⭐ improve Microsoft 365 service principal resource (#4559)

* 🧹 improve microsoft service principal resource

* Update providers/ms365/resources/ms365.lr

---------

Co-authored-by: Tim Smith <[email protected]>

providers/ms365/resources/ms365.lr

@@ -273,14 +273,18 @@ private microsoft.passwordCredential @defaults("description expires keyId") {
   expired bool
 }
 
-// Microsoft service principal
+// Microsoft service principal (Enterprise application)
 private microsoft.serviceprincipal @defaults("name") {
-  // Service principal ID
+  // Service principal Object ID
   id string
   // Service principal type
   type string
   // Service principal name
   name string
+  // Application ID
+  appId string
+  // Application description
+  description string
   // Service principal tags
   tags []string
   // Whether users can sign into the service principal (application)
@@ -299,6 +303,24 @@ private microsoft.serviceprincipal @defaults("name") {
   notes string
   // List of assignments (users and groups) this service principal has
   assignments []microsoft.serviceprincipal.assignment
+  // Application template ID
+  applicationTemplateId string
+  // Login URL
+  loginUrl string
+  // Logout URL
+  logoutUrl string
+  // Service principal names
+  servicePrincipalNames []string
+  // Sign in audience
+  signInAudience string
+  // Preferred single sign-on mode
+  preferredSingleSignOnMode string
+  // Notification email addresses
+  notificationEmailAddresses []string
+  // App role assignment required
+  appRoleAssignmentRequired bool
+  // Account enabled
+  accountEnabled bool
 }
 
 // Microsoft Service Principal Assignment

providers/ms365/resources/ms365.lr.manifest.yaml

@@ -259,25 +259,47 @@ resources:
     min_mondoo_version: 5.15.0
   microsoft.serviceprincipal:
     fields:
+      accountEnabled:
+        min_mondoo_version: 9.0.0
+      appId:
+        min_mondoo_version: 9.0.0
+      appRoleAssignmentRequired:
+        min_mondoo_version: 9.0.0
       appRoleAssignments:
         min_mondoo_version: latest
+      applicationTemplateId:
+        min_mondoo_version: 9.0.0
       assignmentRequired:
         min_mondoo_version: latest
       assignments:
         min_mondoo_version: latest
+      description:
+        min_mondoo_version: 9.0.0
       enabled:
         min_mondoo_version: latest
       homepageUrl:
         min_mondoo_version: latest
       id: {}
+      loginUrl:
+        min_mondoo_version: 9.0.0
+      logoutUrl:
+        min_mondoo_version: 9.0.0
       name:
         min_mondoo_version: latest
       notes:
         min_mondoo_version: latest
+      notificationEmailAddresses:
+        min_mondoo_version: 9.0.0
+      preferredSingleSignOnMode:
+        min_mondoo_version: 9.0.0
       properties:
         min_mondoo_version: latest
       replyUrls:
         min_mondoo_version: latest
+      servicePrincipalNames:
+        min_mondoo_version: 9.0.0
+      signInAudience:
+        min_mondoo_version: 9.0.0
       tags:
         min_mondoo_version: latest
       termsOfServiceUrl:

providers/ms365/resources/serviceprincipals.go

@@ -90,17 +90,28 @@ func newMqlMicrosoftServicePrincipal(runtime *plugin.Runtime, sp models.ServiceP
 		assignments = append(assignments, assignment)
 	}
 	args := map[string]*llx.RawData{
-		"id":                 llx.StringDataPtr(sp.GetId()),
-		"name":               llx.StringDataPtr(sp.GetDisplayName()),
-		"type":               llx.StringDataPtr(sp.GetServicePrincipalType()),
-		"tags":               llx.ArrayData(convert.SliceAnyToInterface(sp.GetTags()), types.String),
-		"enabled":            llx.BoolDataPtr(sp.GetAccountEnabled()),
-		"homepageUrl":        llx.StringDataPtr(sp.GetHomepage()),
-		"replyUrls":          llx.ArrayData(convert.SliceAnyToInterface(sp.GetReplyUrls()), types.String),
-		"assignmentRequired": llx.BoolDataPtr(sp.GetAppRoleAssignmentRequired()),
-		"visibleToUsers":     llx.BoolData(!hideApp),
-		"notes":              llx.StringDataPtr(sp.GetNotes()),
-		"assignments":        llx.ArrayData(assignments, types.ResourceLike),
+		"id":                         llx.StringDataPtr(sp.GetId()),
+		"type":                       llx.StringDataPtr(sp.GetServicePrincipalType()),
+		"name":                       llx.StringDataPtr(sp.GetDisplayName()),
+		"appId":                      llx.StringDataPtr(sp.GetAppId()),
+		"description":                llx.StringDataPtr(sp.GetDescription()),
+		"tags":                       llx.ArrayData(convert.SliceAnyToInterface(sp.GetTags()), types.String),
+		"enabled":                    llx.BoolDataPtr(sp.GetAccountEnabled()),
+		"homepageUrl":                llx.StringDataPtr(sp.GetHomepage()),
+		"replyUrls":                  llx.ArrayData(convert.SliceAnyToInterface(sp.GetReplyUrls()), types.String),
+		"assignmentRequired":         llx.BoolDataPtr(sp.GetAppRoleAssignmentRequired()),
+		"visibleToUsers":             llx.BoolData(!hideApp),
+		"notes":                      llx.StringDataPtr(sp.GetNotes()),
+		"assignments":                llx.ArrayData(assignments, types.ResourceLike),
+		"applicationTemplateId":      llx.StringDataPtr(sp.GetApplicationTemplateId()),
+		"loginUrl":                   llx.StringDataPtr(sp.GetLoginUrl()),
+		"logoutUrl":                  llx.StringDataPtr(sp.GetLogoutUrl()),
+		"servicePrincipalNames":      llx.ArrayData(convert.SliceAnyToInterface(sp.GetServicePrincipalNames()), types.String),
+		"signInAudience":             llx.StringDataPtr(sp.GetSignInAudience()),
+		"preferredSingleSignOnMode":  llx.StringDataPtr(sp.GetPreferredSingleSignOnMode()),
+		"notificationEmailAddresses": llx.ArrayData(convert.SliceAnyToInterface(sp.GetNotificationEmailAddresses()), types.String),
+		"appRoleAssignmentRequired":  llx.BoolDataPtr(sp.GetAppRoleAssignmentRequired()),
+		"accountEnabled":             llx.BoolDataPtr(sp.GetAccountEnabled()),
 	}
 	info := sp.GetInfo()
 	if info != nil {