From afc406fcee538ab7dabcd19e26127688668d7e1c Mon Sep 17 00:00:00 2001 From: Pasha Zayko Date: Thu, 5 Mar 2026 15:37:35 -0500 Subject: [PATCH 1/4] First pass to add new endpoint Creating new path and schema placeholder to address new endpoint being addded. TODO populate schema and path description with details of the object structure and permissions respectively. --- specs/SHIELD.json | 41 ++++++++++++++++++++++++- src/shield/TypeScript/package-lock.json | 4 +-- src/shield/TypeScript/package.json | 2 +- 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index cd9e826..8c74672 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -3945,6 +3945,16 @@ ], "title": "Architecture Report - Correlation Record", "type": "object" + }, + "ZeroTrustAssessment": { + "title": "Zero Trust Assessment - Complete Object", + "description": "Calculated structure that represents details needed to present Zero Trust assessment in UI.", + "type": "object", + "properties": {}, + "required": [], + "examples": [ + {} + ] } }, "securitySchemes": { @@ -3967,7 +3977,7 @@ }, "description": "Deprive your threats of practical significance. Deploy the Securing Privilege Access architecture. All in a few seconds.", "title": "SHI Environment Lockdown and Defense", - "version": "3.3.0" + "version": "3.4.0" }, "openapi": "3.1.1", "paths": { @@ -4767,6 +4777,35 @@ ] } }, + "/Api/Discover/ZeroTrust": { + "get": { + "summary": "Generates Zero Trust Assessment", + "description": "Initiates collection of data that matches details needed to compose Zero Trust assessment.\n\nThis endpoint requires the `Permissions TBD` scope (permission).", + "operationId": "/Api/Discover/ZeroTrust/Get", + "responses": { + "200": { + "content": { + "application/json": { + "examples": { + "Zero Trust Assessment": { + "description": "Sample object representing data needed for Zero Trust assessment.", + "summary": "Sample Zero Trust Assessment", + "value": {} + } + }, + "schema": { + "$ref": "#/components/schemas/ZeroTrustAssessment" + } + } + }, + "description": "OK" + } + }, + "tags": [ + "Discover" + ] + } + }, "/Api/Deploy": { "get": { "summary": "Gets the Current Status of the Infrastructure Deployment", diff --git a/src/shield/TypeScript/package-lock.json b/src/shield/TypeScript/package-lock.json index 55efc2d..efb0c40 100644 --- a/src/shield/TypeScript/package-lock.json +++ b/src/shield/TypeScript/package-lock.json @@ -1,12 +1,12 @@ { "name": "@shi-corp/sdk-shield", - "version": "3.3.0", + "version": "3.4.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@shi-corp/sdk-shield", - "version": "3.3.0", + "version": "3.4.0", "license": "MIT", "dependencies": { "@microsoft/kiota-authentication-azure": "~1.0.0-preview.99", diff --git a/src/shield/TypeScript/package.json b/src/shield/TypeScript/package.json index 4214e25..e27d9e4 100644 --- a/src/shield/TypeScript/package.json +++ b/src/shield/TypeScript/package.json @@ -1,6 +1,6 @@ { "name": "@shi-corp/sdk-shield", - "version": "3.3.0", + "version": "3.4.0", "type": "module", "main": "bin/index.js", "description": "SDK client used to interface with the SHIELD application.", From c701aae72727721b362bca9c40ae3c6756723e1e Mon Sep 17 00:00:00 2001 From: Pasha Zayko Date: Wed, 11 Mar 2026 16:19:04 -0400 Subject: [PATCH 2/4] Adding complete schema and examples of the endpoint Provided detailed schema of the object representing output from the endpoint. All fields, combinations and endpoint itself include examples to visualize the result. --- specs/SHIELD.json | 1489 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1485 insertions(+), 4 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 8c74672..e24cc7a 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -3950,10 +3950,1359 @@ "title": "Zero Trust Assessment - Complete Object", "description": "Calculated structure that represents details needed to present Zero Trust assessment in UI.", "type": "object", - "properties": {}, - "required": [], + "properties": { + "privilegedSignIns": { + "description": "Summary about sign-ins for privileged accounts.", + "type": "object", + "properties": { + "totalSignIns": { + "description": "Count of all records associated with privileged accounts.", + "examples": [ + 1200 + ], + "type": "number" + }, + "singleFactor": { + "description": "Count of records for privileged accounts that do not include use of MFA.", + "examples": [ + 250 + ], + "type": "number" + }, + "nonPhishResistant": { + "description": "Details of records for privileged accounts that utilize MFA that is not phish-resistant.