Add: error handling to tests

source/Private/Format-MissingActions.ps1

@@ -0,0 +1,26 @@
+function Format-MissingActions {
+    param ([array]$missingActions)
+
+    $actionGroups = @{
+        "Admin"    = @()
+        "Delegate" = @()
+        "Owner"    = @()
+    }
+
+    foreach ($action in $missingActions) {
+        if ($action -match "(Admin|Delegate|Owner) action '([^']+)' missing") {
+            $type = $matches[1]
+            $actionName = $matches[2]
+            $actionGroups[$type] += $actionName
+        }
+    }
+
+    $formattedResults = @()
+    foreach ($type in $actionGroups.Keys) {
+        if ($actionGroups[$type].Count -gt 0) {
+            $formattedResults += "$($type) actions missing: $($actionGroups[$type] -join ', ')"
+        }
+    }
+
+    return $formattedResults -join '; '
+}

source/Private/Initialize-CISAuditResult.ps1

@@ -1,19 +1,23 @@
 function Initialize-CISAuditResult {
+    [CmdletBinding()]
     param (
         [Parameter(Mandatory = $true)]
         [string]$Rec,
 
-        [Parameter(Mandatory = $true)]
+        [Parameter(Mandatory = $true, ParameterSetName = 'Full')]
         [bool]$Result,
 
-        [Parameter(Mandatory = $true)]
+        [Parameter(Mandatory = $true, ParameterSetName = 'Full')]
         [string]$Status,
 
-        [Parameter(Mandatory = $true)]
+        [Parameter(Mandatory = $true, ParameterSetName = 'Full')]
         [string]$Details,
 
-        [Parameter(Mandatory = $true)]
+        [Parameter(Mandatory = $true, ParameterSetName = 'Full')]
-        [string]$FailureReason
+        [string]$FailureReason,
+
+        [Parameter(ParameterSetName = 'Error')]
+        [switch]$Failure
     )
 
     # Import the test definitions CSV file
@@ -22,6 +26,10 @@ function Initialize-CISAuditResult {
     # Find the row that matches the provided recommendation (Rec)
     $testDefinition = $testDefinitions | Where-Object { $_.Rec -eq $Rec }
 
+    if (-not $testDefinition) {
+        throw "Test definition for recommendation '$Rec' not found."
+    }
+
     # Create an instance of CISAuditResult and populate it
     $auditResult = [CISAuditResult]::new()
     $auditResult.Rec = $Rec
@@ -36,10 +44,18 @@ function Initialize-CISAuditResult {
     $auditResult.Automated = [bool]::Parse($testDefinition.Automated)
     $auditResult.Connection = $testDefinition.Connection
     $auditResult.CISControlVer = 'v8'
-    $auditResult.Result = $Result
+
-    $auditResult.Status = $Status
+    if ($PSCmdlet.ParameterSetName -eq 'Full') {
-    $auditResult.Details = $Details
+        $auditResult.Result = $Result
-    $auditResult.FailureReason = $FailureReason
+        $auditResult.Status = $Status
+        $auditResult.Details = $Details
+        $auditResult.FailureReason = $FailureReason
+    } elseif ($PSCmdlet.ParameterSetName -eq 'Error') {
+        $auditResult.Result = $false
+        $auditResult.Status = 'Fail'
+        $auditResult.Details = "An error occurred while processing the test."
+        $auditResult.FailureReason = "Initialization error: Failed to process the test."
+    }
 
     return $auditResult
 }

source/tests/Test-AdministrativeAccountCompliance.ps1

@@ -1,83 +1,89 @@
 function Test-AdministrativeAccountCompliance {
     [CmdletBinding()]
     param (
-        # Aligned
         # Parameters can be added if needed
     )
 
     begin {
-        #. .\source\Classes\CISAuditResult.ps1
+        # Initialize the valid licenses
         $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
+        $recnum = "1.1.1"
     }
 
     process {
-        $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+        try {
-        $adminRoleUsers = @()
+            $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+            $adminRoleUsers = @()
 
-        foreach ($role in $adminRoles) {
+            foreach ($role in $adminRoles) {
-            $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+                $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
 
-            foreach ($assignment in $roleAssignments) {
+                foreach ($assignment in $roleAssignments) {
-                $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
+                    $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
-                if ($userDetails) {
+                    if ($userDetails) {
-                    $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
+                        $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
-                    $licenseString = if ($licenses) { ($licenses.SkuPartNumber -join '|') } else { "No Licenses Found" }
+                        $licenseString = if ($licenses) { ($licenses.SkuPartNumber -join '|') } else { "No Licenses Found" }
 
-                    $adminRoleUsers += [PSCustomObject]@{
+                        $adminRoleUsers += [PSCustomObject]@{
-                        UserName   = $userDetails.UserPrincipalName
+                            UserName   = $userDetails.UserPrincipalName
-                        RoleName   = $role.DisplayName
+                            RoleName   = $role.DisplayName
-                        UserId     = $userDetails.Id
+                            UserId     = $userDetails.Id
-                        HybridUser = $userDetails.OnPremisesSyncEnabled
+                            HybridUser = $userDetails.OnPremisesSyncEnabled
-                        Licenses   = $licenseString
+                            Licenses   = $licenseString
+                        }
                     }
                 }
             }
-        }
 
-        $uniqueAdminRoleUsers = $adminRoleUsers | Group-Object -Property UserName | ForEach-Object {
+            $uniqueAdminRoleUsers = $adminRoleUsers | Group-Object -Property UserName | ForEach-Object {
-            $first = $_.Group | Select-Object -First 1
+                $first = $_.Group | Select-Object -First 1
-            $roles = ($_.Group.RoleName -join ', ')
+                $roles = ($_.Group.RoleName -join ', ')
-            $licenses = (($_.Group | Select-Object -ExpandProperty Licenses) -join ',').Split(',') | Select-Object -Unique
+                $licenses = (($_.Group | Select-Object -ExpandProperty Licenses) -join ',').Split(',') | Select-Object -Unique
 
-            $first | Select-Object UserName, UserId, HybridUser, @{Name = 'Roles'; Expression = { $roles } }, @{Name = 'Licenses'; Expression = { $licenses -join '|' } }
+                $first | Select-Object UserName, UserId, HybridUser, @{Name = 'Roles'; Expression = { $roles } }, @{Name = 'Licenses'; Expression = { $licenses -join '|' } }
-        }
+            }
 
-        $nonCompliantUsers = $uniqueAdminRoleUsers | Where-Object {
+            $nonCompliantUsers = $uniqueAdminRoleUsers | Where-Object {
-            $_.HybridUser -or
+                $_.HybridUser -or
-            -not ($_.Licenses -split '\|' | Where-Object { $validLicenses -contains $_ })
+                -not ($_.Licenses -split '\|' | Where-Object { $validLicenses -contains $_ })
-        }
+            }
 
-        $failureReasons = $nonCompliantUsers | ForEach-Object {
+            $failureReasons = $nonCompliantUsers | ForEach-Object {
-            $accountType = if ($_.HybridUser) { "Hybrid" } else { "Cloud-Only" }
+                $accountType = if ($_.HybridUser) { "Hybrid" } else { "Cloud-Only" }
-            $missingLicenses = $validLicenses | Where-Object { $_ -notin ($_.Licenses -split '\|') }
+                $missingLicenses = $validLicenses | Where-Object { $_ -notin ($_.Licenses -split '\|') }
-            "$($_.UserName)|$($_.Roles)|$accountType|Missing: $($missingLicenses -join ',')"
+                "$($_.UserName)|$($_.Roles)|$accountType|Missing: $($missingLicenses -join ',')"
-        }
+            }
-        $failureReasons = $failureReasons -join "`n"
+            $failureReasons = $failureReasons -join "`n"
-        $details = if ($nonCompliantUsers) {
+            $details = if ($nonCompliantUsers) {
-            "Non-Compliant Accounts: $($nonCompliantUsers.Count)`nDetails:`n" + ($nonCompliantUsers | ForEach-Object { $_.UserName }) -join "`n"
+                "Non-Compliant Accounts: $($nonCompliantUsers.Count)`nDetails:`n" + ($nonCompliantUsers | ForEach-Object { $_.UserName }) -join "`n"
-        }
+            }
-        else {
+            else {
-            "Compliant Accounts: $($uniqueAdminRoleUsers.Count)"
+                "Compliant Accounts: $($uniqueAdminRoleUsers.Count)"
-        }
+            }
 
-        $result = $nonCompliantUsers.Count -eq 0
+            $result = $nonCompliantUsers.Count -eq 0
-        $status = if ($result) { 'Pass' } else { 'Fail' }
+            $status = if ($result) { 'Pass' } else { 'Fail' }
-        $failureReason = if ($nonCompliantUsers) { "Non-compliant accounts: `nUsername | Roles | HybridStatus | Missing Licence`n$failureReasons" } else { "N/A" }
+            $failureReason = if ($nonCompliantUsers) { "Non-compliant accounts: `nUsername | Roles | HybridStatus | Missing Licence`n$failureReasons" } else { "N/A" }
 
-        # Create the parameter splat
+            # Create the parameter splat
-        $params = @{
+            $params = @{
-            Rec            = "1.1.1"
+                Rec           = $recnum
-            Result         = $result
+                Result        = $result
-            Status         = $status
+                Status        = $status
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReason
+                FailureReason = $failureReason
+            }
+
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $auditResult = Initialize-CISAuditResult @params
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
-
     end {
-        # Output the result
         return $auditResult
     }
 }

source/tests/Test-AntiPhishingPolicy.ps1

@@ -10,66 +10,75 @@ function Test-AntiPhishingPolicy {
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
         #$auditResults = @()
+        $recnum = "2.1.7"
     }
 
     process {
-        # 2.1.7 Ensure that an anti-phishing policy has been created
 
-        # Retrieve and validate the anti-phishing policies
+        try {
-        $antiPhishPolicies = Get-AntiPhishPolicy
+            # 2.1.7 Ensure that an anti-phishing policy has been created
-        $validatedPolicies = $antiPhishPolicies | Where-Object {
-            $_.Enabled -eq $true -and
-            $_.PhishThresholdLevel -ge 2 -and
-            $_.EnableMailboxIntelligenceProtection -eq $true -and
-            $_.EnableMailboxIntelligence -eq $true -and
-            $_.EnableSpoofIntelligence -eq $true
-        }
 
-        # Check if there is at least one policy that meets the requirements
+            # Retrieve and validate the anti-phishing policies
-        $nonCompliantItems = $antiPhishPolicies | Where-Object {
+            $antiPhishPolicies = Get-AntiPhishPolicy
-            $_.Enabled -ne $true -or
+            $validatedPolicies = $antiPhishPolicies | Where-Object {
-            $_.PhishThresholdLevel -lt 2 -or
+                $_.Enabled -eq $true -and
-            $_.EnableMailboxIntelligenceProtection -ne $true -or
+                $_.PhishThresholdLevel -ge 2 -and
-            $_.EnableMailboxIntelligence -ne $true -or
+                $_.EnableMailboxIntelligenceProtection -eq $true -and
-            $_.EnableSpoofIntelligence -ne $true
+                $_.EnableMailboxIntelligence -eq $true -and
-        }
+                $_.EnableSpoofIntelligence -eq $true
-        $compliantItems = $validatedPolicies
+            }
-        $isCompliant = $compliantItems.Count -gt 0
 
