T0pCyber · T0pCyber · Dec 15, 2024 · Dec 9, 2024
diff --git a/Hawk/Hawk.psd1 b/Hawk/Hawk.psd1
@@ -3,7 +3,7 @@
 	RootModule         = 'Hawk.psm1'
 
 	# Version number of this module.
-	ModuleVersion      = '3.1.2'
+	ModuleVersion      = '3.2.3'
 
 	# ID used to uniquely identify this module
 	GUID               = '1f6b6b91-79c4-4edf-83a1-66d2dc8c3d85'
@@ -72,7 +72,7 @@
 	'Get-HawkUserAutoReply',
 	'Get-HawkUserMessageTrace',
 	'Get-HawkUserMobileDevice',
-	'Get-HawkTenantAZAdmin',
+	'Get-HawkTenantEntraIDAdmin',
 	'Get-HawkTenantEXOAdmins',
 	'Get-HawkTenantMailItemsAccessed',
 	'Get-HawkTenantAppAndSPNCredentialDetail',

diff --git a/Hawk/changelog.md b/Hawk/changelog.md
@@ -54,3 +54,24 @@
 - Added logging filepath checking the Start-HawkUserInvestigation.ps1
 - Updated Get-HawkTenantAZAdmins.ps1. Removed AzureAD module. Added MS Graph cmdlets.
 - Updated contact email
+
+## 3.1.2 (2024-12-01)
+
+- Removed Robust Cloud Command from build as it was not being used in the code base anymore
+- Updated PowerShell API key in GitHub to fix build.yml issue where the Hawk would not publish to gallery on merge to main
+
+## 3.2.3 (2024-12-09)
+
+- **Migration to Microsoft Graph**: Replaced all AzureAD functionality with Microsoft Graph commands, including updates to functions like `Get-HawkTenantAppAndSPNCredentialDetails` (now using `Get-MgServicePrincipal` and `Get-MgApplication`).
+
+- **Directory Role Management**: Updated `Get-HawkTenantAZAdmins` to use Microsoft Graph (`Get-MgRoleDefinition` and `Get-MgRoleAssignment`), renamed to `Get-HawkTenantEntraIDAdmin`, and enhanced output for better role tracking.
+
+- **Consent Grant Updates**: Migrated `Get-HawkTenantConsentGrant` to Graph commands (`Get-MgOauth2PermissionGrant` and `Get-MgServicePrincipalAppRoleAssignment`), ensuring consistent output and backward compatibility.
+
+- **Removed AzureAD Dependencies**: Eliminated AzureAD references in the Hawk.psd1 manifest and removed the deprecated `Test-AzureADConnection.ps1`. Updated manifest to rely solely on Microsoft Graph modules (v2.25.0).
+
+- **Simplified Authentication**: Streamlined Graph API connections by removing unnecessary commands like `Select-MgProfile` and improving `Test-GraphConnection` for default behaviors.
+
+- **Improved Logging and Naming**: Standardized log outputs (e.g., `AzureADUsers` to `EntraIDUsers`) and aligned function outputs with updated naming conventions.
+
+- This release completes the migration to Microsoft Graph, fully deprecating AzureAD and aligning Hawk with modern Microsoft standards.
diff --git a/Hawk/functions/Tenant/Get-HawkTenantAppAndSPNCredentialDetail.ps1 b/Hawk/functions/Tenant/Get-HawkTenantAppAndSPNCredentialDetail.ps1
@@ -40,10 +40,10 @@
         $spnResults = @()
         $appResults = @()
 
-        Out-LogFile "Collecting Azure AD Service Principals"
+        Out-LogFile "Collecting Entra ID Service Principals"
         try {
             $spns = Get-MgServicePrincipal -All | Sort-Object -Property DisplayName
-            Out-LogFile "Collecting Azure AD Registered Applications"
+            Out-LogFile "Collecting Entra ID Registered Applications"
             $apps = Get-MgApplication -All | Sort-Object -Property DisplayName
         }
         catch {

