From f814ca4c7e4e07671225f6a2a0f3fb27dbf94575 Mon Sep 17 00:00:00 2001 From: Elliot Huffman Date: Wed, 15 Jan 2025 15:19:33 -0500 Subject: [PATCH 01/26] Set New Folder Structure Restructure the SHIELD products into their respective Deploy, Defend and Discover components rather than one hodgepodge of SHIELD all up. Additionally, add a place holder for the cloud matrix that will be built at some future date. --- docs/Data-Gateway/index.md | 3 + docs/Matrix/index.md | 3 + .../Architecture/Diagrams/Device-Assign.md | 0 .../Diagrams/Device-Commission.md | 0 .../Diagrams/Device-Decommission.md | 0 .../Architecture/Diagrams/Device-Unassign.md | 0 .../Architecture/Diagrams/User-Commission.md | 0 .../Diagrams/User-Decommission.md | 0 .../Architecture/Hardware-Selection.md | 0 .../Lifecycle/Privileged Device Workflows.md | 0 .../Custom-Apps/Corp-VM/Changelog.md | 0 .../Reference/Custom-Apps/Corp-VM/index.md | 0 .../ManagedInstaller-Config/Changelog.md | 0 .../ManagedInstaller-Config/index.md | 0 .../Custom-Apps/Security-Config/Changelog.md | 0 .../Security-Config/File-Changes.md | 0 .../Security-Config/Registry-Changes.md | 0 .../Custom-Apps/Security-Config/index.md | 0 .../Usage-Guide}/Device/0-Commission.md | 0 .../Usage-Guide}/Device/1-Decommission.md | 0 .../Usage-Guide}/Device/2-Assign.md | 0 .../Usage-Guide}/Device/3-Unassign.md | 0 .../Usage-Guide}/User/Commission.md | 0 .../Usage-Guide}/User/Decommission.md | 0 .../Usage-Guide}/index.md | 0 .../Identity-Protection-Policy.md | 0 .../Deployment/Azure-Marketplace.md | 0 .../Deployment/Manual-Deployment.md | 0 .../Required-Graph-API-Permissions.md | 0 .../Deployment/Scripts/Install-Sop.ps1 | 0 .../Prerequisites.md | 0 .../Securing-Privileged-Access.md | 0 .../Scripts/Uninstall-ShieldArchitecture.ps1 | 0 .../{ => Deploy}/Troubleshooting/Uninstall.md | 0 .../Usage-Guide}/MDE-Enable.md | 0 .../Usage-Guide}/index.md | 0 .../Discover/Architecture/Infrastructure.md | 0 .../Discover/Architecture/Process-Flow.md | 0 docs/{ => SHIELD}/Discover/Database-Schema.md | 0 .../Discover/Deployment/0-Prerequisites.md | 0 .../Discover/Deployment/Azure-SQL-Database.md | 0 .../Deployment/Silent-Installation.md | 0 .../Discover/Deployment/Standard-Install.md | 0 docs/{ => SHIELD}/Discover/Getting-Started.md | 0 .../Discover/Plugins/DefenderEndpoint.md | 0 .../Discover/Plugins/DefenderIdentity.md | 0 docs/{ => SHIELD}/Discover/Plugins/EntraID.md | 0 .../{ => SHIELD}/Discover/Plugins/Overview.md | 0 .../Discover/Reserved-Principals.md | 0 .../Discover/Supported-Licenses.md | 0 .../screenshots/AdvancedConfig-Dark.png | Bin .../screenshots/AdvancedConfig-Light.png | Bin .../images/screenshots/Dropdown-Dark.png | Bin .../images/screenshots/Dropdown-Light.png | Bin .../images/screenshots/Installer-Dark.png | Bin .../images/screenshots/Installer-Light.png | Bin .../assets/threat-models/infrastructure.tm7 | 0 docs/{ => SHIELD}/Discover/index.md | 0 .../Diagrams/Initialization-ServerAuth.md | 73 --------- .../Data-Formats/0-DeviceGroup-Description.md | 96 ------------ .../Data-Formats/2-PSM-IntuneScopeTag.md | 139 ------------------ .../Data-Formats/3-SSM-IntuneScopeTag.md | 122 --------------- .../Data-Formats/4-ESM-IntuneScopeTag.md | 122 --------------- ...-IntuneScopeTag.md => Intune Scope Tag.md} | 0 .../Class-Selector-Enterprise-Dark.png | Bin .../Class-Selector-Enterprise-Light.png | Bin .../Class-Selector-Privileged-Dark.png | Bin .../Class-Selector-Privileged-Light.png | Bin .../Class-Selector-Specialized-Dark.png | Bin .../Class-Selector-Specialized-Light.png | Bin .../Screenshots/Confirm-Unassign-Dark.png | Bin .../Screenshots/Confirm-Unassign-Light.png | Bin .../Core-Infrastructure-Deployment.png | Bin .../Decommission-Confirmation-Dialog-Dark.png | Bin ...Decommission-Confirmation-Dialog-Light.png | Bin .../Images/Screenshots/Home-Screen-Dark.png | Bin .../Images/Screenshots/Home-Screen-Light.png | Bin .../Select-Unmanaged-Device-Dark.png | Bin .../Select-Unmanaged-Device-Light.png | Bin .../Select-Unmanaged-User-Dark.png | Bin .../Select-Unmanaged-User-Light.png | Bin .../Select-User-to-Assign-Dark.png | Bin .../Select-User-to-Assign-Light.png | Bin .../Select-User-to-Remove-Dark.png | Bin .../Select-User-to-Remove-Light.png | Bin .../Select-User-to-Unassign-Dark.png | Bin .../Select-User-to-Unassign-Light.png | Bin .../Selected-Device-Decommission-Dark.png | Bin .../Selected-Device-Decommission-Light.png | Bin .../assets/Images/Screenshots/Spinner.png | Bin .../Temporary-Credential-Dialog-Dark.png | Bin .../Temporary-Credential-Dialog-Light.png | Bin .../User-Remove-Confirmation-Dialog-Dark.png | Bin .../User-Remove-Confirmation-Dialog-Light.png | Bin docs/index.md | 12 +- 95 files changed, 16 insertions(+), 554 deletions(-) create mode 100644 docs/Data-Gateway/index.md create mode 100644 docs/Matrix/index.md rename docs/SHIELD/{ => Defend}/Reference/Architecture/Diagrams/Device-Assign.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Architecture/Diagrams/Device-Commission.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Architecture/Diagrams/Device-Decommission.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Architecture/Diagrams/Device-Unassign.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Architecture/Diagrams/User-Commission.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Architecture/Diagrams/User-Decommission.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Architecture/Hardware-Selection.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Architecture/Lifecycle/Privileged Device Workflows.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Custom-Apps/Corp-VM/Changelog.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Custom-Apps/Corp-VM/index.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Custom-Apps/ManagedInstaller-Config/index.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Custom-Apps/Security-Config/Changelog.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Custom-Apps/Security-Config/File-Changes.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Custom-Apps/Security-Config/Registry-Changes.md (100%) rename docs/SHIELD/{ => Defend}/Reference/Custom-Apps/Security-Config/index.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Lifecycle-Management => Defend/Usage-Guide}/Device/0-Commission.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Lifecycle-Management => Defend/Usage-Guide}/Device/1-Decommission.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Lifecycle-Management => Defend/Usage-Guide}/Device/2-Assign.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Lifecycle-Management => Defend/Usage-Guide}/Device/3-Unassign.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Lifecycle-Management => Defend/Usage-Guide}/User/Commission.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Lifecycle-Management => Defend/Usage-Guide}/User/Decommission.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Lifecycle-Management => Defend/Usage-Guide}/index.md (100%) rename docs/SHIELD/{Reference => Deploy}/Architecture/Infrastructure/Identity-Protection-Policy.md (100%) rename docs/SHIELD/{Getting-Started => Deploy}/Deployment/Azure-Marketplace.md (100%) rename docs/SHIELD/{Getting-Started => Deploy}/Deployment/Manual-Deployment.md (100%) rename docs/SHIELD/{Getting-Started => Deploy}/Deployment/Required-Graph-API-Permissions.md (100%) rename docs/SHIELD/{Getting-Started => Deploy}/Deployment/Scripts/Install-Sop.ps1 (100%) rename docs/SHIELD/{Getting-Started => Deploy}/Prerequisites.md (100%) rename docs/SHIELD/{Reference/Architecture => Deploy}/Securing-Privileged-Access.md (100%) rename docs/SHIELD/{ => Deploy}/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 (100%) rename docs/SHIELD/{ => Deploy}/Troubleshooting/Uninstall.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Deploy-Core-Infrastructure => Deploy/Usage-Guide}/MDE-Enable.md (100%) rename docs/SHIELD/{Getting-Started/Usage-Guide/Deploy-Core-Infrastructure => Deploy/Usage-Guide}/index.md (100%) rename docs/{ => SHIELD}/Discover/Architecture/Infrastructure.md (100%) rename docs/{ => SHIELD}/Discover/Architecture/Process-Flow.md (100%) rename docs/{ => SHIELD}/Discover/Database-Schema.md (100%) rename docs/{ => SHIELD}/Discover/Deployment/0-Prerequisites.md (100%) rename docs/{ => SHIELD}/Discover/Deployment/Azure-SQL-Database.md (100%) rename docs/{ => SHIELD}/Discover/Deployment/Silent-Installation.md (100%) rename docs/{ => SHIELD}/Discover/Deployment/Standard-Install.md (100%) rename docs/{ => SHIELD}/Discover/Getting-Started.md (100%) rename docs/{ => SHIELD}/Discover/Plugins/DefenderEndpoint.md (100%) rename docs/{ => SHIELD}/Discover/Plugins/DefenderIdentity.md (100%) rename docs/{ => SHIELD}/Discover/Plugins/EntraID.md (100%) rename docs/{ => SHIELD}/Discover/Plugins/Overview.md (100%) rename docs/{ => SHIELD}/Discover/Reserved-Principals.md (100%) rename docs/{ => SHIELD}/Discover/Supported-Licenses.md (100%) rename docs/{ => SHIELD}/Discover/assets/images/screenshots/AdvancedConfig-Dark.png (100%) rename docs/{ => SHIELD}/Discover/assets/images/screenshots/AdvancedConfig-Light.png (100%) rename docs/{ => SHIELD}/Discover/assets/images/screenshots/Dropdown-Dark.png (100%) rename docs/{ => SHIELD}/Discover/assets/images/screenshots/Dropdown-Light.png (100%) rename docs/{ => SHIELD}/Discover/assets/images/screenshots/Installer-Dark.png (100%) rename docs/{ => SHIELD}/Discover/assets/images/screenshots/Installer-Light.png (100%) rename docs/{ => SHIELD}/Discover/assets/threat-models/infrastructure.tm7 (100%) rename docs/{ => SHIELD}/Discover/index.md (100%) delete mode 100644 docs/SHIELD/Reference/Architecture/Diagrams/Initialization-ServerAuth.md delete mode 100644 docs/SHIELD/Reference/Development/Data-Formats/0-DeviceGroup-Description.md delete mode 100644 docs/SHIELD/Reference/Development/Data-Formats/2-PSM-IntuneScopeTag.md delete mode 100644 docs/SHIELD/Reference/Development/Data-Formats/3-SSM-IntuneScopeTag.md delete mode 100644 docs/SHIELD/Reference/Development/Data-Formats/4-ESM-IntuneScopeTag.md rename docs/SHIELD/Reference/Development/Data-Formats/{1-Common-IntuneScopeTag.md => Intune Scope Tag.md} (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Class-Selector-Enterprise-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Class-Selector-Enterprise-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Class-Selector-Privileged-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Class-Selector-Privileged-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Class-Selector-Specialized-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Class-Selector-Specialized-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Confirm-Unassign-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Confirm-Unassign-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Core-Infrastructure-Deployment.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Home-Screen-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Home-Screen-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-Unmanaged-Device-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-Unmanaged-Device-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-Unmanaged-User-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-Unmanaged-User-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-User-to-Assign-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-User-to-Assign-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-User-to-Remove-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-User-to-Remove-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-User-to-Unassign-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Select-User-to-Unassign-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Selected-Device-Decommission-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Selected-Device-Decommission-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Spinner.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Temporary-Credential-Dialog-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/Temporary-Credential-Dialog-Light.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Dark.png (100%) rename docs/{SHIELD => }/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Light.png (100%) diff --git a/docs/Data-Gateway/index.md b/docs/Data-Gateway/index.md new file mode 100644 index 0000000..6813cfa --- /dev/null +++ b/docs/Data-Gateway/index.md @@ -0,0 +1,3 @@ +# Data Gateway + +Coming soon! diff --git a/docs/Matrix/index.md b/docs/Matrix/index.md new file mode 100644 index 0000000..056add9 --- /dev/null +++ b/docs/Matrix/index.md @@ -0,0 +1,3 @@ +# Cloud Matrix + +Coming soon! diff --git a/docs/SHIELD/Reference/Architecture/Diagrams/Device-Assign.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Diagrams/Device-Assign.md rename to docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md diff --git a/docs/SHIELD/Reference/Architecture/Diagrams/Device-Commission.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Diagrams/Device-Commission.md rename to docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md diff --git a/docs/SHIELD/Reference/Architecture/Diagrams/Device-Decommission.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Diagrams/Device-Decommission.md rename to docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md diff --git a/docs/SHIELD/Reference/Architecture/Diagrams/Device-Unassign.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Diagrams/Device-Unassign.md rename to docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md diff --git a/docs/SHIELD/Reference/Architecture/Diagrams/User-Commission.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Diagrams/User-Commission.md rename to docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md diff --git a/docs/SHIELD/Reference/Architecture/Diagrams/User-Decommission.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Diagrams/User-Decommission.md rename to docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md diff --git a/docs/SHIELD/Reference/Architecture/Hardware-Selection.md b/docs/SHIELD/Defend/Reference/Architecture/Hardware-Selection.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Hardware-Selection.md rename to docs/SHIELD/Defend/Reference/Architecture/Hardware-Selection.md diff --git a/docs/SHIELD/Reference/Architecture/Lifecycle/Privileged Device Workflows.md b/docs/SHIELD/Defend/Reference/Architecture/Lifecycle/Privileged Device Workflows.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Lifecycle/Privileged Device Workflows.md rename to docs/SHIELD/Defend/Reference/Architecture/Lifecycle/Privileged Device Workflows.md diff --git a/docs/SHIELD/Reference/Custom-Apps/Corp-VM/Changelog.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md similarity index 100% rename from docs/SHIELD/Reference/Custom-Apps/Corp-VM/Changelog.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md diff --git a/docs/SHIELD/Reference/Custom-Apps/Corp-VM/index.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md similarity index 100% rename from docs/SHIELD/Reference/Custom-Apps/Corp-VM/index.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md diff --git a/docs/SHIELD/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md b/docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md similarity index 100% rename from docs/SHIELD/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md diff --git a/docs/SHIELD/Reference/Custom-Apps/ManagedInstaller-Config/index.md b/docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md similarity index 100% rename from docs/SHIELD/Reference/Custom-Apps/ManagedInstaller-Config/index.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md diff --git a/docs/SHIELD/Reference/Custom-Apps/Security-Config/Changelog.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md similarity index 100% rename from docs/SHIELD/Reference/Custom-Apps/Security-Config/Changelog.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md diff --git a/docs/SHIELD/Reference/Custom-Apps/Security-Config/File-Changes.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md similarity index 100% rename from docs/SHIELD/Reference/Custom-Apps/Security-Config/File-Changes.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md diff --git a/docs/SHIELD/Reference/Custom-Apps/Security-Config/Registry-Changes.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md similarity index 100% rename from docs/SHIELD/Reference/Custom-Apps/Security-Config/Registry-Changes.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md diff --git a/docs/SHIELD/Reference/Custom-Apps/Security-Config/index.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md similarity index 100% rename from docs/SHIELD/Reference/Custom-Apps/Security-Config/index.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/Device/0-Commission.md b/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/Device/0-Commission.md rename to docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/Device/1-Decommission.md b/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/Device/1-Decommission.md rename to docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/Device/2-Assign.md b/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/Device/2-Assign.md rename to docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/Device/3-Unassign.md b/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/Device/3-Unassign.md rename to docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/User/Commission.md b/docs/SHIELD/Defend/Usage-Guide/User/Commission.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/User/Commission.md rename to docs/SHIELD/Defend/Usage-Guide/User/Commission.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/User/Decommission.md b/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/User/Decommission.md rename to docs/SHIELD/Defend/Usage-Guide/User/Decommission.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/index.md b/docs/SHIELD/Defend/Usage-Guide/index.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Lifecycle-Management/index.md rename to docs/SHIELD/Defend/Usage-Guide/index.md diff --git a/docs/SHIELD/Reference/Architecture/Infrastructure/Identity-Protection-Policy.md b/docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Infrastructure/Identity-Protection-Policy.md rename to docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md diff --git a/docs/SHIELD/Getting-Started/Deployment/Azure-Marketplace.md b/docs/SHIELD/Deploy/Deployment/Azure-Marketplace.md similarity index 100% rename from docs/SHIELD/Getting-Started/Deployment/Azure-Marketplace.md rename to docs/SHIELD/Deploy/Deployment/Azure-Marketplace.md diff --git a/docs/SHIELD/Getting-Started/Deployment/Manual-Deployment.md b/docs/SHIELD/Deploy/Deployment/Manual-Deployment.md similarity index 100% rename from docs/SHIELD/Getting-Started/Deployment/Manual-Deployment.md rename to docs/SHIELD/Deploy/Deployment/Manual-Deployment.md diff --git a/docs/SHIELD/Getting-Started/Deployment/Required-Graph-API-Permissions.md b/docs/SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md similarity index 100% rename from docs/SHIELD/Getting-Started/Deployment/Required-Graph-API-Permissions.md rename to docs/SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md diff --git a/docs/SHIELD/Getting-Started/Deployment/Scripts/Install-Sop.ps1 b/docs/SHIELD/Deploy/Deployment/Scripts/Install-Sop.ps1 similarity index 100% rename from docs/SHIELD/Getting-Started/Deployment/Scripts/Install-Sop.ps1 rename to docs/SHIELD/Deploy/Deployment/Scripts/Install-Sop.ps1 diff --git a/docs/SHIELD/Getting-Started/Prerequisites.md b/docs/SHIELD/Deploy/Prerequisites.md similarity index 100% rename from docs/SHIELD/Getting-Started/Prerequisites.md rename to docs/SHIELD/Deploy/Prerequisites.md diff --git a/docs/SHIELD/Reference/Architecture/Securing-Privileged-Access.md b/docs/SHIELD/Deploy/Securing-Privileged-Access.md similarity index 100% rename from docs/SHIELD/Reference/Architecture/Securing-Privileged-Access.md rename to docs/SHIELD/Deploy/Securing-Privileged-Access.md diff --git a/docs/SHIELD/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 b/docs/SHIELD/Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 similarity index 100% rename from docs/SHIELD/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 rename to docs/SHIELD/Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 diff --git a/docs/SHIELD/Troubleshooting/Uninstall.md b/docs/SHIELD/Deploy/Troubleshooting/Uninstall.md similarity index 100% rename from docs/SHIELD/Troubleshooting/Uninstall.md rename to docs/SHIELD/Deploy/Troubleshooting/Uninstall.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Deploy-Core-Infrastructure/MDE-Enable.md b/docs/SHIELD/Deploy/Usage-Guide/MDE-Enable.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Deploy-Core-Infrastructure/MDE-Enable.md rename to docs/SHIELD/Deploy/Usage-Guide/MDE-Enable.md diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/Deploy-Core-Infrastructure/index.md b/docs/SHIELD/Deploy/Usage-Guide/index.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/Deploy-Core-Infrastructure/index.md rename to docs/SHIELD/Deploy/Usage-Guide/index.md diff --git a/docs/Discover/Architecture/Infrastructure.md b/docs/SHIELD/Discover/Architecture/Infrastructure.md similarity index 100% rename from docs/Discover/Architecture/Infrastructure.md rename to docs/SHIELD/Discover/Architecture/Infrastructure.md diff --git a/docs/Discover/Architecture/Process-Flow.md b/docs/SHIELD/Discover/Architecture/Process-Flow.md similarity index 100% rename from docs/Discover/Architecture/Process-Flow.md rename to docs/SHIELD/Discover/Architecture/Process-Flow.md diff --git a/docs/Discover/Database-Schema.md b/docs/SHIELD/Discover/Database-Schema.md similarity index 100% rename from docs/Discover/Database-Schema.md rename to docs/SHIELD/Discover/Database-Schema.md diff --git a/docs/Discover/Deployment/0-Prerequisites.md b/docs/SHIELD/Discover/Deployment/0-Prerequisites.md similarity index 100% rename from docs/Discover/Deployment/0-Prerequisites.md rename to docs/SHIELD/Discover/Deployment/0-Prerequisites.md diff --git a/docs/Discover/Deployment/Azure-SQL-Database.md b/docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md similarity index 100% rename from docs/Discover/Deployment/Azure-SQL-Database.md rename to docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md diff --git a/docs/Discover/Deployment/Silent-Installation.md b/docs/SHIELD/Discover/Deployment/Silent-Installation.md similarity index 100% rename from docs/Discover/Deployment/Silent-Installation.md rename to docs/SHIELD/Discover/Deployment/Silent-Installation.md diff --git a/docs/Discover/Deployment/Standard-Install.md b/docs/SHIELD/Discover/Deployment/Standard-Install.md similarity index 100% rename from docs/Discover/Deployment/Standard-Install.md rename to docs/SHIELD/Discover/Deployment/Standard-Install.md diff --git a/docs/Discover/Getting-Started.md b/docs/SHIELD/Discover/Getting-Started.md similarity index 100% rename from docs/Discover/Getting-Started.md rename to docs/SHIELD/Discover/Getting-Started.md diff --git a/docs/Discover/Plugins/DefenderEndpoint.md b/docs/SHIELD/Discover/Plugins/DefenderEndpoint.md similarity index 100% rename from docs/Discover/Plugins/DefenderEndpoint.md rename to docs/SHIELD/Discover/Plugins/DefenderEndpoint.md diff --git a/docs/Discover/Plugins/DefenderIdentity.md b/docs/SHIELD/Discover/Plugins/DefenderIdentity.md similarity index 100% rename from docs/Discover/Plugins/DefenderIdentity.md rename to docs/SHIELD/Discover/Plugins/DefenderIdentity.md diff --git a/docs/Discover/Plugins/EntraID.md b/docs/SHIELD/Discover/Plugins/EntraID.md similarity index 100% rename from docs/Discover/Plugins/EntraID.md rename to docs/SHIELD/Discover/Plugins/EntraID.md diff --git a/docs/Discover/Plugins/Overview.md b/docs/SHIELD/Discover/Plugins/Overview.md similarity index 100% rename from docs/Discover/Plugins/Overview.md rename to docs/SHIELD/Discover/Plugins/Overview.md diff --git a/docs/Discover/Reserved-Principals.md b/docs/SHIELD/Discover/Reserved-Principals.md similarity index 100% rename from docs/Discover/Reserved-Principals.md rename to docs/SHIELD/Discover/Reserved-Principals.md diff --git a/docs/Discover/Supported-Licenses.md b/docs/SHIELD/Discover/Supported-Licenses.md similarity index 100% rename from docs/Discover/Supported-Licenses.md rename to docs/SHIELD/Discover/Supported-Licenses.md diff --git a/docs/Discover/assets/images/screenshots/AdvancedConfig-Dark.png b/docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Dark.png similarity index 100% rename from docs/Discover/assets/images/screenshots/AdvancedConfig-Dark.png rename to docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Dark.png diff --git a/docs/Discover/assets/images/screenshots/AdvancedConfig-Light.png b/docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Light.png similarity index 100% rename from docs/Discover/assets/images/screenshots/AdvancedConfig-Light.png rename to docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Light.png diff --git a/docs/Discover/assets/images/screenshots/Dropdown-Dark.png b/docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Dark.png similarity index 100% rename from docs/Discover/assets/images/screenshots/Dropdown-Dark.png rename to docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Dark.png diff --git a/docs/Discover/assets/images/screenshots/Dropdown-Light.png b/docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Light.png similarity index 100% rename from docs/Discover/assets/images/screenshots/Dropdown-Light.png rename to docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Light.png diff --git a/docs/Discover/assets/images/screenshots/Installer-Dark.png b/docs/SHIELD/Discover/assets/images/screenshots/Installer-Dark.png similarity index 100% rename from docs/Discover/assets/images/screenshots/Installer-Dark.png rename to docs/SHIELD/Discover/assets/images/screenshots/Installer-Dark.png diff --git a/docs/Discover/assets/images/screenshots/Installer-Light.png b/docs/SHIELD/Discover/assets/images/screenshots/Installer-Light.png similarity index 100% rename from docs/Discover/assets/images/screenshots/Installer-Light.png rename to docs/SHIELD/Discover/assets/images/screenshots/Installer-Light.png diff --git a/docs/Discover/assets/threat-models/infrastructure.tm7 b/docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 similarity index 100% rename from docs/Discover/assets/threat-models/infrastructure.tm7 rename to docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 diff --git a/docs/Discover/index.md b/docs/SHIELD/Discover/index.md similarity index 100% rename from docs/Discover/index.md rename to docs/SHIELD/Discover/index.md diff --git a/docs/SHIELD/Reference/Architecture/Diagrams/Initialization-ServerAuth.md b/docs/SHIELD/Reference/Architecture/Diagrams/Initialization-ServerAuth.md deleted file mode 100644 index ba05c18..0000000 --- a/docs/SHIELD/Reference/Architecture/Diagrams/Initialization-ServerAuth.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -hide: - - toc ---- -# Initialization - Orchestration Authentication - -The authentication system is responsible for authenticating, and authorizing the SHIELD orchestration client to the various Microsoft APIs. - -The Authentication engine is configured via [environmental variables](../../../Reference/Settings/Environmental-Variables-Reference.md) in combination with the use of managed identity. - ---- - -## Legend - -``` mermaid -flowchart TD - -Start[/"Start"\] -Process["Process"] -Conditional(["Conditional Check"]) -Stop{{"Stop Execution"}} - -start1[ ] --> | Execution Flow, Carries Data | end1[ ] -style start1 height:0px; -style end1 height:0px; -start2[ ] -.-> | Decision, Carries data | end2[ ] -style start2 height:0px; -style end2 height:0px; -``` - ---- - -## Process - -``` mermaid -flowchart TD - -Start[/"Start"\] -ValidateAuthData["Validate the authentication data\nand set authentication mode in the state"] -ManagedIdentityIdCheck(["Check if MI ID was provided"]) -CreateMiWithId["Create MI Credential\n(Using a User Assigned MI)"] -CreateMiWithoutId["Create MI Credential\n(Using a System Assigned MI)"] -CheckAuthType(["Check Auth Type in State"]) -QueueKvSecretAuth["Queue Client Secret Auth\nusing a Secret in Key Vault"] -QueueAppRegAuth["Queue Client Secret Auth\nUsing secret in environmental variable"] -QueueMiAuth["Queue Managed Identity Auth"] -FailAuthQueue{{"End\n(Failed to select auth type)"}} -ChainAuth["Create Credential Chain"] -StoreAuthChain["Store the Cred Chain in class instance"] -GetToken["Get Entra ID Authentication Token"] -ExtractTenant["Extract Tenant ID"] -StoreTenantId["Store Tenant ID in State"] -SuccessEnd{{"End\n(Successful Execution)"}} - -Start --> ValidateAuthData -ValidateAuthData --> ManagedIdentityIdCheck -ManagedIdentityIdCheck -.-> | Yes | CreateMiWithId -ManagedIdentityIdCheck -.-> | No | CreateMiWithoutId -CreateMiWithId --> | Managed Identity Credential | CheckAuthType -CreateMiWithoutId --> | Managed Identity Credential | CheckAuthType -CheckAuthType -.-> | Key Vault | QueueKvSecretAuth -CheckAuthType -.-> | App Registration | QueueAppRegAuth -CheckAuthType -.-> | Managed Identity | QueueMiAuth -CheckAuthType -.-> | Invalid State | FailAuthQueue -QueueKvSecretAuth --> | Azure Credential Object | ChainAuth -QueueAppRegAuth --> | Azure Credential Object | ChainAuth -QueueMiAuth --> | Azure Credential Object | ChainAuth -ChainAuth --> | Chained Credential Object | StoreAuthChain -StoreAuthChain --> | Chained Credential Object | GetToken -GetToken --> | Raw Auth Token | ExtractTenant -ExtractTenant --> | Tenant ID | StoreTenantId -StoreTenantId --> SuccessEnd -``` diff --git a/docs/SHIELD/Reference/Development/Data-Formats/0-DeviceGroup-Description.md b/docs/SHIELD/Reference/Development/Data-Formats/0-DeviceGroup-Description.md deleted file mode 100644 index b01941e..0000000 --- a/docs/SHIELD/Reference/Development/Data-Formats/0-DeviceGroup-Description.md +++ /dev/null @@ -1,96 +0,0 @@ -# Device - Unique Group - -This application stores its managed device configurations in the security group description that the managed device is directly a member of. Because of this, do not change the description field that was configured by this app, otherwise you could cause issues with the management of your devices. - -Order of the description's items does not matter, the below config is displayed in a logical order. The actual values may be in any order depending on the initialization of features and which order they were turned on. - ---- - -## Examples - -Examples of various managed device unique group descriptions. - ---- - -### Privileged Device - -``` title="SOP - PSM - ce27fc58-0d74-4d72-bba2-105d8d90483f 💻" -CommissionedDate=2023-07-18T01:35:34.760Z,UserAssignment=8fe82ce9-cd69-4f4d-a6d0-8508fa163381,GroupAssignment=8e544b86-39ae-44c1-9ba4-0faeb456f259 -``` - -### Privileged Device Hosted in Another Device - -``` title="SOP - PSM - 029f899b-e08a-4434-8e47-355bea58680f 💻" -CommissionedDate=2023-07-18T01:35:34.760Z,UserAssignment=db9892d0-43f3-4688-b6c4-1a38267ca4cb,GroupAssignment=f6fbec86-904b-473f-be0d-3681df9022c8,ParentDevice=bf7b6877-5e7d-4945-a71f-b9b0f257e696 -``` - -### Enterprise class device - -``` title="SOP - ESM - 2db6bcf4-8cb3-4284-8ef4-57a525128344 💻" -CommissionedDate=2023-07-18T01:35:34.760Z -``` - ---- - -## Properties - -Technical details on the properties/values that can be set on the device unique groups. - ---- - -### CommissionedDate - -**Expected Data:** -The JavaScript [`toJSON()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toJSON) output of the [`Date`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date) object that represents the time when the device was commissioned. - -**Description:** -This is used to keep track of when a device was commissioned. This could be useful for audit, governance or tamper detection. - -**Example:** -`CommissionedDate=2023-07-18T01:35:34.760Z` - ---- - -### UserAssignment - -**Expected Data:** -The object ID (GUID) of the settings catalog that controls the assignment of user accounts for the specified privileged device. - -**Description:** -The settings catalog keeps track of the user accounts that are allowed to log into the privileged device. -This property is just a pointer to the relevant settings catalog. - -Only privileged devices will have this property as user assignments only occur on privileged devices. - -**Example:** -`UserAssignment=db9892d0-43f3-4688-b6c4-1a38267ca4cb` - ---- - -### GroupAssignment - -**Expected Data:** -The object ID (GUID) of the settings catalog that controls the local membership of user accounts for the specified privileged device. - -**Description:** -The custom settings (OMA-URI) template enforces local admin and hyper-v admin rights on the local device. -This property is just a pointer to the relevant settings catalog. - -Only privileged devices will have this property as strict local group management only occurs on privileged devices. - -**Example:** -`GroupAssignment=f6fbec86-904b-473f-be0d-3681df9022c8` - ---- - -### ParentDevice - -**Expected Data:** -The Device ID (GUID) of the device that hosts the current device. - -**Description:** -Devices can be hosted on other devices, this field is used to correlate these devices. -This will usually be used with privileged devices where a privileged device hosts another privileged device. - -**Example:** -`ParentDevice=bf7b6877-5e7d-4945-a71f-b9b0f257e696` diff --git a/docs/SHIELD/Reference/Development/Data-Formats/2-PSM-IntuneScopeTag.md b/docs/SHIELD/Reference/Development/Data-Formats/2-PSM-IntuneScopeTag.md deleted file mode 100644 index f4a6b67..0000000 --- a/docs/SHIELD/Reference/Development/Data-Formats/2-PSM-IntuneScopeTag.md +++ /dev/null @@ -1,139 +0,0 @@ -# PSM - Intune Scope Tag - -The [prefix](../../Settings/Environmental-Variables-Reference.md#sop_name_prefix) and [suffix](../../Settings/Environmental-Variables-Reference.md#sop_name_suffix) can be changed in the SHIELD server settings. The default settings are being used for the tag name below. - -## Example Configurations - -Example configurations of the privileged security class Intune Scope Tag. - ---- - -### Default Naming - -``` INI title="SOP - PSM" -AU=5767b44d-8e1c-4c1d-9770-675be4900e6d -DevSg=0b7a6be8-deee-4f93-97bd-082926a7349c -UsrSg=e7f4c4f4-c457-45ae-883b-820b368f8310 -SiloSg=973e7bb7-1e7b-4269-98f4-0e169aa4ce57 -InterSg=8ee5bcdd-8406-4ad6-9845-6a36fb895438 -Config=44c05cd0-8a3c-43fe-b47f-3ac329381d1b -UsrTag=96735da7-260b-44aa-b7bd-f463bc5c9f4a -``` - -### Custom Prefix and Suffix Naming - -``` INI title="eLabs - PSM - Cloud" -AU=1d576094-f918-4741-8339-e93ae4e9a1d8 -DevSg=3267afa7-9bfb-40ff-ba6b-096ba66a7d60 -UsrSg=55435fae-7bc7-4bbd-a5fe-ecf896226324 -SiloSg=7af57f26-5a4b-4188-8e0c-dab0a70ac6a9 -InterSg=763b2330-6364-43b2-985f-e6d78a736b7d -Config=179ca1b2-de83-48c2-ac26-8e1d1a3c0951 -UsrTag=cd0214b7-54b0-4211-bb5a-63798e197d20 -``` - ---- - -## Properties - -Technical details on the properties/values that can be set on the privileged scope tag. - ---- - -### AU - -**Expected Data:** -The Object ID (GUID) of the Administrative Unit that contains all of the privileged objects. - -**Description:** -This is an Entra ID Restricted Admin Unit that contains a list of security groups, devices, apps and users. -The group is made in such a way (restricted AU) that existing admins will have no access. To manage objects in the AU, you need to have an AU scoped role assignment for this AU. -The membership of this AU is automatically maintained by SHIELD. - -**Example:** -`AU=5767b44d-8e1c-4c1d-9770-675be4900e6d` - ---- - -### DevSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that is the parent of all of the unique privileged device security groups. - -**Description:** -This is used as the root search point to identify all of the privileged devices. -The application will treat all device identities and security groups under this SG to be privileged devices. - -**Example:** -`DevSg=0b7a6be8-deee-4f93-97bd-082926a7349c` - ---- - -### UsrSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that is the parent of all of the unique privileged user security groups. - -**Description:** -This is used as the root search point to identify all of the privileged users. -The application will treat all user identities and security groups under this SG to be privileged users. - -**Example:** -`UsrSg=e7f4c4f4-c457-45ae-883b-820b368f8310` - ---- - -### SiloSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the privileged silos. - -**Description:** -This security group only contains only security groups. The security groups that are members of this SG contain the configuration of their respective silo. Each security group that is a member of this SG represents a single silo. - -This SG contains only privileged silos. - -**Example:** -`SiloSg=b259dff3-34a7-43af-a2af-e94d36552cb9` - ---- - -### InterSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the privileged intermediaries. - -**Description:** -This security group only contains only security groups. The security groups that are members of this SG contain the configuration of their respective intermediary. Each security group that is a member of this SG represents a single intermediary. - -This SG contains only privileged intermediaries. - -**Example:** -`InterSg=b53d5d7d-d5c2-4d28-bf1f-7c3925cfc60e` - ---- - -### Config - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the privileged configurations. - -**Description:** -This security group is used for non-user/device configuration management, mostly for the marketplace and various intermediaries. This could also be used for by the end user to add config support to their custom stuff outside of SHIELD's lifecycle management and marketplace engines. This Security Group will be scanned for transitive membership count during license usage evaluation. - -**Example:** -`Config=b0be63f9-d6ff-422b-b026-6e5e9ba8e15a` - ---- - -### UsrTag - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the privileged users. - -**Description:** -This security group only contains users. Specifically all of the privileged (priv) users. -This group is assigned a permanent Entra ID role so that when the priv user logs into a Windows machine, the role's SID is exposed to the local machine. This can then be used to block authentication. - -**Example:** -`UsrTag=96735da7-260b-44aa-b7bd-f463bc5c9f4a` diff --git a/docs/SHIELD/Reference/Development/Data-Formats/3-SSM-IntuneScopeTag.md b/docs/SHIELD/Reference/Development/Data-Formats/3-SSM-IntuneScopeTag.md deleted file mode 100644 index fe0b2da..0000000 --- a/docs/SHIELD/Reference/Development/Data-Formats/3-SSM-IntuneScopeTag.md +++ /dev/null @@ -1,122 +0,0 @@ -# SSM - Intune Scope Tag - -The [prefix](../../Settings/Environmental-Variables-Reference.md#sop_name_prefix) and [suffix](../../Settings/Environmental-Variables-Reference.md#sop_name_suffix) can be changed in the SHIELD server settings. The default settings are being used for the tag name below. - -## Example Configurations - -Example configurations of the specialized security class Intune Scope Tag. - ---- - -### Default Naming - -``` INI title="SOP - SSM" -AU=037b1de8-ed8e-4a6f-9647-80f24ec4c0e7 -DevSg=473e19d7-9472-4575-9708-6c0ac3d92085 -UsrSg=8beae504-9f15-429c-a64c-1c764c8bfd0b -SiloSg=a5b56352-1a8f-46f1-9cbd-e23741f7d250 -InterSg=3302d571-cd36-4206-8c97-357bab06067a -Config=81c25c86-4ae9-480d-853e-964c59d34ee0 -``` - -### Custom Prefix and Suffix Naming - -``` INI title="eLabs - SSM - Cloud" -AU=f7992cd7-98d8-481d-82b4-8da77f3e99c9 -DevSg=233dc85a-3199-4560-8094-97175b611637 -UsrSg=d45e7fa0-050f-4635-819d-2ca063c37a7f -SiloSg=68b65d6b-2206-413f-82b3-70be052eeb09 -InterSg=cf6169cf-fb48-46d8-a636-2c7cab3864d1 -Config=8bf74523-bdc4-4fd0-9a64-85da259fcb7c -``` - ---- - -## Properties - -Technical details on the properties/values that can be set on the specialized scope tag. - ---- - -### AU - -**Expected Data:** -The Object ID (GUID) of the Administrative Unit that contains all of the specialized objects. - -**Description:** -This is a normal Entra ID Admin Unit that contains a list of specialized security groups, devices, apps and users. -The membership of this AU is automatically maintained by SHIELD. - -**Example:** -`SAu=037b1de8-ed8e-4a6f-9647-80f24ec4c0e7` - ---- - -### DevSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that is the parent of all of the individual specialized device security groups. - -**Description:** -This is used as the root search point to identify all of the specialized devices. -The application will treat all device identities and security groups under this SG to be specialized devices. - -**Example:** -`DevSg=473e19d7-9472-4575-9708-6c0ac3d92085` - ---- - -### UsrSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that is the parent of all of the individual specialized user security groups. - -**Description:** -This is used as the root search point to identify all of the specialized users. -The application will treat all users identities and security groups under this SG to be specialized users. - -**Example:** -`UsrSg=8beae504-9f15-429c-a64c-1c764c8bfd0b` - ---- - -### SiloSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the specialized silos. - -**Description:** -This security group only contains only security groups. The security groups that are members of this SG contain the configuration of their respective silo. Each security group that is a member of this SG represents a single silo. - -This SG contains only specialized silos. - -**Example:** -`SiloSg=36cbf501-b13e-45cc-8f80-6d52a4429c89` - ---- - -### InterSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the specialized intermediaries. - -**Description:** -This security group only contains only security groups. The security groups that are members of this SG contain the configuration of their respective intermediary. Each security group that is a member of this SG represents a single intermediary. - -This SG contains only specialized intermediaries. - -**Example:** -`InterSg=7b7c24ab-fbc6-4ed3-8aae-6fe9103974ce` - ---- - -### Config - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the specialized configurations. - -**Description:** -This security group is used for non-user/device configuration management, mostly for the marketplace and various intermediaries. This could also be used for by the end user to add config support to their custom stuff outside of SHIELD's lifecycle management and marketplace engines. This Security Group will be scanned for transitive membership count during license usage evaluation. - -**Example:** -`Config=8cceab01-e50b-4e8a-89f0-ea9ded40d9ec` diff --git a/docs/SHIELD/Reference/Development/Data-Formats/4-ESM-IntuneScopeTag.md b/docs/SHIELD/Reference/Development/Data-Formats/4-ESM-IntuneScopeTag.md deleted file mode 100644 index 1c352e1..0000000 --- a/docs/SHIELD/Reference/Development/Data-Formats/4-ESM-IntuneScopeTag.md +++ /dev/null @@ -1,122 +0,0 @@ -# ESM - Intune Scope Tag - -The [prefix](../../Settings/Environmental-Variables-Reference.md#sop_name_prefix) and [suffix](../../Settings/Environmental-Variables-Reference.md#sop_name_suffix) can be changed in the SHIELD server settings. The default settings are being used for the tag name below. - -## Example Configurations - -Example configurations of the enterprise security class Intune Scope Tag. - ---- - -### Default Naming - -``` INI title="SOP - ESM" -AU=5b7c868e-98bf-437e-acf6-32c433328198 -DevSg=66eeb4f4-91f8-431f-a336-1adf7bcb276f -UsrSg=3fd68a6f-0fd0-45b3-84ec-bfadccb10350 -SiloSg=628fceed-4c6c-42b6-ab15-8513a265b1b1 -InterSg=814fb4a4-c484-4e41-80ff-089b61031221 -Config=8fa10c0d-8d51-49e4-8476-ed8e22374881 -``` - -### Custom Prefix and Suffix Naming - -``` INI title="eLabs - ESM - Cloud" -AU=3e54c5c2-a2cf-4ca5-897e-97d706b5e31b -DevSg=d014ae16-7748-4722-ba28-196a008bcb30 -UsrSg=08fd53d4-b002-40cf-bcfa-95a7fcda0bcd -SiloSg=3c80e644-e631-41f1-b426-0183482ef716 -InterSg=8af317ee-7ce4-40c8-bd2a-b5fba7afe39e -Config=508c54d2-8a6f-4212-a506-ef0622dd766e -``` - ---- - -## Properties - -Technical details on the properties/values that can be set on the enterprise scope tag. - ---- - -### AU - -**Expected Data:** -The Object ID (GUID) of the Administrative Unit that contains all of the enterprise objects. - -**Description:** -This is a normal Entra ID Admin Unit that contains a list of enterprise security groups, devices, apps and users. -The membership of this AU is automatically maintained by SHIELD. - -**Example:** -`AU=5b7c868e-98bf-437e-acf6-32c433328198` - ---- - -### DevSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that is the parent of all of the enterprise class device security groups. - -**Description:** -This is used as the root search point to identify all of the enterprise devices. -The application will treat all device identities and security groups under this SG to be enterprise devices. - -**Example:** -`DevSg=66eeb4f4-91f8-431f-a336-1adf7bcb276f` - ---- - -### UsrSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that is the parent of all of the enterprise class user security groups. - -**Description:** -This is used as the root search point to identify all of the enterprise users. -The application will treat all user identities and security groups under this SG to be enterprise users. - -**Example:** -`UsrSg=3fd68a6f-0fd0-45b3-84ec-bfadccb10350` - ---- - -### SiloSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the enterprise silos. - -**Description:** -This security group only contains only security groups. The security groups that are members of this SG contain the configuration of their respective silo. Each security group that is a member of this SG represents a single silo. - -This SG contains only enterprise silos. - -**Example:** -`SiloSg=28cb89fe-8226-4fec-bd23-48481a264117` - ---- - -### InterSg - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the enterprise intermediaries. - -**Description:** -This security group only contains only security groups. The security groups that are members of this SG contain the configuration of their respective intermediary. Each security group that is a member of this SG represents a single intermediary. - -This SG contains only enterprise intermediaries. - -**Example:** -`InterSg=f3637d69-364b-48a3-8067-cb2305e332ef` - ---- - -### Config - -**Expected Data:** -The Object ID (GUID) of the Security Group that contains all of the enterprise configurations. - -**Description:** -This security group is used for non-user/device configuration management, mostly for the marketplace and various intermediaries. This could also be used for by the end user to add config support to their custom stuff outside of SHIELD's lifecycle management and marketplace engines. This Security Group will be scanned for transitive membership count during license usage evaluation. - -**Example:** -`Config=02d4399a-5c6a-447f-9d0f-38bbdf2b24b9` diff --git a/docs/SHIELD/Reference/Development/Data-Formats/1-Common-IntuneScopeTag.md b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md similarity index 100% rename from docs/SHIELD/Reference/Development/Data-Formats/1-Common-IntuneScopeTag.md rename to docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md diff --git a/docs/SHIELD/assets/Images/Screenshots/Class-Selector-Enterprise-Dark.png b/docs/assets/Images/Screenshots/Class-Selector-Enterprise-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Class-Selector-Enterprise-Dark.png rename to docs/assets/Images/Screenshots/Class-Selector-Enterprise-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Class-Selector-Enterprise-Light.png b/docs/assets/Images/Screenshots/Class-Selector-Enterprise-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Class-Selector-Enterprise-Light.png rename to docs/assets/Images/Screenshots/Class-Selector-Enterprise-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Class-Selector-Privileged-Dark.png b/docs/assets/Images/Screenshots/Class-Selector-Privileged-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Class-Selector-Privileged-Dark.png rename to docs/assets/Images/Screenshots/Class-Selector-Privileged-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Class-Selector-Privileged-Light.png b/docs/assets/Images/Screenshots/Class-Selector-Privileged-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Class-Selector-Privileged-Light.png rename to docs/assets/Images/Screenshots/Class-Selector-Privileged-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Class-Selector-Specialized-Dark.png b/docs/assets/Images/Screenshots/Class-Selector-Specialized-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Class-Selector-Specialized-Dark.png rename to docs/assets/Images/Screenshots/Class-Selector-Specialized-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Class-Selector-Specialized-Light.png b/docs/assets/Images/Screenshots/Class-Selector-Specialized-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Class-Selector-Specialized-Light.png rename to docs/assets/Images/Screenshots/Class-Selector-Specialized-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Confirm-Unassign-Dark.png b/docs/assets/Images/Screenshots/Confirm-Unassign-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Confirm-Unassign-Dark.png rename to docs/assets/Images/Screenshots/Confirm-Unassign-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Confirm-Unassign-Light.png b/docs/assets/Images/Screenshots/Confirm-Unassign-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Confirm-Unassign-Light.png rename to docs/assets/Images/Screenshots/Confirm-Unassign-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Core-Infrastructure-Deployment.png b/docs/assets/Images/Screenshots/Core-Infrastructure-Deployment.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Core-Infrastructure-Deployment.png rename to docs/assets/Images/Screenshots/Core-Infrastructure-Deployment.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Dark.png b/docs/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Dark.png rename to docs/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Light.png b/docs/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Light.png rename to docs/assets/Images/Screenshots/Decommission-Confirmation-Dialog-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Home-Screen-Dark.png b/docs/assets/Images/Screenshots/Home-Screen-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Home-Screen-Dark.png rename to docs/assets/Images/Screenshots/Home-Screen-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Home-Screen-Light.png b/docs/assets/Images/Screenshots/Home-Screen-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Home-Screen-Light.png rename to docs/assets/Images/Screenshots/Home-Screen-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-Unmanaged-Device-Dark.png b/docs/assets/Images/Screenshots/Select-Unmanaged-Device-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-Unmanaged-Device-Dark.png rename to docs/assets/Images/Screenshots/Select-Unmanaged-Device-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-Unmanaged-Device-Light.png b/docs/assets/Images/Screenshots/Select-Unmanaged-Device-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-Unmanaged-Device-Light.png rename to docs/assets/Images/Screenshots/Select-Unmanaged-Device-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-Unmanaged-User-Dark.png b/docs/assets/Images/Screenshots/Select-Unmanaged-User-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-Unmanaged-User-Dark.png rename to docs/assets/Images/Screenshots/Select-Unmanaged-User-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-Unmanaged-User-Light.png b/docs/assets/Images/Screenshots/Select-Unmanaged-User-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-Unmanaged-User-Light.png rename to docs/assets/Images/Screenshots/Select-Unmanaged-User-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-User-to-Assign-Dark.png b/docs/assets/Images/Screenshots/Select-User-to-Assign-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-User-to-Assign-Dark.png rename to docs/assets/Images/Screenshots/Select-User-to-Assign-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-User-to-Assign-Light.png b/docs/assets/Images/Screenshots/Select-User-to-Assign-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-User-to-Assign-Light.png rename to docs/assets/Images/Screenshots/Select-User-to-Assign-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-User-to-Remove-Dark.png b/docs/assets/Images/Screenshots/Select-User-to-Remove-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-User-to-Remove-Dark.png rename to docs/assets/Images/Screenshots/Select-User-to-Remove-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-User-to-Remove-Light.png b/docs/assets/Images/Screenshots/Select-User-to-Remove-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-User-to-Remove-Light.png rename to docs/assets/Images/Screenshots/Select-User-to-Remove-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-User-to-Unassign-Dark.png b/docs/assets/Images/Screenshots/Select-User-to-Unassign-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-User-to-Unassign-Dark.png rename to docs/assets/Images/Screenshots/Select-User-to-Unassign-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Select-User-to-Unassign-Light.png b/docs/assets/Images/Screenshots/Select-User-to-Unassign-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Select-User-to-Unassign-Light.png rename to docs/assets/Images/Screenshots/Select-User-to-Unassign-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Selected-Device-Decommission-Dark.png b/docs/assets/Images/Screenshots/Selected-Device-Decommission-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Selected-Device-Decommission-Dark.png rename to docs/assets/Images/Screenshots/Selected-Device-Decommission-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Selected-Device-Decommission-Light.png b/docs/assets/Images/Screenshots/Selected-Device-Decommission-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Selected-Device-Decommission-Light.png rename to docs/assets/Images/Screenshots/Selected-Device-Decommission-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Spinner.png b/docs/assets/Images/Screenshots/Spinner.