Revise Entra report header with new exclusion info and documentation …

…name (#1529) * Remove outdated reference to README file from AAD header * Add language explaining exclusions in the Entra HTML report header * added entra policy 3.7 to the configuration file documentation since it was missing * slight tweak to the first sentence explaining config file exclusions to align with the prose that is on the respective documentation page. --------- Co-authored-by: Ted Kolovos <[email protected]>
cisagov · Feb 5, 2025 · b05285d · b05285d
1 parent 8eb26a0
commit b05285d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/PowerShell/ScubaGear/Modules/CreateReport/CreateReport.psm1 b/PowerShell/ScubaGear/Modules/CreateReport/CreateReport.psm1
@@ -225,9 +225,10 @@ function New-Report {
 
     # Finish building the html report
     $Title = "$($FullName) Baseline Report"
-    $AADWarning = "Exclusions must only be used if they are approved within an organization's security risk acceptance process.
-    Please reference <a href=`"$($ScubaGitHubUrl)/blob/v$($SettingsExport.module_version)/docs/configuration/configuration.md#entra-id-configuration`" target=`"_blank`">this section in the README file</a>
-    file for a list of the policies that accept exclusions and the instructions for setting up exclusions in the configuration file.
+    $AADWarning = "The ScubaGear configuration file provides the capability to exclude specific users or groups from some of the Entra ID policy checks.
+    Exclusions must only be used if they are approved within an organization's security risk acceptance process.
+    See <a href=`"$($ScubaGitHubUrl)/blob/v$($SettingsExport.module_version)/docs/configuration/configuration.md#entra-id-configuration`" target=`"_blank`">this section in the product documentation</a>
+    for a list of the policies that accept exclusions and the instructions for setting up exclusions in the configuration file.
     <i>Exclusions can introduce grave risks to your system and must be managed carefully.</i>"
     $NoWarning = "<br/>"
     Add-Type -AssemblyName System.Web

diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md
@@ -149,6 +149,7 @@ CapExclusions are supported for the following policies:
 - MS.AAD.3.1v1
 - MS.AAD.3.2v1
 - MS.AAD.3.6v1
+- MS.AAD.3.7v1
 - MS.AAD.3.8v1
 
 #### Privileged User Policy Exclusions