vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Comment conditions on each test

Browse Source
This commit is contained in:
DrIOS
2024-06-12 12:24:25 -05:00
parent cf7fbadbe7
commit 10471b4683
21 changed files with 370 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
source/tests/Test-GuestAccessExpiration.ps1
View File

@@ -17,31 +17,45 @@ function Test-GuestAccessExpiration {
process {
try {
# 7.2.9 (L1) Ensure guest access to a site or OneDrive will expire automatically
# 7.2.9 (L1) Ensure guest access to a site or OneDrive will expire automatically
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: The ExternalUserExpirationRequired setting in SharePoint is set to True.
# - Condition B: The ExternalUserExpireInDays setting in SharePoint is configured to 30 or less.
# - Condition C: Verification using the SharePoint Admin Center confirms that guest access will expire automatically after the specified number of days.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The ExternalUserExpirationRequired setting in SharePoint is not set to True.
# - Condition B: The ExternalUserExpireInDays setting in SharePoint is configured to more than 30 days.
# - Condition C: Verification using the SharePoint Admin Center indicates that guest access is not set to expire automatically after the specified number of days.
# Retrieve SharePoint tenant settings related to guest access expiration
$SPOTenantGuestAccess = Get-SPOTenant | Select-Object ExternalUserExpirationRequired, ExternalUserExpireInDays
$isGuestAccessExpirationConfiguredCorrectly = $SPOTenantGuestAccess.ExternalUserExpirationRequired -and $SPOTenantGuestAccess.ExternalUserExpireInDays -le 30
# Retrieve SharePoint tenant settings related to guest access expiration
$SPOTenantGuestAccess = Get-SPOTenant | Select-Object ExternalUserExpirationRequired, ExternalUserExpireInDays
$isGuestAccessExpirationConfiguredCorrectly = $SPOTenantGuestAccess.ExternalUserExpirationRequired -and $SPOTenantGuestAccess.ExternalUserExpireInDays -le 30
# Prepare failure reasons and details based on compliance
$failureReasons = if (-not $isGuestAccessExpirationConfiguredCorrectly) {
"Guest access expiration is not configured to automatically expire within 30 days or less."
}
else {
"N/A"
}
# Prepare failure reasons and details based on compliance
$failureReasons = if (-not $isGuestAccessExpirationConfiguredCorrectly) {
"Guest access expiration is not configured to automatically expire within 30 days or less."
}
else {
"N/A"
}
$details = "ExternalUserExpirationRequired: $($SPOTenantGuestAccess.ExternalUserExpirationRequired); ExternalUserExpireInDays: $($SPOTenantGuestAccess.ExternalUserExpireInDays)"
$details = "ExternalUserExpirationRequired: $($SPOTenantGuestAccess.ExternalUserExpirationRequired); ExternalUserExpireInDays: $($SPOTenantGuestAccess.ExternalUserExpireInDays)"
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
Result = $isGuestAccessExpirationConfiguredCorrectly
Status = if ($isGuestAccessExpirationConfiguredCorrectly) { "Pass" } else { "Fail" }
Details = $details
FailureReason = $failureReasons
}
$auditResult = Initialize-CISAuditResult @params
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
Result = $isGuestAccessExpirationConfiguredCorrectly
Status = if ($isGuestAccessExpirationConfiguredCorrectly) { "Pass" } else { "Fail" }
Details = $details
FailureReason = $failureReasons
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"