changed to check all necessary fields for policy 3.3

PowerShell/ScubaGear/Rego/AADConfig.rego

@@ -262,27 +262,23 @@ MSAuthEnabled := true if {
 # Returns true if MS Authenticator is configured per the baseline, false if it is not
 default MSAuthProperlyConfigured := false
 MSAuthProperlyConfigured := true if {
-    MSAuth.State == "enabled"
-
+    MSAuthEnabled == true 
+    MSAuthOTP := MSAuth.AdditionalProperties.isSoftwareOathEnabled # either true/false
+    MSAuthOTP == false
     # Make sure that MS Auth shows the app name and geographic location
     Settings := MSAuth.AdditionalProperties.featureSettings
     Settings.displayAppInformationRequiredState.state == "enabled"
     Settings.displayLocationInformationRequiredState.state == "enabled"
 
-    # Make sure that the configuration applies to all users
-    some target in MSAuth.AdditionalProperties.includeTargets
-    target.id == "all_users"
+    # Make sure that the configuration applies to all users 
+    Settings.displayAppInformationRequiredState.includeTarget.id == "all_users"
+    Settings.displayLocationInformationRequiredState.includeTarget.id == "all_users"    
 }
 
 default AAD_3_3_Not_Applicable := false
-# Returns true no matter what if phishing-resistant MFA is being enforced
-AAD_3_3_Not_Applicable := true if {
-    count(PhishingResistantMFAPolicies) > 0
-}
 
 # Returns true if phishing-resistant MFA is not being enforced but MS Auth is disabled
 AAD_3_3_Not_Applicable := true if {
-    count(PhishingResistantMFAPolicies) == 0
     MSAuthEnabled == false
 }
 
@@ -311,7 +307,6 @@ tests contains {
     "RequirementMet": Status
 } if {
     AAD_3_3_Not_Applicable == false
-
     Status := MSAuthProperlyConfigured == true
 }
 
@@ -1186,4 +1181,4 @@ tests contains {
     "ReportDetails": NotCheckedDetails("MS.AAD.8.3v1"),
     "RequirementMet": false
 }
-#--
+#--