internal/Write-RecommendationsReport.ps1
function Write-RecommendationsReport($data, $recommendationsList) { $html = @' <head><title>Azure AD Assessment - Recommendations</title></head> <script type="module" src="https://cdn.jsdelivr.net/gh/zerodevx/zero-md@1/src/zero-md.min.js"></script> <zero-md> <script type="text/markdown"> @@MARKDOWN@@ </script> </zero-md> '@ $qna = $data['QnA.json'] $md = "# Azure AD Assessment - Recommendations`n" $md += " | | |`n" $md += " | --- | --- |`n" $md += " |**Organization Name**|$(Get-ObjectPropertyValue $qna['AD_OrgName'] 'value')|`n" $md += " |**Tenant ID**|$(Get-ObjectPropertyValue $qna['AD_TenantId'] 'value')|`n" $md += " |**Organization Primary Contact**|$(Get-ObjectPropertyValue $qna['AD_OrgPrimaryContact'] 'value')|`n" $md += " |**Assessment Carried Out By**|$(Get-ObjectPropertyValue $qna['AD_AssessorName'] 'value')|`n" $md += " |**Assessment Date**|$(Get-ObjectPropertyValue $qna['AD_AssessmentDate'] 'value')|`n" $md += "## Assessment Summary`n" $md += "The table below lists a summary of the findings for this tenant.`n" $md += Get-PrioritySummaryTable $recommendationsList $md += "`n## Assessment Details`n" $md += "Click on the name of the check to learn more about the finding and how you can remediate the issue.`n`n" $md += "`n |**Category**|**Area**|**Name**|**Status**|`n" $md += " | --- | --- | --- | --- |`n" $recommendationsList = $recommendationsList | Sort-Object SortOrder,Category,Area,ID,Name foreach ($reco in $recommendationsList) { $md += " | $($reco.Category) | $($reco.Area) | [$(Get-RecoTitle $reco)](#$(Get-RecoTitleLink $reco)) | $(Get-PriorityIcon($reco)) $($reco.Priority) |`n" } $md += @' ## Overview This document describes the checks performed during the Azure Active Directory (Azure AD) Configuration Assessment workshop around the following Identity and Access Management (IAM) areas: - **Identity Management:** Ability to manage the lifecycle of identities and their entitlements - **Access Management:** Ability to manage credentials, define authentication experience, delegate assignment, measure usage, and define access policies based on enterprise security posture - **Governance:** Ability to assess and attest the access granted non-privileged and privileged identities, audit and control changes to the environment - **Operations:** Optimize the operations Azure Active Directory (Azure AD) Each category is divided into different checks. Then, each check defines some recommendations as follows: - **🟥 P0:** Implement as soon as possible. This typically indicates a security risk - **🟧 P1:** Implement over the next 30 days. This typically indicates an operational gap - **🟨 P2:** Implement over the next 60 days. This typically indicates optimization in the current operation to make better use of Azure AD provided capabilities - **🟦 P3:** Implement after 60+ days. This is a cleanup, streamlining recommendation. Each check may contain several forms of results: - **Summaries:** Notable findings illustrating the current state of the environment being assessed. - **Recommendations** : Actionable items that improve the alignment of the environment with Microsoft's best practices. - **Data Reports** : Reports based on data elements retrieved directly