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records for sign-ins that used not phish-resistant authentication methods.", + "examples": [ + 600 + ], + "type": "number" + }, + "phone": { + "description": "Count of records where phone authentication option was used.", + "examples": [ + 120 + ], + "type": "number" + }, + "authenticator": { + "description": "Count of records where authenticator was involved during authentication.", + "examples": [ + 220 + ], + "type": "number" + }, + "sms": { + "description": "Count of records where SMS confirmation was used during authentication.", + "examples": [ + 140 + ], + "type": "number" + }, + "otp": { + "description": "Count of records where OTP was used during authentication.", + "examples": [ + 80 + ], + "type": "number" + }, + "deviceCode": { + "description": "Count of records where device code was used for authentication.", + "examples": [ + 40 + ], + "type": "number" + } + }, + "required": [ + "total", + "phone", + "authenticator", + "sms", + "otp", + "deviceCode" + ], + "examples": [ + { + "total": 600, + "phone": 120, + "authenticator": 220, + "sms": 140, + "otp": 80, + "deviceCode": 40 + } + ] + }, + "phishResistant": { + "description": "Details of records for privileged accounts that utilize MFA that is phish-resistant during authentication.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records for sign-ins that used phish-resistant authentication methods.", + "examples": [ + 350 + ], + "type": "number" + }, + "passkey": { + "description": "Count of records where passkey was used for authentication.", + "examples": [ + 90 + ], + "type": "number" + }, + "whfb": { + "description": "Count of records where Windows Hello for Business was used for authentication.", + "examples": [ + 110 + ], + "type": "number" + }, + "certificate": { + "description": "Count of records where certificate was used for authentication.", + "examples": [ + 60 + ], + "type": "number" + }, + "fido2": { + "description": "Count of records where FIDO2-based authentication was utilized.", + "examples": [ + 90 + ], + "type": "number" + } + }, + "required": [ + "total", + "passkey", + "whfb", + "certificate", + "fido2" + ], + "examples": [ + { + "total": 350, + "passkey": 90, + "whfb": 110, + "certificate": 60, + "fido2": 90 + } + ] + } + }, + "examples": [ + { + "totalSignIns": 1200, + "singleFactor": 250, + "nonPhishResistant": { + "total": 600, + "phone": 120, + "authenticator": 220, + "sms": 140, + "otp": 80, + "deviceCode": 40 + }, + "phishResistant": { + "total": 350, + "passkey": 90, + "whfb": 110, + "certificate": 60, + "fido2": 90 + } + } + ], + "required": [ + "totalSignIns", + "singleFactor", + "nonPhishResistant", + "phishResistant" + ] + }, + "allSignIns": { + "description": "Summary about sign-ins for all accounts.", + "type": "object", + "properties": { + "totalSignIns": { + "description": "Count of all sign-in records.", + "examples": [ + 1200 + ], + "type": "number" + }, + "singleFactor": { + "description": "Count of records that did not include any MFA methods.", + "examples": [ + 250 + ], + "type": "number" + }, + "nonPhishResistant": { + "description": "Details of records that utilized MFA methods that are not phish-resistant.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records for sign-ins that used not phish-resistant authentication methods.", + "examples": [ + 600 + ], + "type": "number" + }, + "phone": { + "description": "Count of records where phone option was used during authentication..", + "examples": [ + 120 + ], + "type": "number" + }, + "authenticator": { + "description": "Count of records where authenticator was involved during authentication.", + "examples": [ + 220 + ], + "type": "number" + }, + "sms": { + "description": "Count of records where SMS confirmation was used during authentication..", + "examples": [ + 140 + ], + "type": "number" + }, + "otp": { + "description": "Count of records where OTP was used during authentication..", + "examples": [ + 80 + ], + "type": "number" + }, + "deviceCode": { + "description": "Count of records where device code was used during authentication..", + "examples": [ + 40 + ], + "type": "number" + } + }, + "required": [ + "total", + "phone", + "authenticator", + "sms", + "otp", + "deviceCode" + ], + "examples": [ + { + "total": 600, + "phone": 120, + "authenticator": 220, + "sms": 140, + "otp": 80, + "deviceCode": 40 + } + ] + }, + "phishResistant": { + "description": "Details of records that utilized MFA methods that are considered phish-resistant.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records for sign-ins that used phish-resistant authentication methods.", + "examples": [ + 350 + ], + "type": "number" + }, + "passkey": { + "description": "Count of records where passkey was used for authentication.", + "examples": [ + 90 + ], + "type": "number" + }, + "whfb": { + "description": "Count of records where Windows Hello for Business was used for authentication.", + "examples": [ + 110 + ], + "type": "number" + }, + "certificate": { + "description": "Count of records where certificate was used for authentication.", + "examples": [ + 60 + ], + "type": "number" + }, + "fido2": { + "description": "Count of records where FIDO2-based authentication was utilized.", + "examples": [ + 90 + ], + "type": "number" + } + }, + "required": [ + "total", + "passkey", + "whfb", + "certificate", + "fido2" + ], + "examples": [ + { + "total": 350, + "passkey": 90, + "whfb": 