-        # Prepare failure reasons for non-compliant items
+            # Check if there is at least one policy that meets the requirements
-        $nonCompliantNames = $nonCompliantItems | ForEach-Object { $_.Name }
+            $nonCompliantItems = $antiPhishPolicies | Where-Object {
-        $failureReasons = if ($nonCompliantNames.Count -gt 0) {
+                $_.Enabled -ne $true -or
-            "Reason: Does not meet one or more compliance criteria.`nNon-compliant Policies:`n" + ($nonCompliantNames -join "`n")
+                $_.PhishThresholdLevel -lt 2 -or
-        }
+                $_.EnableMailboxIntelligenceProtection -ne $true -or
-        else {
+                $_.EnableMailboxIntelligence -ne $true -or
-            "N/A"
+                $_.EnableSpoofIntelligence -ne $true
-        }
+            }
+            $compliantItems = $validatedPolicies
+            $isCompliant = $compliantItems.Count -gt 0
 
-        # Prepare details for non-compliant items
+            # Prepare failure reasons for non-compliant items
-        $nonCompliantDetails = $nonCompliantItems | ForEach-Object {
+            $nonCompliantNames = $nonCompliantItems | ForEach-Object { $_.Name }
-            "Policy: $($_.Name)"
+            $failureReasons = if ($nonCompliantNames.Count -gt 0) {
-        }
+                "Reason: Does not meet one or more compliance criteria.`nNon-compliant Policies:`n" + ($nonCompliantNames -join "`n")
-        $nonCompliantDetails = $nonCompliantDetails -join "`n"
+            }
+            else {
+                "N/A"
+            }
 
-        # Prepare details based on compliance
+            # Prepare details for non-compliant items
-        $details = if ($nonCompliantItems) {
+            $nonCompliantDetails = $nonCompliantItems | ForEach-Object {
-            "Non-Compliant Items: $($nonCompliantItems.Count)`nDetails:`n$nonCompliantDetails"
+                "Policy: $($_.Name)"
-        }
+            }
-        else {
+            $nonCompliantDetails = $nonCompliantDetails -join "`n"
-            "Compliant Items: $($compliantItems.Count)"
-        }
 
-        # Parameter splat for Initialize-CISAuditResult function
+            # Prepare details based on compliance
-        $params = @{
+            $details = if ($nonCompliantItems) {
-            Rec            = "2.1.7"
+                "Non-Compliant Items: $($nonCompliantItems.Count)`nDetails:`n$nonCompliantDetails"
-            Result         = $nonCompliantItems.Count -eq 0
+            }
-            Status         = if ($isCompliant) { "Pass" } else { "Fail" }
+            else {
-            Details        = $details
+                "Compliant Items: $($compliantItems.Count)"
-            FailureReason  = $failureReasons
+            }
-        }
 
-        # Create and populate the CISAuditResult object
+            # Parameter splat for Initialize-CISAuditResult function
-        $auditResult = Initialize-CISAuditResult @params
+            $params = @{
+                Rec           = $recnum
+                Result        = $nonCompliantItems.Count -eq 0
+                Status        = if ($isCompliant) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+
+            # Create and populate the CISAuditResult object
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-AuditDisabledFalse.ps1

@@ -9,39 +9,48 @@ function Test-AuditDisabledFalse {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "6.1.1"
     }
 
     process {
-        # 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
 
-        # Retrieve the AuditDisabled configuration
+        try {
-        $auditDisabledConfig = Get-OrganizationConfig | Select-Object AuditDisabled
+            # 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
-        $auditNotDisabled = -not $auditDisabledConfig.AuditDisabled
 
-        # Prepare failure reasons and details based on compliance
+            # Retrieve the AuditDisabled configuration
-        $failureReasons = if (-not $auditNotDisabled) {
+            $auditDisabledConfig = Get-OrganizationConfig | Select-Object AuditDisabled
-            "AuditDisabled is set to True"
+            $auditNotDisabled = -not $auditDisabledConfig.AuditDisabled
-        }
-        else {
-            "N/A"
-        }
 
-        $details = if ($auditNotDisabled) {
+            # Prepare failure reasons and details based on compliance
-            "Audit is not disabled organizationally"
+            $failureReasons = if (-not $auditNotDisabled) {
-        }
+                "AuditDisabled is set to True"
-        else {
+            }
-            "Audit is disabled organizationally"
+            else {
-        }
+                "N/A"
+            }
 
-        # Create and populate the CISAuditResult object
+            $details = if ($auditNotDisabled) {
-        $params = @{
+                "Audit is not disabled organizationally"
-            Rec            = "6.1.1"
+            }
-            Result         = $auditNotDisabled
+            else {
-            Status         = if ($auditNotDisabled) { "Pass" } else { "Fail" }
+                "Audit is disabled organizationally"
-            Details        = $details
+            }
-            FailureReason  = $failureReasons
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $auditNotDisabled
+                Status        = if ($auditNotDisabled) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-AuditLogSearch.ps1

@@ -9,40 +9,49 @@ function Test-AuditLogSearch {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "3.1.1"
     }
 
     process {
-        # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
 
-        # Retrieve the audit log configuration
+        try {
-        $auditLogConfig = Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled
+            # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
-        $auditLogResult = $auditLogConfig.UnifiedAuditLogIngestionEnabled
 
-        # Prepare failure reasons and details based on compliance
+            # Retrieve the audit log configuration
-        $failureReasons = if (-not $auditLogResult) {
+            $auditLogConfig = Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled
-            "Audit log search is not enabled"
+            $auditLogResult = $auditLogConfig.UnifiedAuditLogIngestionEnabled
-        }
-        else {
-            "N/A"
-        }
 
-        $details = if ($auditLogResult) {
+            # Prepare failure reasons and details based on compliance
-            "UnifiedAuditLogIngestionEnabled: True"
+            $failureReasons = if (-not $auditLogResult) {
-        }
+                "Audit log search is not enabled"
-        else {
+            }
-            "UnifiedAuditLogIngestionEnabled: False"
+            else {
-        }
+                "N/A"
+            }
 
-        # Create and populate the CISAuditResult object
+            $details = if ($auditLogResult) {
-        $params = @{
+                "UnifiedAuditLogIngestionEnabled: True"
-            Rec            = "3.1.1"
+            }
-            Result         = $auditLogResult
+            else {
-            Status         = if ($auditLogResult) { "Pass" } else { "Fail" }
+                "UnifiedAuditLogIngestionEnabled: False"
-            Details        = $details
+            }
-            FailureReason  = $failureReasons
-        }
-        $auditResult = Initialize-CISAuditResult @params
 
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $auditLogResult
+                Status        = if ($auditLogResult) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-BlockChannelEmails.ps1

@@ -9,9 +9,12 @@ function Test-BlockChannelEmails {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "8.1.2"
     }
 
     process {
+
+        try {
         # 8.1.2 (L1) Ensure users can't send emails to a channel email address
 
         # Retrieve Teams client configuration
@@ -35,13 +38,20 @@ function Test-BlockChannelEmails {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "8.1.2"
+            Rec            = $recnum
             Result         = -not $allowEmailIntoChannel
             Status         = if (-not $allowEmailIntoChannel) { "Pass" } else { "Fail" }
             Details        = $details
             FailureReason  = $failureReasons
         }
         $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-BlockMailForwarding.ps1

@@ -12,37 +12,45 @@ function Test-BlockMailForwarding {
     }
 
     process {
-        # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
+        try {
+            # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
 
-        # Retrieve the transport rules that redirect messages
+            # Retrieve the transport rules that redirect messages
-        $transportRules = Get-TransportRule | Where-Object { $null -ne $_.RedirectMessageTo }
+            $transportRules = Get-TransportRule | Where-Object { $null -ne $_.RedirectMessageTo }
-        $forwardingBlocked = $transportRules.Count -eq 0
+            $forwardingBlocked = $transportRules.Count -eq 0
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($transportRules.Count -gt 0) {
+            $failureReasons = if ($transportRules.Count -gt 0) {
-            "Mail forwarding rules found: $($transportRules.Name -join ', ')"
+                "Mail forwarding rules found: $($transportRules.Name -join ', ')"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($transportRules.Count -gt 0) {
+            $details = if ($transportRules.Count -gt 0) {
-            $transportRules | ForEach-Object {
+                $transportRules | ForEach-Object {
-                "$($_.Name) redirects to $($_.RedirectMessageTo)"
+                    "$($_.Name) redirects to $($_.RedirectMessageTo)"
-            } -join " | "
+                } -join " | "
-        }
+            }
-        else {
+            else {
-            "Step 1: No forwarding rules found. Please proceed with Step 2 described in CIS Benchmark."
+                "Step 1: No forwarding rules found. Please proceed with Step 2 described in CIS Benchmark."
-        }
+            }
 
-        $params = @{
+            $params = @{
-            Rec            = "6.2.1"
+                Rec           = "6.2.1"
-            Result         = $forwardingBlocked
+                Result        = $forwardingBlocked
-            Status         = if ($forwardingBlocked) { "Pass" } else { "Fail" }
+                Status        = if ($forwardingBlocked) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec "6.2.1" -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-BlockSharedMailboxSignIn.ps1

@@ -9,41 +9,51 @@ function Test-BlockSharedMailboxSignIn {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "1.2.2"
     }
 
     process {
-        # 1.2.2 (L1) Ensure sign-in to shared mailboxes is blocked
 
-        # Retrieve shared mailbox details
+        try {
-        $MBX = Get-EXOMailbox -RecipientTypeDetails SharedMailbox
+            # 1.2.2 (L1) Ensure sign-in to shared mailboxes is blocked
-        $sharedMailboxDetails = $MBX | ForEach-Object { Get-AzureADUser -ObjectId $_.ExternalDirectoryObjectId }
-        $enabledMailboxes = $sharedMailboxDetails | Where-Object { $_.AccountEnabled } | ForEach-Object { $_.DisplayName }
-        $allBlocked = $enabledMailboxes.Count -eq 0
 
-        # Prepare failure reasons and details based on compliance
+            # Retrieve shared mailbox details
-        $failureReasons = if (-not $allBlocked) {
+            $MBX = Get-EXOMailbox -RecipientTypeDetails SharedMailbox
-            "Some mailboxes have sign-in enabled: $($enabledMailboxes -join ', ')"
+            $sharedMailboxDetails = $MBX | ForEach-Object { Get-AzureADUser -ObjectId $_.ExternalDirectoryObjectId }
-        }
+            $enabledMailboxes = $sharedMailboxDetails | Where-Object { $_.AccountEnabled } | ForEach-Object { $_.DisplayName }
-        else {
+            $allBlocked = $enabledMailboxes.Count -eq 0
-            "N/A"
-        }
 
