Add assessment check for MS.DEFENDER.6.2v1

[schrolla]

🗣 Description

Provides enhancement to Defender assessment checks for MS.DEFENDER.6.2v1 to ensure ALL users are assigned an advanced auditing license feature to support the SCB policy item. The actual update includes:

• A new MSGraph connection helper Connect-GraphHelper to modularize connecting to Graph API
• Updates to the Connection module to use the new Connect-GraphHelper function
• Connection module updates to connect to Graph when assessing Defender
• Defender provider updates to populate total_users_without_advanced_audit count
• New rego assessment checks for MS.DEFENDER.6.2v1 to validate the new count and provide count of users without the requisite license if not zero.
• Additional unit and functional tests to exercise the new assessment check and connection helper

No documentation updates are required as AAD and Defender already used the same permissions (Global Reader) and only an existing scope is required for Defender provider MSGraph calls (User.Read.All).

💭 Motivation and context

MS.DEFENDER.6.2v1 was previously set to not be checked due to a lack of a direct mechanism to do so under Defender. The new approach uses MSGraph to get license information which now provides ScubaGear users with assessment results for the policy item rather than requiring a full manual check as before. This makes assessing MS.DEFENDER.6.2v1 easier for users.

Closes #88

🧪 Testing

Testing the compliant case may be difficult if a test tenant with enough licenses to cover all users is not available. Invoke-ScubaRunCached with modified results is recommended for that case while setting the total_users_without_advanced_audit value to zero or -1. The functional tests do this as well, so running the Defender functional tests will also exercise the code.

To test the failed case, test on a tenant after making sure at least one user is not assigned the proper license.
Invoke-Scuba -p defender

Since changes were also make to Connection, test should include checking:

1. Running with user and service principal authentication
2. Testing when run with all products, just defender, just defender and powerplatform
   Note: This last one exercises the different connection cases and paths where MSGraph is enabled.

📷 Screenshots (if appropriate)

Example of MS.DEFENDER.6.2v1 results when not all users are assigned the advanced audit license:

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• PR targets the correct parent branch (e.g., main or release-name) for merge.
• Changes are limited to a single goal - eschew scope creep!
• Changes are sized such that they do not touch excessive number of files.
• All future TODOs are captured in issues, which are referenced in code comments.
• These code changes follow the ScubaGear content style guide.
• Related issues these changes resolve are linked preferably via closing keywords.
• All relevant type-of-change labels added.
• All relevant project fields are set.
• All relevant repo and/or project documentation updated to reflect these changes.
• Unit tests added/updated to cover PowerShell and Rego changes.
• Functional tests added/updated to cover PowerShell and Rego changes.
• All relevant functional tests passed.
• All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

• PR passed smoke test check.

• Feature branch has been rebased against changes from parent branch, as needed

  Use Rebase branch button below or use this reference to rebase from the command line.

• Resolved all merge conflicts on branch

• Notified merge coordinator that PR is ready for merge via comment mention

✅ Post-merge checklist

• Feature branch deleted after merge to clean up repository.
• Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

[james-garriss]

Done. Nice job.

[schrolla]

@nanda-katikaneni Resolved merge conflicts from Regal PR test renaming (in favor of that PRs naming convention) and tests are green. Ready for merge.