All essential changes on EntraOps will be documented in this changelog.
- Type of Owners field is inconsistent #31
- Overall fix for multi-value fields as result of
Get-EntraOpsPrivilegedEntraObjectsto ensure valid and consistency of array type
- Overall fix for multi-value fields as result of
- Status of Restricted Management in Privileged EAM Workbook #28
- Added support for EligibilityBy and enhanced PIM for Groups support
- Added tenant root group as default for high privileged scopes
- Support for multiple scopes for high privileged
- Improvement in visualization of Privileged EAM Workbook
- Support to identify Privileged Auth Admin as Control Plane
- Order of ResourceApps by tiered levels
- Improvements to Ingest API processing (fix by weskroesbergen)
- Process files in batches of 50 to avoid errors hitting the 1Mb file limit for DCRs
- Various bug fixes for
Get-EntraOpsClassificationControlPlaneObjectscmdlet, including- Method invocation failed #27
- Avoid duplicated
ObjectAdminTierLevelNameentries - Correct scope of high privileged roles from Azure Resource Graph
- Correct description of
AdminTierLevelandAdminTierLevelNamefor classification of Control Plane roles without Role actions (e.g., Directory Synchronization Accounts)
Added support for Intune RBAC (Device Management) and new workbook for (Privileged) Workload Identities
- Support for Intune (Device Management) as Role System #16
- Workbook for Insights on Privileged Workload Identities #24
- Sensitive Directory Roles without role actions will be particular classified within classification process in
Export-EntraOpsClassificationDirectoryRoles#12 #25 - Introduction of
TaggedByforControlPlaneRolesWithoutRoleActionsto apply Control Plane classification of Microsoft Entra Connect directory roles
Introduction of capabilities to automate assignment of privileges to Conditional Access Groups and (Restricted Management) Administrative Units but also added WatchLists for Workload IDs.
- Automated update of Microsoft Sentinel WatchList Templates #8
- Automated coverage of privileged assets in CA groups and RMAUs #15
- Advanced WatchLists for Workload Identities #22
- Separated cmdlet for get classification for Control Plane scope #19
- Added support for -AsSecureString in Az PowerShell (upcoming breaking change) #20
- Added support for granting required permissions for automated assignment to CA and Administrative Unit
- Remove Azure from ValidateSet until it's available #18
Initial release of EntraOps Privileged EAM with features to automate setup for GitHub repository, classification and ingestion of privileges in Microsoft Entra ID, Identity Governance and Microsoft Graph App Roles.