-        $details = if ($allBlocked) {
+            # Prepare failure reasons and details based on compliance
-            "All shared mailboxes have sign-in blocked."
+            $failureReasons = if (-not $allBlocked) {
-        }
+                "Some mailboxes have sign-in enabled: $($enabledMailboxes -join ', ')"
-        else {
+            }
-            "Enabled Mailboxes: $($enabledMailboxes -join ', ')"
+            else {
-        }
+                "N/A"
+            }
 
-        # Create and populate the CISAuditResult object
+            $details = if ($allBlocked) {
-        $params = @{
+                "All shared mailboxes have sign-in blocked."
-            Rec            = "1.2.2"
+            }
-            Result         = $allBlocked
+            else {
-            Status         = if ($allBlocked) { "Pass" } else { "Fail" }
+                "Enabled Mailboxes: $($enabledMailboxes -join ', ')"
-            Details        = $details
+            }
-            FailureReason  = $failureReasons
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $allBlocked
+                Status        = if ($allBlocked) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-CommonAttachmentFilter.ps1

@@ -9,39 +9,48 @@ function Test-CommonAttachmentFilter {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "2.1.2"
     }
 
     process {
-        # 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
+        try {
+            # 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
 
-        # Retrieve the attachment filter policy
+            # Retrieve the attachment filter policy
-        $attachmentFilter = Get-MalwareFilterPolicy -Identity Default | Select-Object EnableFileFilter
+            $attachmentFilter = Get-MalwareFilterPolicy -Identity Default | Select-Object EnableFileFilter
-        $result = $attachmentFilter.EnableFileFilter
+            $result = $attachmentFilter.EnableFileFilter
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $result) {
+            $failureReasons = if (-not $result) {
-            "Common Attachment Types Filter is disabled"
+                "Common Attachment Types Filter is disabled"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($result) {
+            $details = if ($result) {
-            "File Filter Enabled: True"
+                "File Filter Enabled: True"
-        }
+            }
-        else {
+            else {
-            "File Filter Enabled: False"
+                "File Filter Enabled: False"
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "2.1.2"
+                Rec           = $recnum
-            Result         = $result
+                Result        = $result
-            Status         = if ($result) { "Pass" } else { "Fail" }
+                Status        = if ($result) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-CustomerLockbox.ps1

@@ -9,9 +9,12 @@ function Test-CustomerLockbox {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "1.3.6"
     }
 
     process {
+
+        try {
         # 1.3.6 (L2) Ensure the customer lockbox feature is enabled
 
         # Retrieve the organization configuration
@@ -35,13 +38,20 @@ function Test-CustomerLockbox {
 
         # Create and populate the CISAuditResult object #
         $params = @{
-            Rec            = "1.3.6"
+            Rec            = $recnum
             Result         = $customerLockboxEnabled
             Status         = if ($customerLockboxEnabled) { "Pass" } else { "Fail" }
             Details        = $details
             FailureReason  = $failureReasons
         }
         $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-DialInBypassLobby.ps1

@@ -9,39 +9,49 @@ function Test-DialInBypassLobby {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "8.5.4"
     }
 
     process {
-        # 8.5.4 (L1) Ensure users dialing in can't bypass the lobby
 
-        # Retrieve Teams meeting policy for PSTN users
+        try {
-        $CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby
+            # 8.5.4 (L1) Ensure users dialing in can't bypass the lobby
-        $PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby
 
-        # Prepare failure reasons and details based on compliance
+            # Retrieve Teams meeting policy for PSTN users
-        $failureReasons = if (-not $PSTNBypassDisabled) {
+            $CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby
-            "Users dialing in can bypass the lobby"
+            $PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby
-        }
-        else {
-            "N/A"
-        }
 
-        $details = if ($PSTNBypassDisabled) {
+            # Prepare failure reasons and details based on compliance
-            "AllowPSTNUsersToBypassLobby is set to False"
+            $failureReasons = if (-not $PSTNBypassDisabled) {
-        }
+                "Users dialing in can bypass the lobby"
-        else {
+            }
-            "AllowPSTNUsersToBypassLobby is set to True"
+            else {
-        }
+                "N/A"
+            }
 
-        # Create and populate the CISAuditResult object
+            $details = if ($PSTNBypassDisabled) {
-        $params = @{
+                "AllowPSTNUsersToBypassLobby is set to False"
-            Rec            = "8.5.4"
+            }
-            Result         = $PSTNBypassDisabled
+            else {
-            Status         = if ($PSTNBypassDisabled) { "Pass" } else { "Fail" }
+                "AllowPSTNUsersToBypassLobby is set to True"
-            Details        = $details
+            }
-            FailureReason  = $failureReasons
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $PSTNBypassDisabled
+                Status        = if ($PSTNBypassDisabled) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-DisallowInfectedFilesDownload.ps1

@@ -10,40 +10,49 @@ function Test-DisallowInfectedFilesDownload {
         #. .\source\Classes\CISAuditResult.ps1
 
         # Initialization code, if needed
+        $recnum = "7.3.1"
     }
 
     process {
-        # 7.3.1 (L2) Ensure Office 365 SharePoint infected files are disallowed for download
 
-        # Retrieve the SharePoint tenant configuration
+        try {
-        $SPOTenantDisallowInfectedFileDownload = Get-SPOTenant | Select-Object DisallowInfectedFileDownload
+            # 7.3.1 (L2) Ensure Office 365 SharePoint infected files are disallowed for download
-        $isDisallowInfectedFileDownloadEnabled = $SPOTenantDisallowInfectedFileDownload.DisallowInfectedFileDownload
 
-        # Prepare failure reasons and details based on compliance
+            # Retrieve the SharePoint tenant configuration
-        $failureReasons = if (-not $isDisallowInfectedFileDownloadEnabled) {
+            $SPOTenantDisallowInfectedFileDownload = Get-SPOTenant | Select-Object DisallowInfectedFileDownload
-            "Downloading infected files is not disallowed."
+            $isDisallowInfectedFileDownloadEnabled = $SPOTenantDisallowInfectedFileDownload.DisallowInfectedFileDownload
-        }
-        else {
-            "N/A"
-        }
 
-        $details = if ($isDisallowInfectedFileDownloadEnabled) {
+            # Prepare failure reasons and details based on compliance
-            "DisallowInfectedFileDownload: True"
+            $failureReasons = if (-not $isDisallowInfectedFileDownloadEnabled) {
-        }
+                "Downloading infected files is not disallowed."
-        else {
+            }
-            "DisallowInfectedFileDownload: False"
+            else {
-        }
+                "N/A"
+            }
 
-        # Create and populate the CISAuditResult object
+            $details = if ($isDisallowInfectedFileDownloadEnabled) {
-        $params = @{
+                "DisallowInfectedFileDownload: True"
-            Rec            = "7.3.1"
+            }
-            Result         = $isDisallowInfectedFileDownloadEnabled
+            else {
-            Status         = if ($isDisallowInfectedFileDownloadEnabled) { "Pass" } else { "Fail" }
+                "DisallowInfectedFileDownload: False"
-            Details        = $details
+            }
-            FailureReason  = $failureReasons
-        }
-        $auditResult = Initialize-CISAuditResult @params
 
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $isDisallowInfectedFileDownloadEnabled
+                Status        = if ($isDisallowInfectedFileDownloadEnabled) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-EnableDKIM.ps1

@@ -9,9 +9,12 @@ function Test-EnableDKIM {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "2.1.9"
     }
 
     process {
+
+        try {
         # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
 
         # Retrieve DKIM configuration for all domains
@@ -36,13 +39,20 @@ function Test-EnableDKIM {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "2.1.9"
+            Rec            = $recnum
             Result         = $dkimResult
             Status         = if ($dkimResult) { "Pass" } else { "Fail" }
             Details        = $details
             FailureReason  = $failureReasons
         }
         $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-ExternalNoControl.ps1

@@ -10,9 +10,12 @@ function Test-ExternalNoControl {
         #. .\source\Classes\CISAuditResult.ps1
 
         # Initialization code, if needed
+        $recnum = "8.5.7"
     }
 
     process {
+
+        try {
         # 8.5.7 (L1) Ensure external participants can't give or request control
 
         # Retrieve Teams meeting policy for external participant control
@@ -36,13 +39,20 @@ function Test-ExternalNoControl {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "8.5.7"
+            Rec            = $recnum
             Result         = $externalControlRestricted
             Status         = if ($externalControlRestricted) { "Pass" } else { "Fail" }
             Details        = $details
             FailureReason  = $failureReasons
         }
         $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-ExternalSharingCalendars.ps1

@@ -10,48 +10,58 @@ function Test-ExternalSharingCalendars {
         #. .\source\Classes\CISAuditResult.ps1
 
         # Initialization code, if needed
+        $recnum = "1.3.3"
     }
 
     process {
-        # 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated)
 
-        # Retrieve sharing policies related to calendar sharing
+        try {
-        $sharingPolicies = Get-SharingPolicy | Where-Object { $_.Domains -like '*CalendarSharing*' }
+            # 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated)
 
-        # Check if calendar sharing is disabled in all applicable policies
+            # Retrieve sharing policies related to calendar sharing
-        $isExternalSharingDisabled = $true
+            $sharingPolicies = Get-SharingPolicy | Where-Object { $_.Domains -like '*CalendarSharing*' }
-        $sharingPolicyDetails = @()
+
-        foreach ($policy in $sharingPolicies) {
+            # Check if calendar sharing is disabled in all applicable policies
-            if ($policy.Enabled -eq $true) {
+            $isExternalSharingDisabled = $true
-                $isExternalSharingDisabled = $false
+            $sharingPolicyDetails = @()
-                $sharingPolicyDetails += "$($policy.Name): Enabled"
+            foreach ($policy in $sharingPolicies) {
+                if ($policy.Enabled -eq $true) {
+                    $isExternalSharingDisabled = $false
+                    $sharingPolicyDetails += "$($policy.Name): Enabled"
+                }
             }
-        }
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $isExternalSharingDisabled) {
+            $failureReasons = if (-not $isExternalSharingDisabled) {
-            "Calendar sharing with external users is enabled in one or more policies."
+                "Calendar sharing with external users is enabled in one or more policies."
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($isExternalSharingDisabled) {
+            $details = if ($isExternalSharingDisabled) {
-            "Calendar sharing with external users is disabled."
+                "Calendar sharing with external users is disabled."
-        }
+            }
-        else {
+            else {
-            "Enabled Sharing Policies: $($sharingPolicyDetails -join ', ')"
+                "Enabled Sharing Policies: $($sharingPolicyDetails -join ', ')"
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "1.3.3"
+                Rec           = $recnum
-            Result         = $isExternalSharingDisabled
+                Result        = $isExternalSharingDisabled
-            Status         = if ($isExternalSharingDisabled) { "Pass" } else { "Fail" }
+                Status        = if ($isExternalSharingDisabled) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-GlobalAdminsCount.ps1