from the environment. Some checks might not be applicable at the time of the assessment due to customers' environment (e.g. AD FS best practices might not apply if customer uses password hash sync). Please be aware of the following disclaimers - The recommendations in this document are current as of the date of this engagement. This changes constantly, and customers should be continuously evaluating their IAM practices as Microsoft products and services evolve over time - The recommendations are based on the data provided during the interview, and telemetry. - The recommendations cover several IAM areas, but there is not meant to be taken as of absolute coverage '@ foreach ($reco in $recommendationsList) { $md += "`n`n[⤴️ Back To Summary](#assessment-summary)`n" $md += "## $(Get-RecoTitle $reco)`n" $md += "### Priority → $(Get-PriorityIcon($reco)) $($reco.Priority)`n" $md += "> $($reco.Category) > $($reco.Area)`n`n" $md += "### Summary`n" $md += "$($reco.Summary)`n" $md += "### Recommendation`n" $md += "$($reco.Recommendation)`n" $md += "`n" if($null -ne $reco.Data -and ((Get-ObjectPropertyValue $reco.Data 'Length') -and $reco.Data.Length -gt 0)){ $md += "`n |" $hr = "`n |" foreach($prop in $reco.Data[0].PsObject.Properties){ $md += "$($prop.Name)|" $hr += " --- |" } $md += $hr foreach ($item in $reco.Data) { $md += "`n |" foreach($prop in $item.PsObject.Properties){ $md += "$($prop.Value)|" } } } $md += "`n`n" } $md += "`n`n" $html = $html.Replace("@@MARKDOWN@@", $md) $htmlReportPath = Join-Path $OutputDirectory "AssessmentReport.html" #Set-Content -Path $htmlReportPath -Value $html $Utf8BomEncoding = New-Object System.Text.UTF8Encoding $true [System.IO.File]::WriteAllLines($htmlReportPath, $html, $Utf8BomEncoding) try { Invoke-Item $htmlReportPath -ErrorAction SilentlyContinue } catch {} } function Get-RecoTitle($reco){ return "$($reco.ID) - $($reco.Name)" } function Get-RecoTitleLink($reco){ $title = Get-RecoTitle $reco return $title.ToLower().Replace(" ", "-").Replace('"', '') } function Set-SortOrder($reco){ $priority = Get-ObjectPropertyValue $reco 'Priority' switch ($priority) { 'N/A' { $reco.SortOrder = 20 } # Show last 'Passed' { $reco.SortOrder = 10 } 'P0' { $reco.SortOrder = 0 } 'P1' { $reco.SortOrder = 1 } 'P2' { $reco.SortOrder = 2 } 'P3' { $reco.SortOrder = 3 } Default { $reco.SortOrder = 7 } } } function Get-PriorityIcon($reco){ $priority = Get-ObjectPropertyValue $reco 'Priority' return Get-IconForPriority $priority } function Get-IconForPriority($priority){ switch ($priority) { 'Passed' { $icon = "✅" } 'P0' { $icon = "🟥" } 'P1' { $icon = "🟧" } 'P2' { $icon = "🟨" } 'P3' { $icon = "🟦" } 'Not Answered' { $icon = "❓" } 'N/A' { $icon = "" } Default { $icon = "🟪" } } return $icon } function Get-PrioritySummaryTable { param ( $recommendationsList ) $summary = $recommendationsList.Priority | Group-Object -NoElement | Select-Object Name, Count $p0 = 0; $p1 = 0; $p2 = 0; $p3 = 0; $passed = 0 foreach ($item in $summary) { switch ($item.Name) { 'P0' { $p0 = $item.Count } 'P1' { $p1 = $item.Count } 'P2' { $p2 = $item.Count } 'P3' { $p3 = $item.Count } 'Passed' { $passed = $item.Count } Default {} } } $md = "`n`n | $(Get-IconForPriority 'P0') P0 | $(Get-IconForPriority 'P1') P1 | $(Get-IconForPriority 