format: comments for Get-PhishPolicyCompliance
This commit is contained in:
@@ -4,6 +4,7 @@ function Get-PhishPolicyCompliance {
|
|||||||
[Parameter(Mandatory = $true)]
|
[Parameter(Mandatory = $true)]
|
||||||
[PSCustomObject]$Policy
|
[PSCustomObject]$Policy
|
||||||
)
|
)
|
||||||
|
Write-Verbose "Starting compliance evaluation for policy: $($Policy.Name)"
|
||||||
# Define the compliance criteria for an anti-phishing policy
|
# Define the compliance criteria for an anti-phishing policy
|
||||||
$complianceCriteria = @{
|
$complianceCriteria = @{
|
||||||
Enabled = $true # Policy must be enabled
|
Enabled = $true # Policy must be enabled
|
||||||
@@ -24,21 +25,32 @@ function Get-PhishPolicyCompliance {
|
|||||||
# Initialize compliance state and a list to track non-compliance reasons
|
# Initialize compliance state and a list to track non-compliance reasons
|
||||||
$isCompliant = $true
|
$isCompliant = $true
|
||||||
$nonCompliantReasons = @()
|
$nonCompliantReasons = @()
|
||||||
|
Write-Verbose "Evaluating compliance criteria for policy: $($Policy.Name)"
|
||||||
# Iterate through the compliance criteria and check each property of the policy
|
# Iterate through the compliance criteria and check each property of the policy
|
||||||
foreach ($key in $complianceCriteria.Keys) {
|
foreach ($key in $complianceCriteria.Keys) {
|
||||||
|
Write-Verbose "Checking $key`: Expected $($complianceCriteria[$key])"
|
||||||
if ($Policy.PSObject.Properties[$key] -and $Policy.$key -ne $complianceCriteria[$key]) {
|
if ($Policy.PSObject.Properties[$key] -and $Policy.$key -ne $complianceCriteria[$key]) {
|
||||||
|
Write-Verbose "Non-compliance detected for $key. Found $($Policy.$key)"
|
||||||
$isCompliant = $false # Mark as non-compliant if the value doesn't match
|
$isCompliant = $false # Mark as non-compliant if the value doesn't match
|
||||||
$nonCompliantReasons += "$key`: Expected $($complianceCriteria[$key]), Found $($Policy.$key)" # Record the discrepancy
|
$nonCompliantReasons += "$key`: Expected $($complianceCriteria[$key]), Found $($Policy.$key)" # Record the discrepancy
|
||||||
|
} else {
|
||||||
|
Write-Verbose "$key is compliant."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# Special case: Ensure PhishThresholdLevel is at least 3
|
# Special case: Ensure PhishThresholdLevel is at least 3
|
||||||
|
Write-Verbose "Checking PhishThresholdLevel: Expected at least 3"
|
||||||
if ($Policy.PSObject.Properties['PhishThresholdLevel'] -and $Policy.PhishThresholdLevel -lt 3) {
|
if ($Policy.PSObject.Properties['PhishThresholdLevel'] -and $Policy.PhishThresholdLevel -lt 3) {
|
||||||
|
Write-Verbose "Non-compliance detected for PhishThresholdLevel. Found $($Policy.PhishThresholdLevel)"
|
||||||
$isCompliant = $false # Mark as non-compliant if threshold is below 3
|
$isCompliant = $false # Mark as non-compliant if threshold is below 3
|
||||||
$nonCompliantReasons += "PhishThresholdLevel: Expected at least 3, Found $($Policy.PhishThresholdLevel)" # Record the issue
|
$nonCompliantReasons += "PhishThresholdLevel: Expected at least 3, Found $($Policy.PhishThresholdLevel)" # Record the issue
|
||||||
|
} else {
|
||||||
|
Write-Verbose "PhishThresholdLevel is compliant."
|
||||||
}
|
}
|
||||||
# Log the reasons for non-compliance if the policy is not compliant
|
# Log the reasons for non-compliance if the policy is not compliant
|
||||||
if (-not $isCompliant) {
|
if (-not $isCompliant) {
|
||||||
Write-Verbose "Policy $($Policy.Name) is not compliant. Reasons: $($nonCompliantReasons -join '; ')"
|
Write-Verbose "Policy $($Policy.Name) is not compliant. Reasons: $($nonCompliantReasons -join '; ')"
|
||||||
|
} else {
|
||||||
|
Write-Verbose "Policy $($Policy.Name) is fully compliant."
|
||||||
}
|
}
|
||||||
# Return whether the policy is compliant
|
# Return whether the policy is compliant
|
||||||
return $isCompliant
|
return $isCompliant
|
||||||
|
Reference in New Issue
Block a user