@@ -10,39 +10,49 @@ function Test-GlobalAdminsCount {
         #. .\source\Classes\CISAuditResult.ps1
 
         # Initialization code, if needed
+        $recnum = "1.1.3"
     }
 
     process {
-        # 1.1.3 (L1) Ensure that between two and four global admins are designated
 
-        # Retrieve global admin role and members
+        try {
-        $globalAdminRole = Get-MgDirectoryRole -Filter "RoleTemplateId eq '62e90394-69f5-4237-9190-012177145e10'"
+            # 1.1.3 (L1) Ensure that between two and four global admins are designated
-        $globalAdmins = Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRole.Id
-        $globalAdminCount = $globalAdmins.AdditionalProperties.Count
-        $globalAdminUsernames = ($globalAdmins | ForEach-Object { $_.AdditionalProperties["displayName"] }) -join ', '
 
-        # Prepare failure reasons and details based on compliance
+            # Retrieve global admin role and members
-        $failureReasons = if ($globalAdminCount -lt 2) {
+            $globalAdminRole = Get-MgDirectoryRole -Filter "RoleTemplateId eq '62e90394-69f5-4237-9190-012177145e10'"
-            "Less than 2 global admins: $globalAdminUsernames"
+            $globalAdmins = Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRole.Id
-        }
+            $globalAdminCount = $globalAdmins.AdditionalProperties.Count
-        elseif ($globalAdminCount -gt 4) {
+            $globalAdminUsernames = ($globalAdmins | ForEach-Object { $_.AdditionalProperties["displayName"] }) -join ', '
-            "More than 4 global admins: $globalAdminUsernames"
-        }
-        else {
-            "N/A"
-        }
 
-        $details = "Count: $globalAdminCount; Users: $globalAdminUsernames"
+            # Prepare failure reasons and details based on compliance
+            $failureReasons = if ($globalAdminCount -lt 2) {
+                "Less than 2 global admins: $globalAdminUsernames"
+            }
+            elseif ($globalAdminCount -gt 4) {
+                "More than 4 global admins: $globalAdminUsernames"
+            }
+            else {
+                "N/A"
+            }
 
-        # Create and populate the CISAuditResult object
+            $details = "Count: $globalAdminCount; Users: $globalAdminUsernames"
-        $params = @{
+
-            Rec            = "1.1.3"
+            # Create and populate the CISAuditResult object
-            Result         = $globalAdminCount -ge 2 -and $globalAdminCount -le 4
+            $params = @{
-            Status         = if ($globalAdminCount -ge 2 -and $globalAdminCount -le 4) { "Pass" } else { "Fail" }
+                Rec           = $recnum
-            Details        = $details
+                Result        = $globalAdminCount -ge 2 -and $globalAdminCount -le 4
-            FailureReason  = $failureReasons
+                Status        = if ($globalAdminCount -ge 2 -and $globalAdminCount -le 4) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-GuestAccessExpiration.ps1

@@ -10,9 +10,12 @@ function Test-GuestAccessExpiration {
         #. .\source\Classes\CISAuditResult.ps1
 
         # Initialization code, if needed
+        $recnum = "7.2.9"
     }
 
     process {
+
+        try {
         # 7.2.9 (L1) Ensure guest access to a site or OneDrive will expire automatically
 
         # Retrieve SharePoint tenant settings related to guest access expiration
@@ -31,13 +34,20 @@ function Test-GuestAccessExpiration {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "7.2.9"
+            Rec            = $recnum
             Result         = $isGuestAccessExpirationConfiguredCorrectly
             Status         = if ($isGuestAccessExpirationConfiguredCorrectly) { "Pass" } else { "Fail" }
             Details        = $details
             FailureReason  = $failureReasons
         }
         $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-GuestUsersBiweeklyReview.ps1

@@ -10,41 +10,50 @@ function Test-GuestUsersBiweeklyReview {
         #. .\source\Classes\CISAuditResult.ps1
 
         # Initialization code, if needed
+        $recnum = "1.1.4"
     }
 
     process {
-        # 1.1.4 (L1) Ensure Guest Users are reviewed at least biweekly
+        try {
+            # 1.1.4 (L1) Ensure Guest Users are reviewed at least biweekly
 
 
-        # Retrieve guest users from Microsoft Graph
+            # Retrieve guest users from Microsoft Graph
-        # Connect-MgGraph -Scopes "User.Read.All"
+            # Connect-MgGraph -Scopes "User.Read.All"
-        $guestUsers = Get-MgUser -All -Filter "UserType eq 'Guest'"
+            $guestUsers = Get-MgUser -All -Filter "UserType eq 'Guest'"
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($guestUsers) {
+            $failureReasons = if ($guestUsers) {
-            "Guest users present: $($guestUsers.Count)"
+                "Guest users present: $($guestUsers.Count)"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($guestUsers) {
+            $details = if ($guestUsers) {
-            $auditCommand = "Get-MgUser -All -Property UserType,UserPrincipalName | Where {`$_.UserType -ne 'Member'} | Format-Table UserPrincipalName, UserType"
+                $auditCommand = "Get-MgUser -All -Property UserType,UserPrincipalName | Where {`$_.UserType -ne 'Member'} | Format-Table UserPrincipalName, UserType"
-            "Manual review required. To list guest users, run: `"$auditCommand`"."
+                "Manual review required. To list guest users, run: `"$auditCommand`"."
-        }
+            }
-        else {
+            else {
-            "No guest users found."
+                "No guest users found."
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "1.1.4"
+                Rec           = $recnum
-            Result         = -not $guestUsers
+                Result        = -not $guestUsers
-            Status         = if ($guestUsers) { "Fail" } else { "Pass" }
+                Status        = if ($guestUsers) { "Fail" } else { "Pass" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-IdentifyExternalEmail.ps1

@@ -10,34 +10,44 @@ function Test-IdentifyExternalEmail {
         #. .\source\Classes\CISAuditResult.ps1
 
         # Initialization code, if needed
+        $recnum = "6.2.3"
     }
 
     process {
-        # 6.2.3 (L1) Ensure email from external senders is identified
 
-        # Retrieve external sender tagging configuration
+        try {
-        $externalInOutlook = Get-ExternalInOutlook
+            # 6.2.3 (L1) Ensure email from external senders is identified
-        $externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
 
-        # Prepare failure reasons and details based on compliance
+            # Retrieve external sender tagging configuration
-        $failureReasons = if (-not $externalTaggingEnabled) {
+            $externalInOutlook = Get-ExternalInOutlook
-            "External sender tagging is disabled"
+            $externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
-        }
+
-        else {
+            # Prepare failure reasons and details based on compliance
-            "N/A"
+            $failureReasons = if (-not $externalTaggingEnabled) {
+                "External sender tagging is disabled"
+            }
+            else {
+                "N/A"
+            }
+
+            $details = "Enabled: $($externalTaggingEnabled); AllowList: $($externalInOutlook.AllowList)"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $externalTaggingEnabled
+                Status        = if ($externalTaggingEnabled) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "Enabled: $($externalTaggingEnabled); AllowList: $($externalInOutlook.AllowList)"
+            # Call Initialize-CISAuditResult with error parameters
-
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "6.2.3"
-            Result         = $externalTaggingEnabled
-            Status         = if ($externalTaggingEnabled) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-LinkSharingRestrictions.ps1

@@ -10,34 +10,44 @@ function Test-LinkSharingRestrictions {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "7.2.7"
     }
 
     process {
-        # 7.2.7 (L1) Ensure link sharing is restricted in SharePoint and OneDrive
+        try {
+            # 7.2.7 (L1) Ensure link sharing is restricted in SharePoint and OneDrive
 
-        # Retrieve link sharing configuration for SharePoint and OneDrive
+            # Retrieve link sharing configuration for SharePoint and OneDrive
-        $SPOTenantLinkSharing = Get-SPOTenant | Select-Object DefaultSharingLinkType
+            $SPOTenantLinkSharing = Get-SPOTenant | Select-Object DefaultSharingLinkType
-        $isLinkSharingRestricted = $SPOTenantLinkSharing.DefaultSharingLinkType -eq 'Direct'  # Or 'SpecificPeople' as per the recommendation
+            $isLinkSharingRestricted = $SPOTenantLinkSharing.DefaultSharingLinkType -eq 'Direct'  # Or 'SpecificPeople' as per the recommendation
+
+            # Prepare failure reasons and details based on compliance
+            $failureReasons = if (-not $isLinkSharingRestricted) {
+                "Link sharing is not restricted to 'Specific people'. Current setting: $($SPOTenantLinkSharing.DefaultSharingLinkType)"
+            }
+            else {
+                "N/A"
+            }
+
+            $details = "DefaultSharingLinkType: $($SPOTenantLinkSharing.DefaultSharingLinkType)"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $isLinkSharingRestricted
+                Status        = if ($isLinkSharingRestricted) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
 
-        # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $isLinkSharingRestricted) {
-            "Link sharing is not restricted to 'Specific people'. Current setting: $($SPOTenantLinkSharing.DefaultSharingLinkType)"
-        }
-        else {
-            "N/A"
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "DefaultSharingLinkType: $($SPOTenantLinkSharing.DefaultSharingLinkType)"
+            # Call Initialize-CISAuditResult with error parameters
-
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "7.2.7"
-            Result         = $isLinkSharingRestricted
-            Status         = if ($isLinkSharingRestricted) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-MailTipsEnabled.ps1

@@ -11,40 +11,49 @@ function Test-MailTipsEnabled {
         # Initialization code, if needed
 
         $auditResult = [CISAuditResult]::new()
+        $recnum = "6.5.2"
     }
 
     process {
-        # 6.5.2 (L2) Ensure MailTips are enabled for end users
+        try {
+            # 6.5.2 (L2) Ensure MailTips are enabled for end users
 
