Initial Commit

source/tests/Test-ReauthWithCode.ps1

@@ -0,0 +1,41 @@
+function Test-ReauthWithCode {
+    [CmdletBinding()]
+    param (
+        # Define your parameters here
+    )
+
+    begin {
+        # Initialization code
+
+        $auditResult = [CISAuditResult]::new()
+    }
+
+    process {
+        # 7.2.10 (L1) Ensure reauthentication with verification code is restricted
+        $SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays
+        $isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15
+
+        # Populate the auditResult object with the required properties
+        $auditResult.CISControlVer = "v8"
+        $auditResult.CISControl = "0.0"
+        $auditResult.CISDescription = "Explicitly Not Mapped"
+
+        $auditResult.Rec = "7.2.10"
+        $auditResult.ELevel = "E3"
+        $auditResult.ProfileLevel = "L1"
+        $auditResult.IG1 = $false
+        $auditResult.IG2 = $false
+        $auditResult.IG3 = $false
+        $auditResult.RecDescription = "Ensure reauthentication with verification code is restricted"
+
+        $auditResult.Result = $isReauthenticationRestricted
+        $auditResult.Details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)"
+        $auditResult.FailureReason = if (-not $isReauthenticationRestricted) { "Reauthentication with verification code does not require reauthentication within 15 days or less." } else { "N/A" }
+        $auditResult.Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" }
+    }
+
+    end {
+        # Return auditResult
+        return $auditResult
+    }
+}