Skip to content

Comments

Network 25401: Application Proxy applications require pre-authentication to block anonymous access to on-premises resources#916

Open
ashwinikarke wants to merge 11 commits intomainfrom
Feature-25401
Open

Network 25401: Application Proxy applications require pre-authentication to block anonymous access to on-premises resources#916
ashwinikarke wants to merge 11 commits intomainfrom
Feature-25401

Conversation

@ashwinikarke
Copy link
Collaborator

@ashwinikarke ashwinikarke commented Feb 18, 2026

No description provided.

@ashwinikarke ashwinikarke self-assigned this Feb 18, 2026
@alexandair alexandair requested a review from Copilot February 18, 2026 10:31
Copilot AI reviewed Feb 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Network pillar assessment (25401) that evaluates Microsoft Entra Application Proxy apps to ensure they require pre-authentication (to prevent anonymous access to on-premises resources), along with accompanying remediation guidance.

Changes:

  • Introduces Test-Assessment-25401 to enumerate Application Proxy-enabled applications and evaluate externalAuthenticationType.
  • Generates a markdown report table with per-app compliance status and (when possible) deep links to the Entra admin portal.
  • Adds the corresponding .md narrative/remediation content for test 25401.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
src/powershell/tests/Test-Assessment.25401.ps1 New PowerShell test implementing the Application Proxy pre-authentication evaluation and report generation.
src/powershell/tests/Test-Assessment.25401.md New remediation/write-up content for the assessment with %TestResult% placeholder.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ashwinikarke ashwinikarke added the ready for review PR is ready for review and merging label Feb 19, 2026
alexandair
alexandair requested changes Feb 19, 2026
View reviewed changes
Copy link
Collaborator

@alexandair alexandair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ashwinikarke Please, address my feedback.

src/powershell/tests/Test-Assessment.25401.ps1

# Query 1: Retrieve the list of Application Proxy-enabled applications
try {
$appProxyApps = Invoke-ZtGraphRequest `
Copy link
Collaborator

@alexandair alexandair Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a database query.

src/powershell/tests/Test-Assessment.25401.ps1
$appDetailsCollection = @()
foreach ($app in $appProxyApps) {
try {
$appDetail = Invoke-ZtGraphRequest `
Copy link
Collaborator

@alexandair alexandair Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a database query. Probably merged with the previous one, because they both will be targetting Application table.

Commands like Invoke-ZtGraphRequest and database queries don't belong to Assessment Logic region, but Data Collection.

Copy link
Collaborator Author

@ashwinikarke ashwinikarke Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Restructured the test to properly separate Data Collection region and Assessment Logic region

@alexandair alexandair self-requested a review February 20, 2026 21:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@merill merill Awaiting requested review from merill

@alexandair alexandair Awaiting requested review from alexandair

Requested changes must be addressed to merge this pull request.

Assignees

@ashwinikarke ashwinikarke

Labels

ready for review PR is ready for review and merging

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ashwinikarke @alexandair