diff --git a/...unctions/Tenant/Get-HawkTenantAZAdmin.ps1 → ...ons/Tenant/Get-HawkTenantEntraIDAdmin.ps1 b/...unctions/Tenant/Get-HawkTenantAZAdmin.ps1 → ...ons/Tenant/Get-HawkTenantEntraIDAdmin.ps1
@@ -1,15 +1,16 @@
-Function Get-HawkTenantAZAdmin {
+Function Get-HawkTenantEntraIDAdmin {
     <#
     .SYNOPSIS
-        Tenant Azure Active Directory Administrator export using Microsoft Graph.
+        Tenant Microsoft Entra ID Administrator export using Microsoft Graph.
     .DESCRIPTION
-        Tenant Azure Active Directory Administrator export. Reviewing administrator access is key to knowing who can make changes
+        Tenant Microsoft Entra ID Administrator export. Reviewing administrator access is key to knowing who can make changes
         to the tenant and conduct other administrative actions to users and applications.
     .EXAMPLE
-        Get-HawkTenantAZAdmin
-        Gets all Azure AD Admins
+        Get-HawkTenantEntraIDAdmin
+        Gets all Entra ID Admins
     .OUTPUTS
-        AzureADAdministrators.csv
+        EntraIDAdministrators.csv
+        EntraIDAdministrators.json
     .LINK
         https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.directorymanagement/get-mgdirectoryrole
     .NOTES
@@ -23,68 +24,75 @@
             if ([string]::IsNullOrEmpty($Hawk.FilePath)) {
                 Initialize-HawkGlobalObject
             }
-            Out-LogFile "Gathering Azure AD Administrators"
+            Out-LogFile "Gathering Microsoft Entra ID Administrators"
 
+            # Verify Graph API connection
             Test-GraphConnection
+            Send-AIEvent -Event "CmdRun"
         }
 
         PROCESS {
             try {
-                # Get all directory roles
+                # Retrieve all directory roles from Microsoft Graph
                 $directoryRoles = Get-MgDirectoryRole -ErrorAction Stop
                 Out-LogFile "Retrieved $(($directoryRoles | Measure-Object).Count) directory roles"
 
+                # Process each role and its members
                 $roles = foreach ($role in $directoryRoles) {
-                    # Get members for each role
+                    # Get all members assigned to current role
                     $members = Get-MgDirectoryRoleMember -DirectoryRoleId $role.Id -ErrorAction Stop
 
+                    # Handle roles with no members
                     if (-not $members) {
                         [PSCustomObject]@{
                             AdminGroupName = $role.DisplayName
                             Members = "No Members"
                             MemberType = "None"  # Added member type for better analysis
-                            MemberId = $null
+                            ObjectId = $null
                         }
                     }
                     else {
+                        # Process each member of the role
                         foreach ($member in $members) {
-                            # Determine member type and get appropriate properties
+                            # Check if member is a user
                             if ($member.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.user") {
                                 [PSCustomObject]@{
                                     AdminGroupName = $role.DisplayName
                                     Members = $member.AdditionalProperties.userPrincipalName
                                     MemberType = "User"
-                                    MemberId = $member.Id
+                                    ObjectId = $member.Id
                                 }
                             }
                             else {
-                                # Groups or Service Principals
+                                # Handle groups and service principals
                                 [PSCustomObject]@{
                                     AdminGroupName = $role.DisplayName
                                     Members = $member.AdditionalProperties.displayName
                                     MemberType = ($member.AdditionalProperties.'@odata.type' -replace '#microsoft.graph.', '')
-                                    MemberId = $member.Id
+                                    ObjectId = $member.Id
                                 }
                             }
                         }
                     }
                 }
 
+                # Export results if any roles were found
                 if ($roles) {
-                    $roles | Out-MultipleFileType -FilePrefix "AzureADAdministrators" -csv -json
-                    Out-LogFile "Successfully exported Azure AD Administrators data"
+                    $roles | Out-MultipleFileType -FilePrefix "EntraIDAdministrators" -csv -json
+                    Out-LogFile "Successfully exported Microsoft Entra ID Administrators data"
                 }
                 else {
                     Out-LogFile "No administrator roles found or accessible" -notice
                 }
             }
             catch {
-                Out-LogFile "Error retrieving Azure AD Administrators: $($_.Exception.Message)" -notice
+                # Handle and log any errors during execution
+                Out-LogFile "Error retrieving Microsoft Entra ID Administrators: $($_.Exception.Message)" -notice
                 Write-Error -ErrorRecord $_ -ErrorAction Continue
             }
         }
 
         END {
-            Out-LogFile "Completed exporting Azure AD Admins"
+            Out-LogFile "Completed exporting Microsoft Entra ID Admins"
         }
     }
diff --git a/Hawk/functions/Tenant/Start-HawkTenantInvestigation.ps1 b/Hawk/functions/Tenant/Start-HawkTenantInvestigation.ps1
@@ -86,9 +86,9 @@
 		Get-HawkTenantConsentGrant
 	}
 
-	if ($PSCmdlet.ShouldProcess("Azure Admins", "Get Azure admin list")) {
-		Out-LogFile "Running Get-HawkTenantAZAdmin" -action
-		Get-HawkTenantAZAdmin
+	if ($PSCmdlet.ShouldProcess("Azure Admins", "Get Entra ID admin list")) {
+		Out-LogFile "Running Get-HawkTenantEntraIDAdmin" -action
+		Get-HawkTenantEntraIDAdmin
 	}
 
 	if ($PSCmdlet.ShouldProcess("App and SPN Credentials", "Get credential details")) {