diff --git a/helpers/CIS 365 v3.0.0 Controls/Test-Template.ps1 b/helpers/CIS 365 v3.0.0 Controls/Test-Template.ps1 new file mode 100644 index 0000000..5cb73e1 --- /dev/null +++ b/helpers/CIS 365 v3.0.0 Controls/Test-Template.ps1 @@ -0,0 +1,98 @@ +function Test-Template { + [CmdletBinding()] + param ( + # Parameters can be added if needed + ) + + begin { + # Initialization code, if needed + # Load necessary scripts, define variables, etc. + } + + process { + # Fetch relevant data + # Example: $data = Get-SomeData + + # Process the data to evaluate compliance + # Example: $compliantItems = $data | Where-Object { $_.Property -eq 'ExpectedValue' } + # Example: $nonCompliantItems = $data | Where-Object { $_.Property -ne 'ExpectedValue' } + + # Prepare failure reasons and details for non-compliant items + $failureReasons = $nonCompliantItems | ForEach-Object { + # Example: "Item: $($_.Name) - Reason: Missing expected value" + } + $failureReasons = $failureReasons -join "`n" + + # Prepare details for compliant items + $compliantDetails = $compliantItems | ForEach-Object { + # Example: "Item: $($_.Name) - Value: $($_.Property)" + } + $compliantDetails = $compliantDetails -join "`n" + + # Create and populate the CISAuditResult object + $auditResult = [CISAuditResult]::new() + $auditResult.Status = if ($nonCompliantItems) { 'Fail' } else { 'Pass' } + $auditResult.ELevel = 'E3' # Modify as needed + $auditResult.ProfileLevel = 'L1' # Modify as needed + $auditResult.Rec = '1.1.1' # Modify as needed + $auditResult.RecDescription = "Description of the recommendation" # Modify as needed + $auditResult.CISControlVer = 'v8' # Modify as needed + $auditResult.CISControl = "5.4" # Modify as needed + $auditResult.CISDescription = "Description of the CIS control" # Modify as needed + $auditResult.IG1 = $true # Modify as needed + $auditResult.IG2 = $true # Modify as needed + $auditResult.IG3 = $true # Modify as needed + $auditResult.Result = $nonCompliantItems.Count -eq 0 + $auditResult.Details = if ($nonCompliantItems) { + "Non-Compliant Items: $($nonCompliantItems.Count)`nDetails:`n" + ($nonCompliantItems | ForEach-Object { $_.Details } -join "`n") + } else { + "Compliant Items: $($compliantItems.Count)`nDetails:`n$compliantDetails" + } + $auditResult.FailureReason = if ($nonCompliantItems) { + "Non-compliant items:`n$failureReasons" + } else { + "N/A" + } + + # Example output object for a pass result + # Status : Pass + # ELevel : E3 + # ProfileLevel : L2 + # Rec : 8.1.1 + # RecDescription : Ensure external file sharing in Teams is enabled for only approved cloud storage services + # CISControlVer : v8 + # CISControl : 3.3 + # CISDescription : Configure Data Access Control Lists + # IG1 : True + # IG2 : True + # IG3 : True + # Result : True + # Details : Compliant Items: 5 + # Item: Team1 - Storage: OneDrive + # Item: Team2 - Storage: SharePoint + # FailureReason : N/A + + # Example output object for a fail result + # Status : Fail + # ELevel : E3 + # ProfileLevel : L2 + # Rec : 8.1.1 + # RecDescription : Ensure external file sharing in Teams is enabled for only approved cloud storage services + # CISControlVer : v8 + # CISControl : 3.3 + # CISDescription : Configure Data Access Control Lists + # IG1 : True + # IG2 : True + # IG3 : True + # Result : False + # Details : Non-Compliant Items: 2 + # Item: Team3 - Storage: Dropbox (Unapproved) + # Item: Team4 - Storage: Google Drive (Unapproved) + # FailureReason : Non-compliant items:`nUsername | Roles | HybridStatus | Missing Licence + } + + end { + # Return the audit result + return $auditResult + } +} diff --git a/source/Public/Get-AdminRoleUserLicense.ps1 b/source/Public/Get-AdminRoleUserLicense.ps1 index 6c307ee..fa2a49a 100644 --- a/source/Public/Get-AdminRoleUserLicense.ps1 +++ b/source/Public/Get-AdminRoleUserLicense.ps1 @@ -36,8 +36,8 @@ function Get-AdminRoleUserLicense { Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome } - $adminRoleUsers = @() - $userIds = @() + $adminRoleUsers = [System.Collections.ArrayList]::new() + $userIds = [System.Collections.ArrayList]::new() } Process { @@ -50,24 +50,28 @@ function Get-AdminRoleUserLicense { $userDetails = Get-MgUser -UserId $user.PrincipalId -Property "DisplayName, UserPrincipalName, Id, onPremisesSyncEnabled" -ErrorAction SilentlyContinue if ($userDetails) { - $userIds += $user.PrincipalId - $adminRoleUsers += [PSCustomObject]@{ - RoleName = $role.DisplayName - UserName = $userDetails.DisplayName - UserPrincipalName = $userDetails.UserPrincipalName - UserId = $userDetails.Id - HybridUser = $userDetails.onPremisesSyncEnabled - Licenses = $null # Initialize as $null - } + [void]($userIds.Add($user.PrincipalId)) + [void]( + $adminRoleUsers.Add( + [PSCustomObject]@{ + RoleName = $role.DisplayName + UserName = $userDetails.DisplayName + UserPrincipalName = $userDetails.UserPrincipalName + UserId = $userDetails.Id + HybridUser = $userDetails.onPremisesSyncEnabled + Licenses = $null # Initialize as $null + } + ) + ) } } } - foreach ($userId in $userIds | Select-Object -Unique) { + foreach ($userId in $userIds.ToArray() | Select-Object -Unique) { $licenses = Get-MgUserLicenseDetail -UserId $userId -ErrorAction SilentlyContinue if ($licenses) { $licenseList = ($licenses.SkuPartNumber -join '|') - $adminRoleUsers | Where-Object { $_.UserId -eq $userId } | ForEach-Object { + $adminRoleUsers.ToArray() | Where-Object { $_.UserId -eq $userId } | ForEach-Object { $_.Licenses = $licenseList } }