'P2') P2 | $(Get-IconForPriority 'P3') P3 | $(Get-IconForPriority 'Passed') Passed |" foreach ($item in $summary) { if($item.Name -notin 'P0', 'P1', 'P2', 'P3', 'Passed', 'N/A' ){ $md += " $(Get-IconForPriority $item.Name) $($item.Name) | " } } $md += "`n | :-: | :-: | :-: | :-: | :-: |" foreach ($item in $summary) { if($item.Name -notin 'P0', 'P1', 'P2', 'P3', 'Passed', 'N/A' ){ $md += " :-: |" } } $md += "`n | $($p0) | $($p1) | $($p2) | $($p3) | $($passed) |" foreach ($item in $summary) { if($item.Name -notin 'P0', 'P1', 'P2', 'P3', 'Passed', 'N/A' ){ $md += "$($item.Count) | " } } return $md } # SIG # Begin signature block # MIInuwYJKoZIhvcNAQcCoIInrDCCJ6gCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD8zVOziMBSeaR9 # 9FizR2LMph+Qb0bOAkpB5pxXHl+rY6CCDYUwggYDMIID66ADAgECAhMzAAACzfNk # v/jUTF1RAAAAAALNMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjIwNTEyMjA0NjAyWhcNMjMwNTExMjA0NjAyWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDrIzsY62MmKrzergm7Ucnu+DuSHdgzRZVCIGi9CalFrhwtiK+3FIDzlOYbs/zz # HwuLC3hir55wVgHoaC4liQwQ60wVyR17EZPa4BQ28C5ARlxqftdp3H8RrXWbVyvQ # aUnBQVZM73XDyGV1oUPZGHGWtgdqtBUd60VjnFPICSf8pnFiit6hvSxH5IVWI0iO # nfqdXYoPWUtVUMmVqW1yBX0NtbQlSHIU6hlPvo9/uqKvkjFUFA2LbC9AWQbJmH+1 # uM0l4nDSKfCqccvdI5l3zjEk9yUSUmh1IQhDFn+5SL2JmnCF0jZEZ4f5HE7ykDP+ # oiA3Q+fhKCseg+0aEHi+DRPZAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU0WymH4CP7s1+yQktEwbcLQuR9Zww # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzQ3MDUzMDAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AE7LSuuNObCBWYuttxJAgilXJ92GpyV/fTiyXHZ/9LbzXs/MfKnPwRydlmA2ak0r # GWLDFh89zAWHFI8t9JLwpd/VRoVE3+WyzTIskdbBnHbf1yjo/+0tpHlnroFJdcDS # MIsH+T7z3ClY+6WnjSTetpg1Y/pLOLXZpZjYeXQiFwo9G5lzUcSd8YVQNPQAGICl # 2JRSaCNlzAdIFCF5PNKoXbJtEqDcPZ8oDrM9KdO7TqUE5VqeBe6DggY1sZYnQD+/ # LWlz5D0wCriNgGQ/TWWexMwwnEqlIwfkIcNFxo0QND/6Ya9DTAUykk2SKGSPt0kL # tHxNEn2GJvcNtfohVY/b0tuyF05eXE3cdtYZbeGoU1xQixPZAlTdtLmeFNly82uB # VbybAZ4Ut18F//UrugVQ9UUdK1uYmc+2SdRQQCccKwXGOuYgZ1ULW2u5PyfWxzo4 # BR++53OB/tZXQpz4OkgBZeqs9YaYLFfKRlQHVtmQghFHzB5v/WFonxDVlvPxy2go # a0u9Z+ZlIpvooZRvm6OtXxdAjMBcWBAsnBRr/Oj5s356EDdf2l/sLwLFYE61t+ME # iNYdy0pXL6gN3DxTVf2qjJxXFkFfjjTisndudHsguEMk8mEtnvwo9fOSKT6oRHhM # 9sZ4HTg/TTMjUljmN3mBYWAWI5ExdC1inuog0xrKmOWVMIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGYwwghmIAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAALN82S/+NRMXVEAAAAA # As0wDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIDE9 # 9C0KARI/SV3sqfQrTjAD9n9Zw602lA447P9cLfs1MEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAkd/cn+0R+tn6Z9wfWC/n5QOBkjbS2omK7k2A # Xh52hBmafj61BKI1VI5ckpsKqIWY2DLMtxk8ZYnA03S39+gZyApW7fNaW+qudbrJ # KCWHT8TyyGZZ8Zcjm54pQVuVF+guqsH5GeRwusmZ467oqAmjtNbvs2+D1sfE8m6T # niX7LfiWVQdJ0NbuwaE+x/knnc5QWn9W3ubsyXB6vRoNGrKA755AUO0cARe7mXWz # aby/dhXkNa26YliBdXtWyOfTooV9BUlVcQDg+EZD3mehGYwFN/TW8NBTogZOpddJ # XAJJ+kLP2r6053ZXvrpd415g8kE4K+I3qRGEmK4QQfu+WT0T2qGCFxYwghcSBgor # BgEEAYI3AwMBMYIXAjCCFv4GCSqGSIb3DQEHAqCCFu8wghbrAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCBRdcvJ1mjlMbb4wLmn1MkZ3u/mbkFzUp1I # IfQCslHZogIGYxIIEZeCGBMyMDIyMDkwNjIxNDAyNi41ODdaMASAAgH0oIHYpIHV # MIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsT # HVRoYWxlcyBUU1MgRVNOOjA4NDItNEJFNi1DMjlBMSUwIwYDVQQDExxNaWNyb3Nv # ZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIRZTCCBxQwggT8oAMCAQICEzMAAAGHQhZm # BFzz9I0AAQAAAYcwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTAwHhcNMjExMDI4MTkyNzM5WhcNMjMwMTI2MTkyNzM5WjCB0jELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9z # b2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMg # VFNTIEVTTjowODQyLTRCRTYtQzI5QTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt # U3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL5p # eBljPQOj0REIh4GQADyup/k4epvi2MCmC2kBZWV206q6HYbJ4ux1SEZKgRbhvKIN # Sma8tNsRJpm3afPTuNMQiEH1vBSlu6Dv5WGLVAEFtpKdLjLmBCdV5Genh43DLqhC # cAuO1GpGcdwHpGpD/hnxrgwzvZGRkEXvCKYoieEJJ+pmw4W0aYHFDnbA85jc+pFx # u4HyH4HLOZM7iiD+pzeLbIz4chefFVNGXyND0gvp+Tl9IbFPIXlnt6VIg6+YKj9e # mupCIxSR5IDT2IDIrxk0CnIzcTXF558pk/yVbjbO2b5NT+Sln/BtVxvzLWWef47q # rINEKFJkGY1YdF0ZLu2KTKZLVu13xQN8vmCThtaVc4swdz8yV1AvDGvAFMsLVLlC # 1o2E+cu/xMMB1pp9UU9D4WKfZJqX0uhyGHxAW6GFL1C1th5xjX8euX+FJHO5IDUk # G3gB+sozuXYOjFMD386P6wXTWmXycWe0bHEwck7ZcW5X1E+OsjxwlwAol/wYWhxG # OHnRYKf3CG+1xxSW7uJjQwD80ZQJCI9UhrjvRuLG5IzPV6TTFoJY9nQvUCzf9IHg # RV6DSPBfh3x8OCaPqeokj/IZ+N5pJFikhjok+ISyc6HBKxZ7SuYvT3m10qtgbzIM # 1XPgQbwjd+Q3w9JqJESsWptrUDNOtEjkct0u7nHrAgMBAAGjggE2MIIBMjAdBgNV # HQ4EFgQUIlHAFrpBLWGBft1hc5mQPw2ljSAwHwYDVR0jBBgwFoAUn6cVXQBeYl2D # 9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3Nv # ZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy # MDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1l # LVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUE # DDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAgEAuat+U9kSowBUTf93GI5z # xc7T2uynqiSiZyoL4lI/SDHwvPxUNqMelMMneNE0u8yr7bjJddRRZX1pBJ3Dd5ao # oYkgKiAzznVb69aCWODRUATh8y6XrXqR5zINFC9lFx874yoNuFTiM29HbXT+vfkC # Mu0g6XFYfSiNBFyhtm6JaQcqakbbRkw3dCUJDrTHYkqWg6Th8IAjDVxPMSLuPIYr # k9O+aCKpxyYWt+/Pw6boCNA2Y2HGR9XBvOCdOrnKucoK6HfbM69fTmwmSXSS6cry # VgsvD0QwJEYzyYJUpn59lEdCr56Mgjs47MwMDQqfySZ5EadtMHiLc5ve4jYPhWRd # SfRNenliAdbAq+1Y/UA+irfs/NaznC0X8YZTtv7CtPVMPg4kJD27ujmd07A7y7K/ # MhvVtgPMl3IIDaneF6S7XRJH+djiDdBoES0mNSzQweCCmPmY9+CMDGw27NrAooOS # 4tiC1hDFf+oMi9+ye9TW1u1c6O33BqzZ3vTqsYBQtll+XXoMcid0sdmysOpW39OC # ml50wTks9EAvkXybs/JzqSH9vPlpjD4nF9pe4LPzKwuWp5siv523ipGjsfgF4cGC # 8xEzYPtSHMoI3cJ26limny3QjSn4bG/4DOUhW4A+QExF9WwMcFBVcSr0L9HSEQJu # Wg4xdw2aYL8t5kqI0qwTf/MwggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAA # AAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBB # dXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p # Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOC # Ag8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YB # f2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKD # RLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus # 9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTj # kY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56 # KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39 # IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHo # vwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJo # LhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMh # XV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREd # cu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEA # AaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqn # Uv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnp # cjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0w # EwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEw # CwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/o # olxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNy # b3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYt # MjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5t # aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5j # cnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+ # TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2Y # urYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4 # U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJ # w7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb # 30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ # /gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGO # WhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFE # fnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJ # jXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rR # nj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUz # WLOhcGbyoYIC1DCCAj0CAQEwggEAoYHYpIHVMIHSMQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBP # cGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjA4NDIt # NEJFNi1DMjlBMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl # oiMKAQEwBwYFKw4DAhoDFQB4d5NUBCgGRIbCxmBh7X/+gxuD86CBgzCBgKR+MHwx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p # Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBBQUAAgUA5sHM # bjAiGA8yMDIyMDkwNjIxNDEwMloYDzIwMjIwOTA3MjE0MTAyWjB0MDoGCisGAQQB # hFkKBAExLDAqMAoCBQDmwcxuAgEAMAcCAQACAiA1MAcCAQACAhKHMAoCBQDmwx3u # AgEAMDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSCh # CjAIAgEAAgMBhqAwDQYJKoZIhvcNAQEFBQADgYEAds2RnEjOMbtLaLydO4BO4vHm # J85xAGZNgfw/wYIeXa4FumqmG+0MRyTmINc69lZDWmKDxWzUQ8Hk5nqs8dXlv8Jz # /WGa3+vpxz58SoKTGK0jz/QGSDmR3OzC9LYbJAbALUlMjy6lxv0wmSuyl6DE+JC7 # xfpzZrW2Ea5wwArJ3b0xggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt # cCBQQ0EgMjAxMAITMwAAAYdCFmYEXPP0jQABAAABhzANBglghkgBZQMEAgEFAKCC # AUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCC9 # 4XtRKWFJN72vWiMiOIcu6sq1muHcz4cN0DhHNp7aBDCB+gYLKoZIhvcNAQkQAi8x # geowgecwgeQwgb0EIMQs8KATbqAfdsLAtksWYc+B1RsrwmZ8GDbnM6RsmptYMIGY # MIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG # A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAGHQhZmBFzz # 9I0AAQAAAYcwIgQgHU0JL4vZf0jUfiuJHpuiEMFsX4BFj2CUkI3OEc59VXgwDQYJ # KoZIhvcNAQELBQAEggIAPorRND33giIBAqJmQwadZhgrjE81tcpdMMyqdIzS/neQ # 2KJDq8+D+J9fVn6tHHw6Js7Q0/Q9H3sMvaADW1OwpaJdRpvEMa88nTFCTkd0YW6x # FnW7vknidzoeB7XM7Qmu9L7Et059MbQxdw2Zyk2RNOPrwozv3dTTYwBg7iX4mX0S # RH4DQvdOdqNyco6CgzuHNA5A1ER49LK5vFSaJ6Odg423YkY2EaZvZkYGd3fSaNyM # kLCbLZi93uPnp5y/bs2WTPYxfE4gnmla3T89gLKwoG424qV5fwkdRzKZ5OR547jO # Ga2whjRHsrKJUP4RT0AwgzPlurQdyhi04If0RZFeX8/CSEbUb7zoNuc3iZY8F88R # LZ+FUJXKR0f8VTYudjXZGAxrObk1hzAoyKdTQ5FkSw+Ok0AbFAB0+ty4fObntX/s # cVvgfsP8Qd1uiXNtPKnxNNZx/QcSfKBxwJoh1yoOzHX17QU9azfwJSIyEyuJCqbJ # 93tCKXnHUnJecKByDeg9XaFN6rjlJ5eOYSGv5EFyFIPUfh56H8pUjr78XYZp2Z5I # pllFBSeUZD3eSA+rCpb4cw5liylCOcRISTwhFErFF3Qac++lkoMOgOy3VYZTX2Gf # IGvGg1u+FpkNqxCqegiB9qcjGCCwcACsWuUKfWVlPUwv7mQ1jxBjC6HOo1dC5/U= # SIG # End signature block |