-        # Retrieve organization configuration for MailTips settings
+            # Retrieve organization configuration for MailTips settings
-        $orgConfig = Get-OrganizationConfig | Select-Object MailTipsAllTipsEnabled, MailTipsExternalRecipientsTipsEnabled, MailTipsGroupMetricsEnabled, MailTipsLargeAudienceThreshold
+            $orgConfig = Get-OrganizationConfig | Select-Object MailTipsAllTipsEnabled, MailTipsExternalRecipientsTipsEnabled, MailTipsGroupMetricsEnabled, MailTipsLargeAudienceThreshold
-        $allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25
+            $allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25
-        $externalRecipientsTipsEnabled = $orgConfig.MailTipsExternalRecipientsTipsEnabled
+            $externalRecipientsTipsEnabled = $orgConfig.MailTipsExternalRecipientsTipsEnabled
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not ($allTipsEnabled -and $externalRecipientsTipsEnabled)) {
+            $failureReasons = if (-not ($allTipsEnabled -and $externalRecipientsTipsEnabled)) {
-            "One or more MailTips settings are not configured as required."
+                "One or more MailTips settings are not configured as required."
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) {
+            $details = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) {
-            "MailTipsAllTipsEnabled: $($orgConfig.MailTipsAllTipsEnabled); MailTipsExternalRecipientsTipsEnabled: $($orgConfig.MailTipsExternalRecipientsTipsEnabled); MailTipsGroupMetricsEnabled: $($orgConfig.MailTipsGroupMetricsEnabled); MailTipsLargeAudienceThreshold: $($orgConfig.MailTipsLargeAudienceThreshold)"
+                "MailTipsAllTipsEnabled: $($orgConfig.MailTipsAllTipsEnabled); MailTipsExternalRecipientsTipsEnabled: $($orgConfig.MailTipsExternalRecipientsTipsEnabled); MailTipsGroupMetricsEnabled: $($orgConfig.MailTipsGroupMetricsEnabled); MailTipsLargeAudienceThreshold: $($orgConfig.MailTipsLargeAudienceThreshold)"
-        }
+            }
-        else {
+            else {
-            "One or more MailTips settings are not configured as required."
+                "One or more MailTips settings are not configured as required."
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "6.5.2"
+                Rec           = $recnum
-            Result         = $allTipsEnabled -and $externalRecipientsTipsEnabled
+                Result        = $allTipsEnabled -and $externalRecipientsTipsEnabled
-            Status         = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) { "Pass" } else { "Fail" }
+                Status        = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-MailboxAuditingE3.ps1

@@ -19,15 +19,17 @@ function Test-MailboxAuditingE3 {
         $allFailures = @()
         $allUsers = Get-AzureADUser -All $true
         $processedUsers = @{}  # Dictionary to track processed users
+        $recnum = "6.1.2"
     }
 
     process {
-        foreach ($user in $allUsers) {
+        try {
-            if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
+            foreach ($user in $allUsers) {
-                Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
+                if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
-                continue
+                    Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
-            }
+                    continue
-            try {
+                }
+
                 $licenseDetails = Get-MgUserLicenseDetail -UserId $user.UserPrincipalName
                 $hasOfficeE3 = ($licenseDetails | Where-Object { $_.SkuPartNumber -in $e3SkuPartNumbers }).Count -gt 0
                 Write-Verbose "Evaluating user $($user.UserPrincipalName) for Office E3 license."
@@ -61,24 +63,28 @@ function Test-MailboxAuditingE3 {
                     $processedUsers[$user.UserPrincipalName] = $true
                 }
             }
-            catch {
+
-                Write-Warning "Could not retrieve license details for user $($user.UserPrincipalName): $_"
+            # Prepare failure reasons and details based on compliance
+            $failureReasons = if ($allFailures.Count -eq 0) { "N/A" } else { "Audit issues detected." }
+            $details = if ($allFailures.Count -eq 0) { "All Office E3 users have correct mailbox audit settings." } else { $allFailures -join " | " }
+
+            # Populate the audit result
+            $params = @{
+                Rec           = $recnum
+                Result        = $allFailures.Count -eq 0
+                Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
             }
-        }
+            $auditResult = Initialize-CISAuditResult @params
 
-        # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($allFailures.Count -eq 0) { "N/A" } else { "Audit issues detected." }
-        $details = if ($allFailures.Count -eq 0) { "All Office E3 users have correct mailbox audit settings." } else { $allFailures -join " | " }
-
-        # Populate the audit result
-        $params = @{
-            Rec           = "6.1.2"
-            Result        = $allFailures.Count -eq 0
-            Status        = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
-            Details       = $details
-            FailureReason = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+        }
     }
 
     end {

source/tests/Test-MailboxAuditingE5.ps1

@@ -20,15 +20,17 @@ function Test-MailboxAuditingE5 {
         $allFailures = @()
         $allUsers = Get-AzureADUser -All $true
         $processedUsers = @{}  # Dictionary to track processed users
+        $recnum = "6.1.3"
     }
 
     process {
+        try {
         foreach ($user in $allUsers) {
             if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
                 continue
             }
 
-            try {
+
                 $licenseDetails = Get-MgUserLicenseDetail -UserId $user.UserPrincipalName
                 $hasOfficeE5 = ($licenseDetails | Where-Object { $_.SkuPartNumber -in $e5SkuPartNumbers }).Count -gt 0
                 Write-Verbose "Evaluating user $($user.UserPrincipalName) for Office E5 license."
@@ -66,10 +68,7 @@ function Test-MailboxAuditingE5 {
                     # Adding verbose output to indicate the user does not have an E5 license
                     Write-Verbose "User $($user.UserPrincipalName) does not have an Office E5 license."
                 }
-            }
+
-            catch {
-                Write-Warning "Could not retrieve license details for user $($user.UserPrincipalName): $_"
-            }
         }
 
         # Prepare failure reasons and details based on compliance
@@ -78,7 +77,7 @@ function Test-MailboxAuditingE5 {
 
         # Populate the audit result
         $params = @{
-            Rec            = "6.1.3"
+            Rec            = $recnum
             Result         = $allFailures.Count -eq 0
             Status         = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
             Details        = $details
@@ -86,6 +85,13 @@ function Test-MailboxAuditingE5 {
         }
         $auditResult = Initialize-CISAuditResult @params
     }
+    catch {
+        Write-Error "An error occurred during the test: $_"
+
+        # Call Initialize-CISAuditResult with error parameters
+        $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+    }
+    }
 
     end {
         return $auditResult

source/tests/Test-ManagedApprovedPublicGroups.ps1

@@ -9,40 +9,48 @@ function Test-ManagedApprovedPublicGroups {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
-
+        $recnum = "1.2.1"
     }
 
     process {
-        # 1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist (Automated)
+        try {
+            # 1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist (Automated)
 
-        # Retrieve all public groups
+            # Retrieve all public groups
-        $allGroups = Get-MgGroup -All | Where-Object { $_.Visibility -eq "Public" } | Select-Object DisplayName, Visibility
+            $allGroups = Get-MgGroup -All | Where-Object { $_.Visibility -eq "Public" } | Select-Object DisplayName, Visibility
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($null -ne $allGroups -and $allGroups.Count -gt 0) {
+            $failureReasons = if ($null -ne $allGroups -and $allGroups.Count -gt 0) {
-            "There are public groups present that are not organizationally managed/approved."
+                "There are public groups present that are not organizationally managed/approved."
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($null -eq $allGroups -or $allGroups.Count -eq 0) {
+            $details = if ($null -eq $allGroups -or $allGroups.Count -eq 0) {
-            "No public groups found."
+                "No public groups found."
-        }
+            }
-        else {
+            else {
-            $groupDetails = $allGroups | ForEach-Object { $_.DisplayName + " (" + $_.Visibility + ")" }
+                $groupDetails = $allGroups | ForEach-Object { $_.DisplayName + " (" + $_.Visibility + ")" }
-            "Public groups found: $($groupDetails -join ', ')"
+                "Public groups found: $($groupDetails -join ', ')"
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "1.2.1"
+                Rec           = $recnum
-            Result         = $null -eq $allGroups -or $allGroups.Count -eq 0
+                Result        = $null -eq $allGroups -or $allGroups.Count -eq 0
-            Status         = if ($null -eq $allGroups -or $allGroups.Count -eq 0) { "Pass" } else { "Fail" }
+                Status        = if ($null -eq $allGroups -or $allGroups.Count -eq 0) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-MeetingChatNoAnonymous.ps1

@@ -9,36 +9,45 @@ function Test-MeetingChatNoAnonymous {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "8.5.5"
     }
 
     process {
-        # 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
+        try {
+            # 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
 
-        # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            # Connect to Teams PowerShell using Connect-MicrosoftTeams
 
-        # Retrieve the Teams meeting policy for meeting chat
+            # Retrieve the Teams meeting policy for meeting chat
-        $CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType
+            $CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType
-        $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous'
+            $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous'
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($chatAnonDisabled) {
+            $failureReasons = if ($chatAnonDisabled) {
-            "N/A"
+                "N/A"
-        }
+            }
-        else {
+            else {
-            "Meeting chat allows anonymous users"
+                "Meeting chat allows anonymous users"
+            }
+
+            $details = "MeetingChatEnabledType is set to $($CsTeamsMeetingPolicyChat.MeetingChatEnabledType)"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $chatAnonDisabled
+                Status        = if ($chatAnonDisabled) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "MeetingChatEnabledType is set to $($CsTeamsMeetingPolicyChat.MeetingChatEnabledType)"
+            # Call Initialize-CISAuditResult with error parameters
-
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "8.5.5"
-            Result         = $chatAnonDisabled
-            Status         = if ($chatAnonDisabled) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-ModernAuthExchangeOnline.ps1

@@ -9,6 +9,7 @@ function Test-ModernAuthExchangeOnline {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "6.5.1"
     }
 
     process {
@@ -30,18 +31,22 @@ function Test-ModernAuthExchangeOnline {
 
             # Create and populate the CISAuditResult object
             $params = @{
-                Rec            = "6.5.1"
+                Rec           = $recnum
-                Result         = $orgConfig.OAuth2ClientProfileEnabled
+                Result        = $orgConfig.OAuth2ClientProfileEnabled
-                Status         = if ($orgConfig.OAuth2ClientProfileEnabled) { "Pass" } else { "Fail" }
+                Status        = if ($orgConfig.OAuth2ClientProfileEnabled) { "Pass" } else { "Fail" }
-                Details        = $details
+                Details       = $details
-                FailureReason  = $failureReasons
+                FailureReason = $failureReasons
             }
             $auditResult = Initialize-CISAuditResult @params
 
         }
         catch {
-            Write-Error "An error occurred while testing modern authentication for Exchange Online: $_"
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
+
     }
 
     end {

source/tests/Test-ModernAuthSharePoint.ps1

@@ -9,32 +9,41 @@ function Test-ModernAuthSharePoint {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "7.2.1"
     }
 
     process {
-        # 7.2.1 (L1) Ensure modern authentication for SharePoint applications is required
+        try {
-        $SPOTenant = Get-SPOTenant | Select-Object -Property LegacyAuthProtocolsEnabled
+            # 7.2.1 (L1) Ensure modern authentication for SharePoint applications is required
-        $modernAuthForSPRequired = -not $SPOTenant.LegacyAuthProtocolsEnabled
+            $SPOTenant = Get-SPOTenant | Select-Object -Property LegacyAuthProtocolsEnabled
+            $modernAuthForSPRequired = -not $SPOTenant.LegacyAuthProtocolsEnabled
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $modernAuthForSPRequired) {
+            $failureReasons = if (-not $modernAuthForSPRequired) {
-            "Legacy authentication protocols are enabled"
+                "Legacy authentication protocols are enabled"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = "LegacyAuthProtocolsEnabled: $($SPOTenant.LegacyAuthProtocolsEnabled)"
+            $details = "LegacyAuthProtocolsEnabled: $($SPOTenant.LegacyAuthProtocolsEnabled)"
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "7.2.1"
+                Rec           = $recnum
-            Result         = $modernAuthForSPRequired
+                Result        = $modernAuthForSPRequired
-            Status         = if ($modernAuthForSPRequired) { "Pass" } else { "Fail" }
+                Status        = if ($modernAuthForSPRequired) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-NoAnonymousMeetingJoin.ps1

