Skip to content

[Validation Sweep] Governance Hardening — 6 solutions (Issue #63)#224

Merged
judeper merged 1 commit into
mainfrom
ocean/issue-63
May 26, 2026
Merged

[Validation Sweep] Governance Hardening — 6 solutions (Issue #63)#224
judeper merged 1 commit into
mainfrom
ocean/issue-63

Conversation

@judeper
Copy link
Copy Markdown
Owner

@judeper judeper commented May 26, 2026

Issue #63 — Validation Sweep: Governance Hardening (6 solutions)

Full accuracy validation of 6 governance hardening solutions against authoritative sources.

Solutions Validated

  • finra-supervision-workflow (v1.1.1)
  • hitl-workflow-governance (v1.1.2)
  • inactivity-timeout-enforcement (v1.1.2)
  • mime-type-restrictions (v1.2.1)
  • segregation-detector (v1.2.1)
  • session-security-configurator (v1.3.0)

Validation Checklist

  • All Microsoft Learn URLs resolve (20+ checked, zero 404s or redirects)
  • PowerShell cmdlets and modules are current
  • Microsoft Graph API endpoints and permissions are current
  • FINRA-specific regulatory references are current (3110, 4511, 24-09)
  • Session security configurations match current capabilities
  • Prerequisites (licenses, roles, permissions) are current
  • Python packages and SDK versions are current
  • Cross-solution references are valid
  • No FSI language violations (ensures compliance, guarantees, etc.)
  • No stale Azure Active Directory branding

Changes Made

File Change Before → After
hitl-workflow-governance/docs/prerequisites.md Version footer fix v1.1.1 → v1.1.2
hitl-workflow-governance/docs/prerequisites.md MSAL.PS deprecation notice added
hitl-workflow-governance/docs/troubleshooting.md MSAL.PS deprecation note
session-security-configurator/README.md MSAL.PS deprecation notice
session-security-configurator/docs/prerequisites.md MSAL.PS deprecation notice + migration guidance
session-security-configurator/docs/flow-setup.md Version: 1.1.1 → 1.3.0, Last Updated: 2026-05-04 → 2026-05-25
session-security-configurator/docs/flow-setup.md MSAL.PS deprecation cross-refs
session-security-configurator/docs/evidence-export-guide.md MSAL.PS archived link + managed-identity-first note
session-security-configurator/docs/troubleshooting.md MSAL.PS deprecation note

Items for Human Review

  • MSAL.PS script migration: session-security-configurator scripts still #Requires MSAL.PS — full migration to Az.Accounts is a future code change outside doc-validation scope
  • HITL runbook: Start-HitlValidationRunbook.ps1 retains MSAL.PS dependency for cert-based auth

No Changes Needed (validated clean)

  • finra-supervision-workflow — All URLs, FINRA citations (3110, 4511, 24-09), regulatory alignment table, and cross-solution refs verified
  • inactivity-timeout-enforcement — All URLs, BAP API refs, and zone policy docs verified
  • mime-type-restrictions — All URLs, Sentinel query refs, and plugin build docs verified
  • segregation-detector — All URLs, Graph PIM endpoints, RBAC REST API preview docs verified

@judeper
fix(hitl-workflow-governance,session-security-configurator): validati…
2747c1d 
…on sweep — MSAL.PS deprecation notices, version footer fixes

Issue #63 — Governance Hardening validation sweep (6 solutions).

## Validation Results (all 6 solutions)
- All Microsoft Learn URLs verified (20+ checked, zero 404s)
- All FINRA regulatory references current (3110, 4511, 24-09)
- All Graph API endpoints current (roleAssignmentScheduleInstances v1.0)
- All cross-solution relative links valid
- No FSI language violations found
- No stale Azure Active Directory branding

## Substantive changes
- MSAL.PS deprecation notices added to session-security-configurator docs
  (README, prerequisites, flow-setup, evidence-export-guide, troubleshooting).
  Module archived Sept 2023; migration guidance added.
- MSAL.PS deprecation notice added to hitl-workflow-governance prerequisites
  and troubleshooting (runbook retains dependency; rest migrated in v1.1.2 m-6)
- evidence-export-guide: added managed-identity-first note for service
  principal mode, consistent with repo auth standard

## Version footer fixes
- hitl-workflow-governance/docs/prerequisites.md: v1.1.1 → v1.1.2
- session-security-configurator/docs/flow-setup.md: v1.1.1 → v1.3.0,
  Last Updated 2026-05-04 → 2026-05-25

## Items for human review
- session-security-configurator scripts still #Requires MSAL.PS — migration
  to Az.Accounts is a future code change (scripts are outside doc-validation
  scope)
- hitl-workflow-governance Start-HitlValidationRunbook.ps1 retains MSAL.PS
  #Requires — same migration note applies

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@judeper judeper merged commit 2251bf9 into main May 26, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@judeper