Initial Commit

2024-03-25 08:34:43 -05:00
commit 0226b293b5
137 changed files with 9448 additions and 0 deletions
--- a/source/tests/Test-RestrictOutlookAddins.ps1
+++ b/source/tests/Test-RestrictOutlookAddins.ps1
@@ -0,0 +1,89 @@
+function Test-RestrictOutlookAddins {
+    [CmdletBinding()]
+    param (
+        # Parameters could include credentials or other necessary data
+    )
+
+    begin {
+        # Initialization code
+
+        $auditResult = [CISAuditResult]::new()
+        $customPolicyFailures = @()
+        $defaultPolicyFailureDetails = @()
+        $relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps')
+    }
+
+    process {
+        # Main functionality
+        # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
+
+        # Check all mailboxes for custom policies with unallowed add-ins
+        $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy
+
+        if ($roleAssignmentPolicies.RoleAssignmentPolicy) {
+            foreach ($policy in $roleAssignmentPolicies) {
+                if ($policy.RoleAssignmentPolicy) {
+                    $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy
+                    $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles }
+                    if ($foundRoles) {
+                        $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')"
+                    }
+                }
+            }
+        }
+
+        # Check Default Role Assignment Policy
+        $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy"
+        $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
+        if ($defaultPolicyRoles) {
+            $defaultPolicyFailureDetails = $defaultPolicyRoles
+        }
+    }
+
+    end {
+        # Prepare result object
+        $auditResult.Rec = "6.3.1"
+        $auditResult.CISControl = "9.4"
+        $auditResult.CISDescription = "Restrict Unnecessary or Unauthorized Browser and Email Client Extensions"
+        $auditResult.ELevel = "E3"
+        $auditResult.ProfileLevel = "L2"
+        $auditResult.IG1 = $false
+        $auditResult.IG2 = $true
+        $auditResult.IG3 = $true
+        $auditResult.RecDescription = "Ensure users installing Outlook add-ins is not allowed"
+
+        $detailsString = ""
+        if ($customPolicyFailures) {
+            $detailsString += "Custom Policy Failures: | "
+            # Use pipes or tabs here instead of newlines
+            $detailsString += ($customPolicyFailures -join " | ")
+        }
+        else {
+            $detailsString += "Custom Policy Failures: None | "
+        }
+
+        $detailsString += "Default Role Assignment Policy: "
+        if ($defaultPolicyFailureDetails) {
+            $detailsString += ($defaultPolicyFailureDetails -join ', ')
+        }
+        else {
+            $detailsString += "Compliant"
+        }
+
+        if ($customPolicyFailures -or $defaultPolicyFailureDetails) {
+            $auditResult.Result = $false
+            $auditResult.Status = "Fail"
+            $auditResult.Details = $detailsString
+            $auditResult.FailureReason = "Unauthorized Outlook add-ins found in custom or default policies."
+        }
+        else {
+            $auditResult.Result = $true
+            $auditResult.Status = "Pass"
+            $auditResult.Details = "No unauthorized Outlook add-ins found in custom or default policies."
+            $auditResult.FailureReason = "N/A"
+        }
+
+        # Return auditResult
+        return $auditResult
+    }
+}