4GycngiNnzfRgawktQdWpPtfeDxomSi/PoLSuzaKwKADELx

# ZGIKx61gmH41ej6LgtzfgOsDga3JFTh0/T1CAyuQAwh+Ga2kInXkvSw/4pihzNyO

# Imsz5KHB3BRwfcqOXfZTCWfqZwAFoJUEIzFoVKpxP5ZQPhKo2ztJQMZZlLVYqFVL

# MIU96Sug4xUVzPy1McE7bbn89cwYxC5ESGfLgstWJDMXwRcBKLP0BSJQ2hUr1J+C

# IlmQN1S3wBI8udYicCto0iB8PtW4wiPhQR3Ak0R9qT9/oeQ5UOQGf3b3HzawEz9c

# MM9uSK/CoCjmx0QiGB+FSNla5jm6EhxRu/SWx3ZD1Uo3y8U7k7KIeRc6FNbebqxt

# K8LpaGWRWcU5K8X8k5Ib5owwggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAA

# AAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz

# aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv

# cnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBB

# dXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwx

# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt

# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p

# Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOC

# Ag8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YB

# f2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKD

# RLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus

# 9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTj

# kY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56

# KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39

# IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHo

# vwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJo

# LhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMh

# XV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREd

# cu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEA

# AaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqn

# Uv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnp

# cjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRw

# Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0w

# EwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEw

# CwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/o

# olxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNy

# b3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYt

# MjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5t

# aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5j

# cnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+

# TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2Y

# urYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4

# U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJ

# w7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb

# 30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ

# /gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGO

# WhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFE

# fnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJ

# jXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rR

# nj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUz

# WLOhcGbyoYIC1zCCAkACAQEwggEAoYHYpIHVMIHSMQswCQYDVQQGEwJVUzETMBEG

# A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj

# cm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBP

# cGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjhENDEt

# NEJGNy1CM0I3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl

# oiMKAQEwBwYFKw4DAhoDFQDhPIrMfCAXlT0sHg/NOZeUHXoOQqCBgzCBgKR+MHwx

# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt

# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p

# Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBBQUAAgUA5gte

# /zAiGA8yMDIyMDQyMTEyNDEzNVoYDzIwMjIwNDIyMTI0MTM1WjB3MD0GCisGAQQB

# hFkKBAExLzAtMAoCBQDmC17/AgEAMAoCAQACAgdeAgH/MAcCAQACAhFLMAoCBQDm

# DLB/AgEAMDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMH

# oSChCjAIAgEAAgMBhqAwDQYJKoZIhvcNAQEFBQADgYEAnpK6KP5+5e9ynQ6vXwU+

# ros6FXZMXaQr4nerDAa+rpwXNKu4YrAB23fLhqCFR/hgNdb7W8cneB0InLNdLEXI

# UJLFyM+1H7G6K8ilosXDWeIzlD46Kny5b09vH5gS2rEOLVq1y5fdMA4ENatGqtOw

# TPoyzNGAVzTbQ4dSrl0Ri34xggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzET

# MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV

# TWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1T

# dGFtcCBQQ0EgMjAxMAITMwAAAYguzcaBQeG8KgABAAABiDANBglghkgBZQMEAgEF

# AKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEi

# BCBwUlra92OyLxTYG6FLzqxQStOO9BGoKkaZehp+EiQSVjCB+gYLKoZIhvcNAQkQ

# Ai8xgeowgecwgeQwgb0EIGbp3u2sBjdGhIL4z+ycjtzSpe4bLV/AoYaypl7SSUCl

# MIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO

# BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEm

# MCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAGILs3G

# gUHhvCoAAQAAAYgwIgQg/GyMfYlzdRbSWfw5eSSO9tdKHCaKv0CS7p93+iRgs48w

# DQYJKoZIhvcNAQELBQAEggIAbXBtY7XLHMMj/eUN+7mkXSup0laRf8e5KRsAW7XI

# rw8wIa22uCMviIJq0xPuIq9EBLG3lKTb5yHXJSzT1R7l1BdYF4L9B63DlM3DbQ58

# 3U13fZQFu5oMbiD6n+EPuS2Zxupx3QaYdZalVBeJCWzf9Hn/w+6vs8JB6x5AOSDV

# b7jqMibMv1mQFcheBOL8woCg4zT7mGBNXvvA5KuOw9PvQfH2M9d41HhULOwss1ho

# Pm3PvOk6Yz04PPv7FPUX8b2G1Oi65WxL/E695YFeNEFujKTzXQFLDSzwuh1uF0na

# M3H1GSpTH4vq/8pZn7k/3n10UD2gioK5/4s6xUTJlcLWNqJZ0cyH/xryiVbjCO/o

# Cut+xNOy+1+2VDGoYTWJOpL6d/Bfop/EAbJ0FziBfPAlKZG4IEz28Lv91kreP4C4

# SMQxhaQLGMN/CYIpdzTB/Da/vc4NuyTyB5XRHdZYRyThp9voVXawTXki918yENjT

# SvtdZTM6IekpBsZGz8lddfH8nHcY/XAErQGgDxDkApWVdfDu2fIFhBVSsoYGSYSp

# sodlFxaPXFJQNKjKnO3Oi9ZesNHmhRI0w0OCJ0rqe/CNZVVkikpScW2Hvcd/L/hQ

# Ix24eezN6a+sH/ZHH45QHbQG4u1he7GBueYQAB/msV+ZgqRiR+LD7Mkz7crK0XAJ

# QlA=

# SIG # End signature block