110, + "certificate": 60, + "fido2": 90 + } + ] + } + }, + "examples": [ + { + "totalSignIns": 1200, + "singleFactor": 250, + "nonPhishResistant": { + "total": 600, + "phone": 120, + "authenticator": 220, + "sms": 140, + "otp": 80, + "deviceCode": 40 + }, + "phishResistant": { + "total": 350, + "passkey": 90, + "whfb": 110, + "certificate": 60, + "fido2": 90 + } + } + ], + "required": [ + "totalSignIns", + "singleFactor", + "nonPhishResistant", + "phishResistant" + ] + }, + "conditionalAccess": { + "description": "Summary of applicability of the conditional access flow during authentication.", + "type": "object", + "properties": { + "totalSignIns": { + "description": "Count of all records.", + "examples": [ + 1200 + ], + "type": "number" + }, + "noConditionalAccess": { + "description": "Count of records that did not have conditional access applied.", + "examples": [ + 300 + ], + "type": "number" + }, + "withConditionalAccess": { + "description": "Details of records that had conditional access applied.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records where conditional access flow applied.", + "examples": [ + 900 + ], + "type": "number" + }, + "withMfa": { + "description": "Count of records that used MFA method during authentication.", + "examples": [ + 700 + ], + "type": "number" + }, + "withoutMfa": { + "description": "Count of records that did not use any MFA method during authentication.", + "examples": [ + 200 + ], + "type": "number" + } + }, + "required": [ + "total", + "withMfa", + "withoutMfa" + ], + "examples": [ + { + "total": 900, + "withMfa": 700, + "withoutMfa": 200 + } + ] + } + }, + "examples": [ + { + "totalSignIns": 1200, + "noConditionalAccess": 300, + "withConditionalAccess": { + "total": 900, + "withMfa": 700, + "withoutMfa": 200 + } + } + ], + "required": [ + "totalSignIns", + "noConditionalAccess", + "withConditionalAccess" + ] + }, + "deviceSignIns": { + "description": "Summary about sign-ins for all devices.", + "type": "object", + "properties": { + "totalSignIns": { + "description": "Count of all records.", + "examples": [ + 1200 + ], + "type": "number" + }, + "unmanaged": { + "description": "Count of records where device is not managed or pre-enrolled with Intune.", + "examples": [ + 450 + ], + "type": "number" + }, + "managed": { + "description": "Details of records where device is managed or pre-enrolled with Intune.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records where device was identified as managed.", + "examples": [ + 750 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 600 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 150 + ], + "type": "number" + } + }, + "required": [ + "total", + "compliant", + "nonCompliant" + ], + "examples": [ + { + "total": 750, + "compliant": 600, + "nonCompliant": 150 + } + ] + } + }, + "examples": [ + { + "totalSignIns": 1200, + "unmanaged": 450, + "managed": { + "total": 750, + "compliant": 600, + "nonCompliant": 150 + } + } + ], + "required": [ + "totalSignIns", + "unmanaged", + "managed" + ] + }, + "desktopSignIns": { + "description": "Summary about sign-ins for desktop devices.", + "type": "object", + "properties": { + "totalSignIns": { + "description": "Count of all records where device was identified as desktop-like.", + "examples": [ + 800 + ], + "type": "number" + }, + "windows": { + "description": "Details of records for Windows-based devices.", + "type": "object", + "properties": { + "total": { + "description": "Count of records where device was using Windows platform.", + "examples": [ + 600 + ], + "type": "number" + }, + "entraJoined": { + "description": "Details of records indicating devices joined Entra.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records where decide recognized as joined Entra.", + "examples": [ + 300 + ], + "type": "number" + }, + "managed": { + "description": "Details of records indicating devices that are managed.", + "type": "object", + "properties": { + "total": { + "description": "Count of records of devices under management.", + "examples": [ + 220 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 180 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 40 + ], + "type": "number" + } + }, + "required": [ + "total", + "compliant", + "nonCompliant" + ], + "examples": [ + { + "total": 220, + "compliant": 180, + "nonCompliant": 40 + } + ] + }, + "unmanaged": { + "description": "Count of records indicating devices that are not managed.", + "examples": [ + 80 + ], + "type": "number" + } + }, + "examples": [ + { + "total": 300, + "managed": { + "total": 220, + "compliant": 180, + "nonCompliant": 40 + }, + "unmanaged": 80 + } + ], + "required": [ + "total", + "managed", + "unmanaged" + ] + }, + "entraRegistered": { + "description": "Details of records indicating devices registered with Entra.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records identified as registered with Entra.", + "examples": [ + 180 + ], + "type": "number" + }, + "managed": { + "description": "Details of records indicating devices that are managed.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices under management.", + "examples": [ + 120 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 90 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 30 + ], + "type": "number" + } + }, + "required": [ + "total", + "compliant", + "nonCompliant" + ], + "examples": [ + { + "total": 120, + "compliant": 90, + "nonCompliant": 30 + } + ] + }, + "unmanaged": { + "description": "Count of records indicating devices that are not managed.", + "examples": [ + 60 + ], + "type": "number" + } + }, + "examples": [ + { + "total": 180, + "managed": { + "total": 120, + "compliant": 90, + "nonCompliant": 30 + }, + "unmanaged": 60 + } + ], + "required": [ + "total", + "managed", + "unmanaged" + ] + }, + "entraHybridJoined": { + "description": "Details of records indicating devices that are hybrid joined with Entra.", + "type": "object", + "properties": { + "total": { + "description": "Count of records of the devices identified as joined with Entra in a hybrid fashion.", + "examples": [ + 90 + ], + "type": "number" + }, + "managed": { + "description": "Details of records indicating devices that are managed.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices under management.", + "examples": [ + 70 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 60 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 10 + ], + "type": "number" + } + }, + "required": [ + "total", + "compliant", + "nonCompliant" + ], + "examples": [ + { + "total": 70, + "compliant": 60, + "nonCompliant": 10 + } + ] + }, + "unmanaged": { + "description": "Count of records indicating devices that are not managed.", + "examples": [ + 20 + ], + "type": "number" + } + }, + "examples": [ + { + "total": 90, + "managed": { + "total": 70, + "compliant": 60, + "nonCompliant": 10 + }, + "unmanaged": 20 + } + ], + "required": [ + "total", + "managed", + "unmanaged" + ] + }, + "unmanaged": { + "description": "Count of records indicating devices that do not have Entra connection.", + "examples": [ + 30 + ], + "type": "number" + } + }, + "examples": [ + { + "total": 600, + "entraJoined": { + "total": 300, + "managed": { + "total": 220, + "compliant": 180, + "nonCompliant": 40 + }, + "unmanaged": 80 + }, + "entraRegistered": { + "total": 180, + "managed": { + "total": 120, + "compliant": 90, + "nonCompliant": 30 + }, + "unmanaged": 60 + }, + "entraHybridJoined": { + "total": 90, + "managed": { + "total": 70, + "compliant": 60, + "nonCompliant": 10 + }, + "unmanaged": 20 + }, + "unmanaged": 30 + } + ], + "required": [ + "total", + "entraJoined", + "entraRegistered", + "entraHybridJoined", + "unmanaged" + ] + }, + "linux": { + "description": "Details of records for Linux-based devices.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices using Linux platform.", + "examples": [ + 120 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 70 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 20 + ], + "type": "number" + }, + "unmanaged": { + "description": "Count of records indicating devices that are not managed.", + "examples": [ + 30 + ], + "type": "number" + } + }, + "examples": [ + { + "total": 120, + "compliant": 70, + "nonCompliant": 20, + "unmanaged": 30 + } + ], + "required": [ + "total", + "compliant", + "nonCompliant", + "unmanaged" + ] + }, + "macos": { + "description": "Details of records for macOS-based devices.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices using macOS platform.", + "examples": [ + 80 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 50 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 10 + ], + "type": "number" + }, + "unmanaged": { + "description": "Count of records indicating devices that are not managed.", + "examples": [ + 20 + ], + "type": "number" + } + }, + "examples": [ + { + "total": 80, + "compliant": 50, + "nonCompliant": 10, + "unmanaged": 20 + } + ], + "required": [ + "total", + "compliant", + "nonCompliant", + "unmanaged" + ] + } + }, + "examples": [ + { + "totalSignIns": 800, + "windows": { + "total": 600, + "entraJoined": { + "total": 300, + "managed": { + "total": 220, + "compliant": 180, + "nonCompliant": 40 + }, + "unmanaged": 80 + }, + "entraRegistered": { + "total": 180, + "managed": { + "total": 120, + "compliant": 90, + "nonCompliant": 30 + }, + "unmanaged": 60 + }, + "entraHybridJoined": { + "total": 90, + "managed": { + "total": 70, + "compliant": 60, + "nonCompliant": 10 + }, + "unmanaged": 20 + }, + "unmanaged": 30 + }, + "linux": { + "total": 120, + "compliant": 70, + "nonCompliant": 20, + "unmanaged": 30 + }, + "macos": { + "total": 80, + "compliant": 50, + "nonCompliant": 10, + "unmanaged": 20 + } + } + ], + "required": [ + "totalSignIns", + "windows", + "linux", + "macos" + ] + }, + "mobileSignIns": { + "description": "Summary about sign-ins for mobile devices.", + "type": "object", + "properties": { + "totalSignIns": { + "description": "Count of all records where device was identified as a mobile device.", + "examples": [ + 400 + ], + "type": "number" + }, + "ios": { + "description": "Details of records for iOS devices.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices based on iOS platform.", + "examples": [ + 220 + ], + "type": "number" + }, + "company": { + "description": "Detail of records indicating devices owned by company.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices associated with company use.", + "examples": [ + 140 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 100 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 40 + ], + "type": "number" + } + }, + "required": [ + "total", + "compliant", + "nonCompliant" + ], + "examples": [ + { + "total": 140, + "compliant": 100, + "nonCompliant": 40 + } + ] + }, + "personal": { + "description": "Detail of records indicating devices owned by users.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices established as personal devices.", + "examples": [ + 80 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 60 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 20 + ], + "type": "number" + } + }, + "required": [ + "total", + "compliant", + "nonCompliant" + ], + "examples": [ + { + "total": 80, + "compliant": 60, + "nonCompliant": 20 + } + ] + } + }, + "examples": [ + { + "total": 220, + "company": { + "total": 140, + "compliant": 100, + "nonCompliant": 40 + }, + "personal": { + "total": 80, + "compliant": 60, + "nonCompliant": 20 + } + } + ], + "required": [ + "total", + "company", + "personal" + ] + }, + "android": { + "description": "Details of records for Android devices.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices identified as using Android platform.", + "examples": [ + 180 + ], + "type": "number" + }, + "company": { + "description": "Detail of records indicating devices owned by company.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices associated with company use.", + "examples": [ + 90 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 70 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 20 + ], + "type": "number" + } + }, + "required": [ + "total", + "compliant", + "nonCompliant" + ], + "examples": [ + { + "total": 90, + "compliant": 70, + "nonCompliant": 20 + } + ] + }, + "personal": { + "description": "Detail of records indicating devices owned by users.", + "type": "object", + "properties": { + "total": { + "description": "Total count of records of the devices established as personal devices.", + "examples": [ + 90 + ], + "type": "number" + }, + "compliant": { + "description": "Count of records indicating compliant devices.", + "examples": [ + 65 + ], + "type": "number" + }, + "nonCompliant": { + "description": "Count of records indicating non-compliant devices.", + "examples": [ + 25 + ], + "type": "number" + } + }, + "required": [ + "total", + "compliant", + "nonCompliant" + ], + "examples": [ + { + "total": 90, + "compliant": 65, + "nonCompliant": 25 + } + ] + } + }, + "examples": [ + { + "total": 180, + "company": { + "total": 90, + "compliant": 70, + "nonCompliant": 20 + }, + "personal": { + "total": 90, + "compliant": 65, + "nonCompliant": 25 + } + } + ], + "required": [ + "total", + "company", + "personal" + ] + } + }, + "examples": [ + { + "totalSignIns": 400, + "ios": { + "total": 220, + "company": { + "total": 140, + "compliant": 100, + "nonCompliant": 40 + }, + "personal": { + "total": 80, + "compliant": 60, + "nonCompliant": 20 + } + }, + "android": { + "total": 180, + "company": { + "total": 90, + "compliant": 70, + "nonCompliant": 20 + }, + "personal": { + "total": 90, + "compliant": 65, + "nonCompliant": 25 + } + } + } + ], + "required": [ + "totalSignIns", + "ios", + "android" + ] + } + }, + "required": [ + "privilegedSignIns", + "allSignIns", + "conditionalAccess", + "deviceSignIns", + "desktopSignIns", + "mobileSignIns" + ], "examples": [ - {} + { + "privilegedSignIns": { + "totalSignIns": 1200, + "singleFactor": 250, + "nonPhishResistant": { + "total": 600, + "phone": 120, + "authenticator": 220, + "sms": 140, + "otp": 80, + "deviceCode": 40 + }, + "phishResistant": { + "total": 350, + "passkey": 90, + "whfb": 110, + "certificate": 60, + "fido2": 90 + } + }, + "allSignIns": { + "totalSignIns": 1200, + "singleFactor": 250, + "nonPhishResistant": { + "total": 600, + "phone": 120, + "authenticator": 220, + "sms": 140, + "otp": 80, + "deviceCode": 40 + }, + "phishResistant": { + "total": 350, + "passkey": 90, + "whfb": 110, + "certificate": 60, + "fido2": 90 + } + }, + "conditionalAccess": { + "totalSignIns": 1200, + "noConditionalAccess": 300, + "withConditionalAccess": { + "total": 900, + "withMfa": 700, + "withoutMfa": 200 + } + }, + "deviceSignIns": { + "totalSignIns": 1200, + "unmanaged": 450, + "managed": { + "total": 750, + "compliant": 600, + "nonCompliant": 150 + } + }, + "desktopSignIns": { + "totalSignIns": 800, + "windows": { + "total": 600, + "entraJoined": { + "total": 300, + "managed": { + "total": 220, + "compliant": 180, + "nonCompliant": 40 + }, + "unmanaged": 80 + }, + "entraRegistered": { + "total": 180, + "managed": { + "total": 120, + "compliant": 90, + "nonCompliant": 30 + }, + "unmanaged": 60 + }, + "entraHybridJoined": { + "total": 90, + "managed": { + "total": 70, + "compliant": 60, + "nonCompliant": 10 + }, + "unmanaged": 20 + }, + "unmanaged": 30 + }, + "linux": { + "total": 120, + "compliant": 70, + "nonCompliant": 20, + "unmanaged": 30 + }, + "macos": { + "total": 80, + "compliant": 50, + "nonCompliant": 10, + "unmanaged": 20 + } + }, + "mobileSignIns": { + "totalSignIns": 400, + "ios": { + "total": 220, + "company": { + "total": 140, + "compliant": 100, + "nonCompliant": 40 + }, + "personal": { + "total": 80, + "compliant": 60, + "nonCompliant": 20 + } + }, + "android": { + "total": 180, + "company": { + "total": 90, + "compliant": 70, + "nonCompliant": 20 + }, + "personal": { + "total": 90, + "compliant": 65, + "nonCompliant": 25 + } + } + } + } ] } }, @@ -4790,7 +6139,139 @@ "Zero Trust Assessment": { "description": "Sample object representing data needed for Zero Trust assessment.", "summary": "Sample Zero Trust Assessment", - "value": {} + "value": { + "privilegedSignIns": { + "totalSignIns": 1200, + "singleFactor": 250, + "nonPhishResistant": { + "total": 600, + "phone": 120, + "authenticator": 220, + "sms": 140, + "otp": 80, + "deviceCode": 40 + }, + "phishResistant": { + "total": 350, + "passkey": 90, + "whfb": 110, + "certificate": 60, + "fido2": 90 + } + }, + "allSignIns": { + "totalSignIns": 1200, + "singleFactor": 250, + "nonPhishResistant": { + "total": 600, + "phone": 120, + "authenticator": 220, + "sms": 140, + "otp": 80, + "deviceCode": 40 + }, + "phishResistant": { + "total": 350, + "passkey": 90, + "whfb": 110, + "certificate": 60, + "fido2": 90 + } + }, + "conditionalAccess": { + "totalSignIns": 1200, + "noConditionalAccess": 300, + "withConditionalAccess": { + "total": 900, + "withMfa": 700, + "withoutMfa": 200 + } + }, + "deviceSignIns": { + "totalSignIns": 1200, + "unmanaged": 450, + "managed": { + "total": 750, + "compliant": 600, + "nonCompliant": 150 + } + }, + "desktopSignIns": { + "totalSignIns": 800, + "windows": { + "total": 600, + "entraJoined": { + "total": 300, + "managed": { + "total": 220, + "compliant": 180, + "nonCompliant": 40 + }, + "unmanaged": 80 + }, + "entraRegistered": { + "total": 180, + "managed": { + "total": 120, + "compliant": 90, + "nonCompliant": 30 + }, + "unmanaged": 60 + }, + "entraHybridJoined": { + "total": 90, + "managed": { + "total": 70, + "compliant": 60, + "nonCompliant": 10 + }, + "unmanaged": 20 + }, + "unmanaged": 30 + }, + "linux": { + "total": 120, + "compliant": 70, + "nonCompliant": 20, + "unmanaged": 30 + }, + "macos": { + "total": 80, + "compliant": 50, + "nonCompliant": 10, + "unmanaged": 20 + } + }, + "mobileSignIns": { + "totalSignIns": 400, + "ios": { + "total": 220, + "company": { + "total": 140, + "compliant": 100, + "nonCompliant": 40 + }, + "personal": { + "total": 80, + "compliant": 60, + "nonCompliant": 20 + } + }, + "android": { + "total": 180, + "company": { + "total": 90, + "compliant": 70, + "nonCompliant": 20 + }, + "personal": { + "total": 90, + "compliant": 65, + "nonCompliant": 25 + } + } + } + } } }, "schema": { From e9099ff34c96796ae849515cc8209496ee800d7a Mon Sep 17 00:00:00 2001 From: Pasha Zayko Date: Wed, 11 Mar 2026 17:29:41 -0400 Subject: [PATCH 3/4] Updated spec to narrow down format for values Set count properties as integers with format and minimum values instead of just number type --- specs/SHIELD.json | 318 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 236 insertions(+), 82 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index e24cc7a..dea1ab7 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -3960,14 +3960,18 @@ "examples": [ 1200 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "singleFactor": { "description": "Count of records for privileged accounts that do not include use of MFA.", "examples": [ 250 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonPhishResistant": { "description": "Details of records for privileged accounts that utilize MFA that is not phish-resistant.", @@ -3978,42 +3982,54 @@ "examples": [ 600 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "phone": { "description": "Count of records where phone authentication option was used.", "examples": [ 120 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "authenticator": { "description": "Count of records where authenticator was involved during authentication.", "examples": [ 220 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "sms": { "description": "Count of records where SMS confirmation was used during authentication.", "examples": [ 140 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "otp": { "description": "Count of records where OTP was used during authentication.", "examples": [ 80 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "deviceCode": { "description": "Count of records where device code was used for authentication.", "examples": [ 40 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4044,35 +4060,45 @@ "examples": [ 350 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "passkey": { "description": "Count of records where passkey was used for authentication.", "examples": [ 90 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "whfb": { "description": "Count of records where Windows Hello for Business was used for authentication.", "examples": [ 110 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "certificate": { "description": "Count of records where certificate was used for authentication.", "examples": [ 60 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "fido2": { "description": "Count of records where FIDO2-based authentication was utilized.", "examples": [ 90 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4130,14 +4156,18 @@ "examples": [ 1200 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "singleFactor": { "description": "Count of records that did not include any MFA methods.", "examples": [ 250 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonPhishResistant": { "description": "Details of records that utilized MFA methods that are not phish-resistant.", @@ -4148,42 +4178,54 @@ "examples": [ 600 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "phone": { - "description": "Count of records where phone option was used during authentication..", + "description": "Count of records where phone option was used during authentication.", "examples": [ 120 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "authenticator": { "description": "Count of records where authenticator was involved during authentication.", "examples": [ 220 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "sms": { - "description": "Count of records where SMS confirmation was used during authentication..", + "description": "Count of records where SMS confirmation was used during authentication.", "examples": [ 140 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "otp": { - "description": "Count of records where OTP was used during authentication..", + "description": "Count of records where OTP was used during authentication.", "examples": [ 80 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "deviceCode": { - "description": "Count of records where device code was used during authentication..", + "description": "Count of records where device code was used during authentication.", "examples": [ 40 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4214,35 +4256,45 @@ "examples": [ 350 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "passkey": { "description": "Count of records where passkey was used for authentication.", "examples": [ 90 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "whfb": { "description": "Count of records where Windows Hello for Business was used for authentication.", "examples": [ 110 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "certificate": { "description": "Count of records where certificate was used for authentication.", "examples": [ 60 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "fido2": { "description": "Count of records where FIDO2-based authentication was utilized.", "examples": [ 90 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4300,14 +4352,18 @@ "examples": [ 1200 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "noConditionalAccess": { "description": "Count of records that did not have conditional access applied.", "examples": [ 300 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "withConditionalAccess": { "description": "Details of records that had conditional access applied.", @@ -4318,21 +4374,27 @@ "examples": [ 900 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "withMfa": { "description": "Count of records that used MFA method during authentication.", "examples": [ 700 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "withoutMfa": { "description": "Count of records that did not use any MFA method during authentication.", "examples": [ 200 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4375,14 +4437,18 @@ "examples": [ 1200 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "unmanaged": { "description": "Count of records where device is not managed or pre-enrolled with Intune.", "examples": [ 450 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "managed": { "description": "Details of records where device is managed or pre-enrolled with Intune.", @@ -4393,21 +4459,27 @@ "examples": [ 750 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 600 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 150 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4450,7 +4522,9 @@ "examples": [ 800 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "windows": { "description": "Details of records for Windows-based devices.", @@ -4461,18 +4535,22 @@ "examples": [ 600 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "entraJoined": { "description": "Details of records indicating devices joined Entra.", "type": "object", "properties": { "total": { - "description": "Total count of records where decide recognized as joined Entra.", + "description": "Total count of records where device is recognized as joined Entra.", "examples": [ 300 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "managed": { "description": "Details of records indicating devices that are managed.", @@ -4483,21 +4561,27 @@ "examples": [ 220 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 180 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 40 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4518,7 +4602,9 @@ "examples": [ 80 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "examples": [ @@ -4547,7 +4633,9 @@ "examples": [ 180 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "managed": { "description": "Details of records indicating devices that are managed.", @@ -4558,21 +4646,27 @@ "examples": [ 120 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 90 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 30 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4593,7 +4687,9 @@ "examples": [ 60 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "examples": [ @@ -4622,7 +4718,9 @@ "examples": [ 90 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "managed": { "description": "Details of records indicating devices that are managed.", @@ -4633,21 +4731,27 @@ "examples": [ 70 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 60 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 10 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4668,7 +4772,9 @@ "examples": [ 20 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "examples": [ @@ -4693,7 +4799,9 @@ "examples": [ 30 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "examples": [ @@ -4746,28 +4854,36 @@ "examples": [ 120 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 70 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 20 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "unmanaged": { "description": "Count of records indicating devices that are not managed.", "examples": [ 30 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "examples": [ @@ -4794,28 +4910,36 @@ "examples": [ 80 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 50 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 10 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "unmanaged": { "description": "Count of records indicating devices that are not managed.", "examples": [ 20 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "examples": [ @@ -4898,7 +5022,9 @@ "examples": [ 400 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "ios": { "description": "Details of records for iOS devices.", @@ -4909,7 +5035,9 @@ "examples": [ 220 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "company": { "description": "Detail of records indicating devices owned by company.", @@ -4920,21 +5048,27 @@ "examples": [ 140 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 100 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 40 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -4959,21 +5093,27 @@ "examples": [ 80 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 60 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 20 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -5020,7 +5160,9 @@ "examples": [ 180 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "company": { "description": "Detail of records indicating devices owned by company.", @@ -5031,21 +5173,27 @@ "examples": [ 90 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 70 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 20 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ @@ -5070,21 +5218,27 @@ "examples": [ 90 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "compliant": { "description": "Count of records indicating compliant devices.", "examples": [ 65 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 }, "nonCompliant": { "description": "Count of records indicating non-compliant devices.", "examples": [ 25 ], - "type": "number" + "type": "integer", + "format": "int32", + "minimum": 0 } }, "required": [ From 6023ee706d2d321161843bf30a4fcfb88cfbdad3 Mon Sep 17 00:00:00 2001 From: Pasha Zayko Date: Thu, 12 Mar 2026 11:51:37 -0400 Subject: [PATCH 4/4] Specifying permission needed Adding use of existing permission until another decision is made. --- specs/SHIELD.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index dea1ab7..6324b08 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -6283,7 +6283,7 @@ "/Api/Discover/ZeroTrust": { "get": { "summary": "Generates Zero Trust Assessment", - "description": "Initiates collection of data that matches details needed to compose Zero Trust assessment.\n\nThis endpoint requires the `Permissions TBD` scope (permission).", + "description": "Initiates collection of data that matches details needed to compose Zero Trust assessment.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", "operationId": "/Api/Discover/ZeroTrust/Get", "responses": { "200": {