Update Rego for AAD Conditional Access Policies to increase consistency and reduce redundancy

[dagarwal-mitre]

🐛 Summary

Certain CAP policies do not strictly check for what the baseline describes and there are helper methods which can be used to prevent code repetition and increase consistency. Changes are detailed below.
This issue came from the code review done on AAD CAP rego policies #1184

To reproduce

Conditional Access Policies which need to be updated

General notes for the updates needed are to use PolicyConditionsMatch more for consistency and prevent code repetition.

MS.AAD.1.1v1

Similar to 3.7, currently 1.1 checks if Exchange ActiveSync clients and Other clients are clicked, but doesn't check to ensure that those two are the only boxes checked.

MS.AAD.2.3v1

For consistency update line 141 from PolicyConditionsMatch(CAPolicy) to PolicyConditionsMatch(CAPolicy) == true

MS.AAD.3.1v1

Check if we can use PolicyConditionsMatch rather than the 3 lines (183-185) used together
Replace

"All" in CAPolicy.Conditions.Users.IncludeUsers
"All" in CAPolicy.Conditions.Applications.IncludeApplications
CAPolicy.State == "enabled" 

with PolicyConditionsMatch(CAPolicy) == true

MS.AAD.3.2v1

For consistency update line 221 from PolicyConditionsMatch(CAPolicy) to PolicyConditionsMatch(CAPolicy) == true

MS.AAD.3.6v1

Missing check for Target resources > Cloud apps > All cloud apps
To fix this try using PolicyConditionsMatch(CAPolicy) == true

MS.AAD.3.8v1

Use 3.7 as a model for this one as they are very similar

1. Check if PolicyConditionsMatch can be used to reduce code repetition
2. After checking compliantDevice and domainJoinedDevice, check to ensure no other built in controls are selected
3. Check for For multiple controls > Require one of the selected controls by checking GrantControls.Operator is set to "OR"

Any helpful log output or screenshots

Paste the results here:

Add any screenshots of the problem here.