@@ -9,9 +9,11 @@ function Test-NoAnonymousMeetingJoin {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "8.5.1"
     }
 
     process {
+        try {
         # 8.5.1 (L2) Ensure anonymous users can't join a meeting
 
         # Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -31,7 +33,7 @@ function Test-NoAnonymousMeetingJoin {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "8.5.1"
+            Rec            = $recnum
             Result         = -not $allowAnonymousUsersToJoinMeeting
             Status         = if (-not $allowAnonymousUsersToJoinMeeting) { "Pass" } else { "Fail" }
             Details        = $details
@@ -39,6 +41,13 @@ function Test-NoAnonymousMeetingJoin {
         }
         $auditResult = Initialize-CISAuditResult @params
     }
+    catch {
+        Write-Error "An error occurred during the test: $_"
+
+        # Call Initialize-CISAuditResult with error parameters
+        $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+    }
+    }
 
     end {
         # Return the audit result

source/tests/Test-NoAnonymousMeetingStart.ps1

@@ -9,35 +9,44 @@ function Test-NoAnonymousMeetingStart {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "8.5.2"
     }
 
     process {
-        # 8.5.2 (L1) Ensure anonymous users and dial-in callers can't start a meeting
+        try {
+            # 8.5.2 (L1) Ensure anonymous users and dial-in callers can't start a meeting
 
-        # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            # Connect to Teams PowerShell using Connect-MicrosoftTeams
 
-        $CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting
+            $CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting
-        $anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting
+            $anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($anonymousStartDisabled) {
+            $failureReasons = if ($anonymousStartDisabled) {
-            "N/A"
+                "N/A"
-        }
+            }
-        else {
+            else {
-            "Anonymous users and dial-in callers can start a meeting"
+                "Anonymous users and dial-in callers can start a meeting"
+            }
+
+            $details = "AllowAnonymousUsersToStartMeeting is set to $($CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting)"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $anonymousStartDisabled
+                Status        = if ($anonymousStartDisabled) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "AllowAnonymousUsersToStartMeeting is set to $($CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting)"
+            # Call Initialize-CISAuditResult with error parameters
-
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "8.5.2"
-            Result         = $anonymousStartDisabled
-            Status         = if ($anonymousStartDisabled) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-NoWhitelistDomains.ps1

@@ -9,39 +9,48 @@ function Test-NoWhitelistDomains {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "6.2.2"
     }
 
     process {
-        # 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
+        try {
+            # 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
 
-        # Retrieve transport rules that whitelist specific domains
+            # Retrieve transport rules that whitelist specific domains
-        $whitelistedRules = Get-TransportRule | Where-Object { $_.SetSCL -eq -1 -and $null -ne $_.SenderDomainIs }
+            $whitelistedRules = Get-TransportRule | Where-Object { $_.SetSCL -eq -1 -and $null -ne $_.SenderDomainIs }
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($whitelistedRules) {
+            $failureReasons = if ($whitelistedRules) {
-            "There are transport rules whitelisting specific domains."
+                "There are transport rules whitelisting specific domains."
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($whitelistedRules) {
+            $details = if ($whitelistedRules) {
-            $ruleDetails = $whitelistedRules | ForEach-Object { "{0}: {1}" -f $_.Name, ($_.SenderDomainIs -join ', ') }
+                $ruleDetails = $whitelistedRules | ForEach-Object { "{0}: {1}" -f $_.Name, ($_.SenderDomainIs -join ', ') }
-            "Whitelisted Rules: $($ruleDetails -join '; ')"
+                "Whitelisted Rules: $($ruleDetails -join '; ')"
-        }
+            }
-        else {
+            else {
-            "No transport rules whitelisting specific domains found."
+                "No transport rules whitelisting specific domains found."
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "6.2.2"
+                Rec           = $recnum
-            Result         = -not $whitelistedRules
+                Result        = -not $whitelistedRules
-            Status         = if ($whitelistedRules) { "Fail" } else { "Pass" }
+                Status        = if ($whitelistedRules) { "Fail" } else { "Pass" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-NotifyMalwareInternal.ps1

@@ -9,9 +9,11 @@ function Test-NotifyMalwareInternal {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "2.1.3"
     }
 
     process {
+        try {
         # 2.1.3 Ensure notifications for internal users sending malware is Enabled
 
         # Retrieve all 'Custom' malware filter policies and check notification settings
@@ -44,7 +46,7 @@ function Test-NotifyMalwareInternal {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "2.1.3"
+            Rec            = $recnum
             Result         = $result
             Status         = if ($result) { "Pass" } else { "Fail" }
             Details        = $details
@@ -52,6 +54,13 @@ function Test-NotifyMalwareInternal {
         }
         $auditResult = Initialize-CISAuditResult @params
     }
+    catch {
+        Write-Error "An error occurred during the test: $_"
+
+        # Call Initialize-CISAuditResult with error parameters
+        $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+    }
+    }
 
     end {
         # Return the audit result

source/tests/Test-OneDriveContentRestrictions.ps1

@@ -9,39 +9,48 @@ function Test-OneDriveContentRestrictions {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "7.2.4"
     }
 
     process {
-        # 7.2.4 (L2) Ensure OneDrive content sharing is restricted
+        try {
+            # 7.2.4 (L2) Ensure OneDrive content sharing is restricted
 
-        # Retrieve OneDrive sharing capability settings
+            # Retrieve OneDrive sharing capability settings
-        $SPOTenant = Get-SPOTenant | Select-Object OneDriveSharingCapability
+            $SPOTenant = Get-SPOTenant | Select-Object OneDriveSharingCapability
-        $isOneDriveSharingRestricted = $SPOTenant.OneDriveSharingCapability -eq 'Disabled'
+            $isOneDriveSharingRestricted = $SPOTenant.OneDriveSharingCapability -eq 'Disabled'
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $isOneDriveSharingRestricted) {
+            $failureReasons = if (-not $isOneDriveSharingRestricted) {
-            "OneDrive content sharing is not restricted to 'Disabled'. Current setting: $($SPOTenant.OneDriveSharingCapability)"
+                "OneDrive content sharing is not restricted to 'Disabled'. Current setting: $($SPOTenant.OneDriveSharingCapability)"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($isOneDriveSharingRestricted) {
+            $details = if ($isOneDriveSharingRestricted) {
-            "OneDrive content sharing is restricted."
+                "OneDrive content sharing is restricted."
-        }
+            }
-        else {
+            else {
-            "OneDriveSharingCapability: $($SPOTenant.OneDriveSharingCapability)"
+                "OneDriveSharingCapability: $($SPOTenant.OneDriveSharingCapability)"
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "7.2.4"
+                Rec           = $recnum
-            Result         = $isOneDriveSharingRestricted
+                Result        = $isOneDriveSharingRestricted
-            Status         = if ($isOneDriveSharingRestricted) { "Pass" } else { "Fail" }
+                Status        = if ($isOneDriveSharingRestricted) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-OneDriveSyncRestrictions.ps1

@@ -9,39 +9,48 @@ function Test-OneDriveSyncRestrictions {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "7.3.2"
     }
 
     process {
-        # 7.3.2 (L2) Ensure OneDrive sync is restricted for unmanaged devices
+        try {
+            # 7.3.2 (L2) Ensure OneDrive sync is restricted for unmanaged devices
 
-        # Retrieve OneDrive sync client restriction settings
+            # Retrieve OneDrive sync client restriction settings
-        $SPOTenantSyncClientRestriction = Get-SPOTenantSyncClientRestriction | Select-Object TenantRestrictionEnabled, AllowedDomainList
+            $SPOTenantSyncClientRestriction = Get-SPOTenantSyncClientRestriction | Select-Object TenantRestrictionEnabled, AllowedDomainList
-        $isSyncRestricted = $SPOTenantSyncClientRestriction.TenantRestrictionEnabled -and $SPOTenantSyncClientRestriction.AllowedDomainList
+            $isSyncRestricted = $SPOTenantSyncClientRestriction.TenantRestrictionEnabled -and $SPOTenantSyncClientRestriction.AllowedDomainList
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $isSyncRestricted) {
+            $failureReasons = if (-not $isSyncRestricted) {
-            "OneDrive sync is not restricted to managed devices. TenantRestrictionEnabled should be True and AllowedDomainList should contain trusted domains GUIDs."
+                "OneDrive sync is not restricted to managed devices. TenantRestrictionEnabled should be True and AllowedDomainList should contain trusted domains GUIDs."
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($isSyncRestricted) {
+            $details = if ($isSyncRestricted) {
-            "OneDrive sync is restricted for unmanaged devices."
+                "OneDrive sync is restricted for unmanaged devices."
-        }
+            }
-        else {
+            else {
-            "TenantRestrictionEnabled: $($SPOTenantSyncClientRestriction.TenantRestrictionEnabled); AllowedDomainList: $($SPOTenantSyncClientRestriction.AllowedDomainList -join ', ')"
+                "TenantRestrictionEnabled: $($SPOTenantSyncClientRestriction.TenantRestrictionEnabled); AllowedDomainList: $($SPOTenantSyncClientRestriction.AllowedDomainList -join ', ')"
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "7.3.2"
+                Rec           = $recnum
-            Result         = $isSyncRestricted
+                Result        = $isSyncRestricted
-            Status         = if ($isSyncRestricted) { "Pass" } else { "Fail" }
+                Status        = if ($isSyncRestricted) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-OrgOnlyBypassLobby.ps1

@@ -9,41 +9,50 @@ function Test-OrgOnlyBypassLobby {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "8.5.3"
     }
 
     process {
-        # 8.5.3 (L1) Ensure only people in my org can bypass the lobby
+        try {
+            # 8.5.3 (L1) Ensure only people in my org can bypass the lobby
 
-        # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            # Connect to Teams PowerShell using Connect-MicrosoftTeams
 
-        # Retrieve the Teams meeting policy for lobby bypass settings
+            # Retrieve the Teams meeting policy for lobby bypass settings
-        $CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers
+            $CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers
-        $lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests'
+            $lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests'
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $lobbyBypassRestricted) {
+            $failureReasons = if (-not $lobbyBypassRestricted) {
-            "External participants can bypass the lobby"
+                "External participants can bypass the lobby"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($lobbyBypassRestricted) {
+            $details = if ($lobbyBypassRestricted) {
-            "Only people in the organization can bypass the lobby."
+                "Only people in the organization can bypass the lobby."
-        }
+            }
-        else {
+            else {
-            "AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)"
+                "AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)"
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "8.5.3"
+                Rec           = $recnum
-            Result         = $lobbyBypassRestricted
+                Result        = $lobbyBypassRestricted
-            Status         = if ($lobbyBypassRestricted) { "Pass" } else { "Fail" }
+                Status        = if ($lobbyBypassRestricted) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-OrganizersPresent.ps1

