private/review/admincenter/settings/Invoke-ReviewEntraIdPasswordPolicy.ps1
function Invoke-ReviewEntraIdPasswordPolicy { <# .SYNOPSIS If the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'. .DESCRIPTION Returns review object. .NOTES Requires the following modules: - Microsoft.Graph.Beta.Identity.DirectoryManagement .EXAMPLE Invoke-ReviewEntraIdPasswordPolicy; #> [cmdletbinding()] param ( ) BEGIN { # Object array to store the password policies. $passwordPolicies = New-Object System.Collections.ArrayList; # Write to log. Write-Log -Category 'Entra' -Subcategory 'Domains' -Message ("Getting all domains") -Level Debug; # Get all domains. $domains = Get-MgDomain -All; } PROCESS { # Foreach domain. foreach ($domain in $domains) { # Boolean for password never expire. $passwordNeverExpire = $false; # If the policy is set to never. if ($domain.PasswordValidityPeriodInDays -eq 2147483647 -or $null -eq $domain.PasswordValidityPeriodInDays) { # Set boolean to true. $passwordNeverExpire = $true; } # Write to log. Write-Log -Category 'Entra' -Subcategory 'Password Policy' -Message ("Password never expire is set to {0} for domain '{1}'" -f $passwordNeverExpire, $domain.id) -Level Debug; # Add to object array. $passwordPolicies += [PSCustomObject]@{ Name = $domain.Id; PasswordNeverExpire = $passwordNeverExpire; PasswordValidityInDays = $domain.PasswordValidityPeriodInDays; }; } } END { # Bool for review flag. [bool]$reviewFlag = $false; # If there is any password policies with password never expire. if ($passwordPolicies | Where-Object { $_.PasswordNeverExpire -eq $false }) { # Should be reviewed. $reviewFlag = $true; } # Create new review object to return. [Review]$review = [Review]::new(); # Add to object. $review.Id = '7ccac596-ee68-4f28-abe7-713c2b75a39e'; $review.Category = 'Microsoft 365 Admin Center'; $review.Subcategory = 'Settings'; $review.Title = "Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'"; $review.Data = $passwordPolicies; $review.Review = $reviewFlag; # Print result. $review.PrintResult(); # Return object. return $review; } } |