Make preview pillar dependencies optional through lazy loading

[gaelcolas]

Background

The ZeroTrustAssessment module currently includes hard dependencies for modules required by upcoming pillars (Data, Network) in its RequiredModules list within ZeroTrustAssessment.psd1.

These include:

• ExchangeOnlineManagement (v3.8.0)
• Microsoft.Online.SharePoint.PowerShell (used in Connect-ZtAssessment)
• AipService (used in Connect-ZtAssessment)

Users of the current preview release who upgrade to the next preview must install these additional modules even if they don't intend to run the new Data and Network pillar tests.

Objectives

Implement lazy loading of preview pillar dependencies so they are only required when explicitly using the -Preview parameter. This allows users to upgrade without mandatory installation of modules for features they may not use.

Technical Considerations

MSAL DLL Version Conflicts

The primary challenge is managing Microsoft.Identity.Client.dll (MSAL) version conflicts, which arise when multiple modules ship with different versions of the same DLL.

Currently, this is handled by:

• Get-ModuleImportOrder.ps1 – Determines the correct module import order based on MSAL versions
• Initialize-Dependencies.ps1 – Pre-loads MSAL before module import (runs in ScriptsToProcess)

When accessing preview dependencies, lazy loading will occur after module import and MSAL may already be loaded. This requires thorough testing to ensure no version conflicts occur.

ExchangeOnlineManagement Version Pinning

The module currently pins ExchangeOnlineManagement to v3.8.0. Unless there is a documented compatibility issue, this should be changed to allow the latest available version.

Proposed Implementation

1. Remove hard dependencies from ZeroTrustAssessment.psd1:

   • Remove ExchangeOnlineManagement from RequiredModules
   • Remove ExchangeOnlineManagement, Microsoft.Online.SharePoint.PowerShell, and AipService from Connect-ZtAssessment loading/assertions and connection. Move them to -Preview code path.

2. Implement lazy assertion/loading in:

• Connect-ZtAssessment – Validate and load required modules when -Preview flag or preview features are accessed
• Invoke-ZtAssessment – Validate and load required modules when previewing Data/Network pillars

3. Update version requirements:

   • Remove hardcoded version requirement for ExchangeOnlineManagement (use latest)
   • Document minimum version requirements clearly

Testing:

• Test lazy loading with various module version combinations
• Verify MSAL DLL conflicts are handled appropriately
• Test upgrade path from current preview to next preview
• Test running Data/Network tests with lazy-loaded modules

Acceptance Criteria

• Users can upgrade to next preview without installing Data/Network pillar modules
• Data/Network pillar tests run successfully when required modules are lazy-loaded
• No MSAL version conflicts occur during lazy loading
• ExchangeOnlineManagement version pinning is removed or documented with justification
• All existing functionality for Identity and Devices pillars remains unaffected