@@ -9,9 +9,11 @@ function Test-OrganizersPresent {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "8.5.6"
     }
 
     process {
+        try {
         # 8.5.6 (L2) Ensure only organizers and co-organizers can present
 
         # Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -37,7 +39,7 @@ function Test-OrganizersPresent {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "8.5.6"
+            Rec            = $recnum
             Result         = $presenterRoleRestricted
             Status         = if ($presenterRoleRestricted) { "Pass" } else { "Fail" }
             Details        = $details
@@ -45,6 +47,13 @@ function Test-OrganizersPresent {
         }
         $auditResult = Initialize-CISAuditResult @params
     }
+    catch {
+        Write-Error "An error occurred during the test: $_"
+
+        # Call Initialize-CISAuditResult with error parameters
+        $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+    }
+    }
 
     end {
         # Return the audit result

source/tests/Test-PasswordHashSync.ps1

@@ -9,9 +9,11 @@ function Test-PasswordHashSync {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "5.1.8.1"
     }
 
     process {
+        try {
         # 5.1.8.1 (L1) Ensure password hash sync is enabled for hybrid deployments
         # Pass if OnPremisesSyncEnabled is True. Fail otherwise.
 
@@ -31,7 +33,7 @@ function Test-PasswordHashSync {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "5.1.8.1"
+            Rec            = $recnum
             Result         = $hashSyncResult
             Status         = if ($hashSyncResult) { "Pass" } else { "Fail" }
             Details        = $details
@@ -39,6 +41,13 @@ function Test-PasswordHashSync {
         }
         $auditResult = Initialize-CISAuditResult @params
     }
+    catch {
+        Write-Error "An error occurred during the test: $_"
+
+        # Call Initialize-CISAuditResult with error parameters
+        $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+    }
+    }
 
     end {
         # Return the audit result

source/tests/Test-PasswordNeverExpirePolicy.ps1

@@ -10,34 +10,43 @@ function Test-PasswordNeverExpirePolicy {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "1.3.1"
     }
 
     process {
-        # 1.3.1 (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'
+        try {
-        # Pass if PasswordValidityPeriodInDays is 0. Fail otherwise.
+            # 1.3.1 (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'
+            # Pass if PasswordValidityPeriodInDays is 0. Fail otherwise.
 
-        # Retrieve password expiration policy
+            # Retrieve password expiration policy
-        $passwordPolicy = Get-MgDomain -DomainId $DomainName | Select-Object -ExpandProperty PasswordValidityPeriodInDays
+            $passwordPolicy = Get-MgDomain -DomainId $DomainName | Select-Object -ExpandProperty PasswordValidityPeriodInDays
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($passwordPolicy -ne 0) {
+            $failureReasons = if ($passwordPolicy -ne 0) {
-            "Password expiration is not set to never expire"
+                "Password expiration is not set to never expire"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
+            }
+
+            $details = "Validity Period: $passwordPolicy days"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $passwordPolicy -eq 0
+                Status        = if ($passwordPolicy -eq 0) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "Validity Period: $passwordPolicy days"
+            # Call Initialize-CISAuditResult with error parameters
-
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "1.3.1"
-            Result         = $passwordPolicy -eq 0
-            Status         = if ($passwordPolicy -eq 0) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-ReauthWithCode.ps1

@@ -9,34 +9,43 @@ function Test-ReauthWithCode {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "7.2.10"
     }
 
     process {
-        # 7.2.10 (L1) Ensure reauthentication with verification code is restricted
+        try {
+            # 7.2.10 (L1) Ensure reauthentication with verification code is restricted
 
-        # Retrieve reauthentication settings for SharePoint Online
+            # Retrieve reauthentication settings for SharePoint Online
-        $SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays
+            $SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays
-        $isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15
+            $isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $isReauthenticationRestricted) {
+            $failureReasons = if (-not $isReauthenticationRestricted) {
-            "Reauthentication with verification code does not require reauthentication within 15 days or less."
+                "Reauthentication with verification code does not require reauthentication within 15 days or less."
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
+            }
+
+            $details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $isReauthenticationRestricted
+                Status        = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)"
+            # Call Initialize-CISAuditResult with error parameters
-
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "7.2.10"
-            Result         = $isReauthenticationRestricted
-            Status         = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-ReportSecurityInTeams.ps1

@@ -9,44 +9,53 @@ function Test-ReportSecurityInTeams {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "8.6.1"
     }
 
     process {
-        # 8.6.1 (L1) Ensure users can report security concerns in Teams
+        try {
+            # 8.6.1 (L1) Ensure users can report security concerns in Teams
 
-        # Retrieve the necessary settings for Teams and Exchange Online
+            # Retrieve the necessary settings for Teams and Exchange Online
-        $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
+            $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
-        $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportChatMessageToCustomizedAddressEnabled
+            $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportChatMessageToCustomizedAddressEnabled
 
-        $securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and
+            $securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and
-        $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
+            $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
-        $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress -and
+            $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress -and
-        $ReportSubmissionPolicy.ReportPhishToCustomizedAddress -and
+            $ReportSubmissionPolicy.ReportPhishToCustomizedAddress -and
-        $ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled
+            $ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $securityReportEnabled) {
+            $failureReasons = if (-not $securityReportEnabled) {
-            "Users cannot report security concerns in Teams due to one or more incorrect settings"
+                "Users cannot report security concerns in Teams due to one or more incorrect settings"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
+            }
+
+            $details = "AllowSecurityEndUserReporting: $($CsTeamsMessagingPolicy.AllowSecurityEndUserReporting); " +
+            "ReportJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportJunkToCustomizedAddress); " +
+            "ReportNotJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress); " +
+            "ReportPhishToCustomizedAddress: $($ReportSubmissionPolicy.ReportPhishToCustomizedAddress); " +
+            "ReportChatMessageToCustomizedAddressEnabled: $($ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled)"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $securityReportEnabled
+                Status        = if ($securityReportEnabled) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "AllowSecurityEndUserReporting: $($CsTeamsMessagingPolicy.AllowSecurityEndUserReporting); " +
+            # Call Initialize-CISAuditResult with error parameters
-        "ReportJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportJunkToCustomizedAddress); " +
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        "ReportNotJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress); " +
-        "ReportPhishToCustomizedAddress: $($ReportSubmissionPolicy.ReportPhishToCustomizedAddress); " +
-        "ReportChatMessageToCustomizedAddressEnabled: $($ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled)"
-
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "8.6.1"
-            Result         = $securityReportEnabled
-            Status         = if ($securityReportEnabled) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-RestrictCustomScripts.ps1

@@ -9,49 +9,58 @@ function Test-RestrictCustomScripts {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "7.3.4"
     }
 
     process {
-        # 7.3.4 (L1) Ensure custom script execution is restricted on site collections
+        try {
+            # 7.3.4 (L1) Ensure custom script execution is restricted on site collections
 
-        # Retrieve all site collections and select necessary properties
+            # Retrieve all site collections and select necessary properties
-        $SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages
+            $SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages
 
-        # Find sites where custom scripts are allowed (DenyAddAndCustomizePages is not 'Enabled')
+            # Find sites where custom scripts are allowed (DenyAddAndCustomizePages is not 'Enabled')
-        $customScriptAllowedSites = $SPOSitesCustomScript | Where-Object { $_.DenyAddAndCustomizePages -ne 'Enabled' }
+            $customScriptAllowedSites = $SPOSitesCustomScript | Where-Object { $_.DenyAddAndCustomizePages -ne 'Enabled' }
 
-        # Compliance is true if no sites allow custom scripts
+            # Compliance is true if no sites allow custom scripts
-        $complianceResult = $customScriptAllowedSites.Count -eq 0
+            $complianceResult = $customScriptAllowedSites.Count -eq 0
 
-        # Gather details for non-compliant sites (where custom scripts are allowed)
+            # Gather details for non-compliant sites (where custom scripts are allowed)
-        $nonCompliantSiteDetails = $customScriptAllowedSites | ForEach-Object {
+            $nonCompliantSiteDetails = $customScriptAllowedSites | ForEach-Object {
-            "$($_.Title) ($($_.Url)): Custom Script Allowed"
+                "$($_.Title) ($($_.Url)): Custom Script Allowed"
+            }
+
+            # Prepare failure reasons and details based on compliance
+            $failureReasons = if (-not $complianceResult) {
+                "The following site collections allow custom script execution: " + ($nonCompliantSiteDetails -join "; ")
+            }
+            else {
+                "N/A"
+            }
+
+            $details = if ($complianceResult) {
+                "All site collections have custom script execution restricted"
+            }
+            else {
+                $nonCompliantSiteDetails -join "; "
+            }
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $complianceResult
+                Status        = if ($complianceResult) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        # Prepare failure reasons and details based on compliance
+            # Call Initialize-CISAuditResult with error parameters
-        $failureReasons = if (-not $complianceResult) {
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-            "The following site collections allow custom script execution: " + ($nonCompliantSiteDetails -join "; ")
         }
-        else {
-            "N/A"
-        }
-
-        $details = if ($complianceResult) {
-            "All site collections have custom script execution restricted"
-        }
-        else {
-            $nonCompliantSiteDetails -join "; "
-        }
-
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "7.3.4"
-            Result         = $complianceResult
-            Status         = if ($complianceResult) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
-        }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-RestrictExternalSharing.ps1

@@ -9,34 +9,43 @@ function Test-RestrictExternalSharing {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "7.2.3"
     }
 
     process {
-        # 7.2.3 (L1) Ensure external content sharing is restricted
+        try {
+            # 7.2.3 (L1) Ensure external content sharing is restricted
 
-        # Retrieve the SharingCapability setting for the SharePoint tenant
+            # Retrieve the SharingCapability setting for the SharePoint tenant
-        $SPOTenantSharingCapability = Get-SPOTenant | Select-Object SharingCapability
+            $SPOTenantSharingCapability = Get-SPOTenant | Select-Object SharingCapability
-        $isRestricted = $SPOTenantSharingCapability.SharingCapability -in @('ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly', 'Disabled')
+            $isRestricted = $SPOTenantSharingCapability.SharingCapability -in @('ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly', 'Disabled')
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $isRestricted) {
+            $failureReasons = if (-not $isRestricted) {
-            "External content sharing is not adequately restricted. Current setting: $($SPOTenantSharingCapability.SharingCapability)"
+                "External content sharing is not adequately restricted. Current setting: $($SPOTenantSharingCapability.SharingCapability)"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
+            }
+
+            $details = "SharingCapability: $($SPOTenantSharingCapability.SharingCapability)"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $isRestricted
+                Status        = if ($isRestricted) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "SharingCapability: $($SPOTenantSharingCapability.SharingCapability)"
+            # Call Initialize-CISAuditResult with error parameters
-
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "7.2.3"
-            Result         = $isRestricted
-            Status         = if ($isRestricted) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-RestrictOutlookAddins.ps1

