🧹 Improving rolemanagment by adding Delegated Admin Portal

providers/ms365/resources/ms365.lr

@@ -747,4 +747,22 @@ private ms365.teams.teamsMeetingPolicyConfig {
 private ms365.teams.teamsMessagingPolicyConfig {
   // Whether users can report security concerns
   allowSecurityEndUserReporting bool
+}
+
+// Microsoft Admin Portal
+microsoft.adminPortal {
+  // List of delegated admin partners
+  delegatedAdminPartners() []microsoft.adminPortal.delegatedAdminPartner
+}
+
+// Microsoft 365 Entra ID Delegated Admin Partner
+microsoft.adminPortal.delegatedAdminPartner @defaults("id displayName") {
+  // Partner ID
+  id string
+  // Partner Display Name
+  displayName string
+  // List of Unified Roles for the partner
+  unifiedRoles []string
+  // Status of the delegated admin relationship
+  status string
 }

providers/ms365/resources/ms365.lr.manifest.yaml

@@ -18,6 +18,17 @@ resources:
         min_mondoo_version: latest
       users: {}
     min_mondoo_version: 5.15.0
+  microsoft.adminPortal:
+    fields:
+      delegatedAdminPartners: {}
+    min_mondoo_version: 9.0.0
+  microsoft.adminPortal.delegatedAdminPartner:
+    fields:
+      displayName: {}
+      id: {}
+      status: {}
+      unifiedRoles: {}
+    min_mondoo_version: 9.0.0
   microsoft.application:
     fields:
       api:

providers/ms365/resources/rolemanagement.go

@@ -5,6 +5,8 @@ package resources
 
 import (
 	"context"
+	"log"
+
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
 
 	"github.com/microsoftgraph/msgraph-sdk-go/rolemanagement"
@@ -117,3 +119,74 @@ func (a *mqlMicrosoftRolemanagementRoledefinition) assignments() ([]interface{},
 	}
 	return res, nil
 }
+
+// Related to Delegated Admin Portal under Roles & admin in Entra ID
+func (a *mqlMicrosoftAdminPortal) delegatedAdminPartners() ([]interface{}, error) {
+	conn := a.MqlRuntime.Connection.(*connection.Ms365Connection)
+	graphClient, err := conn.GraphClient()
+	if err != nil {
+		return nil, err
+	}
+
+	ctx := context.Background()
+
+	partnersResp, err := graphClient.TenantRelationships().DelegatedAdminRelationships().Get(ctx, nil)
+	if err != nil {
+		return nil, transformError(err)
+	}
+
+	var partnerDetails []interface{}
+
+	for _, partner := range partnersResp.GetValue() {
+		partnerId := partner.GetId()
+		displayName := partner.GetDisplayName()
+		accessDetails := partner.GetAccessDetails()
+		status := partner.GetStatus() // Fetch the status property
+
+		if partnerId != nil && displayName != nil {
+			unifiedRoles := []interface{}{}
+			if accessDetails != nil && accessDetails.GetUnifiedRoles() != nil {
+				for _, role := range accessDetails.GetUnifiedRoles() {
+					roleDefinitionId := role.GetRoleDefinitionId()
+					if roleDefinitionId != nil {
+						unifiedRoles = append(unifiedRoles, *roleDefinitionId)
+					}
+				}
+			}
+
+			unifiedRolesData, err := convert.JsonToDictSlice(unifiedRoles)
+			if err != nil {
+				return nil, err
+			}
+
+			var statusStr *string
+			if status != nil {
+				s := status.String()
+				statusStr = &s
+			}
+
+			partnerInfo, err := CreateResource(a.MqlRuntime, "microsoft.adminPortal.delegatedAdminPartner",
+				map[string]*llx.RawData{
+					"id":           llx.StringDataPtr(partnerId),
+					"displayName":  llx.StringDataPtr(displayName),
+					"unifiedRoles": llx.ArrayData(unifiedRolesData, types.String),
+					"status":       llx.StringDataPtr(statusStr),
+				})
+			if err != nil {
+				return nil, err
+			}
+
+			partnerDetails = append(partnerDetails, partnerInfo)
+		} else {
+			log.Printf("Skipped a partner with missing ID or Display Name")
+		}
+	}
+
+	// If no partners are found
+	if len(partnerDetails) == 0 {
+		log.Println("No delegated admin partners are defined.")
+		return nil, nil
+	}
+
+	return partnerDetails, nil
+}