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Spinner.png rename to docs/assets/Images/Screenshots/Spinner.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Temporary-Credential-Dialog-Dark.png b/docs/assets/Images/Screenshots/Temporary-Credential-Dialog-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Temporary-Credential-Dialog-Dark.png rename to docs/assets/Images/Screenshots/Temporary-Credential-Dialog-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/Temporary-Credential-Dialog-Light.png b/docs/assets/Images/Screenshots/Temporary-Credential-Dialog-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/Temporary-Credential-Dialog-Light.png rename to docs/assets/Images/Screenshots/Temporary-Credential-Dialog-Light.png diff --git a/docs/SHIELD/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Dark.png b/docs/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Dark.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Dark.png rename to docs/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Dark.png diff --git a/docs/SHIELD/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Light.png b/docs/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Light.png similarity index 100% rename from docs/SHIELD/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Light.png rename to docs/assets/Images/Screenshots/User-Remove-Confirmation-Dialog-Light.png diff --git a/docs/index.md b/docs/index.md index c3304f9..83a3953 100644 --- a/docs/index.md +++ b/docs/index.md @@ -14,8 +14,16 @@ Manages the state of security tenant wide using a multi-tiered architecture. [:lock: SHIELD](SHIELD/index.md){ .md-button } -## SHI Discover +### Deploy + +Lorem Ipsum + +### Defend + +Lorem Ipsum + +### Discover Retrieves and validates the state of license compliance tenant wide. -[:mag: Discover](Discover/index.md){ .md-button } +[:mag: Discover](SHIELD/Discover/index.md){ .md-button } From 9e15829250832313d43ced268f12c0143ccfd0ec Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Fri, 17 Jan 2025 13:31:05 -0600 Subject: [PATCH 02/26] Fixed warnings/errors --- .../Architecture/Diagrams/Device-Assign.md | 2 +- .../Diagrams/Device-Commission.md | 2 +- .../Diagrams/Device-Decommission.md | 2 +- .../Architecture/Diagrams/Device-Unassign.md | 2 +- .../Architecture/Diagrams/User-Commission.md | 2 +- .../Diagrams/User-Decommission.md | 2 +- .../Architecture/Hardware-Selection.md | 6 +- .../Defend/Usage-Guide/Device/0-Commission.md | 6 +- .../Usage-Guide/Device/1-Decommission.md | 2 +- .../Defend/Usage-Guide/Device/2-Assign.md | 2 +- .../Defend/Usage-Guide/Device/3-Unassign.md | 2 +- .../Defend/Usage-Guide/User/Commission.md | 2 +- .../Defend/Usage-Guide/User/Decommission.md | 2 +- .../Required-Graph-API-Permissions.md | 2 +- docs/SHIELD/Deploy/Prerequisites.md | 4 +- docs/SHIELD/Deploy/Usage-Guide/index.md | 2 +- .../Discover/Deployment/0-Prerequisites.md | 4 +- docs/SHIELD/Discover/Getting-Started.md | 2 +- docs/SHIELD/Discover/Reserved-Principals.md | 2 +- .../assets/threat-models/infrastructure.tm7 | 2 +- docs/SHIELD/Discover/index.md | 2 +- .../Getting-Started/Usage-Guide/index.md | 16 +-- docs/SHIELD/Getting-Started/index.md | 6 +- .../Data-Formats/Intune Scope Tag.md | 6 +- .../Settings/Configure-Managed-Identity.md | 2 +- docs/SHIELD/index.md | 6 +- docs/index.md | 4 +- mkdocs.yml | 99 +++++++++++++++++++ 28 files changed, 146 insertions(+), 47 deletions(-) diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md index 28fdf25..039e970 100644 --- a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md +++ b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md @@ -4,7 +4,7 @@ hide: --- # Device - Assign -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [assigned one or more users](../../../Getting-Started/Usage-Guide/Lifecycle-Management/Device/2-Assign.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [assigned one or more users](../../../Usage-Guide/Device/2-Assign.md). --- diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md index 27b86bd..700456c 100644 --- a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md +++ b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md @@ -4,7 +4,7 @@ hide: --- # Device - Commission -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [commissioned](../../../Getting-Started/Usage-Guide/Lifecycle-Management/Device/0-Commission.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [commissioned](../../../Usage-Guide/Device/0-Commission.md). --- diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md index 4d25b26..f33848c 100644 --- a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md +++ b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md @@ -4,7 +4,7 @@ hide: --- # Device - Decommission -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [decommissioned](../../../Getting-Started/Usage-Guide/Lifecycle-Management/Device/1-Decommission.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [decommissioned](../../../Usage-Guide/Device/1-Decommission.md). --- diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md index e5ca300..7fde447 100644 --- a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md +++ b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md @@ -4,7 +4,7 @@ hide: --- # Device - Unassign -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [unassigned one or more users](../../../Getting-Started/Usage-Guide/Lifecycle-Management/Device/3-Unassign.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [unassigned one or more users](../../../Usage-Guide/Device/3-Unassign.md). --- diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md index 2d01aea..a276c8c 100644 --- a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md +++ b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md @@ -4,7 +4,7 @@ hide: --- # User - Commission -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a user is [commissioned](../../../Getting-Started/Usage-Guide/Lifecycle-Management/User/Commission.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a user is [commissioned](../../../Usage-Guide/User/Commission.md). --- diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md index efd92ce..216f0a3 100644 --- a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md +++ b/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md @@ -4,7 +4,7 @@ hide: --- # User - Decommission -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a user is [decommissioned](../../../Getting-Started/Usage-Guide/Lifecycle-Management/User/Decommission.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a user is [decommissioned](../../../Usage-Guide/User/Decommission.md). --- diff --git a/docs/SHIELD/Defend/Reference/Architecture/Hardware-Selection.md b/docs/SHIELD/Defend/Reference/Architecture/Hardware-Selection.md index dc525d7..c45067d 100644 --- a/docs/SHIELD/Defend/Reference/Architecture/Hardware-Selection.md +++ b/docs/SHIELD/Defend/Reference/Architecture/Hardware-Selection.md @@ -54,6 +54,6 @@ For further guidance on hardware selection or compatibility, please refer to the ## See Also -- [Lifecycle Management Overview](../../Getting-Started/Usage-Guide/Lifecycle-Management/index.md): Learn more about the lifecycle management features of SHIELD and how it simplifies the management of user and device objects. -- [Commissioning a New Device](../../Getting-Started/Usage-Guide/Lifecycle-Management/Device/0-Commission.md): Step-by-step guide on commissioning (adopting) a new device using SHIELD. -- [Decommission a Managed Device](../../Getting-Started/Usage-Guide/Lifecycle-Management/Device/1-Decommission.md): Step-by-step guide on decommissioning (removing) a device that is currently being managed by SHIELD. +- [Lifecycle Management Overview](../../Usage-Guide/index.md): Learn more about the lifecycle management features of SHIELD and how it simplifies the management of user and device objects. +- [Commissioning a New Device](../../Usage-Guide/Device/0-Commission.md): Step-by-step guide on commissioning (adopting) a new device using SHIELD. +- [Decommission a Managed Device](../../Usage-Guide/Device/1-Decommission.md): Step-by-step guide on decommissioning (removing) a device that is currently being managed by SHIELD. diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md b/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md index 96db24b..5d28b99 100644 --- a/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md +++ b/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md @@ -5,7 +5,7 @@ The lifecycle management system can bring devices into and out of management fol This guide will walk the security admin through the process of commissioning new managed devices. !!! note "Privileged Hardware" - For requirements and best practices on privileged hardware, please see the [Hardware Selection](../../../../Reference/Architecture/Hardware-Selection.md) documentation. + For requirements and best practices on privileged hardware, please see the [Hardware Selection](../../Reference/Architecture/Hardware-Selection.md) documentation. ## Process @@ -30,5 +30,5 @@ This guide will walk the security admin through the process of commissioning new ## See Also -- [Hardware Selection](../../../../Reference/Architecture/Hardware-Selection.md) -- [Device Onboarding Workflow Reference](../../../../Reference/Architecture/Diagrams/Device-Commission.md) +- [Hardware Selection](../../Reference/Architecture/Hardware-Selection.md) +- [Device Onboarding Workflow Reference](../../Reference/Architecture/Diagrams/Device-Commission.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md b/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md index 9520ad7..e4f71f4 100644 --- a/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md +++ b/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md @@ -27,4 +27,4 @@ This guide will walk the security admin through the process of commissioning new ## See Also -- [Device Offboarding Workflow Reference](../../../../Reference/Architecture/Diagrams/Device-Decommission.md) +- [Device Offboarding Workflow Reference](../../Reference/Architecture/Diagrams/Device-Decommission.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md b/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md index 01359f6..cc85090 100644 --- a/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md +++ b/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md @@ -33,4 +33,4 @@ The user assignment process also adds the requested user(s) to the Hyper-V admin ## See Also -- [Device Assignment Workflow Reference](../../../../Reference/Architecture/Diagrams/Device-Assign.md) +- [Device Assignment Workflow Reference](../../Reference/Architecture/Diagrams/Device-Assign.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md b/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md index 2cf838d..f0ec0a4 100644 --- a/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md +++ b/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md @@ -31,4 +31,4 @@ The user un-assignment process also removes the requested user(s) from the Hyper ## See Also -- [Device Unassign Workflow Reference](../../../../Reference/Architecture/Diagrams/Device-Unassign.md) +- [Device Unassign Workflow Reference](../../Reference/Architecture/Diagrams/Device-Unassign.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/User/Commission.md b/docs/SHIELD/Defend/Usage-Guide/User/Commission.md index b856c6b..c75283a 100644 --- a/docs/SHIELD/Defend/Usage-Guide/User/Commission.md +++ b/docs/SHIELD/Defend/Usage-Guide/User/Commission.md @@ -27,4 +27,4 @@ For privileged users, it creates a new cloud only user account that is correlate ## See Also -- [User Commission Workflow Reference](../../../../Reference/Architecture/Diagrams/User-Commission.md) +- [User Commission Workflow Reference](../../Reference/Architecture/Diagrams/User-Commission.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md b/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md index 27f676b..c3447b2 100644 --- a/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md +++ b/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md @@ -27,4 +27,4 @@ When removing privileged user(s) from management, the privileged account is dele ## See Also -- [User Decommission Workflow Reference](../../../../Reference/Architecture/Diagrams/User-Decommission.md) +- [User Decommission Workflow Reference](../../Reference/Architecture/Diagrams/User-Decommission.md) diff --git a/docs/SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md b/docs/SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md index a1b584d..165fe35 100644 --- a/docs/SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md +++ b/docs/SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md @@ -34,7 +34,7 @@ The below Microsoft Graph API permissions are necessary for the operation of thi | Permission Name | Self Auto Granted | What it is used for | |-----------------|-------------------|---------------------| -| `LicenseReport.ReadWrite` | ✅ | Used to store the license report after a run of License Analytics has completed. | +| `LicenseReport.ReadWrite` | ✅ | Used to store the license report after a run of Discover has completed. | | `Telemetry.Sop.ReadWrite` | ✅ | Used by SOP to store its monthly telemetry report and keep it isolated from other tenants. | ## SHI Orchestration Platform - Authenticator Permissions List diff --git a/docs/SHIELD/Deploy/Prerequisites.md b/docs/SHIELD/Deploy/Prerequisites.md index 1e4da3c..a6b0f21 100644 --- a/docs/SHIELD/Deploy/Prerequisites.md +++ b/docs/SHIELD/Deploy/Prerequisites.md @@ -9,7 +9,7 @@ To simplify the documentation, we use the `M` prefix to refer to the different l ## Base Requirements - [X] Deploying User has `Global Admin Rights` (for [manual deployment](Deployment/Manual-Deployment.md) only) -- [X] Defender for Endpoint has had its [workspace created](Usage-Guide/Deploy-Core-Infrastructure/MDE-Enable.md) +- [X] Defender for Endpoint has had its [workspace created](Usage-Guide/MDE-Enable.md) - [X] Security Defaults [are shut off](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) in Entra ID - [X] Certificate Authentication is [disabled in the Entra ID authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) methods for SHIELD's ESM, SSM and PSM root security groups @@ -32,5 +32,5 @@ To simplify the documentation, we use the `M` prefix to refer to the different l ## PSM - [X] `M5` [or equivalent](https://go.microsoft.com/fwlink/?linkid=2139145){:target="_blank"} licenses are purchased and enabled in the target tenant -- [X] Secure Core Certified hardware. Please see the [hardware selection](../Reference/Architecture/Hardware-Selection.md) documentation for details +- [X] Secure Core Certified hardware. Please see the [hardware selection](../Defend/Reference/Architecture/Hardware-Selection.md) documentation for details - [X] Devices need to be registered in Autopilot to be allowed to be commissioned into a PAW diff --git a/docs/SHIELD/Deploy/Usage-Guide/index.md b/docs/SHIELD/Deploy/Usage-Guide/index.md index f4e983c..6d68527 100644 --- a/docs/SHIELD/Deploy/Usage-Guide/index.md +++ b/docs/SHIELD/Deploy/Usage-Guide/index.md @@ -8,7 +8,7 @@ After deployment, the only parts of the core infrastructure that can't be touche !!! note "Prerequisites Check" Don't forget to make sure you meet the prerequisites as listed here: - [Getting Started - Prerequisites](../../Prerequisites.md) + [Getting Started - Prerequisites](../Prerequisites.md) --- diff --git a/docs/SHIELD/Discover/Deployment/0-Prerequisites.md b/docs/SHIELD/Discover/Deployment/0-Prerequisites.md index edeb009..4ee4cb9 100644 --- a/docs/SHIELD/Discover/Deployment/0-Prerequisites.md +++ b/docs/SHIELD/Discover/Deployment/0-Prerequisites.md @@ -1,6 +1,6 @@ # Prerequisites -SHI License Analytics is an enterprise product from SHI International Corp. that requires permissions and software to run. +SHI Discover is an enterprise product from SHI International Corp. that requires permissions and software to run. ## Software/System Configuration @@ -18,7 +18,7 @@ The below Entra ID roles are required to be able to read all of the service conf The sub-bullet points are the description of what configurations are read by the permissions. !!! info "Permissions Usage" - SHI License Analytics will never change your service configuration in any way during an audit. All permissions are used only for data retrieval and are the set of least privilege possible for the data that is being gathered. + SHI Discover will never change your service configuration in any way during an audit. All permissions are used only for data retrieval and are the set of least privilege possible for the data that is being gathered. - [X] Global Reader - [Defender for Endpoint](../Plugins/DefenderEndpoint.md) diff --git a/docs/SHIELD/Discover/Getting-Started.md b/docs/SHIELD/Discover/Getting-Started.md index 6237499..d3ea146 100644 --- a/docs/SHIELD/Discover/Getting-Started.md +++ b/docs/SHIELD/Discover/Getting-Started.md @@ -10,7 +10,7 @@ Default mode runs Discover authentication in a InPrivate/Incognito window. It also uses all of the configured database settings and can't be overridden. The majority of the time, this is what should be run. Please reach out to SHI or your security department if other options are required. -1. Double click the desktop icon titled `Run License Analytics` +1. Double click the desktop icon titled `Run Discover` 2. Log into the Az SQL Database (Only first log in screen) diff --git a/docs/SHIELD/Discover/Reserved-Principals.md b/docs/SHIELD/Discover/Reserved-Principals.md index 2f06e29..3e2aebc 100644 --- a/docs/SHIELD/Discover/Reserved-Principals.md +++ b/docs/SHIELD/Discover/Reserved-Principals.md @@ -3,7 +3,7 @@ Some services can't correlate their principals and a number of consumed licenses will still be calculated. The below IDs are reserved for those incompatible apps. The IDs are not a principal. They represent the type of license being reported about. -These IDs are not to be correlated outside of the License Analytics system as they are not guaranteed to be globally unique across all products from all vendors. They are unique to License Analytics. +These IDs are not to be correlated outside of the Discover system as they are not guaranteed to be globally unique across all products from all vendors. They are unique to Discover. ## Defender for Endpoint diff --git a/docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 b/docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 index 4d46652..b3a6e03 100644 --- a/docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 +++ b/docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 @@ -6,7 +6,7 @@ Azure SQL Database PowerShell Modules: - Microsoft.Graph.Beta - Az -- SqlServerA PowerShell script collects the service configuration from the customer environment, processes the assignemnts, and stores the data in the specified Azure SQL database.MootElliot HuffmanLicense AnalyticsTH91bf841d4d-97e6-4069-b676-07a28f2d041b9bf12db2-dc23-48ed-923a-4438dfb5ae120a3667bd-b55a-424b-9882-5996e1403c1eAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee365909bf12db2-dc23-48ed-923a-4438dfb5ae1229bf841d4d-97e6-4069-b676-07a28f2d041b:9bf12db2-dc23-48ed-923a-4438dfb5ae12:0a3667bd-b55a-424b-9882-5996e1403c1e2023-12-12T14:34:08.612176-05:00HighTitleAn adversary can leverage the weak scalability of token cache and cause DoSUserThreatCategoryDenial of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to specUserThreatDescriptionThe default cache that ADAL (Active Directory Authentication Library) uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users.StateInformationThis is a purely Azure Fabric operation, this isn't exposed in any way to customers, tenants or other non-microsoft internal processes.InteractionStringValidate AuthPossibleMitigationsOverride the default ADAL token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#adal-scalable">https://aka.ms/tmtauthn#adal-scalable</a>PriorityHighSDLPhaseDesignbf841d4d-97e6-4069-b676-07a28f2d041bNotApplicable0a3667bd-b55a-424b-9882-5996e1403c1eTH91falsefalseTH1489015b784-fd98-41cd-9b85-a833cf8ee489f6270ed4-865d-4b27-b7ab-b3d9b76d9872bf841d4d-97e6-4069-b676-07a28f2d041bAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee36590f6270ed4-865d-4b27-b7ab-b3d9b76d9872259015b784-fd98-41cd-9b85-a833cf8ee489:f6270ed4-865d-4b27-b7ab-b3d9b76d9872:bf841d4d-97e6-4069-b676-07a28f2d041b2023-12-12T14:26:55.8092356-05:00HighTitleAn adversary can gain long term, persistent access to an Azure SQL DB instance through the compromise of local user account password(s)UserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain long term, persistent access to an Azure SQL DB instance through the compromise of local user account password(s).StateInformationNo local accounts are allowed to authenticate by default. Only Entra ID validated access tokens are allowed, which are correlated to a central account.InteractionStringData + Auth TokenPossibleMitigationsIt is recommended to rotate user account passwords (e.g. those used in connection strings) regularly, in accordance with your organization's policies. Store secrets in a secret storage solution (e.g. Azure Key Vault).PriorityHighSDLPhaseImplementation9015b784-fd98-41cd-9b85-a833cf8ee489Mitigatedbf841d4d-97e6-4069-b676-07a28f2d041bTH148falsefalseTH11bf841d4d-97e6-4069-b676-07a28f2d041b9bf12db2-dc23-48ed-923a-4438dfb5ae120a3667bd-b55a-424b-9882-5996e1403c1eAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee365909bf12db2-dc23-48ed-923a-4438dfb5ae1230bf841d4d-97e6-4069-b676-07a28f2d041b:9bf12db2-dc23-48ed-923a-4438dfb5ae12:0a3667bd-b55a-424b-9882-5996e1403c1e2023-12-12T14:14:08.818951-05:00HighTitleAn adversary can bypass authentication due to non-standard Azure AD authentication schemesUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can bypass authentication due to non-standard Azure AD authentication schemesStateInformationThis is a purely Azure Fabric operation, this isn't exposed in any way to customers, tenants or other non-microsoft internal processes.InteractionStringValidate AuthPossibleMitigationsUse standard authentication scenarios supported by Azure Active Directory. Refer: <a href="https://aka.ms/tmtauthn#authn-aad">https://aka.ms/tmtauthn#authn-aad</a>PriorityHighSDLPhaseImplementationbf841d4d-97e6-4069-b676-07a28f2d041bNotApplicable0a3667bd-b55a-424b-9882-5996e1403c1eTH11falsefalseTH1469015b784-fd98-41cd-9b85-a833cf8ee489f6270ed4-865d-4b27-b7ab-b3d9b76d9872bf841d4d-97e6-4069-b676-07a28f2d041bAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee36590f6270ed4-865d-4b27-b7ab-b3d9b76d9872239015b784-fd98-41cd-9b85-a833cf8ee489:f6270ed4-865d-4b27-b7ab-b3d9b76d9872:bf841d4d-97e6-4069-b676-07a28f2d041b2023-12-12T14:28:50.8174123-05:00HighTitleA compromised identity may permit more privileges than intended to an adversary due to weak permission and role assignmentsUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionA compromised identity may permit more privileges than intended to an adversary due to weak permission and role assignments.StateInformationMinimal permissions are granted to the DB writer security group as to be able to create tables, alter schema and add data to tables. +- SqlServerA PowerShell script collects the service configuration from the customer environment, processes the assignemnts, and stores the data in the specified Azure SQL database.MootElliot HuffmanDiscoverTH91bf841d4d-97e6-4069-b676-07a28f2d041b9bf12db2-dc23-48ed-923a-4438dfb5ae120a3667bd-b55a-424b-9882-5996e1403c1eAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee365909bf12db2-dc23-48ed-923a-4438dfb5ae1229bf841d4d-97e6-4069-b676-07a28f2d041b:9bf12db2-dc23-48ed-923a-4438dfb5ae12:0a3667bd-b55a-424b-9882-5996e1403c1e2023-12-12T14:34:08.612176-05:00HighTitleAn adversary can leverage the weak scalability of token cache and cause DoSUserThreatCategoryDenial of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to specUserThreatDescriptionThe default cache that ADAL (Active Directory Authentication Library) uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users.StateInformationThis is a purely Azure Fabric operation, this isn't exposed in any way to customers, tenants or other non-microsoft internal processes.InteractionStringValidate AuthPossibleMitigationsOverride the default ADAL token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#adal-scalable">https://aka.ms/tmtauthn#adal-scalable</a>PriorityHighSDLPhaseDesignbf841d4d-97e6-4069-b676-07a28f2d041bNotApplicable0a3667bd-b55a-424b-9882-5996e1403c1eTH91falsefalseTH1489015b784-fd98-41cd-9b85-a833cf8ee489f6270ed4-865d-4b27-b7ab-b3d9b76d9872bf841d4d-97e6-4069-b676-07a28f2d041bAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee36590f6270ed4-865d-4b27-b7ab-b3d9b76d9872259015b784-fd98-41cd-9b85-a833cf8ee489:f6270ed4-865d-4b27-b7ab-b3d9b76d9872:bf841d4d-97e6-4069-b676-07a28f2d041b2023-12-12T14:26:55.8092356-05:00HighTitleAn adversary can gain long term, persistent access to an Azure SQL DB instance through the compromise of local user account password(s)UserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain long term, persistent access to an Azure SQL DB instance through the compromise of local user account password(s).StateInformationNo local accounts are allowed to authenticate by default. Only Entra ID validated access tokens are allowed, which are correlated to a central account.InteractionStringData + Auth TokenPossibleMitigationsIt is recommended to rotate user account passwords (e.g. those used in connection strings) regularly, in accordance with your organization's policies. Store secrets in a secret storage solution (e.g. Azure Key Vault).PriorityHighSDLPhaseImplementation9015b784-fd98-41cd-9b85-a833cf8ee489Mitigatedbf841d4d-97e6-4069-b676-07a28f2d041bTH148falsefalseTH11bf841d4d-97e6-4069-b676-07a28f2d041b9bf12db2-dc23-48ed-923a-4438dfb5ae120a3667bd-b55a-424b-9882-5996e1403c1eAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee365909bf12db2-dc23-48ed-923a-4438dfb5ae1230bf841d4d-97e6-4069-b676-07a28f2d041b:9bf12db2-dc23-48ed-923a-4438dfb5ae12:0a3667bd-b55a-424b-9882-5996e1403c1e2023-12-12T14:14:08.818951-05:00HighTitleAn adversary can bypass authentication due to non-standard Azure AD authentication schemesUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can bypass authentication due to non-standard Azure AD authentication schemesStateInformationThis is a purely Azure Fabric operation, this isn't exposed in any way to customers, tenants or other non-microsoft internal processes.InteractionStringValidate AuthPossibleMitigationsUse standard authentication scenarios supported by Azure Active Directory. Refer: <a href="https://aka.ms/tmtauthn#authn-aad">https://aka.ms/tmtauthn#authn-aad</a>PriorityHighSDLPhaseImplementationbf841d4d-97e6-4069-b676-07a28f2d041bNotApplicable0a3667bd-b55a-424b-9882-5996e1403c1eTH11falsefalseTH1469015b784-fd98-41cd-9b85-a833cf8ee489f6270ed4-865d-4b27-b7ab-b3d9b76d9872bf841d4d-97e6-4069-b676-07a28f2d041bAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee36590f6270ed4-865d-4b27-b7ab-b3d9b76d9872239015b784-fd98-41cd-9b85-a833cf8ee489:f6270ed4-865d-4b27-b7ab-b3d9b76d9872:bf841d4d-97e6-4069-b676-07a28f2d041b2023-12-12T14:28:50.8174123-05:00HighTitleA compromised identity may permit more privileges than intended to an adversary due to weak permission and role assignmentsUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionA compromised identity may permit more privileges than intended to an adversary due to weak permission and role assignments.StateInformationMinimal permissions are granted to the DB writer security group as to be able to create tables, alter schema and add data to tables. This will be fully mitigated in the next major version when the whole platform will be rewritten into typescript and an API will sit infront of the DB, eliminating all permissions that the end user will have for the DB.InteractionStringData + Auth TokenPossibleMitigationsIt is recommended to review permission and role assignments to ensure the users are granted the least privileges necessary. Refer: <a href="https://aka.ms/tmt-th146">https://aka.ms/tmt-th146</a>PriorityHighSDLPhaseImplementation9015b784-fd98-41cd-9b85-a833cf8ee489Mitigatedbf841d4d-97e6-4069-b676-07a28f2d041bTH146falsefalseTH100a3667bd-b55a-424b-9882-5996e1403c1e9078ba02-5cbb-4d18-9da0-c41ee7b2c9febf841d4d-97e6-4069-b676-07a28f2d041bAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee365909078ba02-5cbb-4d18-9da0-c41ee7b2c9fe310a3667bd-b55a-424b-9882-5996e1403c1e:9078ba02-5cbb-4d18-9da0-c41ee7b2c9fe:bf841d4d-97e6-4069-b676-07a28f2d041b2023-12-12T14:33:34.6715324-05:00HighTitleAn adversary can gain unauthorized access to Azure SQL database due to weak account policyUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionDue to poorly configured account policies, adversary can launch brute force attacks on Azure SQL Database StateInformationThis is a purely Azure Fabric operation, this isn't exposed in any way to customers, tenants or other non-microsoft internal processes.InteractionStringConfirmationPossibleMitigationsWhen possible use Azure Active Directory Authentication for connecting to SQL Database. Refer: <a href="https://aka.ms/tmt-th10a">https://aka.ms/tmt-th10a</a> Ensure that least-privileged accounts are used to connect to Database server. Refer: <a href="https://aka.ms/tmt-th10b">https://aka.ms/tmt-th10b</a> and <a href="https://aka.ms/tmt-th10c">https://aka.ms/tmt-th10c</a>PriorityHighSDLPhaseImplementation0a3667bd-b55a-424b-9882-5996e1403c1eNotApplicablebf841d4d-97e6-4069-b676-07a28f2d041bTH10falsefalseTH1449015b784-fd98-41cd-9b85-a833cf8ee489f6270ed4-865d-4b27-b7ab-b3d9b76d9872bf841d4d-97e6-4069-b676-07a28f2d041bAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee36590f6270ed4-865d-4b27-b7ab-b3d9b76d9872219015b784-fd98-41cd-9b85-a833cf8ee489:f6270ed4-865d-4b27-b7ab-b3d9b76d9872:bf841d4d-97e6-4069-b676-07a28f2d041b2023-12-12T14:23:36.5889461-05:00HighTitleAn adversary can read confidential data due to weak connection string configurationUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can read confidential data due to weak connection string configuration.StateInformationNo connection strings are generated or used. All connections are encrypted via TLS 1.2 or greater. When using the cmdlets, the encrypt strict and TrustServerCertificate $false parameters are set to ensure a non-tampered connection.InteractionStringData + Auth TokenPossibleMitigationsClients connecting to an Azure SQL Database instance using a connection string should ensure encrypt=true and trustservercertificate=false are set. This configuration ensures that connections are encrypted only if there is a verifiable server certificate (otherwise the connection attempt fails). This helps protect against Man-In-The-Middle attacks. Refer: <a href="https://aka.ms/tmt-th144">https://aka.ms/tmt-th144</a>PriorityHighSDLPhaseImplementation9015b784-fd98-41cd-9b85-a833cf8ee489Mitigatedbf841d4d-97e6-4069-b676-07a28f2d041bTH144falsefalseTH1439015b784-fd98-41cd-9b85-a833cf8ee489f6270ed4-865d-4b27-b7ab-b3d9b76d9872bf841d4d-97e6-4069-b676-07a28f2d041bAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee36590f6270ed4-865d-4b27-b7ab-b3d9b76d9872209015b784-fd98-41cd-9b85-a833cf8ee489:f6270ed4-865d-4b27-b7ab-b3d9b76d9872:bf841d4d-97e6-4069-b676-07a28f2d041b2023-12-12T14:30:22.6492358-05:00HighTitleAn adversary can gain unauthorized access to Azure SQL DB instances due to weak network security configuration.UserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure SQL DB instances due to weak network security configuration.StateInformationTLS 1.2 or greater is required for all connections.InteractionStringData + Auth TokenPossibleMitigationsRestrict access to Azure SQL Database instances by configuring server-level and database-level firewall rules to permit connections from selected networks (e.g. a virtual network or a custom set of IP addresses) where possible. Refer:<a href="https://aka.ms/tmt-th143">https://aka.ms/tmt-th143</a>PriorityHighSDLPhaseImplementation9015b784-fd98-41cd-9b85-a833cf8ee489Mitigatedbf841d4d-97e6-4069-b676-07a28f2d041bTH143falsefalseTH1179015b784-fd98-41cd-9b85-a833cf8ee489f6270ed4-865d-4b27-b7ab-b3d9b76d9872bf841d4d-97e6-4069-b676-07a28f2d041bAzureAD\ElliotHuffman8e769290-317f-4cd4-9a7c-b4fcdee36590f6270ed4-865d-4b27-b7ab-b3d9b76d9872199015b784-fd98-41cd-9b85-a833cf8ee489:f6270ed4-865d-4b27-b7ab-b3d9b76d9872:bf841d4d-97e6-4069-b676-07a28f2d041b2023-12-12T14:37:08.2597348-05:00HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationUser accounts are goverened by their respective organization owners, MLA supports all MFA and anti-spoofing configs that Entra does. The DB Access token is scoped only to DBs that the user is allowed to access. It doesn't work for any other types of resources. diff --git a/docs/SHIELD/Discover/index.md b/docs/SHIELD/Discover/index.md index 68b3a97..1dd331a 100644 --- a/docs/SHIELD/Discover/index.md +++ b/docs/SHIELD/Discover/index.md @@ -1,4 +1,4 @@ -# License Analytics +# Discover ## Overview diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/index.md b/docs/SHIELD/Getting-Started/Usage-Guide/index.md index 9627e7d..1de1002 100644 --- a/docs/SHIELD/Getting-Started/Usage-Guide/index.md +++ b/docs/SHIELD/Getting-Started/Usage-Guide/index.md @@ -6,7 +6,7 @@ Infrastructure management is responsible for the underlying common set of settin This system is responsible for deploying and keeping them up to date. -[:octicons-rocket-24: Deploy Core Infrastructure](Deploy-Core-Infrastructure/index.md){ .md-button } +[:octicons-rocket-24: Deploy Core Infrastructure](../../Deploy/Usage-Guide/index.md){ .md-button } ## Lifecycle Management @@ -14,20 +14,20 @@ Lifecycle management is where you will spend most of your time. Performing actio ### Device -- [Commission a Device](Lifecycle-Management/Device/0-Commission.md) -- [Decommission a Device](Lifecycle-Management/Device/1-Decommission.md) -- [Assign a Privileged Device](Lifecycle-Management/Device/2-Assign.md) -- [Unassign a Privileged Device](Lifecycle-Management/Device/3-Unassign.md) +- [Commission a Device](../../Defend/Usage-Guide/Device/0-Commission.md) +- [Decommission a Device](../../Defend/Usage-Guide/Device/1-Decommission.md) +- [Assign a Privileged Device](../../Defend/Usage-Guide/Device/2-Assign.md) +- [Unassign a Privileged Device](../../Defend/Usage-Guide/Device/3-Unassign.md) ### User -- [Commission a user](Lifecycle-Management/User/Commission.md) -- [Decommission a user](Lifecycle-Management/User/Decommission.md) +- [Commission a user](../../Defend/Usage-Guide/User/Commission.md) +- [Decommission a user](../../Defend/Usage-Guide/User/Decommission.md) --- ## See Also -- [SPA - SHI Architecture Overview](../../Reference/Architecture/Securing-Privileged-Access.md) +- [SPA - SHI Architecture Overview](../../Deploy/Securing-Privileged-Access.md) - [SPA - MSFT Docs](https://aka.ms/spa){:target="_blank"} - [Security Classes - MSFT Docs](https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-security-levels){:target="_blank"} diff --git a/docs/SHIELD/Getting-Started/index.md b/docs/SHIELD/Getting-Started/index.md index a4e58a3..306485c 100644 --- a/docs/SHIELD/Getting-Started/index.md +++ b/docs/SHIELD/Getting-Started/index.md @@ -6,12 +6,12 @@ The server is deployed first then the server deploys the core infrastructure. 1. To deploy the server, chose from one of the below deployment methods:
- [:fontawesome-solid-file-zipper: Deploy Using Manual Method](Deployment/Manual-Deployment.md){ .md-button } + [:fontawesome-solid-file-zipper: Deploy Using Manual Method](../Deploy/Deployment/Manual-Deployment.md){ .md-button } 2. Deploy the core infrastructure using the Web UI:
- [:octicons-rocket-24: Deploy Core Infrastructure](Usage-Guide/Deploy-Core-Infrastructure/index.md){ .md-button } + [:octicons-rocket-24: Deploy Core Infrastructure](../Deploy/Usage-Guide/index.md){ .md-button } 3. Manage your infrastructure using the SHIELD app's Lifecycle management engine:
- [:fontawesome-solid-rotate: Manage Lifecycle](Usage-Guide/Lifecycle-Management/index.md){ .md-button } + [:fontawesome-solid-rotate: Manage Lifecycle](../Defend/Usage-Guide/index.md){ .md-button } diff --git a/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md index cc88da4..0acfad5 100644 --- a/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md +++ b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md @@ -49,7 +49,7 @@ Technical details on the properties/values that can be set on the root/common sc This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates privileged configurations from other [security classes](../../Architecture/Securing-Privileged-Access.md). The description field also contains additional context and configurations as described [here](2-PSM-IntuneScopeTag.md). +This is the ID of the Intune Role Scope Tag that separates privileged configurations from other [security classes](../../../Deploy/Securing-Privileged-Access.md). **Example:** `PsmId=21` @@ -62,7 +62,7 @@ This is the ID of the Intune Role Scope Tag that separates privileged configurat This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates specialized configurations from other [security classes](../../Architecture/Securing-Privileged-Access.md). The description field also contains additional context and configurations as described [here](3-SSM-IntuneScopeTag.md). +This is the ID of the Intune Role Scope Tag that separates specialized configurations from other [security classes](../../../Deploy/Securing-Privileged-Access.md). **Example:** `SsmId=21` @@ -75,7 +75,7 @@ This is the ID of the Intune Role Scope Tag that separates specialized configura This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates enterprise configurations from other [security classes](../../Architecture/Securing-Privileged-Access.md). The description field also contains additional context and configurations as described [here](4-ESM-IntuneScopeTag.md). +This is the ID of the Intune Role Scope Tag that separates enterprise configurations from other [security classes](../../../Deploy/Securing-Privileged-Access.md). **Example:** `EsmId=21` diff --git a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md index c018309..16de193 100644 --- a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md +++ b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md @@ -34,7 +34,7 @@ No fear, PowerShell is here! Check out this PowerShell app: The PowerShell app will graphically list all the managed identities, let you select one, then graphically list all the Graph API permissions you can assign it. Assign the permissions listed here: -[Required Graph API Permissions](../../Getting-Started/Deployment/Required-Graph-API-Permissions.md) +[Required Graph API Permissions](../../Deploy/Deployment/Required-Graph-API-Permissions.md) For more information on how the PowerShell app works, check out this MS Docs article: diff --git a/docs/SHIELD/index.md b/docs/SHIELD/index.md index ecbaacb..0894401 100644 --- a/docs/SHIELD/index.md +++ b/docs/SHIELD/index.md @@ -23,7 +23,7 @@ SHIELD is an orchestration tool in the larger security landscape. It does not br ## Prerequisites -Check out this page for more details: [Getting Started - Prerequisites](Getting-Started/Prerequisites.md) +Check out this page for more details: [Getting Started - Prerequisites](Deploy/Prerequisites.md) ## Recommended Environment @@ -40,9 +40,9 @@ In the rest of the documentation, we will provide detailed instructions on how t ## See Also -- [Usage Guides](Getting-Started/Usage-Guide/index.md) +- [Usage Guides](Defend/Usage-Guide/index.md) - Change Log - Coming Soon! - [SHIELD Architecture](Reference/Architecture/index.md) - [API Documentation](Reference/Development/OpenAPI.md) -- [Troubleshooting](Troubleshooting/Uninstall.md) +- [Troubleshooting](Deploy/Troubleshooting/Uninstall.md) - [Contact Us](https://shilab.com/contact) diff --git a/docs/index.md b/docs/index.md index 83a3953..b5a8254 100644 --- a/docs/index.md +++ b/docs/index.md @@ -16,11 +16,11 @@ Manages the state of security tenant wide using a multi-tiered architecture. ### Deploy -Lorem Ipsum +[:mag: Deploy](SHIELD/Deploy/Prerequisites.md){ .md-button } ### Defend -Lorem Ipsum +[:mag: Defend](SHIELD/Defend/Usage-Guide/index.md){ .md-button } ### Discover diff --git a/mkdocs.yml b/mkdocs.yml index 4a91f09..56dbdd3 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -138,3 +138,102 @@ extra: name: SHI's home on Instagram watch: - includes + +nav: + - Home: index.md + + - SHIELD: + - Overview: SHIELD/index.md + - Getting Started: + - index: SHIELD/Getting-Started/index.md + - "Usage Guide": SHIELD/Getting-Started/Usage-Guide/index.md + + - Defend: + - Usage Guide: + - index: SHIELD/Defend/Usage-Guide/index.md + - Device: + - "Commission": SHIELD/Defend/Usage-Guide/Device/0-Commission.md + - "Decommission": SHIELD/Defend/Usage-Guide/Device/1-Decommission.md + - "Assign": SHIELD/Defend/Usage-Guide/Device/2-Assign.md + - "Unassign": SHIELD/Defend/Usage-Guide/Device/3-Unassign.md + - User: + - "Commission": SHIELD/Defend/Usage-Guide/User/Commission.md + - "Decommission": SHIELD/Defend/Usage-Guide/User/Decommission.md + + - Reference: + - Architecture: + - "Hardware Selection": SHIELD/Defend/Reference/Architecture/Hardware-Selection.md + - Diagrams: + - "Device Assign": SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md + - "Device Commission": SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md + - "Device Decommission": SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md + - "Device Unassign": SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md + - "User Commission": SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md + - "User Decommission": SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md + - Lifecycle: + - "Privileged Device Workflows": "SHIELD/Defend/Reference/Architecture/Lifecycle/Privileged Device Workflows.md" + - "Custom Apps": + - "Corp VM": + - index: SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md + - Changelog: SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md + - "ManagedInstaller-Config": + - index: SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md + - Changelog: SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md + - "Security-Config": + - index: SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md + - Changelog: SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md + - "File Changes": SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md + - "Registry Changes": SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md + + - Deploy: + - Prerequisites: SHIELD/Deploy/Prerequisites.md + - "Core Infrastructure (Usage Guide)": SHIELD/Deploy/Usage-Guide/index.md + - "Securing Privileged Access": SHIELD/Deploy/Securing-Privileged-Access.md + - Architecture: + - Infrastructure: + - "Identity Protection Policy": SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md + - Deployment: + - "Azure Marketplace": SHIELD/Deploy/Deployment/Azure-Marketplace.md + - "Manual Deployment": SHIELD/Deploy/Deployment/Manual-Deployment.md + - "Required Graph API Permissions": SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md + - Troubleshooting: + - Uninstall Procedure: SHIELD/Deploy/Troubleshooting/Uninstall.md + - "MDE Enable": SHIELD/Deploy/Usage-Guide/MDE-Enable.md + + - Discover: + - index: SHIELD/Discover/index.md + - "Database Schema": SHIELD/Discover/Database-Schema.md + - "Getting Started": SHIELD/Discover/Getting-Started.md + - "Reserved Principals": SHIELD/Discover/Reserved-Principals.md + - "Supported Licenses": SHIELD/Discover/Supported-Licenses.md + - Architecture: + - "Infrastructure": SHIELD/Discover/Architecture/Infrastructure.md + - "Process Flow": SHIELD/Discover/Architecture/Process-Flow.md + - Deployment: + - "0-Prerequisites": SHIELD/Discover/Deployment/0-Prerequisites.md + - "Azure SQL Database": SHIELD/Discover/Deployment/Azure-SQL-Database.md + - "Silent Installation": SHIELD/Discover/Deployment/Silent-Installation.md + - "Standard Install": SHIELD/Discover/Deployment/Standard-Install.md + - Plugins: + - "Defender Endpoint": SHIELD/Discover/Plugins/DefenderEndpoint.md + - "Defender Identity": SHIELD/Discover/Plugins/DefenderIdentity.md + - "EntraID": SHIELD/Discover/Plugins/EntraID.md + - "Overview": SHIELD/Discover/Plugins/Overview.md + + - Reference: + - Architecture: + - index: SHIELD/Reference/Architecture/index.md + - "Review Template": SHIELD/Reference/Architecture/Review-Template.md + - Threat-Models: + - "ISV to Customer": SHIELD/Reference/Architecture/Threat-Models/ISV-To-Customer.md + - Development: + - "OpenAPI": SHIELD/Reference/Development/OpenAPI.md + - Data-Formats: + - "Intune Scope Tag": "SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md" + - Settings: + - "Configure Managed Identity": SHIELD/Reference/Settings/Configure-Managed-Identity.md + - "Debug Mode": SHIELD/Reference/Settings/Debug-Mode.md + - "Environmental Variables": SHIELD/Reference/Settings/Environmental-Variables-Reference.md + + - "Data Gateway": Data-Gateway/index.md + - Matrix: Matrix/index.md From c10ee78736b796559c19789e86a7c532f7480aab Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Tue, 11 Feb 2025 09:01:19 -0600 Subject: [PATCH 03/26] fixed warnings/errors --- docs/SHIELD/Defend/index.md | 3 +++ docs/SHIELD/Deploy/Usage-Guide/index.md | 2 +- docs/SHIELD/{Deploy => }/Prerequisites.md | 6 +++--- docs/SHIELD/index.md | 2 +- docs/index.md | 2 +- mkdocs.yml | 3 +-- 6 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 docs/SHIELD/Defend/index.md rename docs/SHIELD/{Deploy => }/Prerequisites.md (88%) diff --git a/docs/SHIELD/Defend/index.md b/docs/SHIELD/Defend/index.md new file mode 100644 index 0000000..1b0edc7 --- /dev/null +++ b/docs/SHIELD/Defend/index.md @@ -0,0 +1,3 @@ +# Defend + +Coming soon! \ No newline at end of file diff --git a/docs/SHIELD/Deploy/Usage-Guide/index.md b/docs/SHIELD/Deploy/Usage-Guide/index.md index 6d68527..f4e983c 100644 --- a/docs/SHIELD/Deploy/Usage-Guide/index.md +++ b/docs/SHIELD/Deploy/Usage-Guide/index.md @@ -8,7 +8,7 @@ After deployment, the only parts of the core infrastructure that can't be touche !!! note "Prerequisites Check" Don't forget to make sure you meet the prerequisites as listed here: - [Getting Started - Prerequisites](../Prerequisites.md) + [Getting Started - Prerequisites](../../Prerequisites.md) --- diff --git a/docs/SHIELD/Deploy/Prerequisites.md b/docs/SHIELD/Prerequisites.md similarity index 88% rename from docs/SHIELD/Deploy/Prerequisites.md rename to docs/SHIELD/Prerequisites.md index a6b0f21..ad50345 100644 --- a/docs/SHIELD/Deploy/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -8,8 +8,8 @@ To simplify the documentation, we use the `M` prefix to refer to the different l ## Base Requirements -- [X] Deploying User has `Global Admin Rights` (for [manual deployment](Deployment/Manual-Deployment.md) only) -- [X] Defender for Endpoint has had its [workspace created](Usage-Guide/MDE-Enable.md) +- [X] Deploying User has `Global Admin Rights` (for [manual deployment](Deploy/Deployment/Manual-Deployment.md) only) +- [X] Defender for Endpoint has had its [workspace created](Deploy/Usage-Guide/MDE-Enable.md) - [X] Security Defaults [are shut off](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) in Entra ID - [X] Certificate Authentication is [disabled in the Entra ID authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) methods for SHIELD's ESM, SSM and PSM root security groups @@ -32,5 +32,5 @@ To simplify the documentation, we use the `M` prefix to refer to the different l ## PSM - [X] `M5` [or equivalent](https://go.microsoft.com/fwlink/?linkid=2139145){:target="_blank"} licenses are purchased and enabled in the target tenant -- [X] Secure Core Certified hardware. Please see the [hardware selection](../Defend/Reference/Architecture/Hardware-Selection.md) documentation for details +- [X] Secure Core Certified hardware. Please see the [hardware selection](Defend/Reference/Architecture/Hardware-Selection.md) documentation for details - [X] Devices need to be registered in Autopilot to be allowed to be commissioned into a PAW diff --git a/docs/SHIELD/index.md b/docs/SHIELD/index.md index 0894401..c8d9624 100644 --- a/docs/SHIELD/index.md +++ b/docs/SHIELD/index.md @@ -23,7 +23,7 @@ SHIELD is an orchestration tool in the larger security landscape. It does not br ## Prerequisites -Check out this page for more details: [Getting Started - Prerequisites](Deploy/Prerequisites.md) +Check out this page for more details: [Getting Started - Prerequisites](Prerequisites.md) ## Recommended Environment diff --git a/docs/index.md b/docs/index.md index b5a8254..16681ef 100644 --- a/docs/index.md +++ b/docs/index.md @@ -16,7 +16,7 @@ Manages the state of security tenant wide using a multi-tiered architecture. ### Deploy -[:mag: Deploy](SHIELD/Deploy/Prerequisites.md){ .md-button } +[:mag: Deploy](SHIELD/Prerequisites.md){ .md-button } ### Defend diff --git a/mkdocs.yml b/mkdocs.yml index 56dbdd3..10c8d2b 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -40,7 +40,6 @@ theme: - navigation.top - navigation.sections - navigation.indexes - - navigation.expand - navigation.footer - content.tabs.link - content.tooltips @@ -147,6 +146,7 @@ nav: - Getting Started: - index: SHIELD/Getting-Started/index.md - "Usage Guide": SHIELD/Getting-Started/Usage-Guide/index.md + - Prerequisites: SHIELD/Prerequisites.md - Defend: - Usage Guide: @@ -186,7 +186,6 @@ nav: - "Registry Changes": SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md - Deploy: - - Prerequisites: SHIELD/Deploy/Prerequisites.md - "Core Infrastructure (Usage Guide)": SHIELD/Deploy/Usage-Guide/index.md - "Securing Privileged Access": SHIELD/Deploy/Securing-Privileged-Access.md - Architecture: From 34ebf41a3431eb8a1619bd758d5f5888f495b6dd Mon Sep 17 00:00:00 2001 From: Elliot Huffman Date: Tue, 11 Feb 2025 16:16:14 -0500 Subject: [PATCH 04/26] Restructuring Remove hard coded nav menu Update copyright to 2025 Remove GitHub link Move deploy getting started files. --- .vscode/tasks.json | 2 +- .../Deployment/Azure-Marketplace.md | 0 .../Deployment/Manual-Deployment.md | 0 .../Required-Graph-API-Permissions.md | 0 .../Deployment/Scripts/Install-Sop.ps1 | 0 .../Usage-Guide/index.md | 0 .../index.md | 0 mkdocs.yml | 104 +----------------- 8 files changed, 2 insertions(+), 104 deletions(-) rename docs/SHIELD/{Deploy => 0-Getting-Started}/Deployment/Azure-Marketplace.md (100%) rename docs/SHIELD/{Deploy => 0-Getting-Started}/Deployment/Manual-Deployment.md (100%) rename docs/SHIELD/{Deploy => 0-Getting-Started}/Deployment/Required-Graph-API-Permissions.md (100%) rename docs/SHIELD/{Deploy => 0-Getting-Started}/Deployment/Scripts/Install-Sop.ps1 (100%) rename docs/SHIELD/{Getting-Started => 0-Getting-Started}/Usage-Guide/index.md (100%) rename docs/SHIELD/{Getting-Started => 0-Getting-Started}/index.md (100%) diff --git a/.vscode/tasks.json b/.vscode/tasks.json index d333219..b495fd4 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -33,4 +33,4 @@ "problemMatcher": [] } ] -} +} \ No newline at end of file diff --git a/docs/SHIELD/Deploy/Deployment/Azure-Marketplace.md b/docs/SHIELD/0-Getting-Started/Deployment/Azure-Marketplace.md similarity index 100% rename from docs/SHIELD/Deploy/Deployment/Azure-Marketplace.md rename to docs/SHIELD/0-Getting-Started/Deployment/Azure-Marketplace.md diff --git a/docs/SHIELD/Deploy/Deployment/Manual-Deployment.md b/docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md similarity index 100% rename from docs/SHIELD/Deploy/Deployment/Manual-Deployment.md rename to docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md diff --git a/docs/SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md b/docs/SHIELD/0-Getting-Started/Deployment/Required-Graph-API-Permissions.md similarity index 100% rename from docs/SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md rename to docs/SHIELD/0-Getting-Started/Deployment/Required-Graph-API-Permissions.md diff --git a/docs/SHIELD/Deploy/Deployment/Scripts/Install-Sop.ps1 b/docs/SHIELD/0-Getting-Started/Deployment/Scripts/Install-Sop.ps1 similarity index 100% rename from docs/SHIELD/Deploy/Deployment/Scripts/Install-Sop.ps1 rename to docs/SHIELD/0-Getting-Started/Deployment/Scripts/Install-Sop.ps1 diff --git a/docs/SHIELD/Getting-Started/Usage-Guide/index.md b/docs/SHIELD/0-Getting-Started/Usage-Guide/index.md similarity index 100% rename from docs/SHIELD/Getting-Started/Usage-Guide/index.md rename to docs/SHIELD/0-Getting-Started/Usage-Guide/index.md diff --git a/docs/SHIELD/Getting-Started/index.md b/docs/SHIELD/0-Getting-Started/index.md similarity index 100% rename from docs/SHIELD/Getting-Started/index.md rename to docs/SHIELD/0-Getting-Started/index.md diff --git a/mkdocs.yml b/mkdocs.yml index 10c8d2b..1ca5c77 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,10 +1,7 @@ site_name: SHI Orchestration Platform - Documentation site_url: https://docs.shilab.com/ site_description: Documentation for the SHI orchestration platform -repo_url: https://github.com/Software-Hardware-Integration-Lab/Documentation -repo_name: Software-Hardware-Integration-Lab/Documentation -# edit_uri: edit/main/docs/ -copyright: Copyright © 2024 SHI International Corp.  |  Change cookie settings +copyright: Copyright © 2025 SHI International Corp.  |  Change cookie settings theme: name: material custom_dir: overrides @@ -137,102 +134,3 @@ extra: name: SHI's home on Instagram watch: - includes - -nav: - - Home: index.md - - - SHIELD: - - Overview: SHIELD/index.md - - Getting Started: - - index: SHIELD/Getting-Started/index.md - - "Usage Guide": SHIELD/Getting-Started/Usage-Guide/index.md - - Prerequisites: SHIELD/Prerequisites.md - - - Defend: - - Usage Guide: - - index: SHIELD/Defend/Usage-Guide/index.md - - Device: - - "Commission": SHIELD/Defend/Usage-Guide/Device/0-Commission.md - - "Decommission": SHIELD/Defend/Usage-Guide/Device/1-Decommission.md - - "Assign": SHIELD/Defend/Usage-Guide/Device/2-Assign.md - - "Unassign": SHIELD/Defend/Usage-Guide/Device/3-Unassign.md - - User: - - "Commission": SHIELD/Defend/Usage-Guide/User/Commission.md - - "Decommission": SHIELD/Defend/Usage-Guide/User/Decommission.md - - - Reference: - - Architecture: - - "Hardware Selection": SHIELD/Defend/Reference/Architecture/Hardware-Selection.md - - Diagrams: - - "Device Assign": SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md - - "Device Commission": SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md - - "Device Decommission": SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md - - "Device Unassign": SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md - - "User Commission": SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md - - "User Decommission": SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md - - Lifecycle: - - "Privileged Device Workflows": "SHIELD/Defend/Reference/Architecture/Lifecycle/Privileged Device Workflows.md" - - "Custom Apps": - - "Corp VM": - - index: SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md - - Changelog: SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md - - "ManagedInstaller-Config": - - index: SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md - - Changelog: SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md - - "Security-Config": - - index: SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md - - Changelog: SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md - - "File Changes": SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md - - "Registry Changes": SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md - - - Deploy: - - "Core Infrastructure (Usage Guide)": SHIELD/Deploy/Usage-Guide/index.md - - "Securing Privileged Access": SHIELD/Deploy/Securing-Privileged-Access.md - - Architecture: - - Infrastructure: - - "Identity Protection Policy": SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md - - Deployment: - - "Azure Marketplace": SHIELD/Deploy/Deployment/Azure-Marketplace.md - - "Manual Deployment": SHIELD/Deploy/Deployment/Manual-Deployment.md - - "Required Graph API Permissions": SHIELD/Deploy/Deployment/Required-Graph-API-Permissions.md - - Troubleshooting: - - Uninstall Procedure: SHIELD/Deploy/Troubleshooting/Uninstall.md - - "MDE Enable": SHIELD/Deploy/Usage-Guide/MDE-Enable.md - - - Discover: - - index: SHIELD/Discover/index.md - - "Database Schema": SHIELD/Discover/Database-Schema.md - - "Getting Started": SHIELD/Discover/Getting-Started.md - - "Reserved Principals": SHIELD/Discover/Reserved-Principals.md - - "Supported Licenses": SHIELD/Discover/Supported-Licenses.md - - Architecture: - - "Infrastructure": SHIELD/Discover/Architecture/Infrastructure.md - - "Process Flow": SHIELD/Discover/Architecture/Process-Flow.md - - Deployment: - - "0-Prerequisites": SHIELD/Discover/Deployment/0-Prerequisites.md - - "Azure SQL Database": SHIELD/Discover/Deployment/Azure-SQL-Database.md - - "Silent Installation": SHIELD/Discover/Deployment/Silent-Installation.md - - "Standard Install": SHIELD/Discover/Deployment/Standard-Install.md - - Plugins: - - "Defender Endpoint": SHIELD/Discover/Plugins/DefenderEndpoint.md - - "Defender Identity": SHIELD/Discover/Plugins/DefenderIdentity.md - - "EntraID": SHIELD/Discover/Plugins/EntraID.md - - "Overview": SHIELD/Discover/Plugins/Overview.md - - - Reference: - - Architecture: - - index: SHIELD/Reference/Architecture/index.md - - "Review Template": SHIELD/Reference/Architecture/Review-Template.md - - Threat-Models: - - "ISV to Customer": SHIELD/Reference/Architecture/Threat-Models/ISV-To-Customer.md - - Development: - - "OpenAPI": SHIELD/Reference/Development/OpenAPI.md - - Data-Formats: - - "Intune Scope Tag": "SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md" - - Settings: - - "Configure Managed Identity": SHIELD/Reference/Settings/Configure-Managed-Identity.md - - "Debug Mode": SHIELD/Reference/Settings/Debug-Mode.md - - "Environmental Variables": SHIELD/Reference/Settings/Environmental-Variables-Reference.md - - - "Data Gateway": Data-Gateway/index.md - - Matrix: Matrix/index.md From 239451c4e992f890b123cb5b084f7fb6779143a3 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Mon, 3 Mar 2025 17:51:10 -0600 Subject: [PATCH 05/26] Fixed wanings --- docs/SHIELD/0-Getting-Started/index.md | 2 +- docs/SHIELD/Prerequisites.md | 2 +- docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/SHIELD/0-Getting-Started/index.md b/docs/SHIELD/0-Getting-Started/index.md index 306485c..9fcadcb 100644 --- a/docs/SHIELD/0-Getting-Started/index.md +++ b/docs/SHIELD/0-Getting-Started/index.md @@ -6,7 +6,7 @@ The server is deployed first then the server deploys the core infrastructure. 1. To deploy the server, chose from one of the below deployment methods:
- [:fontawesome-solid-file-zipper: Deploy Using Manual Method](../Deploy/Deployment/Manual-Deployment.md){ .md-button } + [:fontawesome-solid-file-zipper: Deploy Using Manual Method](Deployment\Manual-Deployment.md){ .md-button } 2. Deploy the core infrastructure using the Web UI:
diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index ad50345..1c4ef69 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -8,7 +8,7 @@ To simplify the documentation, we use the `M` prefix to refer to the different l ## Base Requirements -- [X] Deploying User has `Global Admin Rights` (for [manual deployment](Deploy/Deployment/Manual-Deployment.md) only) +- [X] Deploying User has `Global Admin Rights` (for [manual deployment](0-Getting-Started\Deployment\Manual-Deployment.md) only) - [X] Defender for Endpoint has had its [workspace created](Deploy/Usage-Guide/MDE-Enable.md) - [X] Security Defaults [are shut off](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) in Entra ID - [X] Certificate Authentication is [disabled in the Entra ID authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) methods for SHIELD's ESM, SSM and PSM root security groups diff --git a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md index 16de193..94ac131 100644 --- a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md +++ b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md @@ -34,7 +34,7 @@ No fear, PowerShell is here! Check out this PowerShell app: The PowerShell app will graphically list all the managed identities, let you select one, then graphically list all the Graph API permissions you can assign it. Assign the permissions listed here: -[Required Graph API Permissions](../../Deploy/Deployment/Required-Graph-API-Permissions.md) +[Required Graph API Permissions](../../0-Getting-Started\Deployment\Required-Graph-API-Permissions.md) For more information on how the PowerShell app works, check out this MS Docs article: From c1647a0ddce08d434330d05922f121b59f8e2658 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Mon, 3 Mar 2025 17:59:14 -0600 Subject: [PATCH 06/26] Defend module standard --- docs/SHIELD/Defend/{ => Overview}/index.md | 0 .../Defend/Reference/{Architecture => }/Diagrams/Device-Assign.md | 0 .../Reference/{Architecture => }/Diagrams/Device-Commission.md | 0 .../Reference/{Architecture => }/Diagrams/Device-Decommission.md | 0 .../Reference/{Architecture => }/Diagrams/Device-Unassign.md | 0 .../Reference/{Architecture => }/Diagrams/User-Commission.md | 0 .../Reference/{Architecture => }/Diagrams/User-Decommission.md | 0 .../Defend/Reference/{Architecture => }/Hardware-Selection.md | 0 .../{Architecture => }/Lifecycle/Privileged Device Workflows.md | 0 9 files changed, 0 insertions(+), 0 deletions(-) rename docs/SHIELD/Defend/{ => Overview}/index.md (100%) rename docs/SHIELD/Defend/Reference/{Architecture => }/Diagrams/Device-Assign.md (100%) rename docs/SHIELD/Defend/Reference/{Architecture => }/Diagrams/Device-Commission.md (100%) rename docs/SHIELD/Defend/Reference/{Architecture => }/Diagrams/Device-Decommission.md (100%) rename docs/SHIELD/Defend/Reference/{Architecture => }/Diagrams/Device-Unassign.md (100%) rename docs/SHIELD/Defend/Reference/{Architecture => }/Diagrams/User-Commission.md (100%) rename docs/SHIELD/Defend/Reference/{Architecture => }/Diagrams/User-Decommission.md (100%) rename docs/SHIELD/Defend/Reference/{Architecture => }/Hardware-Selection.md (100%) rename docs/SHIELD/Defend/Reference/{Architecture => }/Lifecycle/Privileged Device Workflows.md (100%) diff --git a/docs/SHIELD/Defend/index.md b/docs/SHIELD/Defend/Overview/index.md similarity index 100% rename from docs/SHIELD/Defend/index.md rename to docs/SHIELD/Defend/Overview/index.md diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Assign.md rename to docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Commission.md rename to docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Decommission.md rename to docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Architecture/Diagrams/Device-Unassign.md rename to docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md b/docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Commission.md rename to docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md diff --git a/docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md b/docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Architecture/Diagrams/User-Decommission.md rename to docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md diff --git a/docs/SHIELD/Defend/Reference/Architecture/Hardware-Selection.md b/docs/SHIELD/Defend/Reference/Hardware-Selection.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Architecture/Hardware-Selection.md rename to docs/SHIELD/Defend/Reference/Hardware-Selection.md diff --git a/docs/SHIELD/Defend/Reference/Architecture/Lifecycle/Privileged Device Workflows.md b/docs/SHIELD/Defend/Reference/Lifecycle/Privileged Device Workflows.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Architecture/Lifecycle/Privileged Device Workflows.md rename to docs/SHIELD/Defend/Reference/Lifecycle/Privileged Device Workflows.md From 2daa0fb476dbdb4626656d5102ba4807ac6a6e12 Mon Sep 17 00:00:00 2001 From: Elliot Huffman Date: Fri, 28 Mar 2025 20:04:50 -0400 Subject: [PATCH 07/26] Update MkDocs Version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 991cf96..fc06472 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ mkdocs == 1.6.1 -mkdocs-material == 9.5.49 +mkdocs-material == 9.6.9 mkdocs-glightbox == 0.4.0 From f6cb6eced29bbb27dbb60d6bcd3b932f1b2042de Mon Sep 17 00:00:00 2001 From: Elliot Huffman Date: Fri, 28 Mar 2025 20:05:04 -0400 Subject: [PATCH 08/26] Revert "Update MkDocs Version" This reverts commit 2daa0fb476dbdb4626656d5102ba4807ac6a6e12. --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fc06472..991cf96 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ mkdocs == 1.6.1 -mkdocs-material == 9.6.9 +mkdocs-material == 9.5.49 mkdocs-glightbox == 0.4.0 From 72aae1e593ffc15f7c9f4100601573deefd7f375 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Tue, 1 Apr 2025 21:50:55 -0500 Subject: [PATCH 09/26] restructure commit --- docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md | 2 +- docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md | 2 +- .../SHIELD/Defend/Reference/Diagrams/Device-Decommission.md | 2 +- docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md | 2 +- docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md | 2 +- docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md | 2 +- docs/SHIELD/Defend/Reference/Hardware-Selection.md | 6 +++--- docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md | 6 +++--- docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md | 2 +- docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md | 2 +- docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md | 2 +- docs/SHIELD/Defend/Usage-Guide/User/Commission.md | 2 +- docs/SHIELD/Defend/Usage-Guide/User/Decommission.md | 2 +- docs/SHIELD/Prerequisites.md | 2 +- 14 files changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md index 039e970..bcea31c 100644 --- a/docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md +++ b/docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md @@ -4,7 +4,7 @@ hide: --- # Device - Assign -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [assigned one or more users](../../../Usage-Guide/Device/2-Assign.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [assigned one or more users](../../Usage-Guide/Device/2-Assign.md). --- diff --git a/docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md index 700456c..9ee3426 100644 --- a/docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md +++ b/docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md @@ -4,7 +4,7 @@ hide: --- # Device - Commission -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [commissioned](../../../Usage-Guide/Device/0-Commission.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [commissioned](../../Usage-Guide/Device/0-Commission.md). --- diff --git a/docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md index f33848c..8690396 100644 --- a/docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md +++ b/docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md @@ -4,7 +4,7 @@ hide: --- # Device - Decommission -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [decommissioned](../../../Usage-Guide/Device/1-Decommission.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [decommissioned](../../Usage-Guide/Device/1-Decommission.md). --- diff --git a/docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md index 7fde447..ffc85a6 100644 --- a/docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md +++ b/docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md @@ -4,7 +4,7 @@ hide: --- # Device - Unassign -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [unassigned one or more users](../../../Usage-Guide/Device/3-Unassign.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a device is [unassigned one or more users](../../Usage-Guide/Device/3-Unassign.md). --- diff --git a/docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md b/docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md index a276c8c..e6d59c9 100644 --- a/docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md +++ b/docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md @@ -4,7 +4,7 @@ hide: --- # User - Commission -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a user is [commissioned](../../../Usage-Guide/User/Commission.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a user is [commissioned](../../Usage-Guide/User/Commission.md). --- diff --git a/docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md b/docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md index 216f0a3..f28446e 100644 --- a/docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md +++ b/docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md @@ -4,7 +4,7 @@ hide: --- # User - Decommission -The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a user is [decommissioned](../../../Usage-Guide/User/Decommission.md). +The lifecycle management engine is responsible for a variety of tasks. Below is the flowchart of the logical process that is completed when a user is [decommissioned](../../Usage-Guide/User/Decommission.md). --- diff --git a/docs/SHIELD/Defend/Reference/Hardware-Selection.md b/docs/SHIELD/Defend/Reference/Hardware-Selection.md index c45067d..09c9bc8 100644 --- a/docs/SHIELD/Defend/Reference/Hardware-Selection.md +++ b/docs/SHIELD/Defend/Reference/Hardware-Selection.md @@ -54,6 +54,6 @@ For further guidance on hardware selection or compatibility, please refer to the ## See Also -- [Lifecycle Management Overview](../../Usage-Guide/index.md): Learn more about the lifecycle management features of SHIELD and how it simplifies the management of user and device objects. -- [Commissioning a New Device](../../Usage-Guide/Device/0-Commission.md): Step-by-step guide on commissioning (adopting) a new device using SHIELD. -- [Decommission a Managed Device](../../Usage-Guide/Device/1-Decommission.md): Step-by-step guide on decommissioning (removing) a device that is currently being managed by SHIELD. +- [Lifecycle Management Overview](../Usage-Guide/index.md): Learn more about the lifecycle management features of SHIELD and how it simplifies the management of user and device objects. +- [Commissioning a New Device](../Usage-Guide/Device/0-Commission.md): Step-by-step guide on commissioning (adopting) a new device using SHIELD. +- [Decommission a Managed Device](../Usage-Guide/Device/1-Decommission.md): Step-by-step guide on decommissioning (removing) a device that is currently being managed by SHIELD. diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md b/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md index 5d28b99..a451dbe 100644 --- a/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md +++ b/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md @@ -5,7 +5,7 @@ The lifecycle management system can bring devices into and out of management fol This guide will walk the security admin through the process of commissioning new managed devices. !!! note "Privileged Hardware" - For requirements and best practices on privileged hardware, please see the [Hardware Selection](../../Reference/Architecture/Hardware-Selection.md) documentation. + For requirements and best practices on privileged hardware, please see the [Hardware Selection](../../Reference/Hardware-Selection.md) documentation. ## Process @@ -30,5 +30,5 @@ This guide will walk the security admin through the process of commissioning new ## See Also -- [Hardware Selection](../../Reference/Architecture/Hardware-Selection.md) -- [Device Onboarding Workflow Reference](../../Reference/Architecture/Diagrams/Device-Commission.md) +- [Hardware Selection](../../Reference/Hardware-Selection.md) +- [Device Onboarding Workflow Reference](../../Reference/Diagrams/Device-Commission.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md b/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md index e4f71f4..08b2a20 100644 --- a/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md +++ b/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md @@ -27,4 +27,4 @@ This guide will walk the security admin through the process of commissioning new ## See Also -- [Device Offboarding Workflow Reference](../../Reference/Architecture/Diagrams/Device-Decommission.md) +- [Device Offboarding Workflow Reference](../../Reference/Diagrams/Device-Decommission.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md b/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md index cc85090..08330b4 100644 --- a/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md +++ b/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md @@ -33,4 +33,4 @@ The user assignment process also adds the requested user(s) to the Hyper-V admin ## See Also -- [Device Assignment Workflow Reference](../../Reference/Architecture/Diagrams/Device-Assign.md) +- [Device Assignment Workflow Reference](../../Reference/Diagrams/Device-Assign.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md b/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md index f0ec0a4..0cdaa63 100644 --- a/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md +++ b/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md @@ -31,4 +31,4 @@ The user un-assignment process also removes the requested user(s) from the Hyper ## See Also -- [Device Unassign Workflow Reference](../../Reference/Architecture/Diagrams/Device-Unassign.md) +- [Device Unassign Workflow Reference](../../Reference/Diagrams/Device-Unassign.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/User/Commission.md b/docs/SHIELD/Defend/Usage-Guide/User/Commission.md index c75283a..783344f 100644 --- a/docs/SHIELD/Defend/Usage-Guide/User/Commission.md +++ b/docs/SHIELD/Defend/Usage-Guide/User/Commission.md @@ -27,4 +27,4 @@ For privileged users, it creates a new cloud only user account that is correlate ## See Also -- [User Commission Workflow Reference](../../Reference/Architecture/Diagrams/User-Commission.md) +- [User Commission Workflow Reference](../../Reference/Diagrams/User-Commission.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md b/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md index c3447b2..c64a029 100644 --- a/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md +++ b/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md @@ -27,4 +27,4 @@ When removing privileged user(s) from management, the privileged account is dele ## See Also -- [User Decommission Workflow Reference](../../Reference/Architecture/Diagrams/User-Decommission.md) +- [User Decommission Workflow Reference](../../Reference/Diagrams/User-Decommission.md) diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index 1c4ef69..8a82895 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -32,5 +32,5 @@ To simplify the documentation, we use the `M` prefix to refer to the different l ## PSM - [X] `M5` [or equivalent](https://go.microsoft.com/fwlink/?linkid=2139145){:target="_blank"} licenses are purchased and enabled in the target tenant -- [X] Secure Core Certified hardware. Please see the [hardware selection](Defend/Reference/Architecture/Hardware-Selection.md) documentation for details +- [X] Secure Core Certified hardware. Please see the [hardware selection](Defend/Reference/Hardware-Selection.md) documentation for details - [X] Devices need to be registered in Autopilot to be allowed to be commissioned into a PAW From a3020c83d772b330a5c4557711bf4a56701a9264 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 00:50:21 -0500 Subject: [PATCH 10/26] Commit 1: SHIELD documentation reorganization and consolidation (structure, deployment, usage, reference) --- .../Deployment/Azure-Marketplace.md | 12 +- .../Deployment/Manual-Deployment.md | 42 +--- .../0-Getting-Started/Usage-Guide/index.md | 37 +--- docs/SHIELD/Defend/Usage-Guide/index.md | 40 +--- docs/SHIELD/Deployment.md | 195 ++++++++++++++++++ .../Discover/Deployment/0-Prerequisites.md | 47 +---- .../Discover/Deployment/Azure-SQL-Database.md | 71 +------ .../Deployment/Silent-Installation.md | 52 +---- .../Discover/Deployment/Standard-Install.md | 53 +---- docs/SHIELD/Discover/Getting-Started.md | 2 +- docs/SHIELD/Prerequisites.md | 134 ++++++++++-- docs/SHIELD/Reference.md | 118 +++++++++++ docs/SHIELD/Usage-Guide.md | 129 ++++++++++++ 13 files changed, 621 insertions(+), 311 deletions(-) create mode 100644 docs/SHIELD/Deployment.md create mode 100644 docs/SHIELD/Reference.md create mode 100644 docs/SHIELD/Usage-Guide.md diff --git a/docs/SHIELD/0-Getting-Started/Deployment/Azure-Marketplace.md b/docs/SHIELD/0-Getting-Started/Deployment/Azure-Marketplace.md index c0b538b..4a9e175 100644 --- a/docs/SHIELD/0-Getting-Started/Deployment/Azure-Marketplace.md +++ b/docs/SHIELD/0-Getting-Started/Deployment/Azure-Marketplace.md @@ -1,6 +1,8 @@ -# Azure Marketplace +--- +hide: + - navigation + - toc +--- +# Deprecated -Deploy from the Azure marketplace. - -!!! note - Coming soon! +This section is now managed from the unified [SHIELD Deployment](../../Deployment.md) page. diff --git a/docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md b/docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md index 3b65b89..3346bcf 100644 --- a/docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md +++ b/docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md @@ -1,34 +1,8 @@ -# Manual Deployment - -Deploy the SOP app into an Azure App service by using a local deployment script and the zip file containing the SOP Server software. - -!!! info "Access Requirements" - This is currently a manual process and can only be performed if you have the zip file. Because of this, it can only be performed by SHI employees or partners. - -1. Download the PowerShell based installer script: -[Install-SOP.ps1](Scripts/Install-Sop.ps1) - -2. Make a note of the `Azure Subscription ID` you want to deploy SOP to. - - !!! Danger "Security Best Practice" - To achieve the best permission and quota isolation, this app should be deployed into an un-used/empty and independent subscription. - -3. Make sure that the SOP Zip file is in the same folder as the PowerShell deployment script. - -4. Run the deployment script with the below minimal parameters: - - ``` PowerShell title="PowerShell" - Install-SOP.ps1 -SubscriptionId "{Your Azure Subscription ID}" -Path ".\{SOP Zip File Name.zip}" -CompanyName "{YourCompanyNameHere}" - ``` - - !!! question "Script Help" - Please replace the content in the curly brackets and the brackets themselves with the value you expect. - If you would like more help on how to run the script, including examples and additional settings, please run the following command: - `#!PowerShell Get-Help .\Install-Sop.ps1 -Full` - -5. After the SOP has been deployed, please clean up all of the files used to deploy the app service. They are no longer needed. - - !!! note "Errors During Deployment" - The deployment is idempotent, if errors occur, just run the script a second time. It will correct any missing deployment items the second time around. - -6. Please see the app usage docs for next steps. +--- +hide: + - navigation + - toc +--- +# Deprecated + +This page has been integrated into [SHIELD Deployment](../../Deployment.md). diff --git a/docs/SHIELD/0-Getting-Started/Usage-Guide/index.md b/docs/SHIELD/0-Getting-Started/Usage-Guide/index.md index 1de1002..9372158 100644 --- a/docs/SHIELD/0-Getting-Started/Usage-Guide/index.md +++ b/docs/SHIELD/0-Getting-Started/Usage-Guide/index.md @@ -1,33 +1,8 @@ -# Overview - -## Infrastructure Management - -Infrastructure management is responsible for the underlying common set of settings that go across all security classes and managed objects. - -This system is responsible for deploying and keeping them up to date. - -[:octicons-rocket-24: Deploy Core Infrastructure](../../Deploy/Usage-Guide/index.md){ .md-button } - -## Lifecycle Management - -Lifecycle management is where you will spend most of your time. Performing actions such as creating PAWs or enrolling enterprise class users into management. - -### Device - -- [Commission a Device](../../Defend/Usage-Guide/Device/0-Commission.md) -- [Decommission a Device](../../Defend/Usage-Guide/Device/1-Decommission.md) -- [Assign a Privileged Device](../../Defend/Usage-Guide/Device/2-Assign.md) -- [Unassign a Privileged Device](../../Defend/Usage-Guide/Device/3-Unassign.md) - -### User - -- [Commission a user](../../Defend/Usage-Guide/User/Commission.md) -- [Decommission a user](../../Defend/Usage-Guide/User/Decommission.md) - --- +hide: + - navigation + - toc +--- +# Deprecated -## See Also - -- [SPA - SHI Architecture Overview](../../Deploy/Securing-Privileged-Access.md) -- [SPA - MSFT Docs](https://aka.ms/spa){:target="_blank"} -- [Security Classes - MSFT Docs](https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-security-levels){:target="_blank"} +This page has been merged into [SHIELD Usage Guide](../../Usage-Guide.md). diff --git a/docs/SHIELD/Defend/Usage-Guide/index.md b/docs/SHIELD/Defend/Usage-Guide/index.md index 5988d6c..9372158 100644 --- a/docs/SHIELD/Defend/Usage-Guide/index.md +++ b/docs/SHIELD/Defend/Usage-Guide/index.md @@ -1,32 +1,8 @@ -# Overview - -Lifecycle management is the system that manages the various types of managed objects, such as users, devices, intermediaries (in development), interfaces/servers (also in development), and their unique configurations after the core infrastructure is deployed. It can adopt and abandon managed objects from the managed architecture. - -The lifecycle management feature in the SHIELD app provides an easy-to-use UI that makes managing the relationship between security levels easy and the adoption of managed security controls feel familiar to the M365 environment. The lifecycle management engine is responsible for manipulating the device identity properly so that the correct set of metadata, categorization, microsegmentation, and management are applied. All lifecycle operations are designed to be scalable. - -## How it works - -The lifecycle management system gets triggered when a command is executed from the app's UI or API. Depending on the command, the back-end system may create unique configurations, edit existing ones, or create new user accounts. More specifics will be located in each child page for the respective category of actions (e.g., devices, users, interfaces, etc.). - -## Managed Objects - -### Devices - -The SHIELD app manages two types of devices: privileged and enterprise. Privileged class managed devices can only be selected from a list of autopilot-enabled devices. Enterprise devices can be any device in Entra ID. For privileged devices, we recommend using devices that have never been turned on before and are ideally still in their packages. Also, for privileged devices, we only recommend Microsoft Surface or Lenovo devices. It is possible to use other devices, but we have not tested them and do not plan on supporting others. For privileged devices, we only recommend the laptop or slate form factor for security reasons. - -Lifecycle management operations for devices include commission and decommission for all devices, assign user for privileged devices, and other specific operations depending on the device's security class. - -### Users - -The SHIELD app manages three types of users: privileged, specialized, and enterprise. These are security levels that determine the level of protection each user requires. Privileged users are the most secure, followed by specialized and enterprise. - -Lifecycle management operations for users include creating, and removing user accounts, depending on the user's security class. - -## Summary - -Lifecycle management is a critical feature in the SHIELD app that enables the management of various managed objects, such as users and devices. With this feature, you can easily manage the relationship between security levels and adopt managed security controls in a familiar environment. The lifecycle management engine is scalable and responsible for manipulating device identities properly, so the correct set of metadata, categorization, microsegmentation, and management are applied. - -## See Also - -- Intermediaries Lifecycle Management - Coming Soon -- Interfaces/Servers Lifecycle Management - Coming Soon +--- +hide: + - navigation + - toc +--- +# Deprecated + +This page has been merged into [SHIELD Usage Guide](../../Usage-Guide.md). diff --git a/docs/SHIELD/Deployment.md b/docs/SHIELD/Deployment.md new file mode 100644 index 0000000..2110abc --- /dev/null +++ b/docs/SHIELD/Deployment.md @@ -0,0 +1,195 @@ +# Deployment + +This page outlines how to deploy SHIELD and Discover, including manual installation, silent installs, SQL configuration, and the upcoming Azure Marketplace integration. + +--- + +## Manual Deployment (SHIELD) + +You can deploy the SHIELD orchestration server manually using a local PowerShell script and the official SOP `.zip` bundle. + +!!! info "Access Requirements" + Manual deployment is only available to SHI employees or partners who have access to the installation package. + +### Steps + +1. **Download** the PowerShell installer: + 👉 [Install-SOP.ps1](0-Getting-Started/Deployment/Scripts/Install-Sop.ps1) + +2. **Prepare your environment**: + - Note your Azure Subscription ID + - Place the `.zip` file in the same directory as the script + +3. **Run the deployment**: + ```powershell + Install-SOP.ps1 -SubscriptionId "{Your Azure Subscription ID}" -Path ".\{Your ZIP File Name}.zip" -CompanyName "{YourCompanyNameHere}" + ``` + +4. **Need help?** + Run: + ```powershell + Get-Help .\Install-Sop.ps1 -Full + ``` + +!!! danger "Best Practice" + Deploy SHIELD in a fresh, isolated Azure subscription for optimal permission boundaries. + +--- + +## Azure Marketplace Deployment + +Coming soon! SHIELD will soon be available as a 1-click deploy option from the Azure Marketplace. + +--- + +## Discover Deployment Options + +Discover is a standalone component used for licensing analysis and compliance tracking. It supports both GUI and script-based installations depending on your environment. + +--- + +## Standard Installation (GUI-Based) + +Use the MSI installer for a guided, visual installation of Discover. + +### Installation Instructions + +1. Install the **latest version** of PowerShell LTS. + + !!! note "PowerShell Deployment Options" + We recommend using the [Microsoft Store version](https://www.microsoft.com/store/apps/9MZ1SNWT0N5D){:target="_blank"}. + You can also use MSI, WinGet, or ZIP downloads listed in [Microsoft's documentation](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows){:target="_blank"}. + + The `pwsh.exe` binary must be registered via [Application Registration](https://learn.microsoft.com/en-us/windows/win32/shell/app-registration#registering-applications){:target="_blank"}. + +2. Run the Discover installer. + +3. On the main screen, enter the **FQDN** of your Azure SQL Server. + 📌 Example: `shi-example.database.windows.net` + +4. (Optional) Click **Configure** to customize: + - Correlation table name + - License data table name + - SQL database name + +5. (Optional) Review the config summary. + +6. Click **Install**. + +### Screenshots + +#### Main Installer Screen + +![Installer - Light](Discover/assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } +![Installer - Dark](Discover/assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } + +#### Configuration Dropdown + +![Dropdown - Light](Discover/assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } +![Dropdown - Dark](Discover/assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } + +#### Advanced Configuration + +![Advanced Config - Light](Discover/assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } +![Advanced Config - Dark](Discover/assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } + +!!! note "Shortcut Behavior" + Desktop shortcuts are only created for user-scoped installs. Machine-wide installs must be launched via CLI. + +--- + +## Silent Installation (Script-Based) + +This method allows for fully automated or unattended installation using MSI flags. + +### Configuration Reference + +| Name | Required | Default | Description | +|------|----------|---------|-------------| +| `AZSQL_SERVER_FQDN` | ✅ | *(none)* | SQL Server FQDN | +| `CORRELATION_TABLE_NAME` | ❌ | `Correlation` | Table for correlation data | +| `DATABASE_NAME` | ❌ | `Results` | SQL database name | +| `LICENSE_COUNT_TABLE_NAME` | ❌ | `LicenseData` | Table for license usage data | + +### Examples + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net +``` + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net DATABASE_NAME=CustomerTracker +``` + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net CORRELATION_TABLE_NAME=RunTracker +``` + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net LICENSE_COUNT_TABLE_NAME=CustomerTracker +``` + +!!! note "Naming Format" + Do not include protocols (e.g., `sql://`) or paths in the FQDN. + +--- + +## Azure SQL Database Setup + +Discover requires a dedicated Azure SQL Database (or managed instance) to store all usage and audit data. + +### Required Configuration + +- ✅ SQL DB or Managed Instance +- ✅ Entra ID authentication enabled +- ✅ Network connectivity from client to DB + +### Storage Requirements + +- ~1,676 bytes per Discover run +- ~40KB per year for typical usage +- Easily fits within the Azure SQL 2GB tier + +### Recommended Configuration + +| Setting | Why | +|---------|-----| +| Use Entra ID Auth Only | Prevent SQL login usage | +| Limit Allowed IPs | Restrict DB access | +| Enable Backups | Avoid data loss | +| Enable Defender for SQL | Threat detection | +| Audit Admin Activity | Compliance & visibility | +| Enable SQL Auditing | Track all changes | +| Send Logs to SIEM | Centralize log collection | +| Avoid BYOK/HYOK/CMK | Unless legally required | +| Set Azure Monitor Alerts | Detect low storage/CPU | + +--- + +### Auto Permission Assignment Tool + +You can use Discover’s PowerShell utility to auto-configure SQL access via Entra ID security groups. + +#### Example Command + +```powershell +Add-AzLicenseDb -SubscriptionId 'your-sub-id' -ReadGroupId 'read-group-id' -WriteGroupId 'write-group-id' +``` + +#### Get Help + +```powershell +Get-Help -Name 'Add-AzLicenseDb' -Full +``` + +!!! info "Replace IDs" + Use your real Azure subscription and Entra group IDs. + +--- + +## See Also + +- [Standard Installation](#standard-installation-gui-based) +- [Silent Installation](#silent-installation-script-based) +- [Azure SQL Setup (from Prerequisites)](Prerequisites.md#azure-sql-setup) + diff --git a/docs/SHIELD/Discover/Deployment/0-Prerequisites.md b/docs/SHIELD/Discover/Deployment/0-Prerequisites.md index 4ee4cb9..9c6f46e 100644 --- a/docs/SHIELD/Discover/Deployment/0-Prerequisites.md +++ b/docs/SHIELD/Discover/Deployment/0-Prerequisites.md @@ -1,39 +1,8 @@ -# Prerequisites - -SHI Discover is an enterprise product from SHI International Corp. that requires permissions and software to run. - -## Software/System Configuration - -- [X] The latest version of PowerShell 64Bit installed[^1] -- [X] Internet access with no traffic inspection for the Microsoft owned domains[^2] -- [X] 2GB of available RAM -- [X] [Azure SQL Database Configured](./Azure-SQL-Database.md) - -!!! info "Assumptions" - Our technical requirements are based off performance within an enterprise containing ~10,000 users performing data collection twice a month. For larger enterprises, or varying frequency of report generation, consider having a higher power machine and/or increasing storage capacity of the database. - -## Permissions - -The below Entra ID roles are required to be able to read all of the service configuration information. -The sub-bullet points are the description of what configurations are read by the permissions. - -!!! info "Permissions Usage" - SHI Discover will never change your service configuration in any way during an audit. All permissions are used only for data retrieval and are the set of least privilege possible for the data that is being gathered. - -- [X] Global Reader - - [Defender for Endpoint](../Plugins/DefenderEndpoint.md) - - [Defender for Identity](../Plugins/DefenderIdentity.md) - - [Entra ID P1 and P2](../Plugins/EntraID.md) -- [X] Security Administrator - - [Defender for Endpoint](../Plugins/DefenderEndpoint.md) - - [Defender for Identity](../Plugins/DefenderIdentity.md) -- [X] User Administrator - - [Entra ID P1](../Plugins/EntraID.md) - -## See Also - -- [Getting Started](../Getting-Started.md) -- [Azure SQL Database Configuration](./Azure-SQL-Database.md) - -[^1]: 7.4.0 is the latest at the time of writing. -[^2]: The software should work even if this is present, it just isn't guaranteed to work. You can read more about this requirement that Microsoft lays out on [this Microsoft Docs page](https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-network-connectivity-principles){:target="_blank"}. +--- +hide: + - navigation + - toc +--- +# Deprecated + +This content has been merged into [SHIELD Prerequisites](../../Prerequisites.md). diff --git a/docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md b/docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md index 0ab840b..08004bd 100644 --- a/docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md +++ b/docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md @@ -1,63 +1,8 @@ -# Azure SQL Database Configuration - -Discover requires a database to be present in order to record its findings. This database is not hosted by or maintained in any way by SHI, and is the sole responsibility of your organization. - -The database requirements are light, which gives you the flexibility to host it however you want in Azure. - -You can use an existing database, or create a new one. We highly recommend to create a new one to reduce potential table name conflicts and improve segmentation. You can name your Discover tables whatever you want in the client configuration. - -Regardless of if you create a new one or use an existing one, you need to have Entra ID authentication enabled and configured for the users that run Discover. - -## Required DB Configurations - -- [X] Azure SQL Database (Recommended) or Managed Instance :material-information-outline:{ title="Any SQL Host that supports Entra ID Authentication" } -- [X] Entra ID Authentication is configured -- [X] The end user has connectivity to the DB host :material-information-outline:{ title="Weather that is through a VPN or directly, or some other way that native Windows networking is compatible with" } - -## Storage - -The Discover engine is extremely efficient with its storage use, for most organizations, this should not exceed the 2GB minimum database size even with repeated use. - -Each run of the Discover tool generates ~`1,676 bytes`, which results in a total usage of ~`40 Kilobytes` per year if using the recommended run frequency (twice monthly) per tenant. - -## Recommended DB Configurations - -- [ ] [Allow only Entra ID Authentication](https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-only-authentication-tutorial){:target="_blank"} :material-information-outline:{ title="No SQL User Auth" } -- [ ] [Reduce IPs allowed to connect to only the set of authorized users](https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure){:target="_blank"} :material-information-outline:{ title="This is a low priority recommendation if Entra ID only authentication is enabled, as most risks are negated when the DB is in that auth mode." } -- [ ] [Configure Database Backups](https://learn.microsoft.com/en-us/azure/azure-sql/database/automated-backups-overview){:target="_blank"} :material-information-outline:{ title="Store a copy of the data to prevent tamper/loss" } -- [ ] [Enable Defender for Cloud](https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql){:target="_blank"} -- [ ] [Enable Support Operations Auditing](https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview){:target="_blank"} -- [ ] [Enable SQL Auditing](https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview){:target="_blank"} -- [ ] [Integrate all telemetry into your SIEM](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings){:target="_blank"} -- [ ] Do not enable BYOK/HYOK/CMK unless you are legally required to do so :material-information-outline:{ title="More info is available via call/meeting with us on this topic." } -- [ ] [Set up Azure Monitor to alert on low storage space and compute](https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts){:target="_blank"} - -## Auto Permissions Assignment Tool - -Discover comes with a security group permissions management auto configuration tool to make it easier to permission an Azure SQL DB for Entra ID auth at scale. - -This tool will take the specified security groups (as identified by their object IDs) and grant them read and write permissions in the DB through Entra ID authentication. - -To use authorization auto config tool: - -1. Deploy the client software to the computer that you are going to run the commands from. -2. Run the below command - -```PowerShell title="SQL Authorization Auto Configuration" -Add-AzLicenseDb -SubscriptionId 'c82e42ee-4dea-450e-8f24-52ff699a8f99' -ReadGroupId '16ffec1f-4062-4dd2-8d73-b4882fcc9bb8' -WriteGroupId '3a48f409-5847-47bf-bad9-7235a7c38e3c' -``` - -!!! info "Note on IDs in Example Code" - Replace the IDs with your environment's specific IDs. - -!!! question "In-depth docs" - For more information about available options, please run the below for the complete set of information on the auto config tool - - ```PowerShell title="Help Docs for Auto Config Tool" - Get-Help -Name 'Add-AzLicenseDb' -Full - ``` - -## See Also - -- [Standard Installation](../Deployment/Standard-Install.md) -- [Silent Installation](../Deployment/Silent-Installation.md) +--- +hide: + - navigation + - toc +--- +# Deprecated + +This page has been merged into [SHIELD Deployment → Azure SQL Database Setup](../../Deployment.md#azure-sql-database-setup). diff --git a/docs/SHIELD/Discover/Deployment/Silent-Installation.md b/docs/SHIELD/Discover/Deployment/Silent-Installation.md index b87a262..bd24401 100644 --- a/docs/SHIELD/Discover/Deployment/Silent-Installation.md +++ b/docs/SHIELD/Discover/Deployment/Silent-Installation.md @@ -1,44 +1,8 @@ -# Silent Installation - -## Overview - -The installer is an MSI file, and the standard `/qn` switch for quiet no GUI installation works as expected. -In addition to the `/qn`, the SQL Server host name needs to be specified as a property at install time. - -This additional property is mandatory as the default operation of Discover doesn't prompt for this value. - -## Configuration Reference - -| Name | Mandatory | Default Value | Description | -| :------------------------: | :--------------: | :-----------: | :--------------------------------------------------------------- | -| `AZSQL_SERVER_FQDN` | :material-check: | nothing | FQDN of the Azure SQL Server that hosts the. | -| `CORRELATION_TABLE_NAME` | :material-close: | `Correlation` | Name of the table to use to store all of the corelation records. | -| `DATABASE_NAME` | :material-close: | `Results` | Name of the database that all of the records are saved to. | -| `LICENSE_COUNT_TABLE_NAME` | :material-close: | `LicenseData` | Name of the table that contains all of the license data records. | - -## Examples - -```CMD title="Deploy SLA Silently" -License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net -``` - -!!! note "Naming Format" - Replace `shi-example.database.windows.net` with the hostname of your Azure SQL Database Server. The hostname should be the name only, without any protocol specifiers (such as `sql://` or `https://`) or virtual directories. - -```CMD title="Deploy with custom DB name" -License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net DATABASE_NAME=CustomerTracker -``` - -```CMD title="Custom Correlation Table Name" -License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net CORRELATION_TABLE_NAME=RunTracker -``` - -```CMD title="Custom License Data Table Name" -License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net LICENSE_COUNT_TABLE_NAME=CustomerTracker -``` - -## See Also - -- [Prerequisites](0-Prerequisites.md) -- [Getting Started](../Getting-Started.md) -- [Standard Installation](Standard-Install.md) +--- +hide: + - navigation + - toc +--- +# Deprecated + +This content has been merged into [SHIELD Deployment → Silent Installation](../../Deployment.md#silent-installation-script-based). diff --git a/docs/SHIELD/Discover/Deployment/Standard-Install.md b/docs/SHIELD/Discover/Deployment/Standard-Install.md index 2aac2eb..5a1aab7 100644 --- a/docs/SHIELD/Discover/Deployment/Standard-Install.md +++ b/docs/SHIELD/Discover/Deployment/Standard-Install.md @@ -1,45 +1,8 @@ -# Standard Installation - -To install Discover, you need to have a copy of the installer, which is distributed in MSI format. -If you do not have an installer, please reach out to us [on our website](https://shilab.com/contact/){:target="_blank"}. - -## Installation Instructions - -1. Install the ***latest*** version of PowerShell LTS. - - !!! note "PowerShell Deployment Options" - We recommend to deploy the [Store](https://www.microsoft.com/store/apps/9MZ1SNWT0N5D){:target="_blank"} version of the PowerShell runtime. - - MSI, WinGet and ZIP files are all also available, see the [docs](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows){:target="_blank"} for more info. - - The `pwsh.exe` binary must registered in the Application Registration system, as described in the [Microsoft Documentation](https://learn.microsoft.com/en-us/windows/win32/shell/app-registration#registering-applications){:target="_blank"}. - - Currently only local user installs of PowerShell are supported for the desktop shortcut. For local machine installs of PowerShell, the CLI is required to run Discover. - -2. Run the Discover installer. - -3. On the main screen, enter the FQDN of the Azure SQL Server. - - !!! note "Naming Format" - Replace `*.database.windows.net` with the hostname of your Azure SQL Database Server. The hostname should be the name only, without any protocol specifiers (such as `sql://` or `https://`) or virtual directories. - - ![Screenshot of the installer's main screen.](../assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } - ![Screenshot of the installer's main screen.](../assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } - -4. (Optional) If you want to configure the `Correlation`, `License Data`, or `Database Name`, select the drop down and chose 'Configure' - - ![Screenshot of the installer's main screen with the dropdown menu visible.](../assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } - ![Screenshot of the installer's main screen with the dropdown menu visible.](../assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } - -5. (Optional) Configure the options to match the results you want. - - ![Screenshot of the installer's optional configuration screen.](../assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } - ![Screenshot of the installer's optional configuration screen.](../assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } - -6. Press the Install button. - -## See Also - -- [Prerequisites](0-Prerequisites.md) -- [Getting Started](../Getting-Started.md) -- [Silent Installation](Silent-Installation.md) +--- +hide: + - navigation + - toc +--- +# Deprecated + +This content has been merged into [SHIELD Deployment → Standard Installation](../../Deployment.md#standard-installation-gui-based). diff --git a/docs/SHIELD/Discover/Getting-Started.md b/docs/SHIELD/Discover/Getting-Started.md index d3ea146..c093f0a 100644 --- a/docs/SHIELD/Discover/Getting-Started.md +++ b/docs/SHIELD/Discover/Getting-Started.md @@ -1,6 +1,6 @@ # Getting Started -Please read through the [prerequisites](Deployment/0-Prerequisites.md) to make sure you have all you need before you begin. +Please read through the [prerequisites](../Prerequisites.md) to make sure you have all you need before you begin. If you have not already installed the Discover app, please follow the [installation guide](Deployment/Standard-Install.md). diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index 8a82895..4afc411 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -1,36 +1,136 @@ # Prerequisites -SHIELD is an enterprise product that requires specific licenses and configurations to deploy and use. +Before deploying SHIELD or using Discover, ensure your environment meets all license, configuration, permission, and software requirements. -To simplify the documentation, we use the `M` prefix to refer to the different license types of Microsoft 365 licensing, such as `M1`, `M3`, `M5`, etc. This prefix can replace the other prefixes that indicate the type of organization, such as `E` for Enterprise, `A` for Education, `G` for Government, `F` for Frontline, and so on. +This page is divided into two parts: + + +1. [SHIELD Core Platform Requirements](#shield-core-platform-requirements) +2. [Discover System Requirements](#discover-system-requirements) + +--- + +## SHIELD Core Platform Requirements + +SHIELD automates secure deployment and lifecycle management using Microsoft 365 and Azure. It requires specific license levels, identity configurations, and Microsoft Defender components. + +### Environment Requirements + +- ✅ Deploying user must have **Global Admin Rights** +- ✅ [Defender for Endpoint](Deployment.md#defender-for-endpoint-workspace-creation) must be provisioned +- ✅ [Security Defaults](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) must be disabled in Entra ID +- ✅ [Certificate Authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) must be disabled for SHIELD’s security groups + +--- + +### Licensing Requirements by Mode + +SHIELD uses `M3` and `M5` to refer to Microsoft 365 license families, abstracting E3/E5 and similar plans. + +| Mode | License | Additional Requirements | +|------|---------|--------------------------| +| **ESM** (Enterprise Security Mode) | M3 or equivalent | Devices must be Hybrid or Cloud Joined | +| **SSM** (Specialized Security Mode) | M5 or equivalent | Devices must be Hybrid or Cloud Joined | +| **PSM** (Privileged Security Mode) | M5 or equivalent | Devices must be Autopilot-registered and [Secure Core Certified](Defend/Reference/Hardware-Selection.md) | + +--- + +## Discover System Requirements + +Discover is a component of SHIELD that audits licensing configuration, queries Microsoft APIs, and stores analysis in an Azure SQL Database. The following setup is required. + +--- + +### System & Runtime Configuration + +- ✅ Latest version of **PowerShell (64-bit)** (e.g. 7.4.0 or later) +- ✅ Internet access with no SSL/TLS inspection for Microsoft-owned domains +- ✅ At least **2GB of available RAM** +- ✅ Azure SQL Database is configured and reachable (see setup below) + +!!! info "Assumptions" + These recommendations assume ~10,000 users running Discover twice a month. For larger organizations or more frequent use, increase memory and SQL capacity. + +--- + +### Entra ID Role Permissions + +Discover uses read-only Entra ID roles for configuration queries. These permissions are scoped with the principle of least privilege. + +| Role | Required For | +|------|---------------| +| **Global Reader** | Basic environment access (Defender, Entra ID) | +| **Security Administrator** | Access to Defender for Endpoint & Identity APIs | +| **User Administrator** | Access to user directory properties | + +**Related plugin guides:** + +- 📄 [Defender for Endpoint](Discover/Plugins/DefenderEndpoint.md) +- 📄 [Defender for Identity](Discover/Plugins/DefenderIdentity.md) +- 📄 [Entra ID](Discover/Plugins/EntraID.md) + +!!! info "Permissions Note" + Discover will never modify your configuration. All operations are read-only and scoped to data retrieval. --- -## Base Requirements +### Azure SQL Setup -- [X] Deploying User has `Global Admin Rights` (for [manual deployment](0-Getting-Started\Deployment\Manual-Deployment.md) only) -- [X] Defender for Endpoint has had its [workspace created](Deploy/Usage-Guide/MDE-Enable.md) -- [X] Security Defaults [are shut off](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) in Entra ID -- [X] Certificate Authentication is [disabled in the Entra ID authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) methods for SHIELD's ESM, SSM and PSM root security groups +An Azure SQL Database is required to store audit results. You can use an existing DB or provision a new one. + +📖 [Deployment → Azure SQL Database Setup](Deployment.md#azure-sql-database-setup) + +**Required:** + +- Entra ID Authentication is enabled +- Client running Discover must have network access (e.g., VPN or VNet) + +**Storage Notes:** + +- Each Discover run generates ~1,676 bytes +- Typical org = ~40KB/year +- 2GB base DB size is sufficient in most cases --- -## ESM +### Recommended SQL Configuration -- [X] `M3` [or equivalent](https://go.microsoft.com/fwlink/?linkid=2139145){:target="_blank"} licenses are purchased and enabled in the target tenant -- [X] Devices to be managed through SHIELD need to be either Hybrid or Cloud only joined +These settings are optional but highly recommended for security, auditability, and reliability: + +- [Use Entra ID Authentication Only](https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-only-authentication-tutorial) +- [Limit IP ranges](https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure) +- [Enable database backups](https://learn.microsoft.com/en-us/azure/azure-sql/database/automated-backups-overview) +- [Enable Defender for SQL](https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql) +- [Audit support operations](https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview) +- [Send logs to SIEM](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings) +- [Alert on low resources](https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts) +- Avoid BYOK/HYOK/CMK unless legally required --- -## SSM +### Auto Permissions Assignment Tool + +Discover includes a PowerShell tool to auto-configure SQL permissions via Entra security groups. + +```powershell +Add-AzLicenseDb -SubscriptionId '' -ReadGroupId '' -WriteGroupId '' +``` + +To view tool options: + +```powershell +Get-Help -Name 'Add-AzLicenseDb' -Full +``` -- [X] `M5` [or equivalent](https://go.microsoft.com/fwlink/?linkid=2139145){:target="_blank"} licenses are purchased and enabled in the target tenant -- [X] Devices to be managed through SHIELD need to be either Hybrid or Cloud only joined +!!! info + Replace values above with your actual subscription and Entra group IDs. --- -## PSM +## Related Pages -- [X] `M5` [or equivalent](https://go.microsoft.com/fwlink/?linkid=2139145){:target="_blank"} licenses are purchased and enabled in the target tenant -- [X] Secure Core Certified hardware. Please see the [hardware selection](Defend/Reference/Hardware-Selection.md) documentation for details -- [X] Devices need to be registered in Autopilot to be allowed to be commissioned into a PAW +- 📄 [Hardware Requirements](Defend/Reference/Hardware-Selection.md) +- 📄 [Deployment Guide](Deployment.md) +- 📄 [Azure SQL Setup](Deployment.md#azure-sql-database-setup) +- 📄 [Silent Installation Instructions](Deployment.md#silent-installation-script-based) +- 📄 [Standard Installation Instructions](Deployment.md#standard-installation-gui-based) \ No newline at end of file diff --git a/docs/SHIELD/Reference.md b/docs/SHIELD/Reference.md new file mode 100644 index 0000000..540bb05 --- /dev/null +++ b/docs/SHIELD/Reference.md @@ -0,0 +1,118 @@ +# Reference + +This reference section contains key technical specifications and supporting details for working with SHIELD, including: + +- Microsoft Graph API permissions required for SHIELD functionality +- Hardware requirements based on security mode +- Full lifecycle workflow diagrams for both users and devices + +--- + +## Microsoft Graph API Permissions + +SHIELD requires specific Graph API permissions to function correctly. These permissions are either assigned automatically by SHIELD or require pre-assignment by an admin. + +!!! note "Permission Scope Legend" + ✅ = Automatically assigned by SHIELD + ❌ = Must be manually assigned by an admin + +### Entra ID Role Permissions + +| Permission Name | Auto Granted | Description | +|-----------------|--------------|-------------| +| Privileged Authentication Administrator | ✅ | Required to delete privileged users with role lockouts. | + +### Graph API Permissions + +| Permission Name | Auto Granted | Description | +|-----------------|--------------|-------------| +| AdministrativeUnit.ReadWrite.All | ✅ | Manage restricted admin units. | +| AppRoleAssignment.ReadWrite.All | ❌ | Assign Managed Identity permissions. | +| Application.ReadWrite.All | ❌ | Create and maintain app registrations. | +| Device.ReadWrite.All | ✅ | Enumerate and tag Entra ID devices. | +| DeviceManagementApps.ReadWrite.All | ✅ | Configure Intune managed installer. | +| DeviceManagementConfiguration.ReadWrite.All | ✅ | Manage configuration profiles in Intune. | +| DeviceManagementManagedDevices.PrivilegedOperations.All | ✅ | Send Wipe commands to devices. | +| DeviceManagementManagedDevices.ReadWrite.All | ✅ | Remove old session hosts, list devices. | +| DeviceManagementRBAC.ReadWrite.All | ✅ | Manage scope tags and app config. | +| DeviceManagementServiceConfig.ReadWrite.All | ✅ | Read and manage Autopilot config. | +| Group.ReadWrite.All | ✅ | Manage security groups in Entra ID. | +| Policy.Read.All / Policy.ReadWrite.ConditionalAccess | ✅ | Enforce and manage Conditional Access policies. | +| RoleManagement.ReadWrite.Directory | ✅ | Assign roles to security groups. | +| User.ReadWrite.All | ✅ | Manage user lifecycle in Entra ID. | + +### SHI Data Gateway Permissions + +| Permission Name | Auto Granted | Description | +|-----------------|--------------|-------------| +| LicenseReport.ReadWrite | ✅ | Store license reports after Discover runs. | +| Telemetry.Sop.ReadWrite | ✅ | Upload monthly telemetry reports. | + +### SHI Orchestration Platform Authenticator + +| Permission Name | Auto Granted | Description | +|-----------------|--------------|-------------| +| Authenticator.Attest | ✅ | Authenticate SOP against tenant during API operations. | + +--- + +## Hardware Requirements + +Hardware requirements for SHIELD vary by security level. + +### ESM & SSM (Enterprise/Specialized Security Modes) + +| Requirement | Recommended | +|-------------|-------------| +| OS | Windows 10 or later | +| RAM | 16GB or higher | +| OEMs | Microsoft Surface, Lenovo | +| Graphics | NVIDIA preferred (no AMD) | + +!!! info "Device Security Notes" + Risk of firmware-level threats is lower in ESM/SSM. Still, choose reputable OEMs and avoid unsupported firmware. + +### PSM (Privileged Security Mode) + +| Requirement | Recommended | +|-------------|-------------| +| OS | Windows 11 Secure Core Certified | +| CPU | Intel i7 / Ryzen 7 or better | +| RAM | 32GB (16GB minimum) | +| Storage | 256GB NVMe | +| Certification | [Secure Core Certified](https://www.microsoft.com/en-us/windows/business/windows-11-secured-core-computers) | + +!!! warning "Hardware Backdoor Risk" + Avoid OEMs known to support master password removal or insecure firmware (e.g., older Dell, HP, Samsung). Prioritize Secure Core Certified devices from trusted vendors. + +More info: +- [Microsoft Secure Core Devices – Microsoft](https://www.microsoft.com/en-us/windows/business/devices?col=securedcorepc) + +--- + +## Lifecycle Workflow Diagrams + +The following flowcharts describe what happens behind the scenes during key lifecycle operations. + +### Device Workflows + +- 📊 [Device Commissioning](Defend/Reference/Diagrams/Device-Commission.md) +- 📊 [Device Decommissioning](Defend/Reference/Diagrams/Device-Decommission.md) +- 📊 [Device Assignment](Defend/Reference/Diagrams/Device-Assign.md) +- 📊 [Device Unassignment](Defend/Reference/Diagrams/Device-Unassign.md) + +### User Workflows + +- 📊 [User Commissioning](Defend/Reference/Diagrams/User-Commission.md) +- 📊 [User Decommissioning](Defend/Reference/Diagrams/User-Decommission.md) + +These diagrams match the logic used in the SHIELD backend and provide a visual reference for each action. + +--- + +## Related Pages + +- [Deployment Guide](Deployment.md) +- [Usage Guide](Usage-Guide.md) +- [Prerequisites](Prerequisites.md) + diff --git a/docs/SHIELD/Usage-Guide.md b/docs/SHIELD/Usage-Guide.md new file mode 100644 index 0000000..fdb141d --- /dev/null +++ b/docs/SHIELD/Usage-Guide.md @@ -0,0 +1,129 @@ +# Usage Guide + +This guide explains how to operate SHIELD once it's been deployed. It covers core infrastructure deployment, device and user lifecycle management, and links to detailed task-level workflows. + +--- + +## Core Infrastructure Management + +After deploying SHIELD, your first task is to set up the **Core Infrastructure**, which includes: + +- Security groups +- Intune Scope Tags +- Entra ID Administrative Units +- Autopilot profiles +- Conditional Access baseline policies + +These are deployed via the SHIELD UI at `{your-subdomain}.azurewebsites.net` using the **Deploy Core Infrastructure** card on the home screen. + +!!! note "Immutable Components" + Security groups, scope tags, and admin units cannot be changed after deployment. All other settings can be modified afterward. + +📖 For step-by-step deployment instructions, see the [Deployment Guide](./Deployment.md) + +--- + +## Lifecycle Management Overview + +SHIELD provides full lifecycle control of identities and devices, organized by three security levels: + +- **Enterprise** +- **Specialized** +- **Privileged** + +Lifecycle actions include: + +- Commissioning & decommissioning devices +- Assigning users to PAWs (Privileged Access Workstations) +- Creating and removing privileged users + +These operations are triggered directly from the SHIELD app’s **Lifecycle Management** section. + +--- + +## Device Management + +Device operations are performed through the Lifecycle interface. The following guides explain each task: + +### Commission a Device + +- Adds devices to SHIELD management +- Privileged devices are wiped/reset before being configured + +📖 [Commission a Device](Defend/Usage-Guide/Device/0-Commission.md) +📊 [Commission Workflow Diagram](Defend/Reference/Diagrams/Device-Commission.md) + +--- + +### Decommission a Device + +- Removes the device from SHIELD +- Privileged devices are reset and removed from their assigned groups + +📖 [Decommission a Device](Defend/Usage-Guide/Device/1-Decommission.md) +📊 [Decommission Workflow Diagram](Defend/Reference/Diagrams/Device-Decommission.md) + +--- + +### Assign a User to a PAW + +- Assigns allowed users to a privileged device +- All other users are blocked from login + +📖 [Assign User](Defend/Usage-Guide/Device/2-Assign.md) +📊 [Assignment Workflow](Defend/Reference/Diagrams/Device-Assign.md) + +--- + +### Unassign a User + +- Removes users from a PAW +- If no users remain, a wipe command is triggered + +📖 [Unassign User](Defend/Usage-Guide/Device/3-Unassign.md) +📊 [Unassign Workflow](Defend/Reference/Diagrams/Device-Unassign.md) + +--- + +## User Management + +SHIELD manages three user types — Privileged, Specialized, and Enterprise — and supports creating, onboarding, and offboarding these accounts. + +### Commission a User + +- Adds an existing Entra ID user or creates a new cloud-only privileged account +- Temporary credentials are shown upon creation + +📖 [Commission a User](Defend/Usage-Guide/User/Commission.md) +📊 [Commission Workflow](Defend/Reference/Diagrams/User-Commission.md) + +--- + +### Decommission a User + +- Removes the user from SHIELD +- Privileged accounts are deleted; others are de-tagged + +📖 [Decommission a User](Defend/Usage-Guide/User/Decommission.md) +📊 [Decommission Workflow](Defend/Reference/Diagrams/User-Decommission.md) + +--- + +## Other Object Types + +SHIELD will soon support additional lifecycle workflows: + +- **Intermediaries** – Virtual session hosts or temporary worker devices +- **Interfaces/Servers** – Backend infrastructure and shared management planes + +🛠️ Coming soon + +--- + +## Summary + +- Core Infrastructure must be deployed first +- Use Lifecycle Management to adopt and manage devices/users +- Task-level actions (commission, assign, etc.) are performed via the SHIELD UI +- Each action links to a detailed guide and diagram for deeper understanding + From 0f7ece8a85b50ca55fd4435433967c3a484e6d55 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 01:32:28 -0500 Subject: [PATCH 11/26] Commit2 - Full rewrite of Deploy module (overview, deployment, usage, reference, troubleshooting) --- .../Identity-Protection-Policy.md | 167 +----------------- docs/SHIELD/Deploy/Deployment.md | 78 ++++++++ .../deprecated-MDE-Enable.md} | 0 .../deprecated-index.md} | 0 docs/SHIELD/Deploy/Reference.md | 54 ++++++ .../Deploy/Securing-Privileged-Access.md | 41 +---- docs/SHIELD/Deploy/Troubleshooting.md | 77 ++++++++ .../Deploy/Troubleshooting/Uninstall.md | 61 +------ docs/SHIELD/Deploy/Usage-Guide.md | 82 +++++++++ docs/SHIELD/Deploy/index.md | 83 +++++++++ 10 files changed, 390 insertions(+), 253 deletions(-) create mode 100644 docs/SHIELD/Deploy/Deployment.md rename docs/SHIELD/Deploy/{Usage-Guide/MDE-Enable.md => Deprecated-Usage-Guide/deprecated-MDE-Enable.md} (100%) rename docs/SHIELD/Deploy/{Usage-Guide/index.md => Deprecated-Usage-Guide/deprecated-index.md} (100%) create mode 100644 docs/SHIELD/Deploy/Reference.md create mode 100644 docs/SHIELD/Deploy/Troubleshooting.md create mode 100644 docs/SHIELD/Deploy/Usage-Guide.md create mode 100644 docs/SHIELD/Deploy/index.md diff --git a/docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md b/docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md index e51a72d..581fe24 100644 --- a/docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md +++ b/docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md @@ -1,159 +1,8 @@ -Conditional Access Policies are critical to how Entra ID secures sign in. -Below are the list of policies that are automatically deployed and why they are necessary for securing privileged access. - -## SOP - Compliance - -- **Setting Name:** SOP - Compliance -- **Type of Policy:** Conditional Access -- **Description:** -Requires devices to be marked as compliant and requires MFA sign in -- **Why it is needed (what does it secure against):** -Forces devices to be managed devices and requires MFA to protect all cloud apps. Protects against credential theft or any any attempt to password spray, brute force, or otherwise reuse credentials. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When a principal in the Privileged device Devices or Privileged User group attempts to access any cloud app. - -## SOP - User Risk - -- **Setting Name:** SOP - User Risk -- **Description:** -Prevents signing in if user has a user risk of Low/Medium/High -- **Why it is needed (what does it secure against):** -If a user risk of Low/Medium/High is detected, it will block the sign in. Prevents attacks that attempt to reuse credentials in unfamiliar locations from risky IPs(as determined by Microsoft Threat Intelligence), and from suspicious behavior. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When a principal in the Privileged device Devices or Privileged User group attempts to access any cloud app with a user risk of Low/Medium/High, their sign in will be blocked. - -## SOP - Sign-in Risk - -- **Setting Name:** SOP - Sign-in Risk -- **Description:** -Prevents signing in if user has a sign-in risk of Low/Medium/High -- **Why it is needed (what does it secure against):** -If a sign-in risk of Low/Medium/High is detected, it will block the sign in. This will protect against unfamiliar location sign in attempts that the principal has not signed in from before. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When a principal in the Privileged device Devices or Privileged User group attempts to access any cloud app with a sign-in risk of Low/Medium/High, their sign in will be blocked. - -## SOP - OS Enforcement - -- **Setting Name:** SOP - OS Enforcement -- **Description:** -Prevents signing in if user is NOT using Windows OS -- **Why it is needed (what does it secure against):** -Ensures sign ins are only coming from Windows OS machines. Protects against attackers attempting to utilize other operating systems. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When a principal in the in Privileged device Devices or Privileged Users attempts to sign into any cloud app from a NON Windows OS, their sign in will be blocked. - -## SOP - Location - -- **Setting Name:** SOP - Location -- **Description:** -Prevents signing in if user is in a known risky location -- **Why it is needed (what does it secure against):** -Ensures sign ins are only coming from United States based IPs. Protects against credential theft. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When a principal in the Privileged device Devices or Privileged Users attempts to sign into any cloud app from outside the United States, their sign in will be blocked. - -## SOP - Legacy Auth - -- **Setting Name:** SOP - Legacy Auth -- **Description:** -Prevents signing in if user is utilizing legacy authentication such as Exchange ActiveSync, POP, IMAP, SMTP. -- **Why it is needed (what does it secure against):** -Ensures sign ins are only coming from modern authentication. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When a principal in the Privileged device Devices or Privileged Users attempts to sign into any cloud app utilizing legacy authentication, their sign in will be blocked. - -## SOP - Hardware Enforcement - -- **Setting Name:** SOP - Hardware Enforcement -- **Description:** -Prevents signing in if user is not signing in from a Privileged device configured device. Devices must meet the naming convention set through Intune Autopilot and a custom extension attribute to be allowed sign in from this policy. -- **Why it is needed (what does it secure against):** -Ensures sign ins are only coming from Privileged device configured devices. Protects against privilege escalation attempts from other devices managed by the organization, but are not Privileged devices. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When a principal in the Privileged device Devices or Privileged Users attempts to sign into any cloud app utilizing a device not meeting the custom extension attribute and not falling under the autopilot naming convention, their sign in will be blocked. - -## SOP - MCAS - -- **Setting Name:** SOP - MCAS -- **Description:** -Sends all cloud sessions over to Microsoft Cloud App Security -- **Why it is needed (what does it secure against):** -Ensures sessions are going over to Microsoft Cloud App Security for tracking, additional policy configuration, and security controls. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When any principal from Privileged device Devices or Privileged Users accesses any cloud app. - -## SOP - MFA - -- **Setting Name:** SOP - MFA -- **Description:** -Requires a multi-factor credential when signing in. -- **Why it is needed (what does it secure against):** -Ensures sign ins are protected through multi-factor authentication. Protects against credential theft and password attacks. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -All sign-ins by principals in the Privileged device Devices and Privileged Users will require a MFA token - -## SOP - Session Duration - -- **Setting Name:** SOP - Session Duration -- **Description:** -Forces principals to re-authenticate utilizing their Entra ID credentials after their session has been established for 9 hours -- **Why it is needed (what does it secure against):** -Ensures users cannot leave sessions open over multiple days and reduces risk of someone utilizing an established session after hours. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -After a session has existed for 9 hours, principals will be required to re-authenticate - -## SOP - Session Persistence - -- **Setting Name:** SOP - Session Persistence -- **Description:** -When a browser session is closed, it will require principals to re-authenticate into all cloud apps utilizing their Entra ID credentials. -- **Why it is needed (what does it secure against):** -Ensures that on new browser sessions, new sessions will be established utilizing a principals Entra ID credentials -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -When a browser session is closed and relaunched, a re-authentication will occur. - -## SOP - Disable CA Resilience Downgrade - -- **Setting Name:** SOP - Disable CA Resilience Downgrade -- **Description:** -If their is an outage in Entra ID and Conditional Access policies cannot be evaluated, it will block principals from authenticating. -- **Why it is needed (what does it secure against):** -Ensures that no principals can bypass any Conditional Access policies when their is an outage. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users -- **When the policy triggers:** -If their is an outage in Entra ID, once a principals session expires they will not be able to continue in their session until Entra ID Conditional Access is able to be evaluated again. - -## Continuous Access Evaluation - -- **Setting Name:** Continuous Access Evaluation -- **Description:** -Anytime Entra ID detects a change in signal on the session, such as location, IP address, permissions, it will reprocess the conditional access policies on the account -- **Why it is needed (what does it secure against):** -This protects against credential theft attacks, session stealing, and users inadvertently trying to authenticate from prohibited locations. If a user is authenticated in a permitted location and then moves to a prohibited location it will then end the session. -- **Who this applies to:** -Entra ID Groups: Privileged device Devices & Privileged Users or all users if already set. -- **When the policy triggers:** -Anytime there is a change in signal on the token +--- +hide: + - navigation + - toc +--- +# Deprecated + +This content has been merged into the new [Deploy Documentation](../../index.md). diff --git a/docs/SHIELD/Deploy/Deployment.md b/docs/SHIELD/Deploy/Deployment.md new file mode 100644 index 0000000..8a18f94 --- /dev/null +++ b/docs/SHIELD/Deploy/Deployment.md @@ -0,0 +1,78 @@ +# Deployment + +The Deploy module is provisioned automatically as part of the SHIELD platform’s Core Infrastructure deployment. This page provides clarity on how the Deploy module fits into the broader deployment flow and what is delivered specifically by this module. + +--- + +## When Is Deploy Activated? + +Deploy is automatically initialized when you use the **Deploy Core Infrastructure** feature within the SHIELD web app. This step sets up all underlying identity, device, and Conditional Access scaffolding that the Defend and Discover modules rely on. + +There is no separate installation or deployment process specific to the Deploy module. However, understanding what Deploy provisions is key to understanding how the rest of SHIELD works. + +--- + +## What Is Deployed? + +The Deploy module provisions all foundational objects required for SHIELD’s lifecycle and security logic: + +- Security groups for each SPA tier (Enterprise, Specialized, Privileged) +- Intune Scope Tags for device policy enforcement +- Entra ID Administrative Units for object-level access scoping +- Conditional Access policies (by class and group) +- Autopilot profile placeholders +- Role-linked management groups and access control structure + +All of these are deployed and linked to your tenant using least-privilege automation logic. + +--- + +## Where to Deploy + +You can launch the SHIELD UI and deploy the infrastructure from: + +📍 `{your-subdomain}.azurewebsites.net` + +From the home screen: + +1. Click **Deploy Core Infrastructure** +2. Review the Terms and Conditions +3. Check the agreement box +4. Click **Deploy Infrastructure** + +You’ll then see: + +- A progress spinner +- Automatic status updates +- A redirect to the home screen when finished + +📖 See full UI walkthrough and screenshots in the [Usage Guide](Usage-Guide.md#deploy-core-infrastructure-ui-flow) + +--- + +## Need to Customize? + +After deployment, you can: + +- Change autopilot profiles and device configurations +- Modify Conditional Access settings +- Tag additional users or groups + +However, **the following objects are immutable after deployment:** + +- Security groups +- Intune scope tags +- Entra ID Administrative Units + +These cannot be renamed or deleted through the SHIELD UI. + +--- + +## Related Pages + +- [Deploy Overview](index.md) +- [Deploy Usage Guide](Usage-Guide.md) +- [Reference Docs](Reference.md) +- [Troubleshooting](Troubleshooting.md) +- [Full SHIELD Deployment](../Deployment.md) + diff --git a/docs/SHIELD/Deploy/Usage-Guide/MDE-Enable.md b/docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-MDE-Enable.md similarity index 100% rename from docs/SHIELD/Deploy/Usage-Guide/MDE-Enable.md rename to docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-MDE-Enable.md diff --git a/docs/SHIELD/Deploy/Usage-Guide/index.md b/docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-index.md similarity index 100% rename from docs/SHIELD/Deploy/Usage-Guide/index.md rename to docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-index.md diff --git a/docs/SHIELD/Deploy/Reference.md b/docs/SHIELD/Deploy/Reference.md new file mode 100644 index 0000000..e162926 --- /dev/null +++ b/docs/SHIELD/Deploy/Reference.md @@ -0,0 +1,54 @@ +# Reference + +This reference section provides technical specifications and supporting details for SHIELD’s Deploy module, including identity protection policies and configuration recommendations that align with the SPA architecture. + +--- + +## Identity Protection Policy Configuration + +The Deploy module provisions policies to restrict sign-in to privileged accounts under specific conditions, enforcing Microsoft's guidance around secure administrative access. + +These policies are designed to: + +- Detect high-risk sign-in events +- Block access to privileged resources if risk conditions are met +- Route access through compliant devices and monitored interfaces + +This aligns with Microsoft’s Zero Trust security model and helps enforce separation between administrative and user environments. + +--- + +### Key Concepts + +- **Policy Scope**: Only applies to privileged role-holding users (PAWs) +- **Conditions Evaluated**: + - Sign-in risk level + - Device compliance state + - Location and interface origin +- **Actions Taken**: + - Block sign-in + - Require MFA or compliant device + - Redirect to monitored jump station if policy fails + +!!! note "SHIELD Default Behavior" + These identity protection policies are deployed automatically when Core Infrastructure is deployed via the SHIELD UI. + +--- + +## Related Reference Docs + +Additional SPA-related configuration details are available in the global [Reference Guide](../Reference.md), including: + +- Full lifecycle flow diagrams +- Microsoft Graph permissions required by SHIELD +- Hardware and certification requirements for SPA devices + +--- + +## Related Pages + +- [Deploy Overview](index.md) +- [Deployment](Deployment.md) +- [Deploy Usage Guide](Usage-Guide.md) +- [Troubleshooting](Troubleshooting.md) + diff --git a/docs/SHIELD/Deploy/Securing-Privileged-Access.md b/docs/SHIELD/Deploy/Securing-Privileged-Access.md index 165c0c7..ad49e95 100644 --- a/docs/SHIELD/Deploy/Securing-Privileged-Access.md +++ b/docs/SHIELD/Deploy/Securing-Privileged-Access.md @@ -1,43 +1,8 @@ --- hide: + - navigation - toc --- -# Securing Privileged Access (SPA) +# Deprecated -Microsoft's Securing Privileged Access (SPA) is a comprehensive solution designed to help organizations protect their critical assets from unauthorized access or data breaches. SPA provides a unified platform for managing and monitoring privileged access across an organization's entire infrastructure, including on-premises, cloud, and hybrid environments. - -Below is a diagram that represents the architecture from a top down view. - -``` mermaid -flowchart LR - privInterface <--> businessAssets - entInterface <--> businessAssets - - subgraph businessAssets [Business Systems and Assets] - subgraph Technology - ITSM - Databases - DCs("Domain Controllers") - ADFS("AD FS") - ADCS("AD CS") - cloud("Cloud Hosts (Azure, AWS, GCP, etc.)") - end - - subgraph misc [Other Departments] - Executive - Legal - HR - Finance - end - end - - subgraph Privileged [Privileged Access] - privIdent --- privInterface - privDev("Devices") --- privIdent("Identities") -.- privIntermediary("Intermediaries") -.- privInterface("Interfaces") - end - - subgraph Enterprise [Enterprise Access] - entIdent --- entInterface - entDev("Devices") --- entIdent("Identities") -.- entIntermediary("Intermediaries") -.- entInterface("Interfaces") - end -``` +This content has been merged into the new [Deploy Documentation](../index.md). diff --git a/docs/SHIELD/Deploy/Troubleshooting.md b/docs/SHIELD/Deploy/Troubleshooting.md new file mode 100644 index 0000000..8703948 --- /dev/null +++ b/docs/SHIELD/Deploy/Troubleshooting.md @@ -0,0 +1,77 @@ +# Troubleshooting + +This section covers how to uninstall or reset SHIELD's Deploy module infrastructure and outlines common considerations for support and recovery scenarios. + +--- + +## Uninstalling SHIELD Deploy Infrastructure + +The SHIELD platform uses multiple Microsoft 365 services to create configuration components. Removing these components manually is complex and can break your tenant setup. Use the provided uninstall script only if directed by SHI support. + +!!! danger "Data Loss Warning" + If you uninstall the architecture, **you will clear out any managed objects and configurations** deployed by the Deploy module. This procedure should only be followed if SHI explicitly instructs you to do so. + +!!! note "Stateless Server Reminder" + SHIELD’s application server is stateless. You can safely redeploy the app after cleanup without losing data stored in the Microsoft cloud (e.g., Intune tags, Entra groups). + +--- + +## Uninstall Procedure + +1. **Stop the SHIELD server** to prevent regeneration of infrastructure during cleanup. + +2. **Download the uninstall script**: + + 📥 [Uninstall-ShieldArchitecture.ps1](Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1) + +3. **Remove all Microsoft.Graph modules** to prevent version conflicts: + + ```powershell + Get-Module -Name '*Microsoft.Graph*' -ListAvailable | Uninstall-Module + ``` + +!!! note + You may have to run the above command twice because the order of operations tries to uninstall a dependency first rather than last. Running it the second time will remove the remaining dependency. + +4. **Install the correct version of Microsoft Graph Beta modules**: + + ```powershell + Install-Module -Name 'Microsoft.Graph.Beta' -RequiredVersion '2.1.0' -Scope 'AllUsers' + ``` + +5. **Run the uninstall script** to remove SHIELD-deployed infrastructure. + + The script is designed to remove: + - Entra ID groups and admin units + - Intune scope tags + - Conditional Access policies created by SHIELD + + It does **not** delete data outside the SHIELD-deployed infrastructure. + +--- + +## FAQs & Recovery Notes + +### What if the uninstall script fails? + +Try re-running the script. It is designed to be idempotent and will retry safely. Make sure you have proper permissions and the correct PowerShell modules installed. + +### Can I re-deploy SHIELD after uninstalling? + +Yes. SHIELD can be redeployed using the same app interface or script, as long as all infrastructure components have been successfully removed. + +### What is not removed? + +- Audit logs in Entra ID +- Device enrollment history +- Local device configurations if not managed via Intune + +--- + +## Related Pages + +- [Deploy Overview](../Deploy/index.md) +- [Deploy Usage Guide](../Deploy/Usage-Guide.md) +- [Deployment](../Deploy/Deployment.md) +- [Deploy Reference](../Deploy/Reference.md) + diff --git a/docs/SHIELD/Deploy/Troubleshooting/Uninstall.md b/docs/SHIELD/Deploy/Troubleshooting/Uninstall.md index 863f260..ad49e95 100644 --- a/docs/SHIELD/Deploy/Troubleshooting/Uninstall.md +++ b/docs/SHIELD/Deploy/Troubleshooting/Uninstall.md @@ -1,59 +1,8 @@ -# Uninstall Procedure - -Removing SHIELD from an Azure tenant is a two step process: -Removing the hosting environment and removing the configurations put in place by the orchestration software. - -!!! Danger "Data Loss Warning!!!" - If you uninstall the architecture, **you will clear out any managed objects and those configurations**, this procedure should only be followed if a SHI employee tells you to do so. - All data is stored in the architecture itself in the form of Intune Scope Tag, or Entra ID Security Group descriptions. - -!!! note - The Server software doesn't store any data (stateless) and should be safe to reinstall at the same or a newer version. - Frequently, all that is needed to be done if troubleshooting an existing fresh installation is to uninstall the architecture and run the infrastructure deployment process again. - -## Process - -It is recommended that the server software be stopped before completing any of the below so that new configurations are not generated during the removal process. - --- - -### Architecture - -The core architecture is the set of settings across all of the managed systems (E.G. M365, Entra ID, Intune, etc.) - -1. Download the SHIELD Architecture Uninstall script: -[Uninstall-ShieldArchitecture.ps1](Assets/Scripts/Uninstall-ShieldArchitecture.ps1) - -2. Make sure to have no other `Microsoft.Graph` PowerShell Modules installed: - - ``` PowerShell title="Uninstall all Microsoft 365 Graph API PowerShell Modules" - Get-Module -Name '*Microsoft.Graph*' -ListAvailable | Uninstall-Module - ``` - - !!! note - You may have to run the above command twice because the order of operations tries to uninstall a dependency first rather than last. Running it the second time will remove the remaining dependency. - -3. Install the `Microsoft.Graph.Beta` PowerShell Module: - - ``` PowerShell title="Install Microsoft 365 Graph API Beta Modules" - Install-Module -Name 'Microsoft.Graph.Beta' -RequiredVersion '2.1.0' -Scope 'AllUsers' - ``` - +hide: + - navigation + - toc --- +# Deprecated -### Server - -1. Delete the `SHI-Host` resource group in Azure. - - !!! note - The resource group may have been renamed during deployment, the default name is `SHI-Host`. - -2. Delete the Server's User Login App Registration from Entra ID: -`SHI Orchestration Platform - User Login` - -3. (Optional) Delete the Server's Orchestration App Registration from Entra ID: -`SHI Orchestration Platform - Server` or `SHI Orchestration Platform - Self Host` - - !!! note - The only time step three needs to be done is if you are cleaning up a dev copy or an on-prem hosted version of the app. This doesn't need to be done for an Azure hosted copy since a Managed Identity tied to the App Server is used. - The Managed Identity would have been deleted along with the server host and software in step 1. +This content has been merged into the new [Deploy Documentation](../index.md). diff --git a/docs/SHIELD/Deploy/Usage-Guide.md b/docs/SHIELD/Deploy/Usage-Guide.md new file mode 100644 index 0000000..a49370d --- /dev/null +++ b/docs/SHIELD/Deploy/Usage-Guide.md @@ -0,0 +1,82 @@ +# Usage Guide + +The Deploy module in SHIELD provides a self-service interface to manage the infrastructure deployed under the SPA framework. Once the initial setup is complete, this guide walks through how to manage core configuration objects using the SHIELD UI. + +--- + +## Managing Infrastructure with SHIELD + +After core deployment is complete, the Deploy module allows you to: + +- View and validate infrastructure components +- Create and manage scoped security groups +- Manage Entra ID Administrative Units +- Assign configuration profiles and scope tags +- Monitor deployment status and lifecycle metadata + +These actions are performed through the **Lifecycle Infrastructure** interface on the SHIELD home screen. + +--- + +## Defender for Endpoint Workspace Creation + +SHIELD relies on Microsoft Defender for Endpoint to enforce protections on devices within the Privileged Access Boundary. Before deploying Conditional Access policies or tagging devices, Defender must be initialized. + +### How to Check Workspace Status + +1. Go to [Microsoft 365 Defender](https://security.microsoft.com){:target="_blank"}. +2. Navigate to **Devices** in the left menu. +3. If a device list appears, the workspace is already created. +4. If you see a splash screen indicating setup, wait until it completes. + +Once initialized, Defender for Endpoint will automatically integrate with SHIELD's lifecycle and tagging logic. + +--- + +## Lifecycle Actions Enabled by Deploy + +The infrastructure deployed by this module supports: + +- Device class-based lifecycle enforcement (Enterprise, Specialized, Privileged) +- Dynamic user and device scoping based on conditional access policies +- Tagging systems to trigger automated controls via Intune and Entra ID + +All these features are available via the SHIELD UI, and are configured automatically based on security class and role mappings. + +--- + +## Visual Walkthrough + +Once core deployment is complete, your SHIELD UI will provide management cards for: + +- **Deploy Core Infrastructure** (initial setup) +- **Manage Infrastructure** (view/edit configs) +- **Lifecycle Device Management** (commission, assign, unassign) +- **Lifecycle User Management** (create, remove, assign roles) + +### Deploy Core Infrastructure UI Flow + +#### 1. Deploy Button with Checkbox Confirmation + +![Infrastructure Deployment Page with Checkbox Highlighted](../../assets/Images/Screenshots/Core-Infrastructure-Deployment.png){ loading=lazy } + +#### 2. Deployment in Progress + +![Deployment Spinner Screenshot](../../assets/Images/Screenshots/Spinner.png){ loading=lazy } + +#### 3. Completion Redirect – SHIELD Home Screen + +![SHIELD Home Screen - Light Mode](../../assets/Images/Screenshots/Home-Screen-Light.png#only-light){ loading=lazy } +![SHIELD Home Screen - Dark Mode](../../assets/Images/Screenshots/Home-Screen-Dark.png#only-dark){ loading=lazy } + +!!! info "Automation Note" + SHIELD manages all object relationships behind the scenes (e.g., group assignments, RBAC links, tag application). You only need to select the correct class and object — SHIELD handles the rest. + +--- + +## Related Pages + +- [Deploy Overview](index.md) +- [Deployment Guide](../Deployment.md) +- [Reference Docs](Reference.md) +- [Troubleshooting](Troubleshooting.md) \ No newline at end of file diff --git a/docs/SHIELD/Deploy/index.md b/docs/SHIELD/Deploy/index.md new file mode 100644 index 0000000..05c4b94 --- /dev/null +++ b/docs/SHIELD/Deploy/index.md @@ -0,0 +1,83 @@ +# Overview + +SHIELD’s Deploy module provides the foundation for a secure environment using Microsoft’s **Securing Privileged Access (SPA)** architecture. This module automates the provisioning of security-critical components such as identity boundaries, privileged access zones, Conditional Access policies, and more. + +The Deploy module ensures your environment is segmented appropriately and aligns with Microsoft’s Zero Trust principles by separating enterprise and privileged systems. + +--- + +## What Is SPA? + +Microsoft’s **Securing Privileged Access (SPA)** model is a layered defense framework designed to protect your most critical systems from identity compromise. SPA separates access tiers between everyday business operations and sensitive administrative functions. + +The diagram below illustrates SPA’s architecture and how privileged vs enterprise identity flows interact with the environment. + +```mermaid +flowchart LR + privInterface <--> businessAssets + entInterface <--> businessAssets + + subgraph businessAssets [Business Systems and Assets] + subgraph Technology + ITSM + Databases + DCs("Domain Controllers") + ADFS("AD FS") + ADCS("AD CS") + cloud("Cloud Hosts (Azure, AWS, GCP, etc.)") + end + + subgraph misc [Other Departments] + Executive + Legal + HR + Finance + end + end + + subgraph Privileged [Privileged Access] + privIdent --- privInterface + privDev("Devices") --- privIdent("Identities") -.- privIntermediary("Intermediaries") -.- privInterface("Interfaces") + end + + subgraph Enterprise [Enterprise Access] + entIdent --- entInterface + entDev("Devices") --- entIdent("Identities") -.- entIntermediary("Intermediaries") -.- entInterface("Interfaces") + end +``` + +--- + +## What Does Deploy Include? + +The Deploy module provisions all infrastructure required to enforce this separation of trust boundaries, including: + +- Tiered security groups +- Intune scope tags +- Entra ID administrative units +- Device onboarding and configuration profiles +- Conditional Access policies +- Role-based access control for privileged systems + +These objects form the **Privileged Access Boundary** and are deployed via the SHIELD app in a few clicks. + +--- + +## Why It Matters + +By centralizing and automating the deployment of SPA, the Deploy module: + +- Eliminates human error in policy setup +- Reduces deployment time from months to minutes +- Enables a repeatable, auditable security baseline +- Ensures identity boundaries are established before user/device onboarding + +--- + +## Related Pages + +- [Deployment Guide](../Deployment.md) +- [Deploy Usage Guide](Usage-Guide.md) +- [Deploy Reference](Reference.md) +- [Troubleshooting Deploy Module](Troubleshooting.md) + From 092adaa715ef21905b2d3ea2230837e31202fc72 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 09:01:03 -0500 Subject: [PATCH 12/26] Commit 3: Full rewrite of Defend module (overview, deployment, usage, reference, prerequisites, troubleshooting) --- docs/SHIELD/0-Getting-Started/index.md | 4 +- docs/SHIELD/Defend/Deployment.md | 59 +++++++++ docs/SHIELD/Defend/Prerequisites.md | 66 ++++++++++ docs/SHIELD/Defend/Reference.md | 88 +++++++++++++ .../Defend/Reference/Hardware-Selection.md | 2 +- docs/SHIELD/Defend/Troubleshooting.md | 90 +++++++++++++ docs/SHIELD/Defend/Usage-Guide.md | 121 ++++++++++++++++++ .../Defend/Usage-Guide/deprecated-index.md | 8 ++ docs/SHIELD/Defend/Usage-Guide/index.md | 8 -- docs/SHIELD/Defend/index.md | 50 ++++++++ docs/SHIELD/Prerequisites.md | 2 +- docs/SHIELD/index.md | 2 +- docs/index.md | 2 +- 13 files changed, 488 insertions(+), 14 deletions(-) create mode 100644 docs/SHIELD/Defend/Deployment.md create mode 100644 docs/SHIELD/Defend/Prerequisites.md create mode 100644 docs/SHIELD/Defend/Reference.md create mode 100644 docs/SHIELD/Defend/Troubleshooting.md create mode 100644 docs/SHIELD/Defend/Usage-Guide.md create mode 100644 docs/SHIELD/Defend/Usage-Guide/deprecated-index.md delete mode 100644 docs/SHIELD/Defend/Usage-Guide/index.md create mode 100644 docs/SHIELD/Defend/index.md diff --git a/docs/SHIELD/0-Getting-Started/index.md b/docs/SHIELD/0-Getting-Started/index.md index 9fcadcb..14aa9b8 100644 --- a/docs/SHIELD/0-Getting-Started/index.md +++ b/docs/SHIELD/0-Getting-Started/index.md @@ -10,8 +10,8 @@ The server is deployed first then the server deploys the core infrastructure. 2. Deploy the core infrastructure using the Web UI:
- [:octicons-rocket-24: Deploy Core Infrastructure](../Deploy/Usage-Guide/index.md){ .md-button } + [:octicons-rocket-24: Deploy Core Infrastructure](../Deploy/Usage-Guide.md){ .md-button } 3. Manage your infrastructure using the SHIELD app's Lifecycle management engine:
- [:fontawesome-solid-rotate: Manage Lifecycle](../Defend/Usage-Guide/index.md){ .md-button } + [:fontawesome-solid-rotate: Manage Lifecycle](../Defend/Usage-Guide.md){ .md-button } diff --git a/docs/SHIELD/Defend/Deployment.md b/docs/SHIELD/Defend/Deployment.md new file mode 100644 index 0000000..aa8d074 --- /dev/null +++ b/docs/SHIELD/Defend/Deployment.md @@ -0,0 +1,59 @@ +# Deployment + +The Defend module is deployed automatically as part of the SHIELD platform’s **Core Infrastructure deployment** process. It does not require any separate deployment scripts or packages. + +This page clarifies when and how Defend becomes active, and what its dependencies are. + +--- + +## When Is Defend Activated? + +Defend becomes available immediately after the **Deploy Core Infrastructure** action is completed in the SHIELD UI. + +This process provisions all objects that Defend needs in order to operate: + +- Security groups by security class (Enterprise, Specialized, Privileged) +- Entra ID Administrative Units for lifecycle scope isolation +- Intune Scope Tags and associated device policies +- Lifecycle engine triggers and UI cards + +Once this is complete, the **Lifecycle Device Management** and **Lifecycle User Management** cards appear in the SHIELD UI. + +--- + +## No Separate Installer Required + +There is no separate installer, script, or action to "deploy Defend." + +Instead, this module is: + +- **Provisioned as part of the Deploy module's infrastructure** +- **Enabled via the SHIELD web app** once infrastructure provisioning is complete + +You can verify readiness by visiting `{your-subdomain}.azurewebsites.net` and checking that: + +- The home screen includes Lifecycle action cards +- Clicking them loads the correct views with no warnings + +--- + +## Prerequisites + +To use Defend, the following must already be deployed: + +- Core infrastructure via Deploy +- Required Entra ID roles (Global Reader, Security Admin) +- Devices or users exist in Entra ID and are synced with Intune (where applicable) +- Defender for Endpoint workspace is initialized (for device enforcement) + +📖 [View Full Prerequisites](Prerequisites.md) + +--- + +## Related Pages + +- [Defend Overview](index.md) +- [Defend Usage Guide](Usage-Guide.md) +- [Defend Reference](Reference.md) +- [Troubleshooting](Troubleshooting.md) +- [SHIELD Platform Deployment](../Deployment.md) \ No newline at end of file diff --git a/docs/SHIELD/Defend/Prerequisites.md b/docs/SHIELD/Defend/Prerequisites.md new file mode 100644 index 0000000..48c6ea3 --- /dev/null +++ b/docs/SHIELD/Defend/Prerequisites.md @@ -0,0 +1,66 @@ +# Prerequisites + +The Defend module manages user and device lifecycle operations. Before using this module, the following prerequisites must be in place within your Microsoft 365 environment. + +These requirements ensure that SHIELD can enforce security controls, commission resources, and assign users or devices to their correct roles. + +--- + +## Infrastructure Requirements + +The Defend module relies on infrastructure that must be deployed via the Deploy module. Specifically, the following must already exist: + +- Core infrastructure has been deployed via the **Deploy Core Infrastructure** action +- Conditional Access policies are applied based on security class +- Entra ID Administrative Units and security groups are provisioned +- Intune is configured with scope tags + +📖 See [SHIELD Platform Prerequisites](../Prerequisites.md) + +--- + +## Role-Based Permissions + +To use Defend’s lifecycle functionality, the signed-in admin must have the following roles in Entra ID: + +| Role | Reason | +|------|--------| +| Global Reader | Required to enumerate users and devices | +| Security Administrator | Required for actions that interact with Defender and Intune APIs | +| User Administrator | Required for privileged user provisioning and removal | + +--- + +## Device and User Sync + +For SHIELD to manage identities and endpoints, the following must be true: + +- Users are present in Entra ID +- Devices are registered or hybrid-joined with Entra ID +- Devices must be visible in Intune (for privileged device management) +- Users and devices must be assigned to the correct security class + +--- + +## Defender for Endpoint Readiness + +SHIELD uses Microsoft Defender for Endpoint to enforce privileged device controls. The Defender portal must have a provisioned workspace before certain lifecycle actions can succeed. + +To verify: + +1. Go to [Microsoft 365 Defender](https://security.microsoft.com){:target="_blank"} +2. Click on **Devices** +3. If a table of devices appears, your workspace is ready +4. If prompted to initialize setup, follow instructions and wait until the UI is fully active + +📖 For more detail, see the [Defend Usage Guide](Usage-Guide.md), under **Defender for Endpoint Workspace Creation** + +--- + +## Related Pages + +- [Defend Deployment](Deployment.md) +- [Defend Usage Guide](Usage-Guide.md) +- [Hardware Requirements](Reference.md) +- [SHIELD Prerequisites](../Prerequisites.md) + diff --git a/docs/SHIELD/Defend/Reference.md b/docs/SHIELD/Defend/Reference.md new file mode 100644 index 0000000..8e4f5dd --- /dev/null +++ b/docs/SHIELD/Defend/Reference.md @@ -0,0 +1,88 @@ +# Reference + +This reference page for the Defend module provides a comprehensive view of all supporting technical material that underpins lifecycle management operations, including: + +- Hardware requirements for each security class +- Full lifecycle diagrams for devices and users +- Notes on privileged workflows +- Relevant configuration examples + +All information here is specific to the Defend module and complements the main [Usage Guide](Usage-Guide.md). + +--- + +## Hardware Requirements + +SHIELD enforces hardware baselines per security class, especially for **Privileged Security Mode (PSM)**, to reduce the risk of compromise through firmware, bootkits, and untrusted supply chains. + +### Enterprise and Specialized Modes (ESM/SSM) + +| Requirement | Recommendation | +|--------------------|----------------------------------------------| +| OS | Windows 10 or later | +| RAM | 16GB or more | +| OEM Devices | Microsoft Surface or Lenovo preferred | +| Graphics Support | NVIDIA recommended (avoid AMD graphics) | + +!!! info "Device Security Considerations" + In ESM/SSM, hardware risks are lower, but it’s still important to avoid unsupported OEMs and poor firmware hygiene. These devices typically handle non-elevated tasks. + +### Privileged Mode (PSM) + +| Requirement | Recommendation | +|--------------------|----------------------------------------------| +| OS | Windows 11 Secure Core Certified | +| CPU | Intel Core i7 or Ryzen 7 equivalent | +| RAM | 32GB recommended (16GB minimum) | +| Storage | 256GB+ NVMe SSD | +| Certification | [Secure Core Certified](https://www.microsoft.com/en-us/windows/business/windows-11-secured-core-computers) | + +!!! warning "Potential Hardware Backdoors" + Avoid OEMs that allow firmware-level master password resets or silent security bypasses. SHIELD recommends only certified hardware from Microsoft and Lenovo for PSM operations. + +--- + +## Lifecycle Workflow Diagrams + +Each SHIELD lifecycle action is mapped to a standardized backend workflow. The following flowcharts show the logic for each user and device operation. + +### Device Workflow Diagrams + +#### Commission Device +📊 [Device - Commission](Reference/Diagrams/Device-Commission.md) + +#### Decommission Device +📊 [Device - Decommission](Reference/Diagrams/Device-Decommission.md) + +#### Assign User to Device +📊 [Device - Assign](Reference/Diagrams/Device-Assign.md) + +#### Unassign User from Device +📊 [Device - Unassign](Reference/Diagrams/Device-Unassign.md) + +--- + +### User Workflow Diagrams + +#### Commission User +📊 [User - Commission](Reference/Diagrams/User-Commission.md) + +#### Decommission User +📊 [User - Decommission](Reference/Diagrams/User-Decommission.md) + +--- + +## Privileged Workflows (Coming Soon) + +A dedicated section for advanced Privileged workflows, including intermediary logic and RBAC extensions, will be added in a future release. + +📄 Placeholder: [Privileged Device Workflows](Reference/Lifecycle/Privileged Device Workflows.md) + +--- + +## Related Pages + +- [Defend Usage Guide](Usage-Guide.md) +- [Device Lifecycle](Usage-Guide/Device/0-Commission.md) +- [User Lifecycle](Usage-Guide/User/Commission.md) + diff --git a/docs/SHIELD/Defend/Reference/Hardware-Selection.md b/docs/SHIELD/Defend/Reference/Hardware-Selection.md index 09c9bc8..4040d1e 100644 --- a/docs/SHIELD/Defend/Reference/Hardware-Selection.md +++ b/docs/SHIELD/Defend/Reference/Hardware-Selection.md @@ -54,6 +54,6 @@ For further guidance on hardware selection or compatibility, please refer to the ## See Also -- [Lifecycle Management Overview](../Usage-Guide/index.md): Learn more about the lifecycle management features of SHIELD and how it simplifies the management of user and device objects. +- [Lifecycle Management Overview](../Usage-Guide.md): Learn more about the lifecycle management features of SHIELD and how it simplifies the management of user and device objects. - [Commissioning a New Device](../Usage-Guide/Device/0-Commission.md): Step-by-step guide on commissioning (adopting) a new device using SHIELD. - [Decommission a Managed Device](../Usage-Guide/Device/1-Decommission.md): Step-by-step guide on decommissioning (removing) a device that is currently being managed by SHIELD. diff --git a/docs/SHIELD/Defend/Troubleshooting.md b/docs/SHIELD/Defend/Troubleshooting.md new file mode 100644 index 0000000..e99dc2b --- /dev/null +++ b/docs/SHIELD/Defend/Troubleshooting.md @@ -0,0 +1,90 @@ +# Troubleshooting + +This section addresses common issues encountered when using the Defend module’s lifecycle management features. It also offers clarification on edge cases, expected behaviors, and safe recovery actions. + +--- + +## Issue: Devices not appearing in SHIELD UI + +**Cause:** +- Devices are not hybrid-joined or cloud-joined to Entra ID +- Devices are not enrolled or synced into Intune + +**Resolution:** +- Confirm the device is joined to Entra ID +- Ensure it is visible in the Intune portal ([https://intune.microsoft.com](https://intune.microsoft.com)) +- Ensure it is not already managed by another tenant or stale registration + +--- + +## Issue: Users not showing up when trying to commission + +**Cause:** +- The user has already been onboarded +- The user is filtered out by Entra ID query +- Admin does not have required permissions + +**Resolution:** +- Verify the user exists in Entra ID +- Confirm you're operating with Global Reader or User Administrator role +- Switch to a different security class to check other eligible users + +--- + +## Issue: Lifecycle actions failing silently or UI not responding + +**Cause:** +- Required Defender for Endpoint workspace is not initialized +- Scoped Intune tags are missing +- Conditional Access policies are not yet deployed + +**Resolution:** +- Follow workspace setup verification steps in the [Usage Guide](Usage-Guide.md), under **Defender for Endpoint Workspace Creation** +- Check that SHIELD infrastructure was successfully deployed from the Deploy module +- Review prerequisites in [Defend Prerequisites](Prerequisites.md) + +--- + +## Issue: Privileged device wipe triggered unexpectedly + +**Cause:** +- Privileged commissioning/unassignment flow triggered without assigned users +- Attempted to assign a new user without retaining previous assignment + +**Resolution:** +- Always include current assigned users in the assignment flow +- Ensure wipe behavior for privileged devices is clearly understood (see the [Usage Guide](Usage-Guide.md)) + +--- + +## Issue: Temporary credentials not saved after privileged user creation + +**Cause:** +- Admin did not record credentials from the popup +- UI was closed or refreshed before saving + +**Resolution:** +- Re-run commissioning with a new user +- Contact SHI if lifecycle audit recovery is needed + +--- + +## FAQs + +### Are lifecycle actions idempotent? +Yes. If a device or user is already managed, SHIELD will not reapply the same configuration unless it detects a mismatch. + +### Can I reverse a decommission action? +No. Once a user or device is removed, it must be re-commissioned. + +### Does the UI prevent mistakes? +Yes — warnings and confirmations are built into the UI. However, wipe actions for privileged devices occur automatically in certain workflows. + +--- + +## Related Pages + +- [Defend Usage Guide](Usage-Guide.md) +- [Defend Reference](Reference.md) +- [Defend Prerequisites](Prerequisites.md) + diff --git a/docs/SHIELD/Defend/Usage-Guide.md b/docs/SHIELD/Defend/Usage-Guide.md new file mode 100644 index 0000000..06f49b8 --- /dev/null +++ b/docs/SHIELD/Defend/Usage-Guide.md @@ -0,0 +1,121 @@ +# Usage Guide + +The Defend module in SHIELD provides lifecycle management for users and devices after the infrastructure is deployed. This guide explains how to perform key operations such as commissioning, decommissioning, assigning, and unassigning users or devices, all while respecting security class boundaries (Enterprise, Specialized, Privileged). + +--- + +## Lifecycle Management Overview + +Lifecycle Management is triggered from within the SHIELD web interface and allows you to: + +- Onboard or offboard users and devices +- Assign users to Privileged Access Workstations (PAWs) +- Enforce metadata tagging and Intune integration +- Apply group policies and conditional access boundaries + +All actions are class-aware and scoped by SHIELD’s infrastructure. + +--- + +## Device Lifecycle Operations + +Device lifecycle flows differ by class. Devices marked as Privileged undergo more stringent controls, such as wiping during onboarding. + +### Commission a Device + +Commissioning a device registers it with SHIELD and assigns lifecycle metadata. Privileged devices will be wiped if they are Intune-managed to ensure a clean baseline. + +📖 [Commission a Device](Usage-Guide/Device/0-Commission.md) +📊 [Workflow Diagram](Reference/Diagrams/Device-Commission.md) + +#### UI Example + +![Select Device - Light](../../assets/Images/Screenshots/Select-Unmanaged-Device-Light.png#only-light){ loading=lazy width="300" } +![Select Device - Dark](../../assets/Images/Screenshots/Select-Unmanaged-Device-Dark.png#only-dark){ loading=lazy width="300" } + +!!! warning "Privileged Commissioning" + Wipe commands are issued to Intune-managed devices during commissioning to protect against residual compromise. + +--- + +### Decommission a Device + +Removes a device from SHIELD’s lifecycle system. + +📖 [Decommission a Device](Usage-Guide/Device/1-Decommission.md) +📊 [Workflow Diagram](Reference/Diagrams/Device-Decommission.md) + +--- + +### Assign a User to a PAW + +Assigns one or more users to a privileged device (PAW). All others will be denied access. + +📖 [Assign User](Usage-Guide/Device/2-Assign.md) +📊 [Workflow Diagram](Reference/Diagrams/Device-Assign.md) + +--- + +### Unassign a User from a PAW + +Removes a user’s access from a PAW. If no users remain, a wipe is issued. + +📖 [Unassign User](Usage-Guide/Device/3-Unassign.md) +📊 [Workflow Diagram](Reference/Diagrams/Device-Unassign.md) + +--- + +## User Lifecycle Operations + +SHIELD supports onboarding and offboarding for both privileged and non-privileged users. + +### Commission a User + +Privileged users are created as new cloud-only accounts. Others are brought into management using existing identities. Temporary credentials are generated at creation. + +📖 [Commission a User](Usage-Guide/User/Commission.md) +📊 [Workflow Diagram](Reference/Diagrams/User-Commission.md) + +#### UI Example + +![Select User - Light](../../assets/Images/Screenshots/Select-Unmanaged-User-Light.png#only-light){ loading=lazy width="300" } +![Select User - Dark](../../assets/Images/Screenshots/Select-Unmanaged-User-Dark.png#only-dark){ loading=lazy width="300" } + +#### Temporary Credential Dialog + +![Temp Credentials - Light](../../assets/Images/Screenshots/Temporary-Credential-Dialog-Light.png#only-light){ loading=lazy } +![Temp Credentials - Dark](../../assets/Images/Screenshots/Temporary-Credential-Dialog-Dark.png#only-dark){ loading=lazy } + +--- + +### Decommission a User + +Privileged users are deleted from Entra ID. Non-privileged users are simply removed from SHIELD management. + +📖 [Decommission a User](Usage-Guide/User/Decommission.md) +📊 [Workflow Diagram](Reference/Diagrams/User-Decommission.md) + +--- + +## Security Classes + +All operations respect SHIELD’s class-based enforcement: + +- **Enterprise**: standard users/devices with baseline protections +- **Specialized**: enhanced controls and policy targeting +- **Privileged**: strict isolation, hardware requirements, auto-wiping, credential controls + +Class is selected at the top of the UI before performing lifecycle actions. + +!!! note "Default Class" + The UI defaults to **Privileged**. Make sure to adjust if managing non-privileged assets. + +--- + +## Related Pages + +- [Defend Overview](index.md) +- [Device Commissioning](Usage-Guide/Device/0-Commission.md) +- [User Commissioning](Usage-Guide/User/Commission.md) +- [Reference Diagrams](Reference.md) +- [Hardware Requirements](Reference/Hardware-Selection.md) \ No newline at end of file diff --git a/docs/SHIELD/Defend/Usage-Guide/deprecated-index.md b/docs/SHIELD/Defend/Usage-Guide/deprecated-index.md new file mode 100644 index 0000000..fc1676d --- /dev/null +++ b/docs/SHIELD/Defend/Usage-Guide/deprecated-index.md @@ -0,0 +1,8 @@ +--- +hide: + - navigation + - toc +--- +# Deprecated + +This page has been merged into [SHIELD Usage Guide](../Usage-Guide.md). diff --git a/docs/SHIELD/Defend/Usage-Guide/index.md b/docs/SHIELD/Defend/Usage-Guide/index.md deleted file mode 100644 index 9372158..0000000 --- a/docs/SHIELD/Defend/Usage-Guide/index.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This page has been merged into [SHIELD Usage Guide](../../Usage-Guide.md). diff --git a/docs/SHIELD/Defend/index.md b/docs/SHIELD/Defend/index.md new file mode 100644 index 0000000..63e0458 --- /dev/null +++ b/docs/SHIELD/Defend/index.md @@ -0,0 +1,50 @@ +# Overview + +The Defend module is responsible for all lifecycle operations within the SHIELD platform. It provides user and device onboarding, offboarding, access enforcement, and enforcement of privileged workflows in alignment with the SPA model deployed by the Deploy module. + +Whereas the Deploy module provisions the infrastructure, **Defend is responsible for using that infrastructure to manage the identities and devices inside it**. + +--- + +## What Defend Manages + +- Commissioning and decommissioning users and devices +- Assigning privileged users to privileged devices (PAWs) +- Automatic Intune and Entra ID tagging +- Lifecycle management rules based on selected security class + +All these actions are exposed via the SHIELD Lifecycle UI and the platform’s API endpoints. + +--- + +## Security Class Enforcement + +Defend strictly applies the lifecycle rules associated with each of SHIELD’s supported security classes: + +- **Enterprise (ESM)** – standard business users and workstations +- **Specialized (SSM)** – elevated or regulated roles and systems +- **Privileged (PSM)** – most secure tier, requires clean hardware, wipes on commission/unassign, and restricted access boundaries + +The class is selected in the UI prior to performing any lifecycle action. + +--- + +## Entry Points + +After the SHIELD infrastructure is deployed, the Defend module is accessed via the SHIELD UI home screen: + +- **Lifecycle Device Management** – for commissioning, decommissioning, assignment, and unassignment +- **Lifecycle User Management** – for onboarding and offboarding privileged and standard users + +The lifecycle engine handles all object mapping, Intune tagging, group membership, and access scope enforcement automatically based on your selections. + +--- + +## Related Pages + +- [Deployment](Deployment.md) +- [Prerequisites](Prerequisites.md) +- [Usage Guide](Usage-Guide.md) +- [Reference](Reference.md) +- [Troubleshooting](Troubleshooting.md) + diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index 4afc411..6f26708 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -17,7 +17,7 @@ SHIELD automates secure deployment and lifecycle management using Microsoft 365 ### Environment Requirements - ✅ Deploying user must have **Global Admin Rights** -- ✅ [Defender for Endpoint](Deployment.md#defender-for-endpoint-workspace-creation) must be provisioned +- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](Defend/Usage-Guide.md), under **Defender for Endpoint Workspace Creation** - ✅ [Security Defaults](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) must be disabled in Entra ID - ✅ [Certificate Authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) must be disabled for SHIELD’s security groups diff --git a/docs/SHIELD/index.md b/docs/SHIELD/index.md index c8d9624..73bf18a 100644 --- a/docs/SHIELD/index.md +++ b/docs/SHIELD/index.md @@ -40,7 +40,7 @@ In the rest of the documentation, we will provide detailed instructions on how t ## See Also -- [Usage Guides](Defend/Usage-Guide/index.md) +- [Usage Guides](Defend/Usage-Guide.md) - Change Log - Coming Soon! - [SHIELD Architecture](Reference/Architecture/index.md) - [API Documentation](Reference/Development/OpenAPI.md) diff --git a/docs/index.md b/docs/index.md index 16681ef..8312e48 100644 --- a/docs/index.md +++ b/docs/index.md @@ -20,7 +20,7 @@ Manages the state of security tenant wide using a multi-tiered architecture. ### Defend -[:mag: Defend](SHIELD/Defend/Usage-Guide/index.md){ .md-button } +[:mag: Defend](SHIELD/Defend/Usage-Guide.md){ .md-button } ### Discover From 4e2d66ada22c3e759be27837917eee4d309dc7b3 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 09:41:31 -0500 Subject: [PATCH 13/26] Commit 4: Full rewrite of Discover module (overview, deployment, usage, reference, troubleshooting) --- docs/SHIELD/Discover/Deployment.md | 99 ++++++++++ docs/SHIELD/Discover/Reference.md | 96 +++++++++ docs/SHIELD/Discover/Troubleshooting.md | 88 +++++++++ docs/SHIELD/Discover/Usage-Guide.md | 67 +++++++ docs/SHIELD/Discover/index.md | 247 +++++++++++++++++++++--- 5 files changed, 575 insertions(+), 22 deletions(-) create mode 100644 docs/SHIELD/Discover/Deployment.md create mode 100644 docs/SHIELD/Discover/Reference.md create mode 100644 docs/SHIELD/Discover/Troubleshooting.md create mode 100644 docs/SHIELD/Discover/Usage-Guide.md diff --git a/docs/SHIELD/Discover/Deployment.md b/docs/SHIELD/Discover/Deployment.md new file mode 100644 index 0000000..2c5bf58 --- /dev/null +++ b/docs/SHIELD/Discover/Deployment.md @@ -0,0 +1,99 @@ +# Deployment + +This page outlines how to deploy the Discover engine and configure the local environment needed to run plugin-based audits and store results in Azure SQL. + +All installation methods rely on a lightweight MSI and PowerShell-driven configuration. This module runs entirely on the client side and requires no backend installation. + +--- + +## Standard Installation (GUI-Based) + +Use the GUI-based MSI for interactive setup. This is recommended for most environments. + +### Installation Steps + +1. Download the MSI installer +2. Launch the installer +3. Enter the **FQDN** of your Azure SQL Database + 📌 Example: shi-example.database.windows.net +4. (Optional) Click **Configure** to customize: + - Table names for correlation and license data + - Database name +5. Click **Install** + +### Screenshots + +#### Main Installer Screen + +![Installer - Light](assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } +![Installer - Dark](assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } + +#### Dropdown Menu + +![Dropdown - Light](assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } +![Dropdown - Dark](assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } + +#### Advanced Configuration + +![Advanced Config - Light](assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } +![Advanced Config - Dark](assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } + +!!! note "Shortcut Behavior" + Machine-wide installs of PowerShell require launching Discover via CLI. Desktop shortcuts are only supported for user-scoped installs. + +--- + +## Silent Installation (Script-Based) + +Use silent install mode for automation and unattended deployments. + +### Required Properties + +| Property | Required | Default | Description | +|----------|----------|---------|-------------| +| AZSQL_SERVER_FQDN | ✅ | None | FQDN of the Azure SQL Server | +| CORRELATION_TABLE_NAME | ❌ | Correlation | Name of correlation table | +| DATABASE_NAME | ❌ | Results | Target database name | +| LICENSE_COUNT_TABLE_NAME | ❌ | LicenseData | License records table | + +### Examples + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net +``` + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net DATABASE_NAME=CustomerTracker +``` + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net CORRELATION_TABLE_NAME=RunTracker +``` + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=shi-example.database.windows.net LICENSE_COUNT_TABLE_NAME=CustomerTracker +``` + +!!! note "Naming Format" + The FQDN should not include protocols (sql://) or directory paths (/db). Use only the raw hostname. + +--- + +## Azure SQL Configuration + +Before installation, ensure your Azure SQL database is provisioned: + +- Entra ID authentication is enabled +- Your user has permission to create and write to the DB +- [Auto-permissions tool](Reference.md#azure-sql-configuration) is available for bulk role assignment + +📖 See full details in the [Reference Guide](Reference.md#azure-sql-configuration) + +--- + +## Related Pages + +- [Discover Overview](index.md) +- [Discover Usage Guide](Usage-Guide.md) +- [Reference](Reference.md) +- [Troubleshooting](Troubleshooting.md) \ No newline at end of file diff --git a/docs/SHIELD/Discover/Reference.md b/docs/SHIELD/Discover/Reference.md new file mode 100644 index 0000000..cf6a6cb --- /dev/null +++ b/docs/SHIELD/Discover/Reference.md @@ -0,0 +1,96 @@ +# Reference + +This page provides a complete reference for the Discover module, including plugins, schema, licensing models, and core configuration expectations. + +--- + +## Plugin Overview + +Discover uses a plugin architecture to retrieve data from Microsoft 365 services. Each plugin is executed independently, and the results are standardized before being uploaded to the Azure SQL database. + +### Included Plugins + +| Plugin | Description | +|--------|-------------| +| **EntraID** | Retrieves directory settings, user roles, and licensing scope | +| **Defender for Endpoint** | Collects device configurations and security compliance mappings | +| **Defender for Identity** | Evaluates privileged identity policies, alerts, and audit logic | + +📖 Plugin logic is described in the [Execution Flow Diagram](index.md#execution-process) + +--- + +## Database Schema + +All data collected by Discover is stored in an Azure SQL Database. The core tables include: + +| Table | Description | +|-------|-------------| +| `Correlation` | Top-level run metadata and timestamp linkage | +| `LicenseData` | All license configuration results | +| `Results` | Engine output for each plugin and validation step | + +For full structure and table relationships, see the [Schema Documentation](Database-Schema.md) + +--- + +## Supported Licenses + +Discover analyzes how Microsoft 365 licenses are configured and applied. This includes SKUs across all verticals: + +- Enterprise (E1, E3, E5) +- Education (A1, A3, A5) +- Government (G1, G3, G5) +- Frontline (F1, F3) + +📖 License breakdown and mappings: [Supported Licenses](Supported-Licenses.md) + +--- + +## Reserved Principals + +Some Entra ID accounts are marked as reserved and should not be altered by automation. Discover recognizes these automatically and excludes them from plugin evaluations. + +📖 See list of principals in: [Reserved Principals](Reserved-Principals.md) + +--- + +## Azure SQL Configuration + +Discover requires an Azure SQL Database for storing its results. Refer to [Deployment → Azure SQL Setup](Deployment.md#azure-sql-configuration) for setup steps. + +To automatically configure permissions via PowerShell: + +```powershell +Add-AzLicenseDb -SubscriptionId '' -ReadGroupId '' -WriteGroupId '' +``` + +```powershell +Get-Help -Name 'Add-AzLicenseDb' -Full +``` + +--- + +## Architecture and Flow Diagrams + +### Infrastructure Diagram + +📖 See [Infrastructure Diagram](index.md#infrastructure-architecture) + +- Shows PowerShell client to Entra ID + SQL interaction +- Includes threat model reference: [infrastructure.tm7](assets/threat-models/infrastructure.tm7) + +### Execution Flow + +📖 See [Execution Flow](index.md#execution-process) + +- Describes correlation record creation, plugin execution loop, and upload pattern + +--- + +## Related Pages + +- [Discover Overview](index.md) +- [Deployment](Deployment.md) +- [Usage Guide](Usage-Guide.md) +- [Troubleshooting](Troubleshooting.md) \ No newline at end of file diff --git a/docs/SHIELD/Discover/Troubleshooting.md b/docs/SHIELD/Discover/Troubleshooting.md new file mode 100644 index 0000000..22d09e6 --- /dev/null +++ b/docs/SHIELD/Discover/Troubleshooting.md @@ -0,0 +1,88 @@ +# Troubleshooting + +This page documents common issues that may occur when running the Discover module, along with guidance on resolution, retries, and output validation. + +These cases are drawn from the expected behavior of plugin execution, Azure SQL access, and Defender/Graph API interactions. + +--- + +## Issue: Plugin run starts but no data appears in SQL + +**Possible Causes:** +- Azure SQL FQDN was entered incorrectly +- No write permissions for the logged-in user +- Plugin executed but no relevant configuration was found + +**Resolution:** +- Verify that `AZSQL_SERVER_FQDN` is correct and reachable from the client machine +- Check user permissions on the database +- Ensure that plugins are active and supported for the tenant configuration + +--- + +## Issue: Installer runs but shortcut is missing + +**Cause:** +- Discover was installed machine-wide + +**Resolution:** +- Use CLI directly: + +```powershell +Start-DiscoverAudit.ps1 -CompanyName "Contoso" -Mode "Standard" +``` + +Shortcuts are only created for user-scoped installs. + +--- + +## Issue: Silent install fails with no error + +**Possible Causes:** +- Required `AZSQL_SERVER_FQDN` parameter was omitted +- MSI was run with incorrect context or permissions + +**Resolution:** +- Add `/l*v install.log` to enable verbose logging +- Confirm all parameters are supplied and formatted correctly +- Example: + +```cmd +License-Analytics.msi /qn AZSQL_SERVER_FQDN=yourserver.database.windows.net +``` + +--- + +## Issue: Script hangs at plugin step + +**Possible Causes:** +- API credentials have expired +- Microsoft Graph rate-limiting or auth error + +**Resolution:** +- Re-authenticate via PowerShell session +- Run again with fresh token +- Use `Get-Help .\Start-DiscoverAudit.ps1 -Full` for CLI flags + +--- + +## FAQs + +### Is Discover idempotent? +Yes — the correlation ID ensures that repeated runs do not corrupt existing data. + +### Where is the output stored? +Output is written to the Azure SQL database defined during install. Table names include `Correlation`, `LicenseData`, and `Results`. + +### Can I re-run Discover with new plugins? +Yes. You may add new plugin files to the plugin directory and rerun the audit. + +--- + +## Related Pages + +- [Discover Overview](index.md) +- [Deployment](Deployment.md) +- [Usage Guide](Usage-Guide.md) +- [Reference](Reference.md) + diff --git a/docs/SHIELD/Discover/Usage-Guide.md b/docs/SHIELD/Discover/Usage-Guide.md new file mode 100644 index 0000000..895e6dc --- /dev/null +++ b/docs/SHIELD/Discover/Usage-Guide.md @@ -0,0 +1,67 @@ +# Usage Guide + +This guide explains how to run Discover, what to expect from its output, and how to interact with its data once collected. + +The Discover engine runs locally via PowerShell and sends results to a specified Azure SQL Database. The interface is terminal-based and uses plugin-based configuration. + +--- + +## Running Discover + +After installing the application, you can run Discover using either the command line or PowerShell script shortcut. + +### CLI Launch (Typical Flow) + +```powershell +Start-DiscoverAudit.ps1 -CompanyName "Contoso" -Mode "Standard" +``` + +Depending on your install method and configuration, a GUI prompt may open (for standard install) or the plugin flow will begin directly (for CLI installs). + +--- + +## Plugin Execution Behavior + +When Discover runs, it processes all installed plugins in order: + +1. Authentication to Entra ID and Azure SQL +2. Creation of a correlation record to link results +3. Enumeration and validation of plugins +4. Sequential plugin execution (data collection + processing) +5. Upload of result data to Azure SQL tables + +Each plugin runs independently and its results are normalized before database submission. + +📖 Plugin behavior is described in [Reference → Plugin Overview](Reference.md#plugin-overview) + +--- + +## Where Results Go + +- Output is written to the Azure SQL Database configured at install time +- Each run generates a correlation record with timestamp and run metadata +- You can query this database directly using SQL tools or BI platforms (like Power BI) + +The schema is documented in the [Reference Guide](Reference.md#database-schema) + +--- + +## Example Power BI Setup + +Once data is stored in Azure SQL, you can use Power BI to: + +- Visualize configuration compliance +- Track license optimization opportunities +- Export audit snapshots for reporting + +Simply connect to your Azure SQL DB using Power BI Desktop and load the relevant tables. + +--- + +## Related Pages + +- [Discover Overview](index.md) +- [Discover Deployment](Deployment.md) +- [Reference](Reference.md) +- [Troubleshooting](Troubleshooting.md) + diff --git a/docs/SHIELD/Discover/index.md b/docs/SHIELD/Discover/index.md index 1dd331a..5d55624 100644 --- a/docs/SHIELD/Discover/index.md +++ b/docs/SHIELD/Discover/index.md @@ -1,43 +1,246 @@ -# Discover +# Overview -## Overview +The Discover module enables advanced licensing intelligence and compliance reporting for Microsoft 365 services. It retrieves configuration data from multiple service APIs, analyzes it, and stores compliance results in an Azure SQL database for visualization in tools like Power BI. -Discover is a system that retrieves the Microsoft Service configurations and performs analysis against the data to evaluate the count of license records that are required to satisfy the service configuration. -Discover also retrieves a count of purchased licenses so that it can make the determination if a license violation is in progress so that easy review of the overall compliance state of an organization can be saved into an Azure SQL Database of choice. +Discover is plugin-driven, lightweight, and runs entirely from the client environment via PowerShell. -Once the data is in the Azure SQL Database, it is easy to integrate it into Business Intelligence software such as PowerBI to create reports. +--- + +## What Discover Does + +- Retrieves Microsoft service configuration data using Graph API and Defender APIs +- Evaluates license assignments against usage and configuration +- Stores structured results in an Azure SQL database +- Visualizes data using third-party tools such as Power BI + +Discover allows organizations to: + +- Ensure license assignments match technical requirements +- Detect gaps in purchased vs. configured capabilities +- Automate configuration audits across tenants + +--- + +## Plugin Architecture + +Discover’s core engine is extensible through plugins. Each plugin is responsible for extracting and evaluating configuration from a specific service: + +- 🔌 **Entra ID Plugin** – Retrieves directory and user-level settings +- 🔌 **Defender for Endpoint Plugin** – Retrieves configuration and licensing status +- 🔌 **Defender for Identity Plugin** – Extracts rules and signals used in audit logic + +Plugins are executed sequentially, and their results are normalized before being uploaded to the Azure SQL Database. -Because the service configuration of each license is expressed differently, plugins are used to interface the core engine into the various configurations for the license in question. +📖 See full list in [Reference → Plugins](Reference.md#plugin-overview) --- -## Technical Breakdown +## Infrastructure Architecture -Discover is broken into three distinct parts: +The infrastructure diagram below shows how the Discover engine interacts with Microsoft services and securely stores results in Azure SQL: -- Core Engine -- Database Boilerplate -- Plugins +### Infrastructure Flow -## Core Engine +```mermaid +flowchart + subgraph "Client Environment" + Client["PowerShell Client"] + end -The core engine is responsible for authenticating to the various APIs, such as the M365 substrate, Graph API and Azure Rest API. + subgraph "Microsoft Trust Boundary (Cloud Boundary)" + EntraId["Entra ID"] + SqlDb[("Azure SQL Database")] + end -The core engine is also responsible for making sure the DB Tables are present and have the correct Schema. + Client --> | Step 1 - Request Auth Code | EntraId + EntraId --> | Step 2 - Receive Auth Code | Client + Client --> | Step 3 - Data + Auth Token | SqlDb + SqlDb --> | Step 4 - Validate Auth Token | EntraId + EntraId --> | Step 5 - Auth Token Confirmation | SqlDb + SqlDb --> | Step 6 - Confirm DB Operation | Client +``` -The core engine's final responsibility is to enumerate, validate and execute the plugins. +📄 Download annotated threat model: [Infrastructure Threat Model (.tm7)](assets/threat-models/infrastructure.tm7) -## Database Boilerplate +--- + +## Execution Process + +The following diagram shows the plugin execution flow from engine startup through plugin enumeration, execution, and data upload. + +### Execution Flowchart + +```mermaid +flowchart TD + +AzSqlDb[("Report Storage")] + +Start["Start"] +Initialization["Configure Core Engine"] +LoginHost["Log into Az SQL Server's tenant"] +LoginCustomer["Log into tenant that\ndata is to be retrieved from"] +ReportCorelationRecord["Create a record to\ncorrelate all counts for a run"] +LoadPlugins["Enumerate/Validate and Run Plugins"] + +subgraph plugin +StartPlugin["Start execution\non specified plugin"] +GetData["Query APIs to get configuration data"] +ProcessData["Organize and Deduplicate Data"] +ReportProcessedData["Upload Processed Data to Az SQL DB"] +EndPlugin["End execution\nof current plugin"] +end + +LoopPlugin["Check if another\nplugin is present"] +LogOut["Log out of all sessions"] +SuccessEnd["Finish Reporting\nSuccessfully"] + +Start --> Initialization +Initialization --> LoginHost +LoginHost --> LoginCustomer +LoginCustomer --> ReportCorelationRecord +ReportCorelationRecord -.-> AzSqlDb +ReportCorelationRecord --> LoadPlugins +LoadPlugins --> StartPlugin +StartPlugin --> GetData +GetData --> ProcessData +ProcessData --> ReportProcessedData +ReportProcessedData -.-> AzSqlDb +ReportProcessedData --> EndPlugin +EndPlugin --> LoopPlugin +LoopPlugin -->|If Yes| StartPlugin +LoopPlugin -->|If No| LogOut +LogOut --> SuccessEnd +``` + +--- + +## Related Pages + +- [Discover Deployment](Deployment.md) +- [Discover Usage Guide](Usage-Guide.md) +- [Discover Reference](Reference.md) +- [Troubleshooting Discover](Troubleshooting.md) -The DB boilerplate system is responsible for ensuring data is in the correct format and running the SQL statements against the DB. +# Overview -## Plugins +The Discover module enables advanced licensing intelligence and compliance reporting for Microsoft 365 services. It retrieves configuration data from multiple service APIs, analyzes it, and stores compliance results in an Azure SQL database for visualization in tools like Power BI. -Plugins are responsible for retrieving and standardizing the service configuration data. +Discover is plugin-driven, lightweight, and runs entirely from the client environment via PowerShell. --- -## See Also +## What Discover Does + +- Retrieves Microsoft service configuration data using Graph API and Defender APIs +- Evaluates license assignments against usage and configuration +- Stores structured results in an Azure SQL database +- Visualizes data using third-party tools such as Power BI + +Discover allows organizations to: + +- Ensure license assignments match technical requirements +- Detect gaps in purchased vs. configured capabilities +- Automate configuration audits across tenants + +--- + +## Plugin Architecture + +Discover’s core engine is extensible through plugins. Each plugin is responsible for extracting and evaluating configuration from a specific service: + +- 🔌 **Entra ID Plugin** – Retrieves directory and user-level settings +- 🔌 **Defender for Endpoint Plugin** – Retrieves configuration and licensing status +- 🔌 **Defender for Identity Plugin** – Extracts rules and signals used in audit logic + +Plugins are executed sequentially, and their results are normalized before being uploaded to the Azure SQL Database. + +📖 See full list in [Reference → Plugins](Reference.md#plugin-overview) + +--- + +## Infrastructure Architecture + +The infrastructure diagram below shows how the Discover engine interacts with Microsoft services and securely stores results in Azure SQL: + +### Infrastructure Flow + +```mermaid +flowchart + subgraph "Client Environment" + Client["PowerShell Client"] + end + + subgraph "Microsoft Trust Boundary (Cloud Boundary)" + EntraId["Entra ID"] + SqlDb[("Azure SQL Database")] + end + + Client --> | Step 1 - Request Auth Code | EntraId + EntraId --> | Step 2 - Receive Auth Code | Client + Client --> | Step 3 - Data + Auth Token | SqlDb + SqlDb --> | Step 4 - Validate Auth Token | EntraId + EntraId --> | Step 5 - Auth Token Confirmation | SqlDb + SqlDb --> | Step 6 - Confirm DB Operation | Client +``` + +📄 Download annotated threat model: [Infrastructure Threat Model (.tm7)](assets/threat-models/infrastructure.tm7) + +--- + +## Execution Process + +The following diagram shows the plugin execution flow from engine startup through plugin enumeration, execution, and data upload. + +### Execution Flowchart + +```mermaid +flowchart TD + +AzSqlDb[("Report Storage")] + +Start["Start"] +Initialization["Configure Core Engine"] +LoginHost["Log into Az SQL Server's tenant"] +LoginCustomer["Log into tenant that\ndata is to be retrieved from"] +ReportCorelationRecord["Create a record to\ncorrelate all counts for a run"] +LoadPlugins["Enumerate/Validate and Run Plugins"] + +subgraph plugin +StartPlugin["Start execution\non specified plugin"] +GetData["Query APIs to get configuration data"] +ProcessData["Organize and Deduplicate Data"] +ReportProcessedData["Upload Processed Data to Az SQL DB"] +EndPlugin["End execution\nof current plugin"] +end + +LoopPlugin["Check if another\nplugin is present"] +LogOut["Log out of all sessions"] +SuccessEnd["Finish Reporting\nSuccessfully"] + +Start --> Initialization +Initialization --> LoginHost +LoginHost --> LoginCustomer +LoginCustomer --> ReportCorelationRecord +ReportCorelationRecord -.-> AzSqlDb +ReportCorelationRecord --> LoadPlugins +LoadPlugins --> StartPlugin +StartPlugin --> GetData +GetData --> ProcessData +ProcessData --> ReportProcessedData +ReportProcessedData -.-> AzSqlDb +ReportProcessedData --> EndPlugin +EndPlugin --> LoopPlugin +LoopPlugin -->|If Yes| StartPlugin +LoopPlugin -->|If No| LogOut +LogOut --> SuccessEnd +``` + +--- + +## Related Pages + +- [Discover Deployment](Deployment.md) +- [Discover Usage Guide](Usage-Guide.md) +- [Discover Reference](Reference.md) +- [Troubleshooting Discover](Troubleshooting.md) -- [Supported Licenses](Supported-Licenses.md) -- [Plugins](Plugins/Overview.md) From 9a1170bf39deada353a063bb61f0545c96ec762a Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 10:07:25 -0500 Subject: [PATCH 14/26] Commit 5.1: Cleaned up deprecated Deploy module files and fixed broken internal references --- .../Identity-Protection-Policy.md | 8 ----- .../deprecated-MDE-Enable.md | 9 ----- .../deprecated-index.md | 36 ------------------- .../Deploy/Securing-Privileged-Access.md | 8 ----- .../Deploy/Troubleshooting/Uninstall.md | 8 ----- .../Data-Formats/Intune Scope Tag.md | 6 ++-- docs/SHIELD/index.md | 2 +- 7 files changed, 4 insertions(+), 73 deletions(-) delete mode 100644 docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md delete mode 100644 docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-MDE-Enable.md delete mode 100644 docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-index.md delete mode 100644 docs/SHIELD/Deploy/Securing-Privileged-Access.md delete mode 100644 docs/SHIELD/Deploy/Troubleshooting/Uninstall.md diff --git a/docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md b/docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md deleted file mode 100644 index 581fe24..0000000 --- a/docs/SHIELD/Deploy/Architecture/Infrastructure/Identity-Protection-Policy.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This content has been merged into the new [Deploy Documentation](../../index.md). diff --git a/docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-MDE-Enable.md b/docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-MDE-Enable.md deleted file mode 100644 index 95c75f3..0000000 --- a/docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-MDE-Enable.md +++ /dev/null @@ -1,9 +0,0 @@ -# Defender for Endpoint - Workspace Creation - -The first time Microsoft Defender for Endpoint's (MDE) UI is loaded, it creates a workspace to store all of the security, usage, and telemetry data. - -This automated workspace provisioning process can be completed by navigating to the [Microsoft 365 Defender Portal](https://security.microsoft.com){:target="_blank"} and selecting the devices tab on the left. - -If the list of devices in table format loads, the workspace has already been set up. - -If you get a splash screen saying the workspace/MDE is being set up, please wait until the process has completed. After the splash screen disappears, MDE is fully initialized in the tenant. diff --git a/docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-index.md b/docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-index.md deleted file mode 100644 index f4e983c..0000000 --- a/docs/SHIELD/Deploy/Deprecated-Usage-Guide/deprecated-index.md +++ /dev/null @@ -1,36 +0,0 @@ -# Deploy Core Infrastructure - -You have to meet the prerequisites before being able to deploy the core infrastructure. -The core infrastructure is where the main configurations reside for the SHIELD product. -Once this is deployed, the configurations can be customized and the lifecycle management system can be used. - -After deployment, the only parts of the core infrastructure that can't be touched are the `security groups`, `Intune scope tags` and `Entra ID Administrative Units`. All other items can be modified, including the device configurations, autopilot profiles and conditional access. - -!!! note "Prerequisites Check" - Don't forget to make sure you meet the prerequisites as listed here: - [Getting Started - Prerequisites](../../Prerequisites.md) - ---- - -## Deployment - -After the pre-requisites are met, you can deploy the core infrastructure. -Deploying the core-infrastructure is pretty easy: - -1. Open the SHI Orchestration Platform app to the URL that you deployed to. It will open itself to the `Infrastructure Deployment` page. - - !!! note "Portal Location" - By default, this is a subdomain at `{your-company}.azurewebsites.net` - -2. Read the `Terms and Conditions` document and if you agree, select the `I agree to the terms and conditions` check box. This will enable and arm the `Deploy Infrastructure` button. - - ![Screenshot of the Infrastructure Deployment page showing the "I agree" button as checked and the deploy button as enabled. The check box is highlighted by a red box indicating what should be selected.](../../../assets/Images/Screenshots/Core-Infrastructure-Deployment.png){ loading=lazy } - -3. Push the `Deploy Infrastructure` button. This will deploy all the supporting components to the lifecycle management system. - - ![Screenshot of the core infrastructure deployment spinner indicating a deployment is in progress. The spinner has been highlighted by a red box indicating where the deployment in progress spinner will appear.](../../../assets/Images/Screenshots/Spinner.png){ loading=lazy } - -4. Once the deployment has completed it will redirect you to the home screen as seen in the below screenshot. - - ![Screenshot of the home page with the navigation cards visible.](../../../assets/Images/Screenshots/Home-Screen-Light.png#only-light){ loading=lazy } - ![Screenshot of the home page with the navigation cards visible.](../../../assets/Images/Screenshots/Home-Screen-Dark.png#only-dark){ loading=lazy } diff --git a/docs/SHIELD/Deploy/Securing-Privileged-Access.md b/docs/SHIELD/Deploy/Securing-Privileged-Access.md deleted file mode 100644 index ad49e95..0000000 --- a/docs/SHIELD/Deploy/Securing-Privileged-Access.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This content has been merged into the new [Deploy Documentation](../index.md). diff --git a/docs/SHIELD/Deploy/Troubleshooting/Uninstall.md b/docs/SHIELD/Deploy/Troubleshooting/Uninstall.md deleted file mode 100644 index ad49e95..0000000 --- a/docs/SHIELD/Deploy/Troubleshooting/Uninstall.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This content has been merged into the new [Deploy Documentation](../index.md). diff --git a/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md index 0acfad5..4916c63 100644 --- a/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md +++ b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md @@ -49,7 +49,7 @@ Technical details on the properties/values that can be set on the root/common sc This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates privileged configurations from other [security classes](../../../Deploy/Securing-Privileged-Access.md). +This is the ID of the Intune Role Scope Tag that separates privileged configurations from other [security classes](../../../Deploy/index.md#what-is-spa). **Example:** `PsmId=21` @@ -62,7 +62,7 @@ This is the ID of the Intune Role Scope Tag that separates privileged configurat This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates specialized configurations from other [security classes](../../../Deploy/Securing-Privileged-Access.md). +This is the ID of the Intune Role Scope Tag that separates specialized configurations from other [security classes](../../../Deploy/index.md#what-is-spa). **Example:** `SsmId=21` @@ -75,7 +75,7 @@ This is the ID of the Intune Role Scope Tag that separates specialized configura This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates enterprise configurations from other [security classes](../../../Deploy/Securing-Privileged-Access.md). +This is the ID of the Intune Role Scope Tag that separates enterprise configurations from other [security classes](../../../Deploy/index.md#what-is-spa). **Example:** `EsmId=21` diff --git a/docs/SHIELD/index.md b/docs/SHIELD/index.md index 73bf18a..abdff10 100644 --- a/docs/SHIELD/index.md +++ b/docs/SHIELD/index.md @@ -44,5 +44,5 @@ In the rest of the documentation, we will provide detailed instructions on how t - Change Log - Coming Soon! - [SHIELD Architecture](Reference/Architecture/index.md) - [API Documentation](Reference/Development/OpenAPI.md) -- [Troubleshooting](Deploy/Troubleshooting/Uninstall.md) +- [Troubleshooting](Deploy/Troubleshooting.md) - [Contact Us](https://shilab.com/contact) From 868f9a25aec7381f3c64731e05229262680bdf5f Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 10:39:04 -0500 Subject: [PATCH 15/26] Commit 5.2: Refactored Defend Usage Guide into folder-based index.md structure --- docs/SHIELD/0-Getting-Started/index.md | 2 +- docs/SHIELD/Defend/Deployment.md | 4 +- docs/SHIELD/Defend/Overview/index.md | 3 -- docs/SHIELD/Defend/Prerequisites.md | 6 +-- .../Defend/Reference/Hardware-Selection.md | 2 +- .../{Reference.md => Reference/index.md} | 22 ++++----- docs/SHIELD/Defend/Troubleshooting.md | 8 ++-- .../Defend/Usage-Guide/deprecated-index.md | 8 ---- .../{Usage-Guide.md => Usage-Guide/index.md} | 46 +++++++++---------- docs/SHIELD/Defend/index.md | 4 +- docs/SHIELD/Prerequisites.md | 2 +- docs/SHIELD/index.md | 2 +- docs/index.md | 2 +- 13 files changed, 50 insertions(+), 61 deletions(-) delete mode 100644 docs/SHIELD/Defend/Overview/index.md rename docs/SHIELD/Defend/{Reference.md => Reference/index.md} (79%) delete mode 100644 docs/SHIELD/Defend/Usage-Guide/deprecated-index.md rename docs/SHIELD/Defend/{Usage-Guide.md => Usage-Guide/index.md} (61%) diff --git a/docs/SHIELD/0-Getting-Started/index.md b/docs/SHIELD/0-Getting-Started/index.md index 14aa9b8..cf3eeb9 100644 --- a/docs/SHIELD/0-Getting-Started/index.md +++ b/docs/SHIELD/0-Getting-Started/index.md @@ -14,4 +14,4 @@ The server is deployed first then the server deploys the core infrastructure. 3. Manage your infrastructure using the SHIELD app's Lifecycle management engine:
- [:fontawesome-solid-rotate: Manage Lifecycle](../Defend/Usage-Guide.md){ .md-button } + [:fontawesome-solid-rotate: Manage Lifecycle](../Defend/Usage-Guide/index.md){ .md-button } diff --git a/docs/SHIELD/Defend/Deployment.md b/docs/SHIELD/Defend/Deployment.md index aa8d074..425bc14 100644 --- a/docs/SHIELD/Defend/Deployment.md +++ b/docs/SHIELD/Defend/Deployment.md @@ -53,7 +53,7 @@ To use Defend, the following must already be deployed: ## Related Pages - [Defend Overview](index.md) -- [Defend Usage Guide](Usage-Guide.md) -- [Defend Reference](Reference.md) +- [Defend Usage Guide](Usage-Guide/index.md) +- [Defend Reference](Reference/index.md) - [Troubleshooting](Troubleshooting.md) - [SHIELD Platform Deployment](../Deployment.md) \ No newline at end of file diff --git a/docs/SHIELD/Defend/Overview/index.md b/docs/SHIELD/Defend/Overview/index.md deleted file mode 100644 index 1b0edc7..0000000 --- a/docs/SHIELD/Defend/Overview/index.md +++ /dev/null @@ -1,3 +0,0 @@ -# Defend - -Coming soon! \ No newline at end of file diff --git a/docs/SHIELD/Defend/Prerequisites.md b/docs/SHIELD/Defend/Prerequisites.md index 48c6ea3..15ef77b 100644 --- a/docs/SHIELD/Defend/Prerequisites.md +++ b/docs/SHIELD/Defend/Prerequisites.md @@ -53,14 +53,14 @@ To verify: 3. If a table of devices appears, your workspace is ready 4. If prompted to initialize setup, follow instructions and wait until the UI is fully active -📖 For more detail, see the [Defend Usage Guide](Usage-Guide.md), under **Defender for Endpoint Workspace Creation** +📖 For more detail, see the [Defend Usage Guide](Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** --- ## Related Pages - [Defend Deployment](Deployment.md) -- [Defend Usage Guide](Usage-Guide.md) -- [Hardware Requirements](Reference.md) +- [Defend Usage Guide](Usage-Guide/index.md) +- [Hardware Requirements](Reference/index.md) - [SHIELD Prerequisites](../Prerequisites.md) diff --git a/docs/SHIELD/Defend/Reference/Hardware-Selection.md b/docs/SHIELD/Defend/Reference/Hardware-Selection.md index 4040d1e..09c9bc8 100644 --- a/docs/SHIELD/Defend/Reference/Hardware-Selection.md +++ b/docs/SHIELD/Defend/Reference/Hardware-Selection.md @@ -54,6 +54,6 @@ For further guidance on hardware selection or compatibility, please refer to the ## See Also -- [Lifecycle Management Overview](../Usage-Guide.md): Learn more about the lifecycle management features of SHIELD and how it simplifies the management of user and device objects. +- [Lifecycle Management Overview](../Usage-Guide/index.md): Learn more about the lifecycle management features of SHIELD and how it simplifies the management of user and device objects. - [Commissioning a New Device](../Usage-Guide/Device/0-Commission.md): Step-by-step guide on commissioning (adopting) a new device using SHIELD. - [Decommission a Managed Device](../Usage-Guide/Device/1-Decommission.md): Step-by-step guide on decommissioning (removing) a device that is currently being managed by SHIELD. diff --git a/docs/SHIELD/Defend/Reference.md b/docs/SHIELD/Defend/Reference/index.md similarity index 79% rename from docs/SHIELD/Defend/Reference.md rename to docs/SHIELD/Defend/Reference/index.md index 8e4f5dd..8e9381a 100644 --- a/docs/SHIELD/Defend/Reference.md +++ b/docs/SHIELD/Defend/Reference/index.md @@ -7,7 +7,7 @@ This reference page for the Defend module provides a comprehensive view of all s - Notes on privileged workflows - Relevant configuration examples -All information here is specific to the Defend module and complements the main [Usage Guide](Usage-Guide.md). +All information here is specific to the Defend module and complements the main [Usage Guide](../Usage-Guide/index.md). --- @@ -49,26 +49,26 @@ Each SHIELD lifecycle action is mapped to a standardized backend workflow. The f ### Device Workflow Diagrams #### Commission Device -📊 [Device - Commission](Reference/Diagrams/Device-Commission.md) +📊 [Device - Commission](./Diagrams/Device-Commission.md) #### Decommission Device -📊 [Device - Decommission](Reference/Diagrams/Device-Decommission.md) +📊 [Device - Decommission](./Diagrams/Device-Decommission.md) #### Assign User to Device -📊 [Device - Assign](Reference/Diagrams/Device-Assign.md) +📊 [Device - Assign](./Diagrams/Device-Assign.md) #### Unassign User from Device -📊 [Device - Unassign](Reference/Diagrams/Device-Unassign.md) +📊 [Device - Unassign](./Diagrams/Device-Unassign.md) --- ### User Workflow Diagrams #### Commission User -📊 [User - Commission](Reference/Diagrams/User-Commission.md) +📊 [User - Commission](./Diagrams/User-Commission.md) #### Decommission User -📊 [User - Decommission](Reference/Diagrams/User-Decommission.md) +📊 [User - Decommission](./Diagrams/User-Decommission.md) --- @@ -76,13 +76,13 @@ Each SHIELD lifecycle action is mapped to a standardized backend workflow. The f A dedicated section for advanced Privileged workflows, including intermediary logic and RBAC extensions, will be added in a future release. -📄 Placeholder: [Privileged Device Workflows](Reference/Lifecycle/Privileged Device Workflows.md) +📄 Placeholder: [Privileged Device Workflows](./Lifecycle/Privileged Device Workflows.md) --- ## Related Pages -- [Defend Usage Guide](Usage-Guide.md) -- [Device Lifecycle](Usage-Guide/Device/0-Commission.md) -- [User Lifecycle](Usage-Guide/User/Commission.md) +- [Defend Usage Guide](../Usage-Guide/index.md) +- [Device Lifecycle](../Usage-Guide/Device/0-Commission.md) +- [User Lifecycle](../Usage-Guide/User/Commission.md) diff --git a/docs/SHIELD/Defend/Troubleshooting.md b/docs/SHIELD/Defend/Troubleshooting.md index e99dc2b..96f26f4 100644 --- a/docs/SHIELD/Defend/Troubleshooting.md +++ b/docs/SHIELD/Defend/Troubleshooting.md @@ -39,7 +39,7 @@ This section addresses common issues encountered when using the Defend module’ - Conditional Access policies are not yet deployed **Resolution:** -- Follow workspace setup verification steps in the [Usage Guide](Usage-Guide.md), under **Defender for Endpoint Workspace Creation** +- Follow workspace setup verification steps in the [Usage Guide](Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** - Check that SHIELD infrastructure was successfully deployed from the Deploy module - Review prerequisites in [Defend Prerequisites](Prerequisites.md) @@ -53,7 +53,7 @@ This section addresses common issues encountered when using the Defend module’ **Resolution:** - Always include current assigned users in the assignment flow -- Ensure wipe behavior for privileged devices is clearly understood (see the [Usage Guide](Usage-Guide.md)) +- Ensure wipe behavior for privileged devices is clearly understood (see the [Usage Guide](Usage-Guide/index.md)) --- @@ -84,7 +84,7 @@ Yes — warnings and confirmations are built into the UI. However, wipe actions ## Related Pages -- [Defend Usage Guide](Usage-Guide.md) -- [Defend Reference](Reference.md) +- [Defend Usage Guide](Usage-Guide/index.md) +- [Defend Reference](Reference/index.md) - [Defend Prerequisites](Prerequisites.md) diff --git a/docs/SHIELD/Defend/Usage-Guide/deprecated-index.md b/docs/SHIELD/Defend/Usage-Guide/deprecated-index.md deleted file mode 100644 index fc1676d..0000000 --- a/docs/SHIELD/Defend/Usage-Guide/deprecated-index.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This page has been merged into [SHIELD Usage Guide](../Usage-Guide.md). diff --git a/docs/SHIELD/Defend/Usage-Guide.md b/docs/SHIELD/Defend/Usage-Guide/index.md similarity index 61% rename from docs/SHIELD/Defend/Usage-Guide.md rename to docs/SHIELD/Defend/Usage-Guide/index.md index 06f49b8..1967bf7 100644 --- a/docs/SHIELD/Defend/Usage-Guide.md +++ b/docs/SHIELD/Defend/Usage-Guide/index.md @@ -25,13 +25,13 @@ Device lifecycle flows differ by class. Devices marked as Privileged undergo mor Commissioning a device registers it with SHIELD and assigns lifecycle metadata. Privileged devices will be wiped if they are Intune-managed to ensure a clean baseline. -📖 [Commission a Device](Usage-Guide/Device/0-Commission.md) -📊 [Workflow Diagram](Reference/Diagrams/Device-Commission.md) +📖 [Commission a Device](./Device/0-Commission.md) +📊 [Workflow Diagram](../Reference/Diagrams/Device-Commission.md) #### UI Example - -![Select Device - Light](../../assets/Images/Screenshots/Select-Unmanaged-Device-Light.png#only-light){ loading=lazy width="300" } -![Select Device - Dark](../../assets/Images/Screenshots/Select-Unmanaged-Device-Dark.png#only-dark){ loading=lazy width="300" } +. +![Select Device - Light](../../../assets/Images/Screenshots/Select-Unmanaged-Device-Light.png#only-light){ loading=lazy width="300" } +![Select Device - Dark](../../../assets/Images/Screenshots/Select-Unmanaged-Device-Dark.png#only-dark){ loading=lazy width="300" } !!! warning "Privileged Commissioning" Wipe commands are issued to Intune-managed devices during commissioning to protect against residual compromise. @@ -42,8 +42,8 @@ Commissioning a device registers it with SHIELD and assigns lifecycle metadata. Removes a device from SHIELD’s lifecycle system. -📖 [Decommission a Device](Usage-Guide/Device/1-Decommission.md) -📊 [Workflow Diagram](Reference/Diagrams/Device-Decommission.md) +📖 [Decommission a Device](./Device/1-Decommission.md) +📊 [Workflow Diagram](../Reference/Diagrams/Device-Decommission.md) --- @@ -51,8 +51,8 @@ Removes a device from SHIELD’s lifecycle system. Assigns one or more users to a privileged device (PAW). All others will be denied access. -📖 [Assign User](Usage-Guide/Device/2-Assign.md) -📊 [Workflow Diagram](Reference/Diagrams/Device-Assign.md) +📖 [Assign User](./Device/2-Assign.md) +📊 [Workflow Diagram](../Reference/Diagrams/Device-Assign.md) --- @@ -60,8 +60,8 @@ Assigns one or more users to a privileged device (PAW). All others will be denie Removes a user’s access from a PAW. If no users remain, a wipe is issued. -📖 [Unassign User](Usage-Guide/Device/3-Unassign.md) -📊 [Workflow Diagram](Reference/Diagrams/Device-Unassign.md) +📖 [Unassign User](./Device/3-Unassign.md) +📊 [Workflow Diagram](../Reference/Diagrams/Device-Unassign.md) --- @@ -73,18 +73,18 @@ SHIELD supports onboarding and offboarding for both privileged and non-privilege Privileged users are created as new cloud-only accounts. Others are brought into management using existing identities. Temporary credentials are generated at creation. -📖 [Commission a User](Usage-Guide/User/Commission.md) -📊 [Workflow Diagram](Reference/Diagrams/User-Commission.md) +📖 [Commission a User](./User/Commission.md) +📊 [Workflow Diagram](../Reference/Diagrams/User-Commission.md) #### UI Example -![Select User - Light](../../assets/Images/Screenshots/Select-Unmanaged-User-Light.png#only-light){ loading=lazy width="300" } -![Select User - Dark](../../assets/Images/Screenshots/Select-Unmanaged-User-Dark.png#only-dark){ loading=lazy width="300" } +![Select User - Light](../../../assets/Images/Screenshots/Select-Unmanaged-User-Light.png#only-light){ loading=lazy width="300" } +![Select User - Dark](../../../assets/Images/Screenshots/Select-Unmanaged-User-Dark.png#only-dark){ loading=lazy width="300" } #### Temporary Credential Dialog -![Temp Credentials - Light](../../assets/Images/Screenshots/Temporary-Credential-Dialog-Light.png#only-light){ loading=lazy } -![Temp Credentials - Dark](../../assets/Images/Screenshots/Temporary-Credential-Dialog-Dark.png#only-dark){ loading=lazy } +![Temp Credentials - Light](../../../assets/Images/Screenshots/Temporary-Credential-Dialog-Light.png#only-light){ loading=lazy } +![Temp Credentials - Dark](../../../assets/Images/Screenshots/Temporary-Credential-Dialog-Dark.png#only-dark){ loading=lazy } --- @@ -92,8 +92,8 @@ Privileged users are created as new cloud-only accounts. Others are brought into Privileged users are deleted from Entra ID. Non-privileged users are simply removed from SHIELD management. -📖 [Decommission a User](Usage-Guide/User/Decommission.md) -📊 [Workflow Diagram](Reference/Diagrams/User-Decommission.md) +📖 [Decommission a User](./User/Decommission.md) +📊 [Workflow Diagram](../Reference/Diagrams/User-Decommission.md) --- @@ -115,7 +115,7 @@ Class is selected at the top of the UI before performing lifecycle actions. ## Related Pages - [Defend Overview](index.md) -- [Device Commissioning](Usage-Guide/Device/0-Commission.md) -- [User Commissioning](Usage-Guide/User/Commission.md) -- [Reference Diagrams](Reference.md) -- [Hardware Requirements](Reference/Hardware-Selection.md) \ No newline at end of file +- [Device Commissioning](./Device/0-Commission.md) +- [User Commissioning](./User/Commission.md) +- [Reference Diagrams](../Reference/index.md) +- [Hardware Requirements](../Reference/Hardware-Selection.md) \ No newline at end of file diff --git a/docs/SHIELD/Defend/index.md b/docs/SHIELD/Defend/index.md index 63e0458..bbc513c 100644 --- a/docs/SHIELD/Defend/index.md +++ b/docs/SHIELD/Defend/index.md @@ -44,7 +44,7 @@ The lifecycle engine handles all object mapping, Intune tagging, group membershi - [Deployment](Deployment.md) - [Prerequisites](Prerequisites.md) -- [Usage Guide](Usage-Guide.md) -- [Reference](Reference.md) +- [Usage Guide](Usage-Guide/index.md) +- [Reference](Reference/index.md) - [Troubleshooting](Troubleshooting.md) diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index 6f26708..0c7192b 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -17,7 +17,7 @@ SHIELD automates secure deployment and lifecycle management using Microsoft 365 ### Environment Requirements - ✅ Deploying user must have **Global Admin Rights** -- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](Defend/Usage-Guide.md), under **Defender for Endpoint Workspace Creation** +- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](Defend/Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** - ✅ [Security Defaults](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) must be disabled in Entra ID - ✅ [Certificate Authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) must be disabled for SHIELD’s security groups diff --git a/docs/SHIELD/index.md b/docs/SHIELD/index.md index abdff10..453374f 100644 --- a/docs/SHIELD/index.md +++ b/docs/SHIELD/index.md @@ -40,7 +40,7 @@ In the rest of the documentation, we will provide detailed instructions on how t ## See Also -- [Usage Guides](Defend/Usage-Guide.md) +- [Usage Guides](Defend/Usage-Guide/index.md) - Change Log - Coming Soon! - [SHIELD Architecture](Reference/Architecture/index.md) - [API Documentation](Reference/Development/OpenAPI.md) diff --git a/docs/index.md b/docs/index.md index 8312e48..16681ef 100644 --- a/docs/index.md +++ b/docs/index.md @@ -20,7 +20,7 @@ Manages the state of security tenant wide using a multi-tiered architecture. ### Defend -[:mag: Defend](SHIELD/Defend/Usage-Guide.md){ .md-button } +[:mag: Defend](SHIELD/Defend/Usage-Guide/index.md){ .md-button } ### Discover From 87a9ee1bf756a71ef2d2d85e00cab578aa217f63 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 11:22:25 -0500 Subject: [PATCH 16/26] Commit 5.3: cleanup and restructure of Discover module with folder-based navigation and content consolidation --- .../Discover/Deployment/0-Prerequisites.md | 8 --- .../Discover/Deployment/Azure-SQL-Database.md | 8 --- .../Deployment/Silent-Installation.md | 8 --- .../Discover/Deployment/Standard-Install.md | 8 --- .../{Deployment.md => Deployment/index.md} | 22 +++---- docs/SHIELD/Discover/Getting-Started.md | 53 ---------------- docs/SHIELD/Discover/Plugins/Overview.md | 14 ----- .../Architecture/Infrastructure.md | 2 +- .../Architecture/Process-Flow.md | 0 .../Discover/Reference/Azure-SQL-Database.md | 63 +++++++++++++++++++ .../{ => Reference}/Database-Schema.md | 7 ++- .../Plugins/DefenderEndpoint.md | 0 .../Plugins/DefenderIdentity.md | 0 .../{ => Reference}/Plugins/EntraID.md | 0 .../{ => Reference}/Reserved-Principals.md | 0 .../{ => Reference}/Supported-Licenses.md | 0 .../{Reference.md => Reference/index.md} | 16 ++--- docs/SHIELD/Discover/Troubleshooting.md | 4 +- docs/SHIELD/Discover/Usage-Guide.md | 8 +-- docs/SHIELD/Discover/index.md | 12 ++-- docs/SHIELD/Prerequisites.md | 8 +-- 21 files changed, 103 insertions(+), 138 deletions(-) delete mode 100644 docs/SHIELD/Discover/Deployment/0-Prerequisites.md delete mode 100644 docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md delete mode 100644 docs/SHIELD/Discover/Deployment/Silent-Installation.md delete mode 100644 docs/SHIELD/Discover/Deployment/Standard-Install.md rename docs/SHIELD/Discover/{Deployment.md => Deployment/index.md} (72%) delete mode 100644 docs/SHIELD/Discover/Getting-Started.md delete mode 100644 docs/SHIELD/Discover/Plugins/Overview.md rename docs/SHIELD/Discover/{ => Reference}/Architecture/Infrastructure.md (92%) rename docs/SHIELD/Discover/{ => Reference}/Architecture/Process-Flow.md (100%) create mode 100644 docs/SHIELD/Discover/Reference/Azure-SQL-Database.md rename docs/SHIELD/Discover/{ => Reference}/Database-Schema.md (94%) rename docs/SHIELD/Discover/{ => Reference}/Plugins/DefenderEndpoint.md (100%) rename docs/SHIELD/Discover/{ => Reference}/Plugins/DefenderIdentity.md (100%) rename docs/SHIELD/Discover/{ => Reference}/Plugins/EntraID.md (100%) rename docs/SHIELD/Discover/{ => Reference}/Reserved-Principals.md (100%) rename docs/SHIELD/Discover/{ => Reference}/Supported-Licenses.md (100%) rename docs/SHIELD/Discover/{Reference.md => Reference/index.md} (81%) diff --git a/docs/SHIELD/Discover/Deployment/0-Prerequisites.md b/docs/SHIELD/Discover/Deployment/0-Prerequisites.md deleted file mode 100644 index 9c6f46e..0000000 --- a/docs/SHIELD/Discover/Deployment/0-Prerequisites.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This content has been merged into [SHIELD Prerequisites](../../Prerequisites.md). diff --git a/docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md b/docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md deleted file mode 100644 index 08004bd..0000000 --- a/docs/SHIELD/Discover/Deployment/Azure-SQL-Database.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This page has been merged into [SHIELD Deployment → Azure SQL Database Setup](../../Deployment.md#azure-sql-database-setup). diff --git a/docs/SHIELD/Discover/Deployment/Silent-Installation.md b/docs/SHIELD/Discover/Deployment/Silent-Installation.md deleted file mode 100644 index bd24401..0000000 --- a/docs/SHIELD/Discover/Deployment/Silent-Installation.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This content has been merged into [SHIELD Deployment → Silent Installation](../../Deployment.md#silent-installation-script-based). diff --git a/docs/SHIELD/Discover/Deployment/Standard-Install.md b/docs/SHIELD/Discover/Deployment/Standard-Install.md deleted file mode 100644 index 5a1aab7..0000000 --- a/docs/SHIELD/Discover/Deployment/Standard-Install.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This content has been merged into [SHIELD Deployment → Standard Installation](../../Deployment.md#standard-installation-gui-based). diff --git a/docs/SHIELD/Discover/Deployment.md b/docs/SHIELD/Discover/Deployment/index.md similarity index 72% rename from docs/SHIELD/Discover/Deployment.md rename to docs/SHIELD/Discover/Deployment/index.md index 2c5bf58..2557ceb 100644 --- a/docs/SHIELD/Discover/Deployment.md +++ b/docs/SHIELD/Discover/Deployment/index.md @@ -25,18 +25,18 @@ Use the GUI-based MSI for interactive setup. This is recommended for most enviro #### Main Installer Screen -![Installer - Light](assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } -![Installer - Dark](assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } +![Installer - Light](../assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } +![Installer - Dark](../assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } #### Dropdown Menu -![Dropdown - Light](assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } -![Dropdown - Dark](assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } +![Dropdown - Light](../assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } +![Dropdown - Dark](../assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } #### Advanced Configuration -![Advanced Config - Light](assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } -![Advanced Config - Dark](assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } +![Advanced Config - Light](../assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } +![Advanced Config - Dark](../assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } !!! note "Shortcut Behavior" Machine-wide installs of PowerShell require launching Discover via CLI. Desktop shortcuts are only supported for user-scoped installs. @@ -85,15 +85,15 @@ Before installation, ensure your Azure SQL database is provisioned: - Entra ID authentication is enabled - Your user has permission to create and write to the DB -- [Auto-permissions tool](Reference.md#azure-sql-configuration) is available for bulk role assignment +- [Auto-permissions tool](../Reference/index.md#azure-sql-configuration) is available for bulk role assignment -📖 See full details in the [Reference Guide](Reference.md#azure-sql-configuration) +📖 See full details in the [Reference Guide](../Reference/index.md#azure-sql-configuration) --- ## Related Pages - [Discover Overview](index.md) -- [Discover Usage Guide](Usage-Guide.md) -- [Reference](Reference.md) -- [Troubleshooting](Troubleshooting.md) \ No newline at end of file +- [Discover Usage Guide](../Usage-Guide.md) +- [Reference](../Reference/index.md) +- [Troubleshooting](../Troubleshooting.md) \ No newline at end of file diff --git a/docs/SHIELD/Discover/Getting-Started.md b/docs/SHIELD/Discover/Getting-Started.md deleted file mode 100644 index c093f0a..0000000 --- a/docs/SHIELD/Discover/Getting-Started.md +++ /dev/null @@ -1,53 +0,0 @@ -# Getting Started - -Please read through the [prerequisites](../Prerequisites.md) to make sure you have all you need before you begin. - -If you have not already installed the Discover app, please follow the [installation guide](Deployment/Standard-Install.md). - -## Default Mode - -Default mode runs Discover authentication in a InPrivate/Incognito window. -It also uses all of the configured database settings and can't be overridden. -The majority of the time, this is what should be run. Please reach out to SHI or your security department if other options are required. - -1. Double click the desktop icon titled `Run Discover` - -2. Log into the Az SQL Database (Only first log in screen) - -3. Log into the tenant to be analyzed (All subsequent login screens) - - !!! info "Authentication Info" - The first authentication prompt is for the tenant that the reports will be saved in. - Log in with the account that is authorized to write to the reports DB. - - The next set of login prompts are for the tenant that should be analyzed for license compliance. - You will need to log into the account more than once due to the type of systems that will be analyzed. - -4. Sit back and relax while the engine retrieves and reports the compliance status of the target tenant. - -## CLI Mode - -1. Open PowerShell 7 - -2. Run `Get-LicenseCompliance` - - !!! info "Configuration Info" - For information on the various modes of operation, parameters, and configurations, please run `Get-Help Get-LicenseCompliance` to get the latest information. - -3. Log into the Az SQL and tenant to be analyzed. - - !!! info "Authentication Info" - The first authentication prompt is for the tenant that the reports will be saved in. - Log in with the account that is authorized to write to the reports DB. - - The next set of login prompts are for the tenant that should be analyzed for license compliance. - You will need to log into the account more than once due to the type of systems that will be analyzed. - -4. Sit back and relax while the engine retrieves and reports the compliance status of the target tenant. - -## See Also - -- [Prerequisites](Deployment/0-Prerequisites.md) -- [Installation Guide](Deployment/Standard-Install.md) -- [Silent Installation](Deployment/Silent-Installation.md) -- [Installing PowerShell on Windows](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows) diff --git a/docs/SHIELD/Discover/Plugins/Overview.md b/docs/SHIELD/Discover/Plugins/Overview.md deleted file mode 100644 index 6e8e4fe..0000000 --- a/docs/SHIELD/Discover/Plugins/Overview.md +++ /dev/null @@ -1,14 +0,0 @@ -# Overview - -The Discover product uses plugins to retrieve data, normalize it and send it to the core engine for processing. - -Each plugin can represent one or more license levels. A license level is a set of features that a customer can access based on their subscription plan. For example, the P1 license level includes basic features such as access reviews and identity protection, while the P2 license level includes advanced features such as entitlement management and identity governance. - -Plugins are written in PowerShell and use the Discover PowerShell module to interact with the core engine. The Discover PowerShell module provides cmdlets for authentication, data validation, logging, error handling, and sending data to the core engine. Plugins can also use external APIs to retrieve data from different sources, such as Azure, Microsoft 365, or EntraID. - -When evaluating the available licenses, container licenses are taken into account. -e.g. if you have E3 and E5 licenses and the Entra ID plugin is executed, the available P1 license count will be retrieved from both the E3 and E5 since both of those container licenses have P1 licenses. - -Some plugins may have different behavior, please read the plugin details page for more information on the specific plugin in question. - -Each plugin accesses a different set of service configurations and some plugins access configurations that are not available to global reader. Because of this, each plugin will have the necessary set of permissions documented on the plugin's page. Only the minimum set of permissions needed to operate are listed and the list doesn't inherit from other plugins. diff --git a/docs/SHIELD/Discover/Architecture/Infrastructure.md b/docs/SHIELD/Discover/Reference/Architecture/Infrastructure.md similarity index 92% rename from docs/SHIELD/Discover/Architecture/Infrastructure.md rename to docs/SHIELD/Discover/Reference/Architecture/Infrastructure.md index cd5c693..84e0598 100644 --- a/docs/SHIELD/Discover/Architecture/Infrastructure.md +++ b/docs/SHIELD/Discover/Reference/Architecture/Infrastructure.md @@ -7,7 +7,7 @@ Each plugin interacts with the specific service configuration that is being inte For an annotated threat model of the application's infrastructure architecture, please see the attached Microsoft [Threat Model Tool](https://aka.ms/tmt) representation of the infrastructure architecture. -[Annotated Infrastructure Threat Model](../assets/threat-models/infrastructure.tm7) +[Annotated Infrastructure Threat Model](../../assets/threat-models/infrastructure.tm7) ## Diagram diff --git a/docs/SHIELD/Discover/Architecture/Process-Flow.md b/docs/SHIELD/Discover/Reference/Architecture/Process-Flow.md similarity index 100% rename from docs/SHIELD/Discover/Architecture/Process-Flow.md rename to docs/SHIELD/Discover/Reference/Architecture/Process-Flow.md diff --git a/docs/SHIELD/Discover/Reference/Azure-SQL-Database.md b/docs/SHIELD/Discover/Reference/Azure-SQL-Database.md new file mode 100644 index 0000000..3381f9a --- /dev/null +++ b/docs/SHIELD/Discover/Reference/Azure-SQL-Database.md @@ -0,0 +1,63 @@ +# Azure SQL Database Configuration + +Discover requires a database to be present in order to record its findings. This database is not hosted by or maintained in any way by SHI, and is the sole responsibility of your organization. + +The database requirements are light, which gives you the flexibility to host it however you want in Azure. + +You can use an existing database, or create a new one. We highly recommend to create a new one to reduce potential table name conflicts and improve segmentation. You can name your Discover tables whatever you want in the client configuration. + +Regardless of if you create a new one or use an existing one, you need to have Entra ID authentication enabled and configured for the users that run Discover. + +## Required DB Configurations + +- [X] Azure SQL Database (Recommended) or Managed Instance :material-information-outline:{ title="Any SQL Host that supports Entra ID Authentication" } +- [X] Entra ID Authentication is configured +- [X] The end user has connectivity to the DB host :material-information-outline:{ title="Weather that is through a VPN or directly, or some other way that native Windows networking is compatible with" } + +## Storage + +The Discover engine is extremely efficient with its storage use, for most organizations, this should not exceed the 2GB minimum database size even with repeated use. + +Each run of the Discover tool generates ~`1,676 bytes`, which results in a total usage of ~`40 Kilobytes` per year if using the recommended run frequency (twice monthly) per tenant. + +## Recommended DB Configurations + +- [ ] [Allow only Entra ID Authentication](https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-only-authentication-tutorial){:target="_blank"} :material-information-outline:{ title="No SQL User Auth" } +- [ ] [Reduce IPs allowed to connect to only the set of authorized users](https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure){:target="_blank"} :material-information-outline:{ title="This is a low priority recommendation if Entra ID only authentication is enabled, as most risks are negated when the DB is in that auth mode." } +- [ ] [Configure Database Backups](https://learn.microsoft.com/en-us/azure/azure-sql/database/automated-backups-overview){:target="_blank"} :material-information-outline:{ title="Store a copy of the data to prevent tamper/loss" } +- [ ] [Enable Defender for Cloud](https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql){:target="_blank"} +- [ ] [Enable Support Operations Auditing](https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview){:target="_blank"} +- [ ] [Enable SQL Auditing](https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview){:target="_blank"} +- [ ] [Integrate all telemetry into your SIEM](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings){:target="_blank"} +- [ ] Do not enable BYOK/HYOK/CMK unless you are legally required to do so :material-information-outline:{ title="More info is available via call/meeting with us on this topic." } +- [ ] [Set up Azure Monitor to alert on low storage space and compute](https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts){:target="_blank"} + +## Auto Permissions Assignment Tool + +Discover comes with a security group permissions management auto configuration tool to make it easier to permission an Azure SQL DB for Entra ID auth at scale. + +This tool will take the specified security groups (as identified by their object IDs) and grant them read and write permissions in the DB through Entra ID authentication. + +To use authorization auto config tool: + +1. Deploy the client software to the computer that you are going to run the commands from. +2. Run the below command + +```PowerShell title="SQL Authorization Auto Configuration" +Add-AzLicenseDb -SubscriptionId 'c82e42ee-4dea-450e-8f24-52ff699a8f99' -ReadGroupId '16ffec1f-4062-4dd2-8d73-b4882fcc9bb8' -WriteGroupId '3a48f409-5847-47bf-bad9-7235a7c38e3c' +``` + +!!! info "Note on IDs in Example Code" + Replace the IDs with your environment's specific IDs. + +!!! question "In-depth docs" + For more information about available options, please run the below for the complete set of information on the auto config tool + + ```PowerShell title="Help Docs for Auto Config Tool" + Get-Help -Name 'Add-AzLicenseDb' -Full + ``` + +## See Also + +- [Standard Installation](../Deployment/index.md#standard-installation-gui-based) +- [Silent Installation](../Deployment/index.md#silent-installation-script-based) diff --git a/docs/SHIELD/Discover/Database-Schema.md b/docs/SHIELD/Discover/Reference/Database-Schema.md similarity index 94% rename from docs/SHIELD/Discover/Database-Schema.md rename to docs/SHIELD/Discover/Reference/Database-Schema.md index b34febe..f112bf4 100644 --- a/docs/SHIELD/Discover/Database-Schema.md +++ b/docs/SHIELD/Discover/Reference/Database-Schema.md @@ -9,7 +9,7 @@ One of these records will be generated per run and contains the login informatio The License Data table stores the specific metadata for a single license. This includes data such as the count of used and available licenses as well as display names for the license and a correlation ID to link it to a run of the Discover tool. -All values will not be `null` in the DB. If a value can't be retrieved it will be set as 0 or false or the equivalent `null` state for the type of the column, not the `null` value. Please see the documentation for each [plugin](Plugins/Overview.md) to see what values are expected. +All values will not be `null` in the DB. If a value can't be retrieved it will be set as 0 or false or the equivalent `null` state for the type of the column, not the `null` value. Please see the documentation for each [plugin section](../Reference/index.md#plugin-overview) to see what values are expected. ## Diagram @@ -75,5 +75,6 @@ The code will enforce the relationships, the SQL server won't know they exist. ## See Also -- [Plugins](Plugins/Overview.md) -- [Standard Installation](Deployment/Standard-Install.md) +- [plugin section](../Reference/index.md#plugin-overview) +- [Standard Installation](../Deployment/index.md#standard-installation-gui-based) + diff --git a/docs/SHIELD/Discover/Plugins/DefenderEndpoint.md b/docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md similarity index 100% rename from docs/SHIELD/Discover/Plugins/DefenderEndpoint.md rename to docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md diff --git a/docs/SHIELD/Discover/Plugins/DefenderIdentity.md b/docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md similarity index 100% rename from docs/SHIELD/Discover/Plugins/DefenderIdentity.md rename to docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md diff --git a/docs/SHIELD/Discover/Plugins/EntraID.md b/docs/SHIELD/Discover/Reference/Plugins/EntraID.md similarity index 100% rename from docs/SHIELD/Discover/Plugins/EntraID.md rename to docs/SHIELD/Discover/Reference/Plugins/EntraID.md diff --git a/docs/SHIELD/Discover/Reserved-Principals.md b/docs/SHIELD/Discover/Reference/Reserved-Principals.md similarity index 100% rename from docs/SHIELD/Discover/Reserved-Principals.md rename to docs/SHIELD/Discover/Reference/Reserved-Principals.md diff --git a/docs/SHIELD/Discover/Supported-Licenses.md b/docs/SHIELD/Discover/Reference/Supported-Licenses.md similarity index 100% rename from docs/SHIELD/Discover/Supported-Licenses.md rename to docs/SHIELD/Discover/Reference/Supported-Licenses.md diff --git a/docs/SHIELD/Discover/Reference.md b/docs/SHIELD/Discover/Reference/index.md similarity index 81% rename from docs/SHIELD/Discover/Reference.md rename to docs/SHIELD/Discover/Reference/index.md index cf6a6cb..c39a245 100644 --- a/docs/SHIELD/Discover/Reference.md +++ b/docs/SHIELD/Discover/Reference/index.md @@ -16,7 +16,7 @@ Discover uses a plugin architecture to retrieve data from Microsoft 365 services | **Defender for Endpoint** | Collects device configurations and security compliance mappings | | **Defender for Identity** | Evaluates privileged identity policies, alerts, and audit logic | -📖 Plugin logic is described in the [Execution Flow Diagram](index.md#execution-process) +📖 Plugin logic is described in the [Execution Flow Diagram](../index.md#execution-process) --- @@ -57,7 +57,7 @@ Some Entra ID accounts are marked as reserved and should not be altered by autom ## Azure SQL Configuration -Discover requires an Azure SQL Database for storing its results. Refer to [Deployment → Azure SQL Setup](Deployment.md#azure-sql-configuration) for setup steps. +Discover requires an Azure SQL Database for storing its results. Refer to [Deployment → Azure SQL Setup](../Deployment/index.md#azure-sql-configuration) for setup steps. To automatically configure permissions via PowerShell: @@ -75,14 +75,14 @@ Get-Help -Name 'Add-AzLicenseDb' -Full ### Infrastructure Diagram -📖 See [Infrastructure Diagram](index.md#infrastructure-architecture) +📖 See [Infrastructure Diagram](../index.md#infrastructure-architecture) - Shows PowerShell client to Entra ID + SQL interaction -- Includes threat model reference: [infrastructure.tm7](assets/threat-models/infrastructure.tm7) +- Includes threat model reference: [infrastructure.tm7](../assets/threat-models/infrastructure.tm7) ### Execution Flow -📖 See [Execution Flow](index.md#execution-process) +📖 See [Execution Flow](../index.md#execution-process) - Describes correlation record creation, plugin execution loop, and upload pattern @@ -91,6 +91,6 @@ Get-Help -Name 'Add-AzLicenseDb' -Full ## Related Pages - [Discover Overview](index.md) -- [Deployment](Deployment.md) -- [Usage Guide](Usage-Guide.md) -- [Troubleshooting](Troubleshooting.md) \ No newline at end of file +- [Deployment](../Deployment/index.md) +- [Usage Guide](../Usage-Guide.md) +- [Troubleshooting](../Troubleshooting.md) \ No newline at end of file diff --git a/docs/SHIELD/Discover/Troubleshooting.md b/docs/SHIELD/Discover/Troubleshooting.md index 22d09e6..5d917d0 100644 --- a/docs/SHIELD/Discover/Troubleshooting.md +++ b/docs/SHIELD/Discover/Troubleshooting.md @@ -82,7 +82,7 @@ Yes. You may add new plugin files to the plugin directory and rerun the audit. ## Related Pages - [Discover Overview](index.md) -- [Deployment](Deployment.md) +- [Deployment](Deployment/index.md) - [Usage Guide](Usage-Guide.md) -- [Reference](Reference.md) +- [Reference](Reference/index.md) diff --git a/docs/SHIELD/Discover/Usage-Guide.md b/docs/SHIELD/Discover/Usage-Guide.md index 895e6dc..4533028 100644 --- a/docs/SHIELD/Discover/Usage-Guide.md +++ b/docs/SHIELD/Discover/Usage-Guide.md @@ -32,7 +32,7 @@ When Discover runs, it processes all installed plugins in order: Each plugin runs independently and its results are normalized before database submission. -📖 Plugin behavior is described in [Reference → Plugin Overview](Reference.md#plugin-overview) +📖 Plugin behavior is described in [Reference → Plugin Overview](Reference/index.md#plugin-overview) --- @@ -42,7 +42,7 @@ Each plugin runs independently and its results are normalized before database su - Each run generates a correlation record with timestamp and run metadata - You can query this database directly using SQL tools or BI platforms (like Power BI) -The schema is documented in the [Reference Guide](Reference.md#database-schema) +The schema is documented in the [Reference Guide](Reference/index.md#database-schema) --- @@ -61,7 +61,7 @@ Simply connect to your Azure SQL DB using Power BI Desktop and load the relevant ## Related Pages - [Discover Overview](index.md) -- [Discover Deployment](Deployment.md) -- [Reference](Reference.md) +- [Discover Deployment](Deployment/index.md) +- [Reference](Reference/index.md) - [Troubleshooting](Troubleshooting.md) diff --git a/docs/SHIELD/Discover/index.md b/docs/SHIELD/Discover/index.md index 5d55624..6be85a6 100644 --- a/docs/SHIELD/Discover/index.md +++ b/docs/SHIELD/Discover/index.md @@ -31,7 +31,7 @@ Discover’s core engine is extensible through plugins. Each plugin is responsib Plugins are executed sequentially, and their results are normalized before being uploaded to the Azure SQL Database. -📖 See full list in [Reference → Plugins](Reference.md#plugin-overview) +📖 See full list in [Reference → Plugin Overview](Reference/index.md#plugin-overview) --- @@ -116,9 +116,9 @@ LogOut --> SuccessEnd ## Related Pages -- [Discover Deployment](Deployment.md) +- [Discover Deployment](Deployment/index.md) - [Discover Usage Guide](Usage-Guide.md) -- [Discover Reference](Reference.md) +- [Discover Reference](Reference/index.md) - [Troubleshooting Discover](Troubleshooting.md) # Overview @@ -154,7 +154,7 @@ Discover’s core engine is extensible through plugins. Each plugin is responsib Plugins are executed sequentially, and their results are normalized before being uploaded to the Azure SQL Database. -📖 See full list in [Reference → Plugins](Reference.md#plugin-overview) +📖 See full list in [Reference → Plugin Overview](Reference/index.md#plugin-overview) --- @@ -239,8 +239,8 @@ LogOut --> SuccessEnd ## Related Pages -- [Discover Deployment](Deployment.md) +- [Discover Deployment](Deployment/index.md) - [Discover Usage Guide](Usage-Guide.md) -- [Discover Reference](Reference.md) +- [Discover Reference](Reference/index.md) - [Troubleshooting Discover](Troubleshooting.md) diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index 0c7192b..a0a69d8 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -64,10 +64,10 @@ Discover uses read-only Entra ID roles for configuration queries. These permissi | **User Administrator** | Access to user directory properties | **Related plugin guides:** - -- 📄 [Defender for Endpoint](Discover/Plugins/DefenderEndpoint.md) -- 📄 [Defender for Identity](Discover/Plugins/DefenderIdentity.md) -- 📄 [Entra ID](Discover/Plugins/EntraID.md) +docs\SHIELD\Reference\Plugins\DefenderEndpoint.md +- 📄 [Defender for Endpoint](Discover/Reference/Plugins/DefenderEndpoint.md) +- 📄 [Defender for Identity](Discover/Reference/Plugins/DefenderIdentity.md) +- 📄 [Entra ID](Discover/Reference/Plugins/EntraID.md) !!! info "Permissions Note" Discover will never modify your configuration. All operations are read-only and scoped to data retrieval. From 3fc89ab252233eb4e7bb86b62c7546e66a44e700 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 11:52:22 -0500 Subject: [PATCH 17/26] Commit 5.4: cleanup of SHIELD root files and 0-Getting-Started; all links and structure updated --- .../0-Getting-Started/Deployment/Manual-Deployment.md | 8 -------- docs/SHIELD/0-Getting-Started/Usage-Guide/index.md | 8 -------- .../Deployment/Azure-Marketplace.md | 0 .../Deploy/{Deployment.md => Deployment/index.md} | 10 +++++----- .../Reference}/Required-Graph-API-Permissions.md | 0 .../SHIELD/Deploy/{Reference.md => Reference/index.md} | 8 ++++---- docs/SHIELD/Deploy/Troubleshooting.md | 4 ++-- docs/SHIELD/Deploy/Usage-Guide.md | 2 +- docs/SHIELD/Deploy/index.md | 2 +- docs/SHIELD/Deployment.md | 2 +- .../{0-Getting-Started => Getting-Started}/index.md | 2 +- .../Reference/Settings/Configure-Managed-Identity.md | 2 +- .../Deployment => }/Scripts/Install-Sop.ps1 | 0 13 files changed, 16 insertions(+), 32 deletions(-) delete mode 100644 docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md delete mode 100644 docs/SHIELD/0-Getting-Started/Usage-Guide/index.md rename docs/SHIELD/{0-Getting-Started => Deploy}/Deployment/Azure-Marketplace.md (100%) rename docs/SHIELD/Deploy/{Deployment.md => Deployment/index.md} (90%) rename docs/SHIELD/{0-Getting-Started/Deployment => Deploy/Reference}/Required-Graph-API-Permissions.md (100%) rename docs/SHIELD/Deploy/{Reference.md => Reference/index.md} (89%) rename docs/SHIELD/{0-Getting-Started => Getting-Started}/index.md (93%) rename docs/SHIELD/{0-Getting-Started/Deployment => }/Scripts/Install-Sop.ps1 (100%) diff --git a/docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md b/docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md deleted file mode 100644 index 3346bcf..0000000 --- a/docs/SHIELD/0-Getting-Started/Deployment/Manual-Deployment.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This page has been integrated into [SHIELD Deployment](../../Deployment.md). diff --git a/docs/SHIELD/0-Getting-Started/Usage-Guide/index.md b/docs/SHIELD/0-Getting-Started/Usage-Guide/index.md deleted file mode 100644 index 9372158..0000000 --- a/docs/SHIELD/0-Getting-Started/Usage-Guide/index.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This page has been merged into [SHIELD Usage Guide](../../Usage-Guide.md). diff --git a/docs/SHIELD/0-Getting-Started/Deployment/Azure-Marketplace.md b/docs/SHIELD/Deploy/Deployment/Azure-Marketplace.md similarity index 100% rename from docs/SHIELD/0-Getting-Started/Deployment/Azure-Marketplace.md rename to docs/SHIELD/Deploy/Deployment/Azure-Marketplace.md diff --git a/docs/SHIELD/Deploy/Deployment.md b/docs/SHIELD/Deploy/Deployment/index.md similarity index 90% rename from docs/SHIELD/Deploy/Deployment.md rename to docs/SHIELD/Deploy/Deployment/index.md index 8a18f94..4e31ef3 100644 --- a/docs/SHIELD/Deploy/Deployment.md +++ b/docs/SHIELD/Deploy/Deployment/index.md @@ -46,7 +46,7 @@ You’ll then see: - Automatic status updates - A redirect to the home screen when finished -📖 See full UI walkthrough and screenshots in the [Usage Guide](Usage-Guide.md#deploy-core-infrastructure-ui-flow) +📖 See full UI walkthrough and screenshots in the [Usage Guide](../Usage-Guide.md#deploy-core-infrastructure-ui-flow) --- @@ -71,8 +71,8 @@ These cannot be renamed or deleted through the SHIELD UI. ## Related Pages - [Deploy Overview](index.md) -- [Deploy Usage Guide](Usage-Guide.md) -- [Reference Docs](Reference.md) -- [Troubleshooting](Troubleshooting.md) -- [Full SHIELD Deployment](../Deployment.md) +- [Deploy Usage Guide](../Usage-Guide.md) +- [Reference Docs](../Reference/index.md) +- [Troubleshooting](../Troubleshooting.md) +- [Full SHIELD Deployment](../../Deployment.md) diff --git a/docs/SHIELD/0-Getting-Started/Deployment/Required-Graph-API-Permissions.md b/docs/SHIELD/Deploy/Reference/Required-Graph-API-Permissions.md similarity index 100% rename from docs/SHIELD/0-Getting-Started/Deployment/Required-Graph-API-Permissions.md rename to docs/SHIELD/Deploy/Reference/Required-Graph-API-Permissions.md diff --git a/docs/SHIELD/Deploy/Reference.md b/docs/SHIELD/Deploy/Reference/index.md similarity index 89% rename from docs/SHIELD/Deploy/Reference.md rename to docs/SHIELD/Deploy/Reference/index.md index e162926..3d6f300 100644 --- a/docs/SHIELD/Deploy/Reference.md +++ b/docs/SHIELD/Deploy/Reference/index.md @@ -37,7 +37,7 @@ This aligns with Microsoft’s Zero Trust security model and helps enforce separ ## Related Reference Docs -Additional SPA-related configuration details are available in the global [Reference Guide](../Reference.md), including: +Additional SPA-related configuration details are available in the global [Reference Guide](../../Reference.md), including: - Full lifecycle flow diagrams - Microsoft Graph permissions required by SHIELD @@ -48,7 +48,7 @@ Additional SPA-related configuration details are available in the global [Refere ## Related Pages - [Deploy Overview](index.md) -- [Deployment](Deployment.md) -- [Deploy Usage Guide](Usage-Guide.md) -- [Troubleshooting](Troubleshooting.md) +- [Deployment](../Deployment/index.md) +- [Deploy Usage Guide](../Usage-Guide.md) +- [Troubleshooting](../Troubleshooting.md) diff --git a/docs/SHIELD/Deploy/Troubleshooting.md b/docs/SHIELD/Deploy/Troubleshooting.md index 8703948..374a904 100644 --- a/docs/SHIELD/Deploy/Troubleshooting.md +++ b/docs/SHIELD/Deploy/Troubleshooting.md @@ -72,6 +72,6 @@ Yes. SHIELD can be redeployed using the same app interface or script, as long as - [Deploy Overview](../Deploy/index.md) - [Deploy Usage Guide](../Deploy/Usage-Guide.md) -- [Deployment](../Deploy/Deployment.md) -- [Deploy Reference](../Deploy/Reference.md) +- [Deployment](../Deploy/Deployment/index.md) +- [Deploy Reference](../Deploy/Reference/index.md) diff --git a/docs/SHIELD/Deploy/Usage-Guide.md b/docs/SHIELD/Deploy/Usage-Guide.md index a49370d..f89b2d1 100644 --- a/docs/SHIELD/Deploy/Usage-Guide.md +++ b/docs/SHIELD/Deploy/Usage-Guide.md @@ -78,5 +78,5 @@ Once core deployment is complete, your SHIELD UI will provide management cards f - [Deploy Overview](index.md) - [Deployment Guide](../Deployment.md) -- [Reference Docs](Reference.md) +- [Reference Docs](Reference/index.md) - [Troubleshooting](Troubleshooting.md) \ No newline at end of file diff --git a/docs/SHIELD/Deploy/index.md b/docs/SHIELD/Deploy/index.md index 05c4b94..ce7c525 100644 --- a/docs/SHIELD/Deploy/index.md +++ b/docs/SHIELD/Deploy/index.md @@ -78,6 +78,6 @@ By centralizing and automating the deployment of SPA, the Deploy module: - [Deployment Guide](../Deployment.md) - [Deploy Usage Guide](Usage-Guide.md) -- [Deploy Reference](Reference.md) +- [Deploy Reference](Reference/index.md) - [Troubleshooting Deploy Module](Troubleshooting.md) diff --git a/docs/SHIELD/Deployment.md b/docs/SHIELD/Deployment.md index 2110abc..e8c019b 100644 --- a/docs/SHIELD/Deployment.md +++ b/docs/SHIELD/Deployment.md @@ -14,7 +14,7 @@ You can deploy the SHIELD orchestration server manually using a local PowerShell ### Steps 1. **Download** the PowerShell installer: - 👉 [Install-SOP.ps1](0-Getting-Started/Deployment/Scripts/Install-Sop.ps1) + 👉 [Install-SOP.ps1](Scripts/Install-Sop.ps1) 2. **Prepare your environment**: - Note your Azure Subscription ID diff --git a/docs/SHIELD/0-Getting-Started/index.md b/docs/SHIELD/Getting-Started/index.md similarity index 93% rename from docs/SHIELD/0-Getting-Started/index.md rename to docs/SHIELD/Getting-Started/index.md index cf3eeb9..1374b1d 100644 --- a/docs/SHIELD/0-Getting-Started/index.md +++ b/docs/SHIELD/Getting-Started/index.md @@ -6,7 +6,7 @@ The server is deployed first then the server deploys the core infrastructure. 1. To deploy the server, chose from one of the below deployment methods:
- [:fontawesome-solid-file-zipper: Deploy Using Manual Method](Deployment\Manual-Deployment.md){ .md-button } + [:fontawesome-solid-file-zipper: Deploy Using Manual Method](../Deployment.md#manual-deployment-shield){ .md-button } 2. Deploy the core infrastructure using the Web UI:
diff --git a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md index 94ac131..154f122 100644 --- a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md +++ b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md @@ -34,7 +34,7 @@ No fear, PowerShell is here! Check out this PowerShell app: The PowerShell app will graphically list all the managed identities, let you select one, then graphically list all the Graph API permissions you can assign it. Assign the permissions listed here: -[Required Graph API Permissions](../../0-Getting-Started\Deployment\Required-Graph-API-Permissions.md) +[Required Graph API Permissions](../../Deploy/Reference/Required-Graph-API-Permissions.md) For more information on how the PowerShell app works, check out this MS Docs article: diff --git a/docs/SHIELD/0-Getting-Started/Deployment/Scripts/Install-Sop.ps1 b/docs/SHIELD/Scripts/Install-Sop.ps1 similarity index 100% rename from docs/SHIELD/0-Getting-Started/Deployment/Scripts/Install-Sop.ps1 rename to docs/SHIELD/Scripts/Install-Sop.ps1 From 979868dbcd9c4ed4911a0042994739830a7cd028 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 12:17:42 -0500 Subject: [PATCH 18/26] Commit 6: Renamed folders for better sorting - To be reviewed for a better solution --- .../index.md | 4 +-- .../Deployment/Azure-Marketplace.md | 0 .../{Deploy => 2-Deploy}/Deployment/index.md | 0 .../Required-Graph-API-Permissions.md | 0 .../{Deploy => 2-Deploy}/Reference/index.md | 0 .../{Deploy => 2-Deploy}/Troubleshooting.md | 8 +++--- .../Scripts/Uninstall-ShieldArchitecture.ps1 | 0 .../{Deploy => 2-Deploy}/Usage-Guide.md | 0 docs/SHIELD/{Deploy => 2-Deploy}/index.md | 0 .../SHIELD/{Defend => 3-Defend}/Deployment.md | 0 .../{Defend => 3-Defend}/Prerequisites.md | 0 .../Custom-Apps/Corp-VM/Changelog.md | 0 .../Reference/Custom-Apps/Corp-VM/index.md | 0 .../ManagedInstaller-Config/Changelog.md | 0 .../ManagedInstaller-Config/index.md | 0 .../Custom-Apps/Security-Config/Changelog.md | 0 .../Security-Config/File-Changes.md | 0 .../Security-Config/Registry-Changes.md | 0 .../Custom-Apps/Security-Config/index.md | 0 .../Reference/Diagrams/Device-Assign.md | 0 .../Reference/Diagrams/Device-Commission.md | 0 .../Reference/Diagrams/Device-Decommission.md | 0 .../Reference/Diagrams/Device-Unassign.md | 0 .../Reference/Diagrams/User-Commission.md | 0 .../Reference/Diagrams/User-Decommission.md | 0 .../Reference/Hardware-Selection.md | 0 .../Lifecycle/Privileged Device Workflows.md | 0 .../{Defend => 3-Defend}/Reference/index.md | 0 .../{Defend => 3-Defend}/Troubleshooting.md | 0 .../Usage-Guide/Device/0-Commission.md | 0 .../Usage-Guide/Device/1-Decommission.md | 0 .../Usage-Guide/Device/2-Assign.md | 0 .../Usage-Guide/Device/3-Unassign.md | 0 .../Usage-Guide/User/Commission.md | 0 .../Usage-Guide/User/Decommission.md | 0 .../{Defend => 3-Defend}/Usage-Guide/index.md | 0 docs/SHIELD/{Defend => 3-Defend}/index.md | 0 .../Deployment/index.md | 0 .../Reference/Architecture/Infrastructure.md | 0 .../Reference/Architecture/Process-Flow.md | 0 .../Reference/Azure-SQL-Database.md | 0 .../Reference/Database-Schema.md | 0 .../Reference/Plugins/DefenderEndpoint.md | 0 .../Reference/Plugins/DefenderIdentity.md | 0 .../Reference/Plugins/EntraID.md | 0 .../Reference/Reserved-Principals.md | 0 .../Reference/Supported-Licenses.md | 0 .../Reference/index.md | 0 .../Troubleshooting.md | 0 .../{Discover => 4-Discover}/Usage-Guide.md | 0 .../screenshots/AdvancedConfig-Dark.png | Bin .../screenshots/AdvancedConfig-Light.png | Bin .../images/screenshots/Dropdown-Dark.png | Bin .../images/screenshots/Dropdown-Light.png | Bin .../images/screenshots/Installer-Dark.png | Bin .../images/screenshots/Installer-Light.png | Bin .../assets/threat-models/infrastructure.tm7 | 0 docs/SHIELD/{Discover => 4-Discover}/index.md | 0 docs/SHIELD/Deployment.md | 12 ++++----- docs/SHIELD/Prerequisites.md | 12 ++++----- docs/SHIELD/Reference.md | 12 ++++----- .../Data-Formats/Intune Scope Tag.md | 6 ++--- .../Settings/Configure-Managed-Identity.md | 2 +- docs/SHIELD/Usage-Guide.md | 24 +++++++++--------- docs/SHIELD/index.md | 4 +-- docs/index.md | 4 +-- 66 files changed, 44 insertions(+), 44 deletions(-) rename docs/SHIELD/{Getting-Started => 1-Getting-Started}/index.md (77%) rename docs/SHIELD/{Deploy => 2-Deploy}/Deployment/Azure-Marketplace.md (100%) rename docs/SHIELD/{Deploy => 2-Deploy}/Deployment/index.md (100%) rename docs/SHIELD/{Deploy => 2-Deploy}/Reference/Required-Graph-API-Permissions.md (100%) rename docs/SHIELD/{Deploy => 2-Deploy}/Reference/index.md (100%) rename docs/SHIELD/{Deploy => 2-Deploy}/Troubleshooting.md (93%) rename docs/SHIELD/{Deploy => 2-Deploy}/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 (100%) rename docs/SHIELD/{Deploy => 2-Deploy}/Usage-Guide.md (100%) rename docs/SHIELD/{Deploy => 2-Deploy}/index.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Deployment.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Prerequisites.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Custom-Apps/Corp-VM/Changelog.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Custom-Apps/Corp-VM/index.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Custom-Apps/ManagedInstaller-Config/index.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Custom-Apps/Security-Config/Changelog.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Custom-Apps/Security-Config/File-Changes.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Custom-Apps/Security-Config/Registry-Changes.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Custom-Apps/Security-Config/index.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Diagrams/Device-Assign.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Diagrams/Device-Commission.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Diagrams/Device-Decommission.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Diagrams/Device-Unassign.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Diagrams/User-Commission.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Diagrams/User-Decommission.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Hardware-Selection.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/Lifecycle/Privileged Device Workflows.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Reference/index.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Troubleshooting.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Usage-Guide/Device/0-Commission.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Usage-Guide/Device/1-Decommission.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Usage-Guide/Device/2-Assign.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Usage-Guide/Device/3-Unassign.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Usage-Guide/User/Commission.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Usage-Guide/User/Decommission.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/Usage-Guide/index.md (100%) rename docs/SHIELD/{Defend => 3-Defend}/index.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Deployment/index.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Architecture/Infrastructure.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Architecture/Process-Flow.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Azure-SQL-Database.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Database-Schema.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Plugins/DefenderEndpoint.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Plugins/DefenderIdentity.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Plugins/EntraID.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Reserved-Principals.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/Supported-Licenses.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Reference/index.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Troubleshooting.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/Usage-Guide.md (100%) rename docs/SHIELD/{Discover => 4-Discover}/assets/images/screenshots/AdvancedConfig-Dark.png (100%) rename docs/SHIELD/{Discover => 4-Discover}/assets/images/screenshots/AdvancedConfig-Light.png (100%) rename docs/SHIELD/{Discover => 4-Discover}/assets/images/screenshots/Dropdown-Dark.png (100%) rename docs/SHIELD/{Discover => 4-Discover}/assets/images/screenshots/Dropdown-Light.png (100%) rename docs/SHIELD/{Discover => 4-Discover}/assets/images/screenshots/Installer-Dark.png (100%) rename docs/SHIELD/{Discover => 4-Discover}/assets/images/screenshots/Installer-Light.png (100%) rename docs/SHIELD/{Discover => 4-Discover}/assets/threat-models/infrastructure.tm7 (100%) rename docs/SHIELD/{Discover => 4-Discover}/index.md (100%) diff --git a/docs/SHIELD/Getting-Started/index.md b/docs/SHIELD/1-Getting-Started/index.md similarity index 77% rename from docs/SHIELD/Getting-Started/index.md rename to docs/SHIELD/1-Getting-Started/index.md index 1374b1d..4ffd254 100644 --- a/docs/SHIELD/Getting-Started/index.md +++ b/docs/SHIELD/1-Getting-Started/index.md @@ -10,8 +10,8 @@ The server is deployed first then the server deploys the core infrastructure. 2. Deploy the core infrastructure using the Web UI:
- [:octicons-rocket-24: Deploy Core Infrastructure](../Deploy/Usage-Guide.md){ .md-button } + [:octicons-rocket-24: Deploy Core Infrastructure](../2-Deploy/Usage-Guide.md){ .md-button } 3. Manage your infrastructure using the SHIELD app's Lifecycle management engine:
- [:fontawesome-solid-rotate: Manage Lifecycle](../Defend/Usage-Guide/index.md){ .md-button } + [:fontawesome-solid-rotate: Manage Lifecycle](../3-Defend/Usage-Guide/index.md){ .md-button } diff --git a/docs/SHIELD/Deploy/Deployment/Azure-Marketplace.md b/docs/SHIELD/2-Deploy/Deployment/Azure-Marketplace.md similarity index 100% rename from docs/SHIELD/Deploy/Deployment/Azure-Marketplace.md rename to docs/SHIELD/2-Deploy/Deployment/Azure-Marketplace.md diff --git a/docs/SHIELD/Deploy/Deployment/index.md b/docs/SHIELD/2-Deploy/Deployment/index.md similarity index 100% rename from docs/SHIELD/Deploy/Deployment/index.md rename to docs/SHIELD/2-Deploy/Deployment/index.md diff --git a/docs/SHIELD/Deploy/Reference/Required-Graph-API-Permissions.md b/docs/SHIELD/2-Deploy/Reference/Required-Graph-API-Permissions.md similarity index 100% rename from docs/SHIELD/Deploy/Reference/Required-Graph-API-Permissions.md rename to docs/SHIELD/2-Deploy/Reference/Required-Graph-API-Permissions.md diff --git a/docs/SHIELD/Deploy/Reference/index.md b/docs/SHIELD/2-Deploy/Reference/index.md similarity index 100% rename from docs/SHIELD/Deploy/Reference/index.md rename to docs/SHIELD/2-Deploy/Reference/index.md diff --git a/docs/SHIELD/Deploy/Troubleshooting.md b/docs/SHIELD/2-Deploy/Troubleshooting.md similarity index 93% rename from docs/SHIELD/Deploy/Troubleshooting.md rename to docs/SHIELD/2-Deploy/Troubleshooting.md index 374a904..7f2e8d1 100644 --- a/docs/SHIELD/Deploy/Troubleshooting.md +++ b/docs/SHIELD/2-Deploy/Troubleshooting.md @@ -70,8 +70,8 @@ Yes. SHIELD can be redeployed using the same app interface or script, as long as ## Related Pages -- [Deploy Overview](../Deploy/index.md) -- [Deploy Usage Guide](../Deploy/Usage-Guide.md) -- [Deployment](../Deploy/Deployment/index.md) -- [Deploy Reference](../Deploy/Reference/index.md) +- [Deploy Overview](../2-Deploy/index.md) +- [Deploy Usage Guide](../2-Deploy/Usage-Guide.md) +- [Deployment](../2-Deploy/Deployment/index.md) +- [Deploy Reference](../2-Deploy/Reference/index.md) diff --git a/docs/SHIELD/Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 b/docs/SHIELD/2-Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 similarity index 100% rename from docs/SHIELD/Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 rename to docs/SHIELD/2-Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 diff --git a/docs/SHIELD/Deploy/Usage-Guide.md b/docs/SHIELD/2-Deploy/Usage-Guide.md similarity index 100% rename from docs/SHIELD/Deploy/Usage-Guide.md rename to docs/SHIELD/2-Deploy/Usage-Guide.md diff --git a/docs/SHIELD/Deploy/index.md b/docs/SHIELD/2-Deploy/index.md similarity index 100% rename from docs/SHIELD/Deploy/index.md rename to docs/SHIELD/2-Deploy/index.md diff --git a/docs/SHIELD/Defend/Deployment.md b/docs/SHIELD/3-Defend/Deployment.md similarity index 100% rename from docs/SHIELD/Defend/Deployment.md rename to docs/SHIELD/3-Defend/Deployment.md diff --git a/docs/SHIELD/Defend/Prerequisites.md b/docs/SHIELD/3-Defend/Prerequisites.md similarity index 100% rename from docs/SHIELD/Defend/Prerequisites.md rename to docs/SHIELD/3-Defend/Prerequisites.md diff --git a/docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md b/docs/SHIELD/3-Defend/Reference/Custom-Apps/Corp-VM/Changelog.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md rename to docs/SHIELD/3-Defend/Reference/Custom-Apps/Corp-VM/Changelog.md diff --git a/docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md b/docs/SHIELD/3-Defend/Reference/Custom-Apps/Corp-VM/index.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md rename to docs/SHIELD/3-Defend/Reference/Custom-Apps/Corp-VM/index.md diff --git a/docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md b/docs/SHIELD/3-Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md rename to docs/SHIELD/3-Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md diff --git a/docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md b/docs/SHIELD/3-Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md rename to docs/SHIELD/3-Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md diff --git a/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md b/docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/Changelog.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md rename to docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/Changelog.md diff --git a/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md b/docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/File-Changes.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md rename to docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/File-Changes.md diff --git a/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md b/docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md rename to docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md diff --git a/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md b/docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/index.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md rename to docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/index.md diff --git a/docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md b/docs/SHIELD/3-Defend/Reference/Diagrams/Device-Assign.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md rename to docs/SHIELD/3-Defend/Reference/Diagrams/Device-Assign.md diff --git a/docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md b/docs/SHIELD/3-Defend/Reference/Diagrams/Device-Commission.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md rename to docs/SHIELD/3-Defend/Reference/Diagrams/Device-Commission.md diff --git a/docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md b/docs/SHIELD/3-Defend/Reference/Diagrams/Device-Decommission.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md rename to docs/SHIELD/3-Defend/Reference/Diagrams/Device-Decommission.md diff --git a/docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md b/docs/SHIELD/3-Defend/Reference/Diagrams/Device-Unassign.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md rename to docs/SHIELD/3-Defend/Reference/Diagrams/Device-Unassign.md diff --git a/docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md b/docs/SHIELD/3-Defend/Reference/Diagrams/User-Commission.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md rename to docs/SHIELD/3-Defend/Reference/Diagrams/User-Commission.md diff --git a/docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md b/docs/SHIELD/3-Defend/Reference/Diagrams/User-Decommission.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md rename to docs/SHIELD/3-Defend/Reference/Diagrams/User-Decommission.md diff --git a/docs/SHIELD/Defend/Reference/Hardware-Selection.md b/docs/SHIELD/3-Defend/Reference/Hardware-Selection.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Hardware-Selection.md rename to docs/SHIELD/3-Defend/Reference/Hardware-Selection.md diff --git a/docs/SHIELD/Defend/Reference/Lifecycle/Privileged Device Workflows.md b/docs/SHIELD/3-Defend/Reference/Lifecycle/Privileged Device Workflows.md similarity index 100% rename from docs/SHIELD/Defend/Reference/Lifecycle/Privileged Device Workflows.md rename to docs/SHIELD/3-Defend/Reference/Lifecycle/Privileged Device Workflows.md diff --git a/docs/SHIELD/Defend/Reference/index.md b/docs/SHIELD/3-Defend/Reference/index.md similarity index 100% rename from docs/SHIELD/Defend/Reference/index.md rename to docs/SHIELD/3-Defend/Reference/index.md diff --git a/docs/SHIELD/Defend/Troubleshooting.md b/docs/SHIELD/3-Defend/Troubleshooting.md similarity index 100% rename from docs/SHIELD/Defend/Troubleshooting.md rename to docs/SHIELD/3-Defend/Troubleshooting.md diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md b/docs/SHIELD/3-Defend/Usage-Guide/Device/0-Commission.md similarity index 100% rename from docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md rename to docs/SHIELD/3-Defend/Usage-Guide/Device/0-Commission.md diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md b/docs/SHIELD/3-Defend/Usage-Guide/Device/1-Decommission.md similarity index 100% rename from docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md rename to docs/SHIELD/3-Defend/Usage-Guide/Device/1-Decommission.md diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md b/docs/SHIELD/3-Defend/Usage-Guide/Device/2-Assign.md similarity index 100% rename from docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md rename to docs/SHIELD/3-Defend/Usage-Guide/Device/2-Assign.md diff --git a/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md b/docs/SHIELD/3-Defend/Usage-Guide/Device/3-Unassign.md similarity index 100% rename from docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md rename to docs/SHIELD/3-Defend/Usage-Guide/Device/3-Unassign.md diff --git a/docs/SHIELD/Defend/Usage-Guide/User/Commission.md b/docs/SHIELD/3-Defend/Usage-Guide/User/Commission.md similarity index 100% rename from docs/SHIELD/Defend/Usage-Guide/User/Commission.md rename to docs/SHIELD/3-Defend/Usage-Guide/User/Commission.md diff --git a/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md b/docs/SHIELD/3-Defend/Usage-Guide/User/Decommission.md similarity index 100% rename from docs/SHIELD/Defend/Usage-Guide/User/Decommission.md rename to docs/SHIELD/3-Defend/Usage-Guide/User/Decommission.md diff --git a/docs/SHIELD/Defend/Usage-Guide/index.md b/docs/SHIELD/3-Defend/Usage-Guide/index.md similarity index 100% rename from docs/SHIELD/Defend/Usage-Guide/index.md rename to docs/SHIELD/3-Defend/Usage-Guide/index.md diff --git a/docs/SHIELD/Defend/index.md b/docs/SHIELD/3-Defend/index.md similarity index 100% rename from docs/SHIELD/Defend/index.md rename to docs/SHIELD/3-Defend/index.md diff --git a/docs/SHIELD/Discover/Deployment/index.md b/docs/SHIELD/4-Discover/Deployment/index.md similarity index 100% rename from docs/SHIELD/Discover/Deployment/index.md rename to docs/SHIELD/4-Discover/Deployment/index.md diff --git a/docs/SHIELD/Discover/Reference/Architecture/Infrastructure.md b/docs/SHIELD/4-Discover/Reference/Architecture/Infrastructure.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Architecture/Infrastructure.md rename to docs/SHIELD/4-Discover/Reference/Architecture/Infrastructure.md diff --git a/docs/SHIELD/Discover/Reference/Architecture/Process-Flow.md b/docs/SHIELD/4-Discover/Reference/Architecture/Process-Flow.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Architecture/Process-Flow.md rename to docs/SHIELD/4-Discover/Reference/Architecture/Process-Flow.md diff --git a/docs/SHIELD/Discover/Reference/Azure-SQL-Database.md b/docs/SHIELD/4-Discover/Reference/Azure-SQL-Database.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Azure-SQL-Database.md rename to docs/SHIELD/4-Discover/Reference/Azure-SQL-Database.md diff --git a/docs/SHIELD/Discover/Reference/Database-Schema.md b/docs/SHIELD/4-Discover/Reference/Database-Schema.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Database-Schema.md rename to docs/SHIELD/4-Discover/Reference/Database-Schema.md diff --git a/docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md b/docs/SHIELD/4-Discover/Reference/Plugins/DefenderEndpoint.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md rename to docs/SHIELD/4-Discover/Reference/Plugins/DefenderEndpoint.md diff --git a/docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md b/docs/SHIELD/4-Discover/Reference/Plugins/DefenderIdentity.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md rename to docs/SHIELD/4-Discover/Reference/Plugins/DefenderIdentity.md diff --git a/docs/SHIELD/Discover/Reference/Plugins/EntraID.md b/docs/SHIELD/4-Discover/Reference/Plugins/EntraID.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Plugins/EntraID.md rename to docs/SHIELD/4-Discover/Reference/Plugins/EntraID.md diff --git a/docs/SHIELD/Discover/Reference/Reserved-Principals.md b/docs/SHIELD/4-Discover/Reference/Reserved-Principals.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Reserved-Principals.md rename to docs/SHIELD/4-Discover/Reference/Reserved-Principals.md diff --git a/docs/SHIELD/Discover/Reference/Supported-Licenses.md b/docs/SHIELD/4-Discover/Reference/Supported-Licenses.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Supported-Licenses.md rename to docs/SHIELD/4-Discover/Reference/Supported-Licenses.md diff --git a/docs/SHIELD/Discover/Reference/index.md b/docs/SHIELD/4-Discover/Reference/index.md similarity index 100% rename from docs/SHIELD/Discover/Reference/index.md rename to docs/SHIELD/4-Discover/Reference/index.md diff --git a/docs/SHIELD/Discover/Troubleshooting.md b/docs/SHIELD/4-Discover/Troubleshooting.md similarity index 100% rename from docs/SHIELD/Discover/Troubleshooting.md rename to docs/SHIELD/4-Discover/Troubleshooting.md diff --git a/docs/SHIELD/Discover/Usage-Guide.md b/docs/SHIELD/4-Discover/Usage-Guide.md similarity index 100% rename from docs/SHIELD/Discover/Usage-Guide.md rename to docs/SHIELD/4-Discover/Usage-Guide.md diff --git a/docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Dark.png b/docs/SHIELD/4-Discover/assets/images/screenshots/AdvancedConfig-Dark.png similarity index 100% rename from docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Dark.png rename to docs/SHIELD/4-Discover/assets/images/screenshots/AdvancedConfig-Dark.png diff --git a/docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Light.png b/docs/SHIELD/4-Discover/assets/images/screenshots/AdvancedConfig-Light.png similarity index 100% rename from docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Light.png rename to docs/SHIELD/4-Discover/assets/images/screenshots/AdvancedConfig-Light.png diff --git a/docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Dark.png b/docs/SHIELD/4-Discover/assets/images/screenshots/Dropdown-Dark.png similarity index 100% rename from docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Dark.png rename to docs/SHIELD/4-Discover/assets/images/screenshots/Dropdown-Dark.png diff --git a/docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Light.png b/docs/SHIELD/4-Discover/assets/images/screenshots/Dropdown-Light.png similarity index 100% rename from docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Light.png rename to docs/SHIELD/4-Discover/assets/images/screenshots/Dropdown-Light.png diff --git a/docs/SHIELD/Discover/assets/images/screenshots/Installer-Dark.png b/docs/SHIELD/4-Discover/assets/images/screenshots/Installer-Dark.png similarity index 100% rename from docs/SHIELD/Discover/assets/images/screenshots/Installer-Dark.png rename to docs/SHIELD/4-Discover/assets/images/screenshots/Installer-Dark.png diff --git a/docs/SHIELD/Discover/assets/images/screenshots/Installer-Light.png b/docs/SHIELD/4-Discover/assets/images/screenshots/Installer-Light.png similarity index 100% rename from docs/SHIELD/Discover/assets/images/screenshots/Installer-Light.png rename to docs/SHIELD/4-Discover/assets/images/screenshots/Installer-Light.png diff --git a/docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 b/docs/SHIELD/4-Discover/assets/threat-models/infrastructure.tm7 similarity index 100% rename from docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 rename to docs/SHIELD/4-Discover/assets/threat-models/infrastructure.tm7 diff --git a/docs/SHIELD/Discover/index.md b/docs/SHIELD/4-Discover/index.md similarity index 100% rename from docs/SHIELD/Discover/index.md rename to docs/SHIELD/4-Discover/index.md diff --git a/docs/SHIELD/Deployment.md b/docs/SHIELD/Deployment.md index e8c019b..39f1aca 100644 --- a/docs/SHIELD/Deployment.md +++ b/docs/SHIELD/Deployment.md @@ -80,18 +80,18 @@ Use the MSI installer for a guided, visual installation of Discover. #### Main Installer Screen -![Installer - Light](Discover/assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } -![Installer - Dark](Discover/assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } +![Installer - Light](4-Discover/assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } +![Installer - Dark](4-Discover/assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } #### Configuration Dropdown -![Dropdown - Light](Discover/assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } -![Dropdown - Dark](Discover/assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } +![Dropdown - Light](4-Discover/assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } +![Dropdown - Dark](4-Discover/assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } #### Advanced Configuration -![Advanced Config - Light](Discover/assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } -![Advanced Config - Dark](Discover/assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } +![Advanced Config - Light](4-Discover/assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } +![Advanced Config - Dark](4-Discover/assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } !!! note "Shortcut Behavior" Desktop shortcuts are only created for user-scoped installs. Machine-wide installs must be launched via CLI. diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index a0a69d8..0c31bd5 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -17,7 +17,7 @@ SHIELD automates secure deployment and lifecycle management using Microsoft 365 ### Environment Requirements - ✅ Deploying user must have **Global Admin Rights** -- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](Defend/Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** +- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](3-Defend/Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** - ✅ [Security Defaults](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) must be disabled in Entra ID - ✅ [Certificate Authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) must be disabled for SHIELD’s security groups @@ -31,7 +31,7 @@ SHIELD uses `M3` and `M5` to refer to Microsoft 365 license families, abstractin |------|---------|--------------------------| | **ESM** (Enterprise Security Mode) | M3 or equivalent | Devices must be Hybrid or Cloud Joined | | **SSM** (Specialized Security Mode) | M5 or equivalent | Devices must be Hybrid or Cloud Joined | -| **PSM** (Privileged Security Mode) | M5 or equivalent | Devices must be Autopilot-registered and [Secure Core Certified](Defend/Reference/Hardware-Selection.md) | +| **PSM** (Privileged Security Mode) | M5 or equivalent | Devices must be Autopilot-registered and [Secure Core Certified](3-Defend/Reference/Hardware-Selection.md) | --- @@ -65,9 +65,9 @@ Discover uses read-only Entra ID roles for configuration queries. These permissi **Related plugin guides:** docs\SHIELD\Reference\Plugins\DefenderEndpoint.md -- 📄 [Defender for Endpoint](Discover/Reference/Plugins/DefenderEndpoint.md) -- 📄 [Defender for Identity](Discover/Reference/Plugins/DefenderIdentity.md) -- 📄 [Entra ID](Discover/Reference/Plugins/EntraID.md) +- 📄 [Defender for Endpoint](4-Discover/Reference/Plugins/DefenderEndpoint.md) +- 📄 [Defender for Identity](4-Discover/Reference/Plugins/DefenderIdentity.md) +- 📄 [Entra ID](4-Discover/Reference/Plugins/EntraID.md) !!! info "Permissions Note" Discover will never modify your configuration. All operations are read-only and scoped to data retrieval. @@ -129,7 +129,7 @@ Get-Help -Name 'Add-AzLicenseDb' -Full ## Related Pages -- 📄 [Hardware Requirements](Defend/Reference/Hardware-Selection.md) +- 📄 [Hardware Requirements](3-Defend/Reference/Hardware-Selection.md) - 📄 [Deployment Guide](Deployment.md) - 📄 [Azure SQL Setup](Deployment.md#azure-sql-database-setup) - 📄 [Silent Installation Instructions](Deployment.md#silent-installation-script-based) diff --git a/docs/SHIELD/Reference.md b/docs/SHIELD/Reference.md index 540bb05..4dad189 100644 --- a/docs/SHIELD/Reference.md +++ b/docs/SHIELD/Reference.md @@ -96,15 +96,15 @@ The following flowcharts describe what happens behind the scenes during key life ### Device Workflows -- 📊 [Device Commissioning](Defend/Reference/Diagrams/Device-Commission.md) -- 📊 [Device Decommissioning](Defend/Reference/Diagrams/Device-Decommission.md) -- 📊 [Device Assignment](Defend/Reference/Diagrams/Device-Assign.md) -- 📊 [Device Unassignment](Defend/Reference/Diagrams/Device-Unassign.md) +- 📊 [Device Commissioning](3-Defend/Reference/Diagrams/Device-Commission.md) +- 📊 [Device Decommissioning](3-Defend/Reference/Diagrams/Device-Decommission.md) +- 📊 [Device Assignment](3-Defend/Reference/Diagrams/Device-Assign.md) +- 📊 [Device Unassignment](3-Defend/Reference/Diagrams/Device-Unassign.md) ### User Workflows -- 📊 [User Commissioning](Defend/Reference/Diagrams/User-Commission.md) -- 📊 [User Decommissioning](Defend/Reference/Diagrams/User-Decommission.md) +- 📊 [User Commissioning](3-Defend/Reference/Diagrams/User-Commission.md) +- 📊 [User Decommissioning](3-Defend/Reference/Diagrams/User-Decommission.md) These diagrams match the logic used in the SHIELD backend and provide a visual reference for each action. diff --git a/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md index 4916c63..2c75c5e 100644 --- a/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md +++ b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md @@ -49,7 +49,7 @@ Technical details on the properties/values that can be set on the root/common sc This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates privileged configurations from other [security classes](../../../Deploy/index.md#what-is-spa). +This is the ID of the Intune Role Scope Tag that separates privileged configurations from other [security classes](../../../2-Deploy/index.md#what-is-spa). **Example:** `PsmId=21` @@ -62,7 +62,7 @@ This is the ID of the Intune Role Scope Tag that separates privileged configurat This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates specialized configurations from other [security classes](../../../Deploy/index.md#what-is-spa). +This is the ID of the Intune Role Scope Tag that separates specialized configurations from other [security classes](../../../2-Deploy/index.md#what-is-spa). **Example:** `SsmId=21` @@ -75,7 +75,7 @@ This is the ID of the Intune Role Scope Tag that separates specialized configura This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates enterprise configurations from other [security classes](../../../Deploy/index.md#what-is-spa). +This is the ID of the Intune Role Scope Tag that separates enterprise configurations from other [security classes](../../../2-Deploy/index.md#what-is-spa). **Example:** `EsmId=21` diff --git a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md index 154f122..3a47ac0 100644 --- a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md +++ b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md @@ -34,7 +34,7 @@ No fear, PowerShell is here! Check out this PowerShell app: The PowerShell app will graphically list all the managed identities, let you select one, then graphically list all the Graph API permissions you can assign it. Assign the permissions listed here: -[Required Graph API Permissions](../../Deploy/Reference/Required-Graph-API-Permissions.md) +[Required Graph API Permissions](../../2-Deploy/Reference/Required-Graph-API-Permissions.md) For more information on how the PowerShell app works, check out this MS Docs article: diff --git a/docs/SHIELD/Usage-Guide.md b/docs/SHIELD/Usage-Guide.md index fdb141d..15e438f 100644 --- a/docs/SHIELD/Usage-Guide.md +++ b/docs/SHIELD/Usage-Guide.md @@ -50,8 +50,8 @@ Device operations are performed through the Lifecycle interface. The following g - Adds devices to SHIELD management - Privileged devices are wiped/reset before being configured -📖 [Commission a Device](Defend/Usage-Guide/Device/0-Commission.md) -📊 [Commission Workflow Diagram](Defend/Reference/Diagrams/Device-Commission.md) +📖 [Commission a Device](3-Defend/Usage-Guide/Device/0-Commission.md) +📊 [Commission Workflow Diagram](3-Defend/Reference/Diagrams/Device-Commission.md) --- @@ -60,8 +60,8 @@ Device operations are performed through the Lifecycle interface. The following g - Removes the device from SHIELD - Privileged devices are reset and removed from their assigned groups -📖 [Decommission a Device](Defend/Usage-Guide/Device/1-Decommission.md) -📊 [Decommission Workflow Diagram](Defend/Reference/Diagrams/Device-Decommission.md) +📖 [Decommission a Device](3-Defend/Usage-Guide/Device/1-Decommission.md) +📊 [Decommission Workflow Diagram](3-Defend/Reference/Diagrams/Device-Decommission.md) --- @@ -70,8 +70,8 @@ Device operations are performed through the Lifecycle interface. The following g - Assigns allowed users to a privileged device - All other users are blocked from login -📖 [Assign User](Defend/Usage-Guide/Device/2-Assign.md) -📊 [Assignment Workflow](Defend/Reference/Diagrams/Device-Assign.md) +📖 [Assign User](3-Defend/Usage-Guide/Device/2-Assign.md) +📊 [Assignment Workflow](3-Defend/Reference/Diagrams/Device-Assign.md) --- @@ -80,8 +80,8 @@ Device operations are performed through the Lifecycle interface. The following g - Removes users from a PAW - If no users remain, a wipe command is triggered -📖 [Unassign User](Defend/Usage-Guide/Device/3-Unassign.md) -📊 [Unassign Workflow](Defend/Reference/Diagrams/Device-Unassign.md) +📖 [Unassign User](3-Defend/Usage-Guide/Device/3-Unassign.md) +📊 [Unassign Workflow](3-Defend/Reference/Diagrams/Device-Unassign.md) --- @@ -94,8 +94,8 @@ SHIELD manages three user types — Privileged, Specialized, and Enterprise — - Adds an existing Entra ID user or creates a new cloud-only privileged account - Temporary credentials are shown upon creation -📖 [Commission a User](Defend/Usage-Guide/User/Commission.md) -📊 [Commission Workflow](Defend/Reference/Diagrams/User-Commission.md) +📖 [Commission a User](3-Defend/Usage-Guide/User/Commission.md) +📊 [Commission Workflow](3-Defend/Reference/Diagrams/User-Commission.md) --- @@ -104,8 +104,8 @@ SHIELD manages three user types — Privileged, Specialized, and Enterprise — - Removes the user from SHIELD - Privileged accounts are deleted; others are de-tagged -📖 [Decommission a User](Defend/Usage-Guide/User/Decommission.md) -📊 [Decommission Workflow](Defend/Reference/Diagrams/User-Decommission.md) +📖 [Decommission a User](3-Defend/Usage-Guide/User/Decommission.md) +📊 [Decommission Workflow](3-Defend/Reference/Diagrams/User-Decommission.md) --- diff --git a/docs/SHIELD/index.md b/docs/SHIELD/index.md index 453374f..8ae841e 100644 --- a/docs/SHIELD/index.md +++ b/docs/SHIELD/index.md @@ -40,9 +40,9 @@ In the rest of the documentation, we will provide detailed instructions on how t ## See Also -- [Usage Guides](Defend/Usage-Guide/index.md) +- [Usage Guides](Usage-Guide.md) - Change Log - Coming Soon! - [SHIELD Architecture](Reference/Architecture/index.md) - [API Documentation](Reference/Development/OpenAPI.md) -- [Troubleshooting](Deploy/Troubleshooting.md) +- [Troubleshooting](2-Deploy/Troubleshooting.md) - [Contact Us](https://shilab.com/contact) diff --git a/docs/index.md b/docs/index.md index 16681ef..0244512 100644 --- a/docs/index.md +++ b/docs/index.md @@ -20,10 +20,10 @@ Manages the state of security tenant wide using a multi-tiered architecture. ### Defend -[:mag: Defend](SHIELD/Defend/Usage-Guide/index.md){ .md-button } +[:mag: Defend](SHIELD/3-Defend/Usage-Guide/index.md){ .md-button } ### Discover Retrieves and validates the state of license compliance tenant wide. -[:mag: Discover](SHIELD/Discover/index.md){ .md-button } +[:mag: Discover](SHIELD/4-Discover/index.md){ .md-button } From 7c7905dafcd58fe22d7f6b33b6b4b47dcc5ad802 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 14:30:19 -0500 Subject: [PATCH 19/26] Added awesome-pages-plugin --- docs/SHIELD/.pages | 11 ++++++++ docs/SHIELD/1-Getting-Started/index.md | 4 +-- .../2-Deploy/Deployment/Azure-Marketplace.md | 8 ------ docs/SHIELD/Defend/.pages | 8 ++++++ .../SHIELD/{3-Defend => Defend}/Deployment.md | 0 .../{3-Defend => Defend}/Prerequisites.md | 0 .../Custom-Apps/Corp-VM/Changelog.md | 0 .../Reference/Custom-Apps/Corp-VM/index.md | 0 .../ManagedInstaller-Config/Changelog.md | 0 .../ManagedInstaller-Config/index.md | 0 .../Custom-Apps/Security-Config/Changelog.md | 0 .../Security-Config/File-Changes.md | 0 .../Security-Config/Registry-Changes.md | 0 .../Custom-Apps/Security-Config/index.md | 0 .../Reference/Diagrams/Device-Assign.md | 0 .../Reference/Diagrams/Device-Commission.md | 0 .../Reference/Diagrams/Device-Decommission.md | 0 .../Reference/Diagrams/Device-Unassign.md | 0 .../Reference/Diagrams/User-Commission.md | 0 .../Reference/Diagrams/User-Decommission.md | 0 .../Reference/Hardware-Selection.md | 0 .../Lifecycle/Privileged Device Workflows.md | 0 .../{3-Defend => Defend}/Reference/index.md | 0 .../{3-Defend => Defend}/Troubleshooting.md | 0 .../Usage-Guide/Device/0-Commission.md | 0 .../Usage-Guide/Device/1-Decommission.md | 0 .../Usage-Guide/Device/2-Assign.md | 0 .../Usage-Guide/Device/3-Unassign.md | 0 .../Usage-Guide/User/Commission.md | 0 .../Usage-Guide/User/Decommission.md | 0 .../{3-Defend => Defend}/Usage-Guide/index.md | 0 docs/SHIELD/{3-Defend => Defend}/index.md | 0 docs/SHIELD/Deploy/.pages | 7 +++++ docs/SHIELD/Deploy/Deployment/.pages | 1 + .../{2-Deploy => Deploy}/Deployment/index.md | 0 docs/SHIELD/Deploy/Reference/.pages | 1 + .../Required-Graph-API-Permissions.md | 0 .../{2-Deploy => Deploy}/Reference/index.md | 0 .../{2-Deploy => Deploy}/Troubleshooting.md | 8 +++--- .../Scripts/Uninstall-ShieldArchitecture.ps1 | 0 .../{2-Deploy => Deploy}/Usage-Guide.md | 0 docs/SHIELD/{2-Deploy => Deploy}/index.md | 0 docs/SHIELD/Deployment.md | 12 ++++----- docs/SHIELD/Discover/.pages | 7 +++++ .../Deployment/index.md | 0 .../Reference/Architecture/Infrastructure.md | 0 .../Reference/Architecture/Process-Flow.md | 0 .../Reference/Azure-SQL-Database.md | 0 .../Reference/Database-Schema.md | 0 .../Reference/Plugins/DefenderEndpoint.md | 0 .../Reference/Plugins/DefenderIdentity.md | 0 .../Reference/Plugins/EntraID.md | 0 .../Reference/Reserved-Principals.md | 0 .../Reference/Supported-Licenses.md | 0 .../Reference/index.md | 0 .../Troubleshooting.md | 0 .../{4-Discover => Discover}/Usage-Guide.md | 0 .../screenshots/AdvancedConfig-Dark.png | Bin .../screenshots/AdvancedConfig-Light.png | Bin .../images/screenshots/Dropdown-Dark.png | Bin .../images/screenshots/Dropdown-Light.png | Bin .../images/screenshots/Installer-Dark.png | Bin .../images/screenshots/Installer-Light.png | Bin .../assets/threat-models/infrastructure.tm7 | 0 docs/SHIELD/{4-Discover => Discover}/index.md | 0 docs/SHIELD/Prerequisites.md | 12 ++++----- docs/SHIELD/Reference.md | 12 ++++----- .../Data-Formats/Intune Scope Tag.md | 6 ++--- .../Settings/Configure-Managed-Identity.md | 2 +- docs/SHIELD/Usage-Guide.md | 24 +++++++++--------- docs/SHIELD/index.md | 2 +- docs/index.md | 4 +-- mkdocs.yml | 1 + requirements.txt | 2 ++ 74 files changed, 81 insertions(+), 51 deletions(-) create mode 100644 docs/SHIELD/.pages delete mode 100644 docs/SHIELD/2-Deploy/Deployment/Azure-Marketplace.md create mode 100644 docs/SHIELD/Defend/.pages rename docs/SHIELD/{3-Defend => Defend}/Deployment.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Prerequisites.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Custom-Apps/Corp-VM/Changelog.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Custom-Apps/Corp-VM/index.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Custom-Apps/ManagedInstaller-Config/index.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Custom-Apps/Security-Config/Changelog.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Custom-Apps/Security-Config/File-Changes.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Custom-Apps/Security-Config/Registry-Changes.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Custom-Apps/Security-Config/index.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Diagrams/Device-Assign.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Diagrams/Device-Commission.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Diagrams/Device-Decommission.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Diagrams/Device-Unassign.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Diagrams/User-Commission.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Diagrams/User-Decommission.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Hardware-Selection.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/Lifecycle/Privileged Device Workflows.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Reference/index.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Troubleshooting.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Usage-Guide/Device/0-Commission.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Usage-Guide/Device/1-Decommission.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Usage-Guide/Device/2-Assign.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Usage-Guide/Device/3-Unassign.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Usage-Guide/User/Commission.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Usage-Guide/User/Decommission.md (100%) rename docs/SHIELD/{3-Defend => Defend}/Usage-Guide/index.md (100%) rename docs/SHIELD/{3-Defend => Defend}/index.md (100%) create mode 100644 docs/SHIELD/Deploy/.pages create mode 100644 docs/SHIELD/Deploy/Deployment/.pages rename docs/SHIELD/{2-Deploy => Deploy}/Deployment/index.md (100%) create mode 100644 docs/SHIELD/Deploy/Reference/.pages rename docs/SHIELD/{2-Deploy => Deploy}/Reference/Required-Graph-API-Permissions.md (100%) rename docs/SHIELD/{2-Deploy => Deploy}/Reference/index.md (100%) rename docs/SHIELD/{2-Deploy => Deploy}/Troubleshooting.md (93%) rename docs/SHIELD/{2-Deploy => Deploy}/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 (100%) rename docs/SHIELD/{2-Deploy => Deploy}/Usage-Guide.md (100%) rename docs/SHIELD/{2-Deploy => Deploy}/index.md (100%) create mode 100644 docs/SHIELD/Discover/.pages rename docs/SHIELD/{4-Discover => Discover}/Deployment/index.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Architecture/Infrastructure.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Architecture/Process-Flow.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Azure-SQL-Database.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Database-Schema.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Plugins/DefenderEndpoint.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Plugins/DefenderIdentity.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Plugins/EntraID.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Reserved-Principals.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/Supported-Licenses.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Reference/index.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Troubleshooting.md (100%) rename docs/SHIELD/{4-Discover => Discover}/Usage-Guide.md (100%) rename docs/SHIELD/{4-Discover => Discover}/assets/images/screenshots/AdvancedConfig-Dark.png (100%) rename docs/SHIELD/{4-Discover => Discover}/assets/images/screenshots/AdvancedConfig-Light.png (100%) rename docs/SHIELD/{4-Discover => Discover}/assets/images/screenshots/Dropdown-Dark.png (100%) rename docs/SHIELD/{4-Discover => Discover}/assets/images/screenshots/Dropdown-Light.png (100%) rename docs/SHIELD/{4-Discover => Discover}/assets/images/screenshots/Installer-Dark.png (100%) rename docs/SHIELD/{4-Discover => Discover}/assets/images/screenshots/Installer-Light.png (100%) rename docs/SHIELD/{4-Discover => Discover}/assets/threat-models/infrastructure.tm7 (100%) rename docs/SHIELD/{4-Discover => Discover}/index.md (100%) diff --git a/docs/SHIELD/.pages b/docs/SHIELD/.pages new file mode 100644 index 0000000..a5840c6 --- /dev/null +++ b/docs/SHIELD/.pages @@ -0,0 +1,11 @@ +title: SHIELD +nav: + - index.md + - Prerequisites.md + - Deployment.md + - Usage-Guide.md + - Reference.md + - Deploy + - Defend + - Discover + - Reference diff --git a/docs/SHIELD/1-Getting-Started/index.md b/docs/SHIELD/1-Getting-Started/index.md index 4ffd254..1374b1d 100644 --- a/docs/SHIELD/1-Getting-Started/index.md +++ b/docs/SHIELD/1-Getting-Started/index.md @@ -10,8 +10,8 @@ The server is deployed first then the server deploys the core infrastructure. 2. Deploy the core infrastructure using the Web UI:
- [:octicons-rocket-24: Deploy Core Infrastructure](../2-Deploy/Usage-Guide.md){ .md-button } + [:octicons-rocket-24: Deploy Core Infrastructure](../Deploy/Usage-Guide.md){ .md-button } 3. Manage your infrastructure using the SHIELD app's Lifecycle management engine:
- [:fontawesome-solid-rotate: Manage Lifecycle](../3-Defend/Usage-Guide/index.md){ .md-button } + [:fontawesome-solid-rotate: Manage Lifecycle](../Defend/Usage-Guide/index.md){ .md-button } diff --git a/docs/SHIELD/2-Deploy/Deployment/Azure-Marketplace.md b/docs/SHIELD/2-Deploy/Deployment/Azure-Marketplace.md deleted file mode 100644 index 4a9e175..0000000 --- a/docs/SHIELD/2-Deploy/Deployment/Azure-Marketplace.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -hide: - - navigation - - toc ---- -# Deprecated - -This section is now managed from the unified [SHIELD Deployment](../../Deployment.md) page. diff --git a/docs/SHIELD/Defend/.pages b/docs/SHIELD/Defend/.pages new file mode 100644 index 0000000..e2c631d --- /dev/null +++ b/docs/SHIELD/Defend/.pages @@ -0,0 +1,8 @@ +title: Defend +nav: + - index.md + - Prerequisites.md + - Deployment.md + - Usage-Guide + - Reference + - Troubleshooting.md diff --git a/docs/SHIELD/3-Defend/Deployment.md b/docs/SHIELD/Defend/Deployment.md similarity index 100% rename from docs/SHIELD/3-Defend/Deployment.md rename to docs/SHIELD/Defend/Deployment.md diff --git a/docs/SHIELD/3-Defend/Prerequisites.md b/docs/SHIELD/Defend/Prerequisites.md similarity index 100% rename from docs/SHIELD/3-Defend/Prerequisites.md rename to docs/SHIELD/Defend/Prerequisites.md diff --git a/docs/SHIELD/3-Defend/Reference/Custom-Apps/Corp-VM/Changelog.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Custom-Apps/Corp-VM/Changelog.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md diff --git a/docs/SHIELD/3-Defend/Reference/Custom-Apps/Corp-VM/index.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Custom-Apps/Corp-VM/index.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md diff --git a/docs/SHIELD/3-Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md b/docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md diff --git a/docs/SHIELD/3-Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md b/docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md diff --git a/docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/Changelog.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/Changelog.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md diff --git a/docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/File-Changes.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/File-Changes.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md diff --git a/docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md diff --git a/docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/index.md b/docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Custom-Apps/Security-Config/index.md rename to docs/SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md diff --git a/docs/SHIELD/3-Defend/Reference/Diagrams/Device-Assign.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Diagrams/Device-Assign.md rename to docs/SHIELD/Defend/Reference/Diagrams/Device-Assign.md diff --git a/docs/SHIELD/3-Defend/Reference/Diagrams/Device-Commission.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Diagrams/Device-Commission.md rename to docs/SHIELD/Defend/Reference/Diagrams/Device-Commission.md diff --git a/docs/SHIELD/3-Defend/Reference/Diagrams/Device-Decommission.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Diagrams/Device-Decommission.md rename to docs/SHIELD/Defend/Reference/Diagrams/Device-Decommission.md diff --git a/docs/SHIELD/3-Defend/Reference/Diagrams/Device-Unassign.md b/docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Diagrams/Device-Unassign.md rename to docs/SHIELD/Defend/Reference/Diagrams/Device-Unassign.md diff --git a/docs/SHIELD/3-Defend/Reference/Diagrams/User-Commission.md b/docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Diagrams/User-Commission.md rename to docs/SHIELD/Defend/Reference/Diagrams/User-Commission.md diff --git a/docs/SHIELD/3-Defend/Reference/Diagrams/User-Decommission.md b/docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Diagrams/User-Decommission.md rename to docs/SHIELD/Defend/Reference/Diagrams/User-Decommission.md diff --git a/docs/SHIELD/3-Defend/Reference/Hardware-Selection.md b/docs/SHIELD/Defend/Reference/Hardware-Selection.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Hardware-Selection.md rename to docs/SHIELD/Defend/Reference/Hardware-Selection.md diff --git a/docs/SHIELD/3-Defend/Reference/Lifecycle/Privileged Device Workflows.md b/docs/SHIELD/Defend/Reference/Lifecycle/Privileged Device Workflows.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/Lifecycle/Privileged Device Workflows.md rename to docs/SHIELD/Defend/Reference/Lifecycle/Privileged Device Workflows.md diff --git a/docs/SHIELD/3-Defend/Reference/index.md b/docs/SHIELD/Defend/Reference/index.md similarity index 100% rename from docs/SHIELD/3-Defend/Reference/index.md rename to docs/SHIELD/Defend/Reference/index.md diff --git a/docs/SHIELD/3-Defend/Troubleshooting.md b/docs/SHIELD/Defend/Troubleshooting.md similarity index 100% rename from docs/SHIELD/3-Defend/Troubleshooting.md rename to docs/SHIELD/Defend/Troubleshooting.md diff --git a/docs/SHIELD/3-Defend/Usage-Guide/Device/0-Commission.md b/docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md similarity index 100% rename from docs/SHIELD/3-Defend/Usage-Guide/Device/0-Commission.md rename to docs/SHIELD/Defend/Usage-Guide/Device/0-Commission.md diff --git a/docs/SHIELD/3-Defend/Usage-Guide/Device/1-Decommission.md b/docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md similarity index 100% rename from docs/SHIELD/3-Defend/Usage-Guide/Device/1-Decommission.md rename to docs/SHIELD/Defend/Usage-Guide/Device/1-Decommission.md diff --git a/docs/SHIELD/3-Defend/Usage-Guide/Device/2-Assign.md b/docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md similarity index 100% rename from docs/SHIELD/3-Defend/Usage-Guide/Device/2-Assign.md rename to docs/SHIELD/Defend/Usage-Guide/Device/2-Assign.md diff --git a/docs/SHIELD/3-Defend/Usage-Guide/Device/3-Unassign.md b/docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md similarity index 100% rename from docs/SHIELD/3-Defend/Usage-Guide/Device/3-Unassign.md rename to docs/SHIELD/Defend/Usage-Guide/Device/3-Unassign.md diff --git a/docs/SHIELD/3-Defend/Usage-Guide/User/Commission.md b/docs/SHIELD/Defend/Usage-Guide/User/Commission.md similarity index 100% rename from docs/SHIELD/3-Defend/Usage-Guide/User/Commission.md rename to docs/SHIELD/Defend/Usage-Guide/User/Commission.md diff --git a/docs/SHIELD/3-Defend/Usage-Guide/User/Decommission.md b/docs/SHIELD/Defend/Usage-Guide/User/Decommission.md similarity index 100% rename from docs/SHIELD/3-Defend/Usage-Guide/User/Decommission.md rename to docs/SHIELD/Defend/Usage-Guide/User/Decommission.md diff --git a/docs/SHIELD/3-Defend/Usage-Guide/index.md b/docs/SHIELD/Defend/Usage-Guide/index.md similarity index 100% rename from docs/SHIELD/3-Defend/Usage-Guide/index.md rename to docs/SHIELD/Defend/Usage-Guide/index.md diff --git a/docs/SHIELD/3-Defend/index.md b/docs/SHIELD/Defend/index.md similarity index 100% rename from docs/SHIELD/3-Defend/index.md rename to docs/SHIELD/Defend/index.md diff --git a/docs/SHIELD/Deploy/.pages b/docs/SHIELD/Deploy/.pages new file mode 100644 index 0000000..c754428 --- /dev/null +++ b/docs/SHIELD/Deploy/.pages @@ -0,0 +1,7 @@ +title: Deploy +nav: + - index.md + - Deployment + - Usage-Guide.md + - Reference + - Troubleshooting.md diff --git a/docs/SHIELD/Deploy/Deployment/.pages b/docs/SHIELD/Deploy/Deployment/.pages new file mode 100644 index 0000000..e6ef2d1 --- /dev/null +++ b/docs/SHIELD/Deploy/Deployment/.pages @@ -0,0 +1 @@ +title: Deployment \ No newline at end of file diff --git a/docs/SHIELD/2-Deploy/Deployment/index.md b/docs/SHIELD/Deploy/Deployment/index.md similarity index 100% rename from docs/SHIELD/2-Deploy/Deployment/index.md rename to docs/SHIELD/Deploy/Deployment/index.md diff --git a/docs/SHIELD/Deploy/Reference/.pages b/docs/SHIELD/Deploy/Reference/.pages new file mode 100644 index 0000000..39277d6 --- /dev/null +++ b/docs/SHIELD/Deploy/Reference/.pages @@ -0,0 +1 @@ +title: Reference \ No newline at end of file diff --git a/docs/SHIELD/2-Deploy/Reference/Required-Graph-API-Permissions.md b/docs/SHIELD/Deploy/Reference/Required-Graph-API-Permissions.md similarity index 100% rename from docs/SHIELD/2-Deploy/Reference/Required-Graph-API-Permissions.md rename to docs/SHIELD/Deploy/Reference/Required-Graph-API-Permissions.md diff --git a/docs/SHIELD/2-Deploy/Reference/index.md b/docs/SHIELD/Deploy/Reference/index.md similarity index 100% rename from docs/SHIELD/2-Deploy/Reference/index.md rename to docs/SHIELD/Deploy/Reference/index.md diff --git a/docs/SHIELD/2-Deploy/Troubleshooting.md b/docs/SHIELD/Deploy/Troubleshooting.md similarity index 93% rename from docs/SHIELD/2-Deploy/Troubleshooting.md rename to docs/SHIELD/Deploy/Troubleshooting.md index 7f2e8d1..374a904 100644 --- a/docs/SHIELD/2-Deploy/Troubleshooting.md +++ b/docs/SHIELD/Deploy/Troubleshooting.md @@ -70,8 +70,8 @@ Yes. SHIELD can be redeployed using the same app interface or script, as long as ## Related Pages -- [Deploy Overview](../2-Deploy/index.md) -- [Deploy Usage Guide](../2-Deploy/Usage-Guide.md) -- [Deployment](../2-Deploy/Deployment/index.md) -- [Deploy Reference](../2-Deploy/Reference/index.md) +- [Deploy Overview](../Deploy/index.md) +- [Deploy Usage Guide](../Deploy/Usage-Guide.md) +- [Deployment](../Deploy/Deployment/index.md) +- [Deploy Reference](../Deploy/Reference/index.md) diff --git a/docs/SHIELD/2-Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 b/docs/SHIELD/Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 similarity index 100% rename from docs/SHIELD/2-Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 rename to docs/SHIELD/Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 diff --git a/docs/SHIELD/2-Deploy/Usage-Guide.md b/docs/SHIELD/Deploy/Usage-Guide.md similarity index 100% rename from docs/SHIELD/2-Deploy/Usage-Guide.md rename to docs/SHIELD/Deploy/Usage-Guide.md diff --git a/docs/SHIELD/2-Deploy/index.md b/docs/SHIELD/Deploy/index.md similarity index 100% rename from docs/SHIELD/2-Deploy/index.md rename to docs/SHIELD/Deploy/index.md diff --git a/docs/SHIELD/Deployment.md b/docs/SHIELD/Deployment.md index 39f1aca..e8c019b 100644 --- a/docs/SHIELD/Deployment.md +++ b/docs/SHIELD/Deployment.md @@ -80,18 +80,18 @@ Use the MSI installer for a guided, visual installation of Discover. #### Main Installer Screen -![Installer - Light](4-Discover/assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } -![Installer - Dark](4-Discover/assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } +![Installer - Light](Discover/assets/images/screenshots/Installer-Light.png#only-light){ loading=lazy } +![Installer - Dark](Discover/assets/images/screenshots/Installer-Dark.png#only-dark){ loading=lazy } #### Configuration Dropdown -![Dropdown - Light](4-Discover/assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } -![Dropdown - Dark](4-Discover/assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } +![Dropdown - Light](Discover/assets/images/screenshots/Dropdown-Light.png#only-light){ loading=lazy } +![Dropdown - Dark](Discover/assets/images/screenshots/Dropdown-Dark.png#only-dark){ loading=lazy } #### Advanced Configuration -![Advanced Config - Light](4-Discover/assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } -![Advanced Config - Dark](4-Discover/assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } +![Advanced Config - Light](Discover/assets/images/screenshots/AdvancedConfig-Light.png#only-light){ loading=lazy } +![Advanced Config - Dark](Discover/assets/images/screenshots/AdvancedConfig-Dark.png#only-dark){ loading=lazy } !!! note "Shortcut Behavior" Desktop shortcuts are only created for user-scoped installs. Machine-wide installs must be launched via CLI. diff --git a/docs/SHIELD/Discover/.pages b/docs/SHIELD/Discover/.pages new file mode 100644 index 0000000..c482cf4 --- /dev/null +++ b/docs/SHIELD/Discover/.pages @@ -0,0 +1,7 @@ +title: Discover +nav: + - index.md + - Deployment + - Usage-Guide.md + - Reference + - Troubleshooting.md diff --git a/docs/SHIELD/4-Discover/Deployment/index.md b/docs/SHIELD/Discover/Deployment/index.md similarity index 100% rename from docs/SHIELD/4-Discover/Deployment/index.md rename to docs/SHIELD/Discover/Deployment/index.md diff --git a/docs/SHIELD/4-Discover/Reference/Architecture/Infrastructure.md b/docs/SHIELD/Discover/Reference/Architecture/Infrastructure.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Architecture/Infrastructure.md rename to docs/SHIELD/Discover/Reference/Architecture/Infrastructure.md diff --git a/docs/SHIELD/4-Discover/Reference/Architecture/Process-Flow.md b/docs/SHIELD/Discover/Reference/Architecture/Process-Flow.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Architecture/Process-Flow.md rename to docs/SHIELD/Discover/Reference/Architecture/Process-Flow.md diff --git a/docs/SHIELD/4-Discover/Reference/Azure-SQL-Database.md b/docs/SHIELD/Discover/Reference/Azure-SQL-Database.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Azure-SQL-Database.md rename to docs/SHIELD/Discover/Reference/Azure-SQL-Database.md diff --git a/docs/SHIELD/4-Discover/Reference/Database-Schema.md b/docs/SHIELD/Discover/Reference/Database-Schema.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Database-Schema.md rename to docs/SHIELD/Discover/Reference/Database-Schema.md diff --git a/docs/SHIELD/4-Discover/Reference/Plugins/DefenderEndpoint.md b/docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Plugins/DefenderEndpoint.md rename to docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md diff --git a/docs/SHIELD/4-Discover/Reference/Plugins/DefenderIdentity.md b/docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Plugins/DefenderIdentity.md rename to docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md diff --git a/docs/SHIELD/4-Discover/Reference/Plugins/EntraID.md b/docs/SHIELD/Discover/Reference/Plugins/EntraID.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Plugins/EntraID.md rename to docs/SHIELD/Discover/Reference/Plugins/EntraID.md diff --git a/docs/SHIELD/4-Discover/Reference/Reserved-Principals.md b/docs/SHIELD/Discover/Reference/Reserved-Principals.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Reserved-Principals.md rename to docs/SHIELD/Discover/Reference/Reserved-Principals.md diff --git a/docs/SHIELD/4-Discover/Reference/Supported-Licenses.md b/docs/SHIELD/Discover/Reference/Supported-Licenses.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/Supported-Licenses.md rename to docs/SHIELD/Discover/Reference/Supported-Licenses.md diff --git a/docs/SHIELD/4-Discover/Reference/index.md b/docs/SHIELD/Discover/Reference/index.md similarity index 100% rename from docs/SHIELD/4-Discover/Reference/index.md rename to docs/SHIELD/Discover/Reference/index.md diff --git a/docs/SHIELD/4-Discover/Troubleshooting.md b/docs/SHIELD/Discover/Troubleshooting.md similarity index 100% rename from docs/SHIELD/4-Discover/Troubleshooting.md rename to docs/SHIELD/Discover/Troubleshooting.md diff --git a/docs/SHIELD/4-Discover/Usage-Guide.md b/docs/SHIELD/Discover/Usage-Guide.md similarity index 100% rename from docs/SHIELD/4-Discover/Usage-Guide.md rename to docs/SHIELD/Discover/Usage-Guide.md diff --git a/docs/SHIELD/4-Discover/assets/images/screenshots/AdvancedConfig-Dark.png b/docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Dark.png similarity index 100% rename from docs/SHIELD/4-Discover/assets/images/screenshots/AdvancedConfig-Dark.png rename to docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Dark.png diff --git a/docs/SHIELD/4-Discover/assets/images/screenshots/AdvancedConfig-Light.png b/docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Light.png similarity index 100% rename from docs/SHIELD/4-Discover/assets/images/screenshots/AdvancedConfig-Light.png rename to docs/SHIELD/Discover/assets/images/screenshots/AdvancedConfig-Light.png diff --git a/docs/SHIELD/4-Discover/assets/images/screenshots/Dropdown-Dark.png b/docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Dark.png similarity index 100% rename from docs/SHIELD/4-Discover/assets/images/screenshots/Dropdown-Dark.png rename to docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Dark.png diff --git a/docs/SHIELD/4-Discover/assets/images/screenshots/Dropdown-Light.png b/docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Light.png similarity index 100% rename from docs/SHIELD/4-Discover/assets/images/screenshots/Dropdown-Light.png rename to docs/SHIELD/Discover/assets/images/screenshots/Dropdown-Light.png diff --git a/docs/SHIELD/4-Discover/assets/images/screenshots/Installer-Dark.png b/docs/SHIELD/Discover/assets/images/screenshots/Installer-Dark.png similarity index 100% rename from docs/SHIELD/4-Discover/assets/images/screenshots/Installer-Dark.png rename to docs/SHIELD/Discover/assets/images/screenshots/Installer-Dark.png diff --git a/docs/SHIELD/4-Discover/assets/images/screenshots/Installer-Light.png b/docs/SHIELD/Discover/assets/images/screenshots/Installer-Light.png similarity index 100% rename from docs/SHIELD/4-Discover/assets/images/screenshots/Installer-Light.png rename to docs/SHIELD/Discover/assets/images/screenshots/Installer-Light.png diff --git a/docs/SHIELD/4-Discover/assets/threat-models/infrastructure.tm7 b/docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 similarity index 100% rename from docs/SHIELD/4-Discover/assets/threat-models/infrastructure.tm7 rename to docs/SHIELD/Discover/assets/threat-models/infrastructure.tm7 diff --git a/docs/SHIELD/4-Discover/index.md b/docs/SHIELD/Discover/index.md similarity index 100% rename from docs/SHIELD/4-Discover/index.md rename to docs/SHIELD/Discover/index.md diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index 0c31bd5..a0a69d8 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -17,7 +17,7 @@ SHIELD automates secure deployment and lifecycle management using Microsoft 365 ### Environment Requirements - ✅ Deploying user must have **Global Admin Rights** -- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](3-Defend/Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** +- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](Defend/Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** - ✅ [Security Defaults](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) must be disabled in Entra ID - ✅ [Certificate Authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) must be disabled for SHIELD’s security groups @@ -31,7 +31,7 @@ SHIELD uses `M3` and `M5` to refer to Microsoft 365 license families, abstractin |------|---------|--------------------------| | **ESM** (Enterprise Security Mode) | M3 or equivalent | Devices must be Hybrid or Cloud Joined | | **SSM** (Specialized Security Mode) | M5 or equivalent | Devices must be Hybrid or Cloud Joined | -| **PSM** (Privileged Security Mode) | M5 or equivalent | Devices must be Autopilot-registered and [Secure Core Certified](3-Defend/Reference/Hardware-Selection.md) | +| **PSM** (Privileged Security Mode) | M5 or equivalent | Devices must be Autopilot-registered and [Secure Core Certified](Defend/Reference/Hardware-Selection.md) | --- @@ -65,9 +65,9 @@ Discover uses read-only Entra ID roles for configuration queries. These permissi **Related plugin guides:** docs\SHIELD\Reference\Plugins\DefenderEndpoint.md -- 📄 [Defender for Endpoint](4-Discover/Reference/Plugins/DefenderEndpoint.md) -- 📄 [Defender for Identity](4-Discover/Reference/Plugins/DefenderIdentity.md) -- 📄 [Entra ID](4-Discover/Reference/Plugins/EntraID.md) +- 📄 [Defender for Endpoint](Discover/Reference/Plugins/DefenderEndpoint.md) +- 📄 [Defender for Identity](Discover/Reference/Plugins/DefenderIdentity.md) +- 📄 [Entra ID](Discover/Reference/Plugins/EntraID.md) !!! info "Permissions Note" Discover will never modify your configuration. All operations are read-only and scoped to data retrieval. @@ -129,7 +129,7 @@ Get-Help -Name 'Add-AzLicenseDb' -Full ## Related Pages -- 📄 [Hardware Requirements](3-Defend/Reference/Hardware-Selection.md) +- 📄 [Hardware Requirements](Defend/Reference/Hardware-Selection.md) - 📄 [Deployment Guide](Deployment.md) - 📄 [Azure SQL Setup](Deployment.md#azure-sql-database-setup) - 📄 [Silent Installation Instructions](Deployment.md#silent-installation-script-based) diff --git a/docs/SHIELD/Reference.md b/docs/SHIELD/Reference.md index 4dad189..540bb05 100644 --- a/docs/SHIELD/Reference.md +++ b/docs/SHIELD/Reference.md @@ -96,15 +96,15 @@ The following flowcharts describe what happens behind the scenes during key life ### Device Workflows -- 📊 [Device Commissioning](3-Defend/Reference/Diagrams/Device-Commission.md) -- 📊 [Device Decommissioning](3-Defend/Reference/Diagrams/Device-Decommission.md) -- 📊 [Device Assignment](3-Defend/Reference/Diagrams/Device-Assign.md) -- 📊 [Device Unassignment](3-Defend/Reference/Diagrams/Device-Unassign.md) +- 📊 [Device Commissioning](Defend/Reference/Diagrams/Device-Commission.md) +- 📊 [Device Decommissioning](Defend/Reference/Diagrams/Device-Decommission.md) +- 📊 [Device Assignment](Defend/Reference/Diagrams/Device-Assign.md) +- 📊 [Device Unassignment](Defend/Reference/Diagrams/Device-Unassign.md) ### User Workflows -- 📊 [User Commissioning](3-Defend/Reference/Diagrams/User-Commission.md) -- 📊 [User Decommissioning](3-Defend/Reference/Diagrams/User-Decommission.md) +- 📊 [User Commissioning](Defend/Reference/Diagrams/User-Commission.md) +- 📊 [User Decommissioning](Defend/Reference/Diagrams/User-Decommission.md) These diagrams match the logic used in the SHIELD backend and provide a visual reference for each action. diff --git a/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md index 2c75c5e..4916c63 100644 --- a/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md +++ b/docs/SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md @@ -49,7 +49,7 @@ Technical details on the properties/values that can be set on the root/common sc This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates privileged configurations from other [security classes](../../../2-Deploy/index.md#what-is-spa). +This is the ID of the Intune Role Scope Tag that separates privileged configurations from other [security classes](../../../Deploy/index.md#what-is-spa). **Example:** `PsmId=21` @@ -62,7 +62,7 @@ This is the ID of the Intune Role Scope Tag that separates privileged configurat This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates specialized configurations from other [security classes](../../../2-Deploy/index.md#what-is-spa). +This is the ID of the Intune Role Scope Tag that separates specialized configurations from other [security classes](../../../Deploy/index.md#what-is-spa). **Example:** `SsmId=21` @@ -75,7 +75,7 @@ This is the ID of the Intune Role Scope Tag that separates specialized configura This is a whole number that is the unique ID of the scope tag. **Description:** -This is the ID of the Intune Role Scope Tag that separates enterprise configurations from other [security classes](../../../2-Deploy/index.md#what-is-spa). +This is the ID of the Intune Role Scope Tag that separates enterprise configurations from other [security classes](../../../Deploy/index.md#what-is-spa). **Example:** `EsmId=21` diff --git a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md index 3a47ac0..154f122 100644 --- a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md +++ b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md @@ -34,7 +34,7 @@ No fear, PowerShell is here! Check out this PowerShell app: The PowerShell app will graphically list all the managed identities, let you select one, then graphically list all the Graph API permissions you can assign it. Assign the permissions listed here: -[Required Graph API Permissions](../../2-Deploy/Reference/Required-Graph-API-Permissions.md) +[Required Graph API Permissions](../../Deploy/Reference/Required-Graph-API-Permissions.md) For more information on how the PowerShell app works, check out this MS Docs article: diff --git a/docs/SHIELD/Usage-Guide.md b/docs/SHIELD/Usage-Guide.md index 15e438f..fdb141d 100644 --- a/docs/SHIELD/Usage-Guide.md +++ b/docs/SHIELD/Usage-Guide.md @@ -50,8 +50,8 @@ Device operations are performed through the Lifecycle interface. The following g - Adds devices to SHIELD management - Privileged devices are wiped/reset before being configured -📖 [Commission a Device](3-Defend/Usage-Guide/Device/0-Commission.md) -📊 [Commission Workflow Diagram](3-Defend/Reference/Diagrams/Device-Commission.md) +📖 [Commission a Device](Defend/Usage-Guide/Device/0-Commission.md) +📊 [Commission Workflow Diagram](Defend/Reference/Diagrams/Device-Commission.md) --- @@ -60,8 +60,8 @@ Device operations are performed through the Lifecycle interface. The following g - Removes the device from SHIELD - Privileged devices are reset and removed from their assigned groups -📖 [Decommission a Device](3-Defend/Usage-Guide/Device/1-Decommission.md) -📊 [Decommission Workflow Diagram](3-Defend/Reference/Diagrams/Device-Decommission.md) +📖 [Decommission a Device](Defend/Usage-Guide/Device/1-Decommission.md) +📊 [Decommission Workflow Diagram](Defend/Reference/Diagrams/Device-Decommission.md) --- @@ -70,8 +70,8 @@ Device operations are performed through the Lifecycle interface. The following g - Assigns allowed users to a privileged device - All other users are blocked from login -📖 [Assign User](3-Defend/Usage-Guide/Device/2-Assign.md) -📊 [Assignment Workflow](3-Defend/Reference/Diagrams/Device-Assign.md) +📖 [Assign User](Defend/Usage-Guide/Device/2-Assign.md) +📊 [Assignment Workflow](Defend/Reference/Diagrams/Device-Assign.md) --- @@ -80,8 +80,8 @@ Device operations are performed through the Lifecycle interface. The following g - Removes users from a PAW - If no users remain, a wipe command is triggered -📖 [Unassign User](3-Defend/Usage-Guide/Device/3-Unassign.md) -📊 [Unassign Workflow](3-Defend/Reference/Diagrams/Device-Unassign.md) +📖 [Unassign User](Defend/Usage-Guide/Device/3-Unassign.md) +📊 [Unassign Workflow](Defend/Reference/Diagrams/Device-Unassign.md) --- @@ -94,8 +94,8 @@ SHIELD manages three user types — Privileged, Specialized, and Enterprise — - Adds an existing Entra ID user or creates a new cloud-only privileged account - Temporary credentials are shown upon creation -📖 [Commission a User](3-Defend/Usage-Guide/User/Commission.md) -📊 [Commission Workflow](3-Defend/Reference/Diagrams/User-Commission.md) +📖 [Commission a User](Defend/Usage-Guide/User/Commission.md) +📊 [Commission Workflow](Defend/Reference/Diagrams/User-Commission.md) --- @@ -104,8 +104,8 @@ SHIELD manages three user types — Privileged, Specialized, and Enterprise — - Removes the user from SHIELD - Privileged accounts are deleted; others are de-tagged -📖 [Decommission a User](3-Defend/Usage-Guide/User/Decommission.md) -📊 [Decommission Workflow](3-Defend/Reference/Diagrams/User-Decommission.md) +📖 [Decommission a User](Defend/Usage-Guide/User/Decommission.md) +📊 [Decommission Workflow](Defend/Reference/Diagrams/User-Decommission.md) --- diff --git a/docs/SHIELD/index.md b/docs/SHIELD/index.md index 8ae841e..7181f1a 100644 --- a/docs/SHIELD/index.md +++ b/docs/SHIELD/index.md @@ -44,5 +44,5 @@ In the rest of the documentation, we will provide detailed instructions on how t - Change Log - Coming Soon! - [SHIELD Architecture](Reference/Architecture/index.md) - [API Documentation](Reference/Development/OpenAPI.md) -- [Troubleshooting](2-Deploy/Troubleshooting.md) +- [Troubleshooting](Deploy/Troubleshooting.md) - [Contact Us](https://shilab.com/contact) diff --git a/docs/index.md b/docs/index.md index 0244512..16681ef 100644 --- a/docs/index.md +++ b/docs/index.md @@ -20,10 +20,10 @@ Manages the state of security tenant wide using a multi-tiered architecture. ### Defend -[:mag: Defend](SHIELD/3-Defend/Usage-Guide/index.md){ .md-button } +[:mag: Defend](SHIELD/Defend/Usage-Guide/index.md){ .md-button } ### Discover Retrieves and validates the state of license compliance tenant wide. -[:mag: Discover](SHIELD/4-Discover/index.md){ .md-button } +[:mag: Discover](SHIELD/Discover/index.md){ .md-button } diff --git a/mkdocs.yml b/mkdocs.yml index 1ca5c77..51e17d0 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -81,6 +81,7 @@ plugins: - glightbox - privacy - search + - awesome-pages extra: homepage: https://shilab.com consent: diff --git a/requirements.txt b/requirements.txt index fc06472..8da6011 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,5 @@ mkdocs == 1.6.1 mkdocs-material == 9.6.9 mkdocs-glightbox == 0.4.0 +mkdocs-awesome-pages-plugin==2.10.1 + From 2ac921d33955e68533c68db8b4cf492bf8948a05 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 14:36:39 -0500 Subject: [PATCH 20/26] Rename + Clean Up Getting Started --- docs/SHIELD/.pages | 2 +- docs/SHIELD/1-Getting-Started/index.md | 17 ----------------- docs/SHIELD/Defend/Deployment.md | 2 +- docs/SHIELD/Deploy/Deployment/index.md | 2 +- docs/SHIELD/Deploy/Usage-Guide.md | 2 +- docs/SHIELD/Deploy/index.md | 2 +- .../{Deployment.md => Getting-Started.md} | 2 +- docs/SHIELD/Prerequisites.md | 10 +++++----- docs/SHIELD/Reference.md | 2 +- docs/SHIELD/Usage-Guide.md | 2 +- 10 files changed, 13 insertions(+), 30 deletions(-) delete mode 100644 docs/SHIELD/1-Getting-Started/index.md rename docs/SHIELD/{Deployment.md => Getting-Started.md} (99%) diff --git a/docs/SHIELD/.pages b/docs/SHIELD/.pages index a5840c6..a2e1cb8 100644 --- a/docs/SHIELD/.pages +++ b/docs/SHIELD/.pages @@ -2,7 +2,7 @@ title: SHIELD nav: - index.md - Prerequisites.md - - Deployment.md + - Getting-Started.md - Usage-Guide.md - Reference.md - Deploy diff --git a/docs/SHIELD/1-Getting-Started/index.md b/docs/SHIELD/1-Getting-Started/index.md deleted file mode 100644 index 1374b1d..0000000 --- a/docs/SHIELD/1-Getting-Started/index.md +++ /dev/null @@ -1,17 +0,0 @@ -# Overview - -To use the app, two primary deployments must happen: the server and the architectural core infrastructure. -The server is deployed first then the server deploys the core infrastructure. - -1. To deploy the server, chose from one of the below deployment methods:
- - - [:fontawesome-solid-file-zipper: Deploy Using Manual Method](../Deployment.md#manual-deployment-shield){ .md-button } - -2. Deploy the core infrastructure using the Web UI:
- - [:octicons-rocket-24: Deploy Core Infrastructure](../Deploy/Usage-Guide.md){ .md-button } - -3. Manage your infrastructure using the SHIELD app's Lifecycle management engine:
- - [:fontawesome-solid-rotate: Manage Lifecycle](../Defend/Usage-Guide/index.md){ .md-button } diff --git a/docs/SHIELD/Defend/Deployment.md b/docs/SHIELD/Defend/Deployment.md index 425bc14..a5921cf 100644 --- a/docs/SHIELD/Defend/Deployment.md +++ b/docs/SHIELD/Defend/Deployment.md @@ -56,4 +56,4 @@ To use Defend, the following must already be deployed: - [Defend Usage Guide](Usage-Guide/index.md) - [Defend Reference](Reference/index.md) - [Troubleshooting](Troubleshooting.md) -- [SHIELD Platform Deployment](../Deployment.md) \ No newline at end of file +- [SHIELD Platform Deployment](../Getting-Started.md) \ No newline at end of file diff --git a/docs/SHIELD/Deploy/Deployment/index.md b/docs/SHIELD/Deploy/Deployment/index.md index 4e31ef3..717b952 100644 --- a/docs/SHIELD/Deploy/Deployment/index.md +++ b/docs/SHIELD/Deploy/Deployment/index.md @@ -74,5 +74,5 @@ These cannot be renamed or deleted through the SHIELD UI. - [Deploy Usage Guide](../Usage-Guide.md) - [Reference Docs](../Reference/index.md) - [Troubleshooting](../Troubleshooting.md) -- [Full SHIELD Deployment](../../Deployment.md) +- [Full SHIELD Deployment](../../Getting-Started.md) diff --git a/docs/SHIELD/Deploy/Usage-Guide.md b/docs/SHIELD/Deploy/Usage-Guide.md index f89b2d1..44cc914 100644 --- a/docs/SHIELD/Deploy/Usage-Guide.md +++ b/docs/SHIELD/Deploy/Usage-Guide.md @@ -77,6 +77,6 @@ Once core deployment is complete, your SHIELD UI will provide management cards f ## Related Pages - [Deploy Overview](index.md) -- [Deployment Guide](../Deployment.md) +- [Deployment Guide](../Getting-Started.md) - [Reference Docs](Reference/index.md) - [Troubleshooting](Troubleshooting.md) \ No newline at end of file diff --git a/docs/SHIELD/Deploy/index.md b/docs/SHIELD/Deploy/index.md index ce7c525..7281767 100644 --- a/docs/SHIELD/Deploy/index.md +++ b/docs/SHIELD/Deploy/index.md @@ -76,7 +76,7 @@ By centralizing and automating the deployment of SPA, the Deploy module: ## Related Pages -- [Deployment Guide](../Deployment.md) +- [Deployment Guide](../Getting-Started.md) - [Deploy Usage Guide](Usage-Guide.md) - [Deploy Reference](Reference/index.md) - [Troubleshooting Deploy Module](Troubleshooting.md) diff --git a/docs/SHIELD/Deployment.md b/docs/SHIELD/Getting-Started.md similarity index 99% rename from docs/SHIELD/Deployment.md rename to docs/SHIELD/Getting-Started.md index e8c019b..1712f3e 100644 --- a/docs/SHIELD/Deployment.md +++ b/docs/SHIELD/Getting-Started.md @@ -1,4 +1,4 @@ -# Deployment +# Getting Started This page outlines how to deploy SHIELD and Discover, including manual installation, silent installs, SQL configuration, and the upcoming Azure Marketplace integration. diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites.md index a0a69d8..5a8442f 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites.md @@ -78,7 +78,7 @@ docs\SHIELD\Reference\Plugins\DefenderEndpoint.md An Azure SQL Database is required to store audit results. You can use an existing DB or provision a new one. -📖 [Deployment → Azure SQL Database Setup](Deployment.md#azure-sql-database-setup) +📖 [Deployment → Azure SQL Database Setup](Getting-Started.md#azure-sql-database-setup) **Required:** @@ -130,7 +130,7 @@ Get-Help -Name 'Add-AzLicenseDb' -Full ## Related Pages - 📄 [Hardware Requirements](Defend/Reference/Hardware-Selection.md) -- 📄 [Deployment Guide](Deployment.md) -- 📄 [Azure SQL Setup](Deployment.md#azure-sql-database-setup) -- 📄 [Silent Installation Instructions](Deployment.md#silent-installation-script-based) -- 📄 [Standard Installation Instructions](Deployment.md#standard-installation-gui-based) \ No newline at end of file +- 📄 [Deployment Guide](Getting-Started.md) +- 📄 [Azure SQL Setup](Getting-Started.md#azure-sql-database-setup) +- 📄 [Silent Installation Instructions](Getting-Started.md#silent-installation-script-based) +- 📄 [Standard Installation Instructions](Getting-Started.md#standard-installation-gui-based) \ No newline at end of file diff --git a/docs/SHIELD/Reference.md b/docs/SHIELD/Reference.md index 540bb05..cb20ad7 100644 --- a/docs/SHIELD/Reference.md +++ b/docs/SHIELD/Reference.md @@ -112,7 +112,7 @@ These diagrams match the logic used in the SHIELD backend and provide a visual r ## Related Pages -- [Deployment Guide](Deployment.md) +- [Deployment Guide](Getting-Started.md) - [Usage Guide](Usage-Guide.md) - [Prerequisites](Prerequisites.md) diff --git a/docs/SHIELD/Usage-Guide.md b/docs/SHIELD/Usage-Guide.md index fdb141d..c585aa4 100644 --- a/docs/SHIELD/Usage-Guide.md +++ b/docs/SHIELD/Usage-Guide.md @@ -19,7 +19,7 @@ These are deployed via the SHIELD UI at `{your-subdomain}.azurewebsites.net` usi !!! note "Immutable Components" Security groups, scope tags, and admin units cannot be changed after deployment. All other settings can be modified afterward. -📖 For step-by-step deployment instructions, see the [Deployment Guide](./Deployment.md) +📖 For step-by-step deployment instructions, see the [Deployment Guide](./Getting-Started.md) --- From 08286e5da84235a8481c10c7acb1d19d5849d0cb Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 14:45:55 -0500 Subject: [PATCH 21/26] Move Deploy Troubleshooting > Uninstall --- docs/SHIELD/Deploy/Troubleshooting.md | 75 ++---------------- docs/SHIELD/Reference/Uninstall.md | 77 +++++++++++++++++++ .../Scripts/Uninstall-ShieldArchitecture.ps1 | 0 3 files changed, 83 insertions(+), 69 deletions(-) create mode 100644 docs/SHIELD/Reference/Uninstall.md rename docs/SHIELD/{Deploy/Troubleshooting/Assets => }/Scripts/Uninstall-ShieldArchitecture.ps1 (100%) diff --git a/docs/SHIELD/Deploy/Troubleshooting.md b/docs/SHIELD/Deploy/Troubleshooting.md index 374a904..48bdfa4 100644 --- a/docs/SHIELD/Deploy/Troubleshooting.md +++ b/docs/SHIELD/Deploy/Troubleshooting.md @@ -1,77 +1,14 @@ # Troubleshooting -This section covers how to uninstall or reset SHIELD's Deploy module infrastructure and outlines common considerations for support and recovery scenarios. +🚧 **This section is still under development.** ---- - -## Uninstalling SHIELD Deploy Infrastructure - -The SHIELD platform uses multiple Microsoft 365 services to create configuration components. Removing these components manually is complex and can break your tenant setup. Use the provided uninstall script only if directed by SHI support. - -!!! danger "Data Loss Warning" - If you uninstall the architecture, **you will clear out any managed objects and configurations** deployed by the Deploy module. This procedure should only be followed if SHI explicitly instructs you to do so. - -!!! note "Stateless Server Reminder" - SHIELD’s application server is stateless. You can safely redeploy the app after cleanup without losing data stored in the Microsoft cloud (e.g., Intune tags, Entra groups). - ---- - -## Uninstall Procedure - -1. **Stop the SHIELD server** to prevent regeneration of infrastructure during cleanup. - -2. **Download the uninstall script**: - - 📥 [Uninstall-ShieldArchitecture.ps1](Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1) - -3. **Remove all Microsoft.Graph modules** to prevent version conflicts: - - ```powershell - Get-Module -Name '*Microsoft.Graph*' -ListAvailable | Uninstall-Module - ``` - -!!! note - You may have to run the above command twice because the order of operations tries to uninstall a dependency first rather than last. Running it the second time will remove the remaining dependency. - -4. **Install the correct version of Microsoft Graph Beta modules**: - - ```powershell - Install-Module -Name 'Microsoft.Graph.Beta' -RequiredVersion '2.1.0' -Scope 'AllUsers' - ``` - -5. **Run the uninstall script** to remove SHIELD-deployed infrastructure. - - The script is designed to remove: - - Entra ID groups and admin units - - Intune scope tags - - Conditional Access policies created by SHIELD - - It does **not** delete data outside the SHIELD-deployed infrastructure. - ---- - -## FAQs & Recovery Notes - -### What if the uninstall script fails? - -Try re-running the script. It is designed to be idempotent and will retry safely. Make sure you have proper permissions and the correct PowerShell modules installed. - -### Can I re-deploy SHIELD after uninstalling? - -Yes. SHIELD can be redeployed using the same app interface or script, as long as all infrastructure components have been successfully removed. - -### What is not removed? - -- Audit logs in Entra ID -- Device enrollment history -- Local device configurations if not managed via Intune +We are actively gathering feedback to build out comprehensive troubleshooting flows. Please check back soon for updated content. --- -## Related Pages +If you encounter any issues in the meantime: -- [Deploy Overview](../Deploy/index.md) -- [Deploy Usage Guide](../Deploy/Usage-Guide.md) -- [Deployment](../Deploy/Deployment/index.md) -- [Deploy Reference](../Deploy/Reference/index.md) +- Refer to the [Uninstall Guide](../Reference/Uninstall.md) for resetting the environment +- Review your deployment [prerequisites](../Prerequisites.md) +- Contact SHI Support for critical blocking errors diff --git a/docs/SHIELD/Reference/Uninstall.md b/docs/SHIELD/Reference/Uninstall.md new file mode 100644 index 0000000..cc75abf --- /dev/null +++ b/docs/SHIELD/Reference/Uninstall.md @@ -0,0 +1,77 @@ +# Uninstall + +This section covers how to uninstall or reset SHIELD's Deploy module infrastructure and outlines common considerations for support and recovery scenarios. + +--- + +## Uninstalling SHIELD Deploy Infrastructure + +The SHIELD platform uses multiple Microsoft 365 services to create configuration components. Removing these components manually is complex and can break your tenant setup. Use the provided uninstall script only if directed by SHI support. + +!!! danger "Data Loss Warning" + If you uninstall the architecture, **you will clear out any managed objects and configurations** deployed by the Deploy module. This procedure should only be followed if SHI explicitly instructs you to do so. + +!!! note "Stateless Server Reminder" + SHIELD’s application server is stateless. You can safely redeploy the app after cleanup without losing data stored in the Microsoft cloud (e.g., Intune tags, Entra groups). + +--- + +## Uninstall Procedure + +1. **Stop the SHIELD server** to prevent regeneration of infrastructure during cleanup. + +2. **Download the uninstall script**: + + 📥 [Uninstall-ShieldArchitecture.ps1](../Scripts/Uninstall-ShieldArchitecture.ps1) + +3. **Remove all Microsoft.Graph modules** to prevent version conflicts: + + ```powershell + Get-Module -Name '*Microsoft.Graph*' -ListAvailable | Uninstall-Module + ``` + +!!! note + You may have to run the above command twice because the order of operations tries to uninstall a dependency first rather than last. Running it the second time will remove the remaining dependency. + +4. **Install the correct version of Microsoft Graph Beta modules**: + + ```powershell + Install-Module -Name 'Microsoft.Graph.Beta' -RequiredVersion '2.1.0' -Scope 'AllUsers' + ``` + +5. **Run the uninstall script** to remove SHIELD-deployed infrastructure. + + The script is designed to remove: + - Entra ID groups and admin units + - Intune scope tags + - Conditional Access policies created by SHIELD + + It does **not** delete data outside the SHIELD-deployed infrastructure. + +--- + +## FAQs & Recovery Notes + +### What if the uninstall script fails? + +Try re-running the script. It is designed to be idempotent and will retry safely. Make sure you have proper permissions and the correct PowerShell modules installed. + +### Can I re-deploy SHIELD after uninstalling? + +Yes. SHIELD can be redeployed using the same app interface or script, as long as all infrastructure components have been successfully removed. + +### What is not removed? + +- Audit logs in Entra ID +- Device enrollment history +- Local device configurations if not managed via Intune + +--- + +## Related Pages + +- [Deploy Overview](../Deploy/index.md) +- [Deploy Usage Guide](../Deploy/Usage-Guide.md) +- [Deployment](../Deploy/Deployment/index.md) +- [Deploy Reference](../Deploy/Reference/index.md) + diff --git a/docs/SHIELD/Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 b/docs/SHIELD/Scripts/Uninstall-ShieldArchitecture.ps1 similarity index 100% rename from docs/SHIELD/Deploy/Troubleshooting/Assets/Scripts/Uninstall-ShieldArchitecture.ps1 rename to docs/SHIELD/Scripts/Uninstall-ShieldArchitecture.ps1 From f559493003485fc3f287caf0b41311a3ab34baef Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Wed, 2 Apr 2025 14:53:30 -0500 Subject: [PATCH 22/26] =?UTF-8?q?Move=20Required=20Graph=20API=20=E2=86=92?= =?UTF-8?q?=20SHIELD/Prerequisites?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/SHIELD/.pages | 2 +- docs/SHIELD/Defend/Prerequisites.md | 4 ++-- docs/SHIELD/Deploy/Troubleshooting.md | 2 +- docs/SHIELD/Getting-Started.md | 2 +- .../Required-Graph-API-Permissions.md | 0 .../index.md} | 22 +++++++++---------- docs/SHIELD/Reference.md | 2 +- .../Settings/Configure-Managed-Identity.md | 2 +- docs/SHIELD/index.md | 2 +- docs/index.md | 2 +- 10 files changed, 20 insertions(+), 20 deletions(-) rename docs/SHIELD/{Deploy/Reference => Prerequisites}/Required-Graph-API-Permissions.md (100%) rename docs/SHIELD/{Prerequisites.md => Prerequisites/index.md} (83%) diff --git a/docs/SHIELD/.pages b/docs/SHIELD/.pages index a2e1cb8..ce8c904 100644 --- a/docs/SHIELD/.pages +++ b/docs/SHIELD/.pages @@ -1,7 +1,7 @@ title: SHIELD nav: - index.md - - Prerequisites.md + - Prerequisites - Getting-Started.md - Usage-Guide.md - Reference.md diff --git a/docs/SHIELD/Defend/Prerequisites.md b/docs/SHIELD/Defend/Prerequisites.md index 15ef77b..cc285f8 100644 --- a/docs/SHIELD/Defend/Prerequisites.md +++ b/docs/SHIELD/Defend/Prerequisites.md @@ -15,7 +15,7 @@ The Defend module relies on infrastructure that must be deployed via the Deploy - Entra ID Administrative Units and security groups are provisioned - Intune is configured with scope tags -📖 See [SHIELD Platform Prerequisites](../Prerequisites.md) +📖 See [SHIELD Platform Prerequisites](../Prerequisites/index.md) --- @@ -62,5 +62,5 @@ To verify: - [Defend Deployment](Deployment.md) - [Defend Usage Guide](Usage-Guide/index.md) - [Hardware Requirements](Reference/index.md) -- [SHIELD Prerequisites](../Prerequisites.md) +- [SHIELD Prerequisites](../Prerequisites/index.md) diff --git a/docs/SHIELD/Deploy/Troubleshooting.md b/docs/SHIELD/Deploy/Troubleshooting.md index 48bdfa4..92b26ef 100644 --- a/docs/SHIELD/Deploy/Troubleshooting.md +++ b/docs/SHIELD/Deploy/Troubleshooting.md @@ -9,6 +9,6 @@ We are actively gathering feedback to build out comprehensive troubleshooting fl If you encounter any issues in the meantime: - Refer to the [Uninstall Guide](../Reference/Uninstall.md) for resetting the environment -- Review your deployment [prerequisites](../Prerequisites.md) +- Review your deployment [prerequisites](../Prerequisites/index.md) - Contact SHI Support for critical blocking errors diff --git a/docs/SHIELD/Getting-Started.md b/docs/SHIELD/Getting-Started.md index 1712f3e..50e3fec 100644 --- a/docs/SHIELD/Getting-Started.md +++ b/docs/SHIELD/Getting-Started.md @@ -191,5 +191,5 @@ Get-Help -Name 'Add-AzLicenseDb' -Full - [Standard Installation](#standard-installation-gui-based) - [Silent Installation](#silent-installation-script-based) -- [Azure SQL Setup (from Prerequisites)](Prerequisites.md#azure-sql-setup) +- [Azure SQL Setup (from Prerequisites)](Prerequisites/index.md#azure-sql-setup) diff --git a/docs/SHIELD/Deploy/Reference/Required-Graph-API-Permissions.md b/docs/SHIELD/Prerequisites/Required-Graph-API-Permissions.md similarity index 100% rename from docs/SHIELD/Deploy/Reference/Required-Graph-API-Permissions.md rename to docs/SHIELD/Prerequisites/Required-Graph-API-Permissions.md diff --git a/docs/SHIELD/Prerequisites.md b/docs/SHIELD/Prerequisites/index.md similarity index 83% rename from docs/SHIELD/Prerequisites.md rename to docs/SHIELD/Prerequisites/index.md index 5a8442f..1bf3556 100644 --- a/docs/SHIELD/Prerequisites.md +++ b/docs/SHIELD/Prerequisites/index.md @@ -17,7 +17,7 @@ SHIELD automates secure deployment and lifecycle management using Microsoft 365 ### Environment Requirements - ✅ Deploying user must have **Global Admin Rights** -- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](Defend/Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** +- ✅ Microsoft Defender for Endpoint must be provisioned. See [Defend Usage Guide](../Defend/Usage-Guide/index.md), under **Defender for Endpoint Workspace Creation** - ✅ [Security Defaults](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#disabling-security-defaults) must be disabled in Entra ID - ✅ [Certificate Authentication](https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-certificate-based-authentication#step-2-enable-cba-on-the-tenant) must be disabled for SHIELD’s security groups @@ -31,7 +31,7 @@ SHIELD uses `M3` and `M5` to refer to Microsoft 365 license families, abstractin |------|---------|--------------------------| | **ESM** (Enterprise Security Mode) | M3 or equivalent | Devices must be Hybrid or Cloud Joined | | **SSM** (Specialized Security Mode) | M5 or equivalent | Devices must be Hybrid or Cloud Joined | -| **PSM** (Privileged Security Mode) | M5 or equivalent | Devices must be Autopilot-registered and [Secure Core Certified](Defend/Reference/Hardware-Selection.md) | +| **PSM** (Privileged Security Mode) | M5 or equivalent | Devices must be Autopilot-registered and [Secure Core Certified](../Defend/Reference/Hardware-Selection.md) | --- @@ -65,9 +65,9 @@ Discover uses read-only Entra ID roles for configuration queries. These permissi **Related plugin guides:** docs\SHIELD\Reference\Plugins\DefenderEndpoint.md -- 📄 [Defender for Endpoint](Discover/Reference/Plugins/DefenderEndpoint.md) -- 📄 [Defender for Identity](Discover/Reference/Plugins/DefenderIdentity.md) -- 📄 [Entra ID](Discover/Reference/Plugins/EntraID.md) +- 📄 [Defender for Endpoint](../Discover/Reference/Plugins/DefenderEndpoint.md) +- 📄 [Defender for Identity](../Discover/Reference/Plugins/DefenderIdentity.md) +- 📄 [Entra ID](../Discover/Reference/Plugins/EntraID.md) !!! info "Permissions Note" Discover will never modify your configuration. All operations are read-only and scoped to data retrieval. @@ -78,7 +78,7 @@ docs\SHIELD\Reference\Plugins\DefenderEndpoint.md An Azure SQL Database is required to store audit results. You can use an existing DB or provision a new one. -📖 [Deployment → Azure SQL Database Setup](Getting-Started.md#azure-sql-database-setup) +📖 [Deployment → Azure SQL Database Setup](../Getting-Started.md#azure-sql-database-setup) **Required:** @@ -129,8 +129,8 @@ Get-Help -Name 'Add-AzLicenseDb' -Full ## Related Pages -- 📄 [Hardware Requirements](Defend/Reference/Hardware-Selection.md) -- 📄 [Deployment Guide](Getting-Started.md) -- 📄 [Azure SQL Setup](Getting-Started.md#azure-sql-database-setup) -- 📄 [Silent Installation Instructions](Getting-Started.md#silent-installation-script-based) -- 📄 [Standard Installation Instructions](Getting-Started.md#standard-installation-gui-based) \ No newline at end of file +- 📄 [Hardware Requirements](../Defend/Reference/Hardware-Selection.md) +- 📄 [Deployment Guide](../Getting-Started.md) +- 📄 [Azure SQL Setup](../Getting-Started.md#azure-sql-database-setup) +- 📄 [Silent Installation Instructions](../Getting-Started.md#silent-installation-script-based) +- 📄 [Standard Installation Instructions](../Getting-Started.md#standard-installation-gui-based) \ No newline at end of file diff --git a/docs/SHIELD/Reference.md b/docs/SHIELD/Reference.md index cb20ad7..33f75cc 100644 --- a/docs/SHIELD/Reference.md +++ b/docs/SHIELD/Reference.md @@ -114,5 +114,5 @@ These diagrams match the logic used in the SHIELD backend and provide a visual r - [Deployment Guide](Getting-Started.md) - [Usage Guide](Usage-Guide.md) -- [Prerequisites](Prerequisites.md) +- [Prerequisites](Prerequisites/index.md) diff --git a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md index 154f122..762c2d0 100644 --- a/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md +++ b/docs/SHIELD/Reference/Settings/Configure-Managed-Identity.md @@ -34,7 +34,7 @@ No fear, PowerShell is here! Check out this PowerShell app: The PowerShell app will graphically list all the managed identities, let you select one, then graphically list all the Graph API permissions you can assign it. Assign the permissions listed here: -[Required Graph API Permissions](../../Deploy/Reference/Required-Graph-API-Permissions.md) +[Required Graph API Permissions](../../Prerequisites/Required-Graph-API-Permissions.md) For more information on how the PowerShell app works, check out this MS Docs article: diff --git a/docs/SHIELD/index.md b/docs/SHIELD/index.md index 7181f1a..2292df3 100644 --- a/docs/SHIELD/index.md +++ b/docs/SHIELD/index.md @@ -23,7 +23,7 @@ SHIELD is an orchestration tool in the larger security landscape. It does not br ## Prerequisites -Check out this page for more details: [Getting Started - Prerequisites](Prerequisites.md) +Check out this page for more details: [Getting Started - Prerequisites](Prerequisites/index.md) ## Recommended Environment diff --git a/docs/index.md b/docs/index.md index 16681ef..d6d23d2 100644 --- a/docs/index.md +++ b/docs/index.md @@ -16,7 +16,7 @@ Manages the state of security tenant wide using a multi-tiered architecture. ### Deploy -[:mag: Deploy](SHIELD/Prerequisites.md){ .md-button } +[:mag: Deploy](SHIELD/Prerequisites/index.md){ .md-button } ### Defend From 364b32535c39a286c8f96e632bdadecce8f66211 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Thu, 3 Apr 2025 13:22:06 -0500 Subject: [PATCH 23/26] Updates based on feedback --- docs/.pages | 5 +++++ docs/SHIELD/Discover/.pages | 2 ++ .../Discover/{Reference => }/Plugins/DefenderEndpoint.md | 2 +- .../Discover/{Reference => }/Plugins/DefenderIdentity.md | 2 +- docs/SHIELD/Discover/{Reference => }/Plugins/EntraID.md | 0 docs/SHIELD/Discover/Reference/index.md | 2 +- docs/SHIELD/Discover/{Reference => }/Supported-Licenses.md | 0 docs/SHIELD/Prerequisites/index.md | 6 +++--- 8 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 docs/.pages rename docs/SHIELD/Discover/{Reference => }/Plugins/DefenderEndpoint.md (94%) rename docs/SHIELD/Discover/{Reference => }/Plugins/DefenderIdentity.md (95%) rename docs/SHIELD/Discover/{Reference => }/Plugins/EntraID.md (100%) rename docs/SHIELD/Discover/{Reference => }/Supported-Licenses.md (100%) diff --git a/docs/.pages b/docs/.pages new file mode 100644 index 0000000..ff6b098 --- /dev/null +++ b/docs/.pages @@ -0,0 +1,5 @@ +nav: + - index.md + - SHIELD + - Data-Gateway + - Matrix \ No newline at end of file diff --git a/docs/SHIELD/Discover/.pages b/docs/SHIELD/Discover/.pages index c482cf4..975f0c7 100644 --- a/docs/SHIELD/Discover/.pages +++ b/docs/SHIELD/Discover/.pages @@ -3,5 +3,7 @@ nav: - index.md - Deployment - Usage-Guide.md + - Plugins + - Supported-Licenses.md - Reference - Troubleshooting.md diff --git a/docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md b/docs/SHIELD/Discover/Plugins/DefenderEndpoint.md similarity index 94% rename from docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md rename to docs/SHIELD/Discover/Plugins/DefenderEndpoint.md index 7903948..dfa7545 100644 --- a/docs/SHIELD/Discover/Reference/Plugins/DefenderEndpoint.md +++ b/docs/SHIELD/Discover/Plugins/DefenderEndpoint.md @@ -5,7 +5,7 @@ This is because the license data is coming from MDE and not the licensing system ## Licenses Checked -Please note that due to the way Microsoft makes this data available, the license report format uses the mappings found in the [Reserved Principals](../Reserved-Principals.md) page. +Please note that due to the way Microsoft makes this data available, the license report format uses the mappings found in the [Reserved Principals](../Reference/Reserved-Principals.md) page. - Defender for Business (SMB) - `bfc1bbd9-981b-4f71-9b82-17c35fd0e2a4` - Defender for Endpoint P1 - `292cc034-7b7c-4950-aaf5-943befd3f1d4` diff --git a/docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md b/docs/SHIELD/Discover/Plugins/DefenderIdentity.md similarity index 95% rename from docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md rename to docs/SHIELD/Discover/Plugins/DefenderIdentity.md index f4107ff..05c51a5 100644 --- a/docs/SHIELD/Discover/Reference/Plugins/DefenderIdentity.md +++ b/docs/SHIELD/Discover/Plugins/DefenderIdentity.md @@ -14,7 +14,7 @@ Other types of principals such as devices and groups are ignored. ## Licenses Checked -Please note that due to the way Microsoft makes this data available, the license report format uses the mappings found in the [Reserved Principals](../Reserved-Principals.md) page. +Please note that due to the way Microsoft makes this data available, the license report format uses the mappings found in the [Reserved Principals](../Reference/Reserved-Principals.md) page. - Defender for Identity - `14ab5db5-e6c4-4b20-b4bc-13e36fd2227f` diff --git a/docs/SHIELD/Discover/Reference/Plugins/EntraID.md b/docs/SHIELD/Discover/Plugins/EntraID.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Plugins/EntraID.md rename to docs/SHIELD/Discover/Plugins/EntraID.md diff --git a/docs/SHIELD/Discover/Reference/index.md b/docs/SHIELD/Discover/Reference/index.md index c39a245..3ee0a72 100644 --- a/docs/SHIELD/Discover/Reference/index.md +++ b/docs/SHIELD/Discover/Reference/index.md @@ -43,7 +43,7 @@ Discover analyzes how Microsoft 365 licenses are configured and applied. This in - Government (G1, G3, G5) - Frontline (F1, F3) -📖 License breakdown and mappings: [Supported Licenses](Supported-Licenses.md) +📖 License breakdown and mappings: [Supported Licenses](../Supported-Licenses.md) --- diff --git a/docs/SHIELD/Discover/Reference/Supported-Licenses.md b/docs/SHIELD/Discover/Supported-Licenses.md similarity index 100% rename from docs/SHIELD/Discover/Reference/Supported-Licenses.md rename to docs/SHIELD/Discover/Supported-Licenses.md diff --git a/docs/SHIELD/Prerequisites/index.md b/docs/SHIELD/Prerequisites/index.md index 1bf3556..7aae20f 100644 --- a/docs/SHIELD/Prerequisites/index.md +++ b/docs/SHIELD/Prerequisites/index.md @@ -65,9 +65,9 @@ Discover uses read-only Entra ID roles for configuration queries. These permissi **Related plugin guides:** docs\SHIELD\Reference\Plugins\DefenderEndpoint.md -- 📄 [Defender for Endpoint](../Discover/Reference/Plugins/DefenderEndpoint.md) -- 📄 [Defender for Identity](../Discover/Reference/Plugins/DefenderIdentity.md) -- 📄 [Entra ID](../Discover/Reference/Plugins/EntraID.md) +- 📄 [Defender for Endpoint](../Discover/Plugins/DefenderEndpoint.md) +- 📄 [Defender for Identity](../Discover/Plugins/DefenderIdentity.md) +- 📄 [Entra ID](../Discover/Plugins/EntraID.md) !!! info "Permissions Note" Discover will never modify your configuration. All operations are read-only and scoped to data retrieval. From f081515034f9964b44bde3e8c368ca34e1b30290 Mon Sep 17 00:00:00 2001 From: Elliot Huffman Date: Thu, 3 Apr 2025 14:39:49 -0400 Subject: [PATCH 24/26] Update MK Docs Version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 8da6011..e698af2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ mkdocs == 1.6.1 -mkdocs-material == 9.6.9 +mkdocs-material == 9.6.11 mkdocs-glightbox == 0.4.0 mkdocs-awesome-pages-plugin==2.10.1 From 8091614e2cb32e34461fc2a64c94ba8221fb9fd9 Mon Sep 17 00:00:00 2001 From: "Khalil O." Date: Thu, 3 Apr 2025 15:06:05 -0500 Subject: [PATCH 25/26] Updated nav --- docs/.pages | 5 -- docs/Data-Gateway/index.md | 4 +- docs/Matrix/index.md | 3 - docs/SHIELD/.pages | 11 ---- docs/SHIELD/Defend/.pages | 8 --- docs/SHIELD/Deploy/.pages | 7 --- docs/SHIELD/Deploy/Deployment/.pages | 1 - docs/SHIELD/Deploy/Reference/.pages | 1 - docs/SHIELD/Discover/.pages | 9 --- mkdocs.yml | 94 +++++++++++++++++++++++++++- requirements.txt | 1 - 11 files changed, 96 insertions(+), 48 deletions(-) delete mode 100644 docs/.pages delete mode 100644 docs/Matrix/index.md delete mode 100644 docs/SHIELD/.pages delete mode 100644 docs/SHIELD/Defend/.pages delete mode 100644 docs/SHIELD/Deploy/.pages delete mode 100644 docs/SHIELD/Deploy/Deployment/.pages delete mode 100644 docs/SHIELD/Deploy/Reference/.pages delete mode 100644 docs/SHIELD/Discover/.pages diff --git a/docs/.pages b/docs/.pages deleted file mode 100644 index ff6b098..0000000 --- a/docs/.pages +++ /dev/null @@ -1,5 +0,0 @@ -nav: - - index.md - - SHIELD - - Data-Gateway - - Matrix \ No newline at end of file diff --git a/docs/Data-Gateway/index.md b/docs/Data-Gateway/index.md index 6813cfa..3120a9a 100644 --- a/docs/Data-Gateway/index.md +++ b/docs/Data-Gateway/index.md @@ -1,3 +1,5 @@ # Data Gateway -Coming soon! +🚧 **This page is still under development.** + + diff --git a/docs/Matrix/index.md b/docs/Matrix/index.md deleted file mode 100644 index 056add9..0000000 --- a/docs/Matrix/index.md +++ /dev/null @@ -1,3 +0,0 @@ -# Cloud Matrix - -Coming soon! diff --git a/docs/SHIELD/.pages b/docs/SHIELD/.pages deleted file mode 100644 index ce8c904..0000000 --- a/docs/SHIELD/.pages +++ /dev/null @@ -1,11 +0,0 @@ -title: SHIELD -nav: - - index.md - - Prerequisites - - Getting-Started.md - - Usage-Guide.md - - Reference.md - - Deploy - - Defend - - Discover - - Reference diff --git a/docs/SHIELD/Defend/.pages b/docs/SHIELD/Defend/.pages deleted file mode 100644 index e2c631d..0000000 --- a/docs/SHIELD/Defend/.pages +++ /dev/null @@ -1,8 +0,0 @@ -title: Defend -nav: - - index.md - - Prerequisites.md - - Deployment.md - - Usage-Guide - - Reference - - Troubleshooting.md diff --git a/docs/SHIELD/Deploy/.pages b/docs/SHIELD/Deploy/.pages deleted file mode 100644 index c754428..0000000 --- a/docs/SHIELD/Deploy/.pages +++ /dev/null @@ -1,7 +0,0 @@ -title: Deploy -nav: - - index.md - - Deployment - - Usage-Guide.md - - Reference - - Troubleshooting.md diff --git a/docs/SHIELD/Deploy/Deployment/.pages b/docs/SHIELD/Deploy/Deployment/.pages deleted file mode 100644 index e6ef2d1..0000000 --- a/docs/SHIELD/Deploy/Deployment/.pages +++ /dev/null @@ -1 +0,0 @@ -title: Deployment \ No newline at end of file diff --git a/docs/SHIELD/Deploy/Reference/.pages b/docs/SHIELD/Deploy/Reference/.pages deleted file mode 100644 index 39277d6..0000000 --- a/docs/SHIELD/Deploy/Reference/.pages +++ /dev/null @@ -1 +0,0 @@ -title: Reference \ No newline at end of file diff --git a/docs/SHIELD/Discover/.pages b/docs/SHIELD/Discover/.pages deleted file mode 100644 index 975f0c7..0000000 --- a/docs/SHIELD/Discover/.pages +++ /dev/null @@ -1,9 +0,0 @@ -title: Discover -nav: - - index.md - - Deployment - - Usage-Guide.md - - Plugins - - Supported-Licenses.md - - Reference - - Troubleshooting.md diff --git a/mkdocs.yml b/mkdocs.yml index 51e17d0..3e912ff 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -81,7 +81,6 @@ plugins: - glightbox - privacy - search - - awesome-pages extra: homepage: https://shilab.com consent: @@ -135,3 +134,96 @@ extra: name: SHI's home on Instagram watch: - includes +nav: + - Home: index.md + + - SHIELD: + - Overview: SHIELD/index.md + - Prerequisites: + - Overview: SHIELD/Prerequisites/index.md + - Graph API Permissions: SHIELD/Prerequisites/Required-Graph-API-Permissions.md + - Getting Started: SHIELD/Getting-Started.md + - Usage Guide: SHIELD/Usage-Guide.md + + - Deploy: + - Overview: SHIELD/Deploy/index.md + - Deployment: SHIELD/Deploy/Deployment/index.md + - Usage Guide: SHIELD/Deploy/Usage-Guide.md + - Reference: SHIELD/Deploy/Reference/index.md + - Troubleshooting: SHIELD/Deploy/Troubleshooting.md + + - Defend: + - Overview: SHIELD/Defend/index.md + - Prerequisites: SHIELD/Defend/Prerequisites.md + - Deployment: SHIELD/Defend/Deployment.md + - Usage Guide: + - Overview: SHIELD/Defend/Usage-Guide/index.md + - Devices: + - Commission Device: SHIELD/Defend/Usage-Guide/Device/0-Commission.md + - Decommission Device: SHIELD/Defend/Usage-Guide/Device/1-Decommission.md + - Assign Device: SHIELD/Defend/Usage-Guide/Device/2-Assign.md + - Unassign Device: SHIELD/Defend/Usage-Guide/Device/3-Unassign.md + - Users: + - Commission User: SHIELD/Defend/Usage-Guide/User/Commission.md + - Decommission User: SHIELD/Defend/Usage-Guide/User/Decommission.md + - Reference: + - Overview: SHIELD/Defend/Reference/index.md + - Hardware Selection: SHIELD/Defend/Reference/Hardware-Selection.md + - Custom Apps: + - Corp VM: + - Index: SHIELD/Defend/Reference/Custom-Apps/Corp-VM/index.md + - Changelog: SHIELD/Defend/Reference/Custom-Apps/Corp-VM/Changelog.md + - Managed Installer Config: + - Index: SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/index.md + - Changelog: SHIELD/Defend/Reference/Custom-Apps/ManagedInstaller-Config/Changelog.md + - Security Config: + - Index: SHIELD/Defend/Reference/Custom-Apps/Security-Config/index.md + - Changelog: SHIELD/Defend/Reference/Custom-Apps/Security-Config/Changelog.md + - File Changes: SHIELD/Defend/Reference/Custom-Apps/Security-Config/File-Changes.md + - Registry Changes: SHIELD/Defend/Reference/Custom-Apps/Security-Config/Registry-Changes.md + - Diagrams: + - Device Commission: SHIELD/Defend/Reference/Diagrams/Device-Commission.md + - Device Decommission: SHIELD/Defend/Reference/Diagrams/Device-Decommission.md + - Device Assign: SHIELD/Defend/Reference/Diagrams/Device-Assign.md + - Device Unassign: SHIELD/Defend/Reference/Diagrams/Device-Unassign.md + - User Commission: SHIELD/Defend/Reference/Diagrams/User-Commission.md + - User Decommission: SHIELD/Defend/Reference/Diagrams/User-Decommission.md + - Lifecycle: + - Privileged Device Workflows: SHIELD/Defend/Reference/Lifecycle/Privileged Device Workflows.md + - Troubleshooting: SHIELD/Defend/Troubleshooting.md + + - Discover: + - Overview: SHIELD/Discover/index.md + - Deployment: SHIELD/Discover/Deployment/index.md + - Usage Guide: SHIELD/Discover/Usage-Guide.md + - Plugins: + - Entra ID: SHIELD/Discover/Plugins/EntraID.md + - Defender for Endpoint: SHIELD/Discover/Plugins/DefenderEndpoint.md + - Defender for Identity: SHIELD/Discover/Plugins/DefenderIdentity.md + - Supported Licenses: SHIELD/Discover/Supported-Licenses.md + - Reference: + - Overview: SHIELD/Discover/Reference/index.md + - Database Schema: SHIELD/Discover/Reference/Database-Schema.md + - Azure SQL Database: SHIELD/Discover/Reference/Azure-SQL-Database.md + - Reserved Principals: SHIELD/Discover/Reference/Reserved-Principals.md + - Architecture: + - Infrastructure: SHIELD/Discover/Reference/Architecture/Infrastructure.md + - Process Flow: SHIELD/Discover/Reference/Architecture/Process-Flow.md + - Troubleshooting: SHIELD/Discover/Troubleshooting.md + + - Reference: + - Architecture: + - Overview: SHIELD/Reference/Architecture/index.md + - Threat Model: SHIELD/Reference/Architecture/Threat-Models/ISV-To-Customer.md + - Review Template: SHIELD/Reference/Architecture/Review-Template.md + - Development: + - OpenAPI Spec: SHIELD/Reference/Development/OpenAPI.md + - Intune Scope Tag Format: SHIELD/Reference/Development/Data-Formats/Intune Scope Tag.md + - Settings: + - Configure Managed Identity: SHIELD/Reference/Settings/Configure-Managed-Identity.md + - Debug Mode: SHIELD/Reference/Settings/Debug-Mode.md + - Environment Variables: SHIELD/Reference/Settings/Environmental-Variables-Reference.md + - Uninstall: SHIELD/Reference/Uninstall.md + + - Data Gateway: + - Overview: Data-Gateway/index.md diff --git a/requirements.txt b/requirements.txt index 8da6011..2036665 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,4 @@ mkdocs == 1.6.1 mkdocs-material == 9.6.9 mkdocs-glightbox == 0.4.0 -mkdocs-awesome-pages-plugin==2.10.1 From 4e9785068676e846cf8c7c7a6d8751ade1478b9b Mon Sep 17 00:00:00 2001 From: Elliot Huffman Date: Thu, 3 Apr 2025 14:39:49 -0400 Subject: [PATCH 26/26] Update MK Docs Version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 2036665..deda35b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs == 1.6.1 -mkdocs-material == 9.6.9 +mkdocs-material == 9.6.11 mkdocs-glightbox == 0.4.0