@@ -12,63 +12,72 @@ function Test-RestrictOutlookAddins {
         $customPolicyFailures = @()
         $defaultPolicyFailureDetails = @()
         $relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps')
+        $recnum = "6.3.1"
     }
 
     process {
-        # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
+        try {
+            # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
 
-        # Check all mailboxes for custom policies with unallowed add-ins
+            # Check all mailboxes for custom policies with unallowed add-ins
-        $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy
+            $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy
 
-        if ($roleAssignmentPolicies.RoleAssignmentPolicy) {
+            if ($roleAssignmentPolicies.RoleAssignmentPolicy) {
-            foreach ($policy in $roleAssignmentPolicies) {
+                foreach ($policy in $roleAssignmentPolicies) {
-                if ($policy.RoleAssignmentPolicy) {
+                    if ($policy.RoleAssignmentPolicy) {
-                    $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy
+                        $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy
-                    $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles }
+                        $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles }
-                    if ($foundRoles) {
+                        if ($foundRoles) {
-                        $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')"
+                            $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')"
+                        }
                     }
                 }
             }
-        }
 
-        # Check Default Role Assignment Policy
+            # Check Default Role Assignment Policy
-        $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy"
+            $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy"
-        $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
+            $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
-        if ($defaultPolicyRoles) {
+            if ($defaultPolicyRoles) {
-            $defaultPolicyFailureDetails = $defaultPolicyRoles
+                $defaultPolicyFailureDetails = $defaultPolicyRoles
-        }
+            }
 
-        # Prepare result details string
+            # Prepare result details string
-        $detailsString = ""
+            $detailsString = ""
-        if ($customPolicyFailures) {
+            if ($customPolicyFailures) {
-            $detailsString += "Custom Policy Failures: | "
+                $detailsString += "Custom Policy Failures: | "
-            $detailsString += ($customPolicyFailures -join " | ")
+                $detailsString += ($customPolicyFailures -join " | ")
-        }
+            }
-        else {
+            else {
-            $detailsString += "Custom Policy Failures: None | "
+                $detailsString += "Custom Policy Failures: None | "
-        }
+            }
 
-        $detailsString += "Default Role Assignment Policy: "
+            $detailsString += "Default Role Assignment Policy: "
-        if ($defaultPolicyFailureDetails) {
+            if ($defaultPolicyFailureDetails) {
-            $detailsString += ($defaultPolicyFailureDetails -join ', ')
+                $detailsString += ($defaultPolicyFailureDetails -join ', ')
-        }
+            }
-        else {
+            else {
-            $detailsString += "Compliant"
+                $detailsString += "Compliant"
-        }
+            }
 
-        # Determine result based on findings
+            # Determine result based on findings
-        $isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails)
+            $isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails)
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "6.3.1"
+                Rec           = $recnum
-            Result         = $isCompliant
+                Result        = $isCompliant
-            Status         = if ($isCompliant) { "Pass" } else { "Fail" }
+                Status        = if ($isCompliant) { "Pass" } else { "Fail" }
-            Details        = $detailsString
+                Details       = $detailsString
-            FailureReason  = if ($isCompliant) { "N/A" } else { "Unauthorized Outlook add-ins found in custom or default policies." }
+                FailureReason = if ($isCompliant) { "N/A" } else { "Unauthorized Outlook add-ins found in custom or default policies." }
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-RestrictStorageProvidersOutlook.ps1

@@ -9,9 +9,11 @@ function Test-RestrictStorageProvidersOutlook {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "6.5.3"
     }
 
     process {
+        try {
         # 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
 
         # Retrieve all OwaMailbox policies
@@ -38,7 +40,7 @@ function Test-RestrictStorageProvidersOutlook {
 
         # Create and populate the CISAuditResult object
         $params = @{
-            Rec            = "6.5.3"
+            Rec            = $recnum
             Result         = $allPoliciesRestricted
             Status         = if ($allPoliciesRestricted) { "Pass" } else { "Fail" }
             Details        = $details
@@ -46,6 +48,13 @@ function Test-RestrictStorageProvidersOutlook {
         }
         $auditResult = Initialize-CISAuditResult @params
     }
+    catch {
+        Write-Error "An error occurred during the test: $_"
+
+        # Call Initialize-CISAuditResult with error parameters
+        $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
+    }
+    }
 
     end {
         # Return the audit result

source/tests/Test-RestrictTenantCreation.ps1

@@ -9,34 +9,43 @@ function Test-RestrictTenantCreation {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "5.1.2.3"
     }
 
     process {
-        # 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
+        try {
+            # 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
 
-        # Retrieve the tenant creation policy
+            # Retrieve the tenant creation policy
-        $tenantCreationPolicy = (Get-MgPolicyAuthorizationPolicy).DefaultUserRolePermissions | Select-Object AllowedToCreateTenants
+            $tenantCreationPolicy = (Get-MgPolicyAuthorizationPolicy).DefaultUserRolePermissions | Select-Object AllowedToCreateTenants
-        $tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants
+            $tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if ($tenantCreationResult) {
+            $failureReasons = if ($tenantCreationResult) {
-            "N/A"
+                "N/A"
-        }
+            }
-        else {
+            else {
-            "Non-admin users can create tenants"
+                "Non-admin users can create tenants"
+            }
+
+            $details = "AllowedToCreateTenants: $($tenantCreationPolicy.AllowedToCreateTenants)"
+
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $tenantCreationResult
+                Status        = if ($tenantCreationResult) { "Pass" } else { "Fail" }
+                Details       = $details
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        $details = "AllowedToCreateTenants: $($tenantCreationPolicy.AllowedToCreateTenants)"
+            # Call Initialize-CISAuditResult with error parameters
-
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "5.1.2.3"
-            Result         = $tenantCreationResult
-            Status         = if ($tenantCreationResult) { "Pass" } else { "Fail" }
-            Details        = $details
-            FailureReason  = $failureReasons
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-SafeAttachmentsPolicy.ps1

@@ -9,39 +9,48 @@ function Test-SafeAttachmentsPolicy {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "2.1.4"
     }
 
     process {
-        # 2.1.4 (L2) Ensure Safe Attachments policy is enabled
+        try {
+            # 2.1.4 (L2) Ensure Safe Attachments policy is enabled
 
-        # Retrieve all Safe Attachment policies where Enable is set to True
+            # Retrieve all Safe Attachment policies where Enable is set to True
-        $safeAttachmentPolicies = Get-SafeAttachmentPolicy | Where-Object { $_.Enable -eq $true }
+            $safeAttachmentPolicies = Get-SafeAttachmentPolicy | Where-Object { $_.Enable -eq $true }
 
-        # Determine result and details based on the presence of enabled policies
+            # Determine result and details based on the presence of enabled policies
-        $result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0
+            $result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0
-        $details = if ($result) {
+            $details = if ($result) {
-            "Enabled Safe Attachments Policies: $($safeAttachmentPolicies.Name -join ', ')"
+                "Enabled Safe Attachments Policies: $($safeAttachmentPolicies.Name -join ', ')"
-        }
+            }
-        else {
+            else {
-            "No Safe Attachments Policies are enabled."
+                "No Safe Attachments Policies are enabled."
-        }
+            }
 
-        $failureReasons = if ($result) {
+            $failureReasons = if ($result) {
-            "N/A"
+                "N/A"
-        }
+            }
-        else {
+            else {
-            "Safe Attachments policy is not enabled."
+                "Safe Attachments policy is not enabled."
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "2.1.4"
+                Rec           = $recnum
-            Result         = $result
+                Result        = $result
-            Status         = if ($result) { "Pass" } else { "Fail" }
+                Status        = if ($result) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-SafeAttachmentsTeams.ps1

@@ -9,46 +9,55 @@ function Test-SafeAttachmentsTeams {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "2.1.5"
     }
 
     process {
-        # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
+        try {
+            # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
 
-        # Retrieve the ATP policies for Office 365 and check Safe Attachments settings
+            # Retrieve the ATP policies for Office 365 and check Safe Attachments settings
-        $atpPolicies = Get-AtpPolicyForO365
+            $atpPolicies = Get-AtpPolicyForO365
 
-        # Check if the required ATP policies are enabled
+            # Check if the required ATP policies are enabled
-        $atpPolicyResult = $atpPolicies | Where-Object {
+            $atpPolicyResult = $atpPolicies | Where-Object {
-            $_.EnableATPForSPOTeamsODB -eq $true -and
+                $_.EnableATPForSPOTeamsODB -eq $true -and
-            $_.EnableSafeDocs -eq $true -and
+                $_.EnableSafeDocs -eq $true -and
-            $_.AllowSafeDocsOpen -eq $false
+                $_.AllowSafeDocsOpen -eq $false
-        }
+            }
 
-        # Determine the result based on the ATP policy settings
+            # Determine the result based on the ATP policy settings
-        $result = $null -ne $atpPolicyResult
+            $result = $null -ne $atpPolicyResult
-        $details = if ($result) {
+            $details = if ($result) {
-            "ATP for SharePoint, OneDrive, and Teams is enabled with correct settings."
+                "ATP for SharePoint, OneDrive, and Teams is enabled with correct settings."
-        }
+            }
-        else {
+            else {
-            "ATP for SharePoint, OneDrive, and Teams is not enabled with correct settings."
+                "ATP for SharePoint, OneDrive, and Teams is not enabled with correct settings."
-        }
+            }
 
-        $failureReasons = if ($result) {
+            $failureReasons = if ($result) {
-            "N/A"
+                "N/A"
-        }
+            }
-        else {
+            else {
-            "ATP policy for SharePoint, OneDrive, and Microsoft Teams is not correctly configured."
+                "ATP policy for SharePoint, OneDrive, and Microsoft Teams is not correctly configured."
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "2.1.5"
+                Rec           = $recnum
-            Result         = $result
+                Result        = $result
-            Status         = if ($result) { "Pass" } else { "Fail" }
+                Status        = if ($result) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-SafeLinksOfficeApps.ps1

@@ -9,53 +9,62 @@ function Test-SafeLinksOfficeApps {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
+        $recnum = "2.1.1"
     }
 
     process {
-        # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
+        try {
+            # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
 
-        # Retrieve all Safe Links policies
+            # Retrieve all Safe Links policies
-        $policies = Get-SafeLinksPolicy
+            $policies = Get-SafeLinksPolicy
 
-        # Initialize the details collection
+            # Initialize the details collection
-        $misconfiguredDetails = