private/review/entra/identity/users/Invoke-ReviewEntraHideKeepMeSignedIn.ps1
function Invoke-ReviewEntraHideKeepMeSignedIn { <# .SYNOPSIS If "Show keep user signed in" is enabled in Entra ID. .DESCRIPTION Returns review object. .EXAMPLE Invoke-ReviewEntraHideKeepMeSignedIn; #> [cmdletbinding()] param ( ) BEGIN { # URI to the API. $uri = 'https://main.iam.ad.ext.azure.com/api/LoginTenantBrandings/0'; # Hide keep me signed in flag. $hideKeepMeSignedIn = $false; } PROCESS { try { # Write to log. Write-Log -Category 'Entra' -Subcategory 'Identity' -Message ("Getting 'Show keep user signed' login settings") -Level Debug; # Get the Entra ID property settings. $entraIdProperties = Invoke-EntraIdIamApi -Uri $uri -Method 'GET' -ErrorAction SilentlyContinue; # Write to log. Write-Log -Category 'Entra' -Subcategory 'Identity' -Message ("'Show keep user signed' is set to '{0}'" -f $entraIdProperties.hideKeepMeSignedIn) -Level Debug; # If the setting is set to true. if ($true -eq $entraIdProperties.hideKeepMeSignedIn) { # Set flag. $hideKeepMeSignedIn = $true; } } catch { # Write to log. Write-Log -Category 'Entra' -Subcategory 'Identity' -Message ("Not able to get 'Show keep user signed', this is usually because user have never modified the setting (default setting is 'true')" -f $entraIdProperties.hideKeepMeSignedIn) -Level Debug; } } END { # Bool for review flag. [bool]$reviewFlag = $false; # If review flag should be set. if ($false -eq $hideKeepMeSignedIn) { # Should be reviewed. $reviewFlag = $true; } # Create new review object to return. [Review]$review = [Review]::new(); # Add to object. $review.Id = '08798711-af3c-4fdc-8daf-947b050dca95'; $review.Category = 'Microsoft Entra Admin Center'; $review.Subcategory = 'Identity'; $review.Title = 'Ensure the option to remain signed in is hidden'; $review.Data = [PSCustomObject]@{ HideKeepMeSignedIn = $hideKeepMeSignedIn; }; $review.Review = $reviewFlag; # Print result. $review.PrintResult(); # Return object. return $review; } } |