@@ -1205,43 +1205,45 @@ function Invoke-AgentIdentities {
12051205 }
12061206 }
12071207
1208+ $AllServicePrincipalHT = @ {}
1209+ foreach ($item in $AllServicePrincipal ) {
1210+ $AllServicePrincipalHT [$item.Id ] = $item
1211+ }
1212+
12081213 # Process direct App ownerships (SP->SP) (take over Impact, inherit likelihood)
12091214 $SPOwningSPs = $AllServicePrincipal | Where-Object { $_.SpOwn -ge 1 }
1210- Write-Log - Level Debug - Message " Number of ownerships SP->SP: $ ( $SPOwningApps .count ) "
1215+ Write-Log - Level Debug - Message " Number of ownerships SP->SP: $ ( $SPOwningSPs .count ) "
12111216 # For each object which owns an App registration
12121217 foreach ($SpOwnerObject in $SPOwningSPs ) {
12131218
12141219 # For each owned App Registration
12151220 foreach ($OwnedSPObject in $SpOwnerObject.OwnedSPDetails ) {
12161221
1217- # Get the details of the owned SP by looping over matching objects
1218- foreach ($OwnedSPObjectDetails in $AllServicePrincipal | Where-Object { $_.id -eq $OwnedSPObject.id }) {
1219-
1220- # Increment/Recalculate RiskScore of the SP objects which is indirectly owned (SP->SP*)
1221- $OwnedSPObjectDetails.Likelihood += [math ]::Round($SpOwnerObject.Likelihood )
1222- $OwnedSPObjectDetails.Risk = [math ]::Round(($OwnedSPObjectDetails.Impact * $OwnedSPObjectDetails.Likelihood ))
1222+ $OwnedSPObjectDetails = $AllServicePrincipalHT [$OwnedSPObject.Id ]
1223+ if ($null -eq $OwnedSPObjectDetails ) {
1224+ continue
1225+ }
12231226
1224- # Append the Message to Warnings of the SP objects which is indirectly owned (SP->SP*)
1225- $warningMessage = " SP owned by another SP"
1226- if ($OwnedSPObjectDetails.Warnings -and $OwnedSPObjectDetails.Warnings -notmatch $warningMessage ) {
1227- $OwnedSPObjectDetails.Warnings += " / $warningMessage "
1228- } else {
1229- $OwnedSPObjectDetails.Warnings = $warningMessage
1230- }
1227+ # Increment/Recalculate RiskScore of the SP objects which is indirectly owned (SP->SP*)
1228+ $OwnedSPObjectDetails.Likelihood += [math ]::Round($SpOwnerObject.Likelihood )
1229+ $OwnedSPObjectDetails.Risk = [math ]::Round(($OwnedSPObjectDetails.Impact * $OwnedSPObjectDetails.Likelihood ))
12311230
1232- # Increment/Recalculate Impactscore of the SP which owns the other SP with it's impact score (SP*->SP)
1233- $SpOwnerObject.Impact += [math ]::Round($OwnedSPObjectDetails.Impact )
1234- $SpOwnerObject.Risk = [math ]::Round(($SpOwnerObject.Impact * $SpOwnerObject.Likelihood ))
1235- $OwnedSPObject | Add-Member - NotePropertyName Impact - NotePropertyValue $OwnedSPObjectDetails.Impact
1236- $OwnedSPObject | Add-Member - NotePropertyName Foreign - NotePropertyValue $OwnedSPObjectDetails.Foreign
1231+ # Append the Message to Warnings of the SP objects which is indirectly owned (SP->SP*)
1232+ $warningMessage = " SP owned by another SP"
1233+ if ($OwnedSPObjectDetails.Warnings -and $OwnedSPObjectDetails.Warnings -notmatch $warningMessage ) {
1234+ $OwnedSPObjectDetails.Warnings += " / $warningMessage "
1235+ } else {
1236+ $OwnedSPObjectDetails.Warnings = $warningMessage
12371237 }
1238+
1239+ # Increment/Recalculate Impactscore of the SP which owns the other SP with it's impact score (SP*->SP)
1240+ $SpOwnerObject.Impact += [math ]::Round($OwnedSPObjectDetails.Impact )
1241+ $SpOwnerObject.Risk = [math ]::Round(($SpOwnerObject.Impact * $SpOwnerObject.Likelihood ))
1242+ $OwnedSPObject | Add-Member - NotePropertyName Impact - NotePropertyValue $OwnedSPObjectDetails.Impact
1243+ $OwnedSPObject | Add-Member - NotePropertyName Foreign - NotePropertyValue $OwnedSPObjectDetails.Foreign
12381244 }
12391245 }
12401246
12411247 # ######################################### SECTION: OUTPUT DEFINITION ##########################################
1242- $AllServicePrincipalHT = @ {}
1243- foreach ($item in $AllServicePrincipal ) {
1244- $AllServicePrincipalHT [$item.Id ] = $item
1245- }
12461248 return $AllServicePrincipalHT
12471249}
0 commit comments