Skip to main content
Version: 2.1.0

Installation guide

  • Install the M365Advisor PowerShell module, Pester, and the out-of-the-box tests.
Install-Module Pester -SkipPublisherCheck -Force -Scope CurrentUser
Install-Module M365Advisor -Scope CurrentUser

md m365advisor-tests
cd m365advisor-tests
Install-M365AdvisorTests
  • Sign into your Microsoft 365 tenant and run the tests.
Connect-M365Advisor
Invoke-M365Advisor

Invoke-M365Advisorโ€‹

To learn more about the Invoke-M365Advisor cmdlet including how to filter tests, and customize the run of the Pester configuration, see the Invoke-M365Advisor documentation.

Optional modules and permissionsโ€‹

M365Advisor includes optional CISA tests that require additional permissions and modules to run. These optional tests are skipped if the modules are not installed or there is no active connection.

Installing Azure, Exchange Online, and Teams modulesโ€‹

Install-Module Az.Accounts, ExchangeOnlineManagement, MicrosoftTeams -Scope CurrentUser

The Security & Compliance PowerShell module is dependent on the ExchangeOnlineManagement Connect-IPPSSession cmdlet.

Connecting to Azure, Exchange, and other servicesโ€‹

In order to run all the CISA tests, you need to connect to the Azure, Exchange Online, and other modules.

For a more detailed introduction to these concepts see the Connect-M365Advisor documentation.

Run the following command to interactively connect to the Azure, Microsoft Graph, Exchange Online, and other modules. A sign-in window will appear for each module.

Connect-M365Advisor -Service All

Permissionsโ€‹

Exchange Online implements a role-based access control model. The controls these cmdlets test require minimum roles of either of the following:

  • View-Only Configuration OR
  • O365SupportViewConfig

Installing Azure DevOps PowerShell moduleโ€‹

Install-Module ADOPS -Scope CurrentUser

Connecting to Azure DevOpsโ€‹

In order to run all the Azure DevOps tests, you need to connect to Azure DevOps.

This is currently not included as part of Connect-M365Advisor and must be called separately. Run the following command to interactively connect using the Azure DevOps modules. A sign-in window will appear.

Example with PowerShell variable

$AdoPSAllowInsecureAPIs = $true
Import-Module ADOPS
Connect-ADOPS -Organization <Name Of DevOps Organization>

Example with ArgumentList

Import-Module ADOPS -ArgumentList $true
Connect-ADOPS -Organization <Name Of DevOps Organization>

Note: Some of the API endpoints used for Azure DevOps tests use unsupported endpoints. To allow usage of unsupported endpoints, you must set $true in the argumentlist when importing the module, or set a PowerShell variable called "$AdoPSAllowInsecureAPIs" to $true before importing the module. Reference: https://github.com/AZDOPS/AZDOPS/issues/248

Permissionsโ€‹

Azure DevOps implements a role-based access control model. The controls these cmdlets test require the minimum role of:

  • Project-Scoped Users at Organization level

Next Stepsโ€‹