vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format: comments for Get-PhishPolicyCompliance

Browse Source
This commit is contained in:
DrIOS
2024-12-27 11:54:46 -06:00
parent f493eed7a0
commit 07ca126c1b
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
source/Private/Get-PhishPolicyCompliance.ps1
View File

@@ -4,6 +4,7 @@ function Get-PhishPolicyCompliance {
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[PSCustomObject]$Policy [PSCustomObject]$Policy
) )
Write-Verbose "Starting compliance evaluation for policy: $($Policy.Name)"
# Define the compliance criteria for an anti-phishing policy # Define the compliance criteria for an anti-phishing policy
$complianceCriteria = @{ $complianceCriteria = @{
Enabled = $true # Policy must be enabled Enabled = $true # Policy must be enabled
@@ -24,22 +25,33 @@ function Get-PhishPolicyCompliance {
# Initialize compliance state and a list to track non-compliance reasons # Initialize compliance state and a list to track non-compliance reasons
$isCompliant = $true $isCompliant = $true
$nonCompliantReasons = @() $nonCompliantReasons = @()
Write-Verbose "Evaluating compliance criteria for policy: $($Policy.Name)"
# Iterate through the compliance criteria and check each property of the policy # Iterate through the compliance criteria and check each property of the policy
foreach ($key in $complianceCriteria.Keys) { foreach ($key in $complianceCriteria.Keys) {
Write-Verbose "Checking $key`: Expected $($complianceCriteria[$key])"
if ($Policy.PSObject.Properties[$key] -and $Policy.$key -ne $complianceCriteria[$key]) { if ($Policy.PSObject.Properties[$key] -and $Policy.$key -ne $complianceCriteria[$key]) {
Write-Verbose "Non-compliance detected for $key. Found $($Policy.$key)"
$isCompliant = $false # Mark as non-compliant if the value doesn't match $isCompliant = $false # Mark as non-compliant if the value doesn't match
$nonCompliantReasons += "$key`: Expected $($complianceCriteria[$key]), Found $($Policy.$key)" # Record the discrepancy $nonCompliantReasons += "$key`: Expected $($complianceCriteria[$key]), Found $($Policy.$key)" # Record the discrepancy
} else {
Write-Verbose "$key is compliant."
} }
} }
# Special case: Ensure PhishThresholdLevel is at least 3 # Special case: Ensure PhishThresholdLevel is at least 3
Write-Verbose "Checking PhishThresholdLevel: Expected at least 3"
if ($Policy.PSObject.Properties['PhishThresholdLevel'] -and $Policy.PhishThresholdLevel -lt 3) { if ($Policy.PSObject.Properties['PhishThresholdLevel'] -and $Policy.PhishThresholdLevel -lt 3) {
Write-Verbose "Non-compliance detected for PhishThresholdLevel. Found $($Policy.PhishThresholdLevel)"
$isCompliant = $false # Mark as non-compliant if threshold is below 3 $isCompliant = $false # Mark as non-compliant if threshold is below 3
$nonCompliantReasons += "PhishThresholdLevel: Expected at least 3, Found $($Policy.PhishThresholdLevel)" # Record the issue $nonCompliantReasons += "PhishThresholdLevel: Expected at least 3, Found $($Policy.PhishThresholdLevel)" # Record the issue
} else {
Write-Verbose "PhishThresholdLevel is compliant."
} }
# Log the reasons for non-compliance if the policy is not compliant # Log the reasons for non-compliance if the policy is not compliant
if (-not $isCompliant) { if (-not $isCompliant) {
Write-Verbose "Policy $($Policy.Name) is not compliant. Reasons: $($nonCompliantReasons -join '; ')" Write-Verbose "Policy $($Policy.Name) is not compliant. Reasons: $($nonCompliantReasons -join '; ')"
} else {
Write-Verbose "Policy $($Policy.Name) is fully compliant."
} }
# Return whether the policy is compliant # Return whether the policy is compliant
return $isCompliant return $isCompliant
} }