SystemAdmins.M365Assessment

1.0.12

private/review/entra/identity/users/Invoke-ReviewEntraHideKeepMeSignedIn.ps1

                                function Invoke-ReviewEntraHideKeepMeSignedIn

{

    <#

    .SYNOPSIS

        If "Show keep user signed in" is enabled in Entra ID.

    .DESCRIPTION

        Returns review object.

    .EXAMPLE

        Invoke-ReviewEntraHideKeepMeSignedIn;

    #>

    [cmdletbinding()]

    param

    (

    )

    BEGIN

    {

        # Write progress.

        Write-Progress -Activity $MyInvocation.MyCommand -Status 'Running' -CurrentOperation $MyInvocation.MyCommand.Name -PercentComplete -1 -SecondsRemaining -1;

        # URI to the API.

        $uri = 'https://main.iam.ad.ext.azure.com/api/LoginTenantBrandings/0';

        # Hide keep me signed in flag.

        $hideKeepMeSignedIn = $false;

    }

    PROCESS

    {

        try

        {

            # Write to log.

            Write-CustomLog -Category 'Entra' -Subcategory 'Identity' -Message ("Getting 'Show keep user signed' login settings") -Level Verbose;

            # Get the Entra ID property settings.

            $entraIdProperties = Invoke-EntraIdIamApi -Uri $uri -Method 'GET' -ErrorAction SilentlyContinue;

            # Write to log.

            Write-CustomLog -Category 'Entra' -Subcategory 'Identity' -Message ("'Show keep user signed' is set to '{0}'" -f $entraIdProperties.hideKeepMeSignedIn) -Level Verbose;

            # If the setting is set to true.

            if ($true -eq $entraIdProperties.hideKeepMeSignedIn)

            {

                # Set flag.

                $hideKeepMeSignedIn = $true;

            }

        }

        catch

        {

            # Write to log.

            Write-CustomLog -Category 'Entra' -Subcategory 'Identity' -Message ("Not able to get 'Show keep user signed', this is usually because user have never modified the setting (default setting is 'true')" -f $entraIdProperties.hideKeepMeSignedIn) -Level Verbose;

        }

    }

    END

    {

        # Bool for review flag.

        [bool]$reviewFlag = $false;

        # If review flag should be set.

        if ($false -eq $hideKeepMeSignedIn)

        {

            # Should be reviewed.

            $reviewFlag = $true;

        }

        # Create new review object to return.

        [Review]$review = [Review]::new();

        # Add to object.

        $review.Id = '08798711-af3c-4fdc-8daf-947b050dca95';

        $review.Category = 'Microsoft Entra Admin Center';

        $review.Subcategory = 'Identity';

        $review.Title = 'Ensure the option to remain signed in is hidden';

        $review.Data = [PSCustomObject]@{

            HideKeepMeSignedIn = $hideKeepMeSignedIn;

        };

        $review.Review = $reviewFlag;

        # Print result.

        $review.PrintResult();

        # Return object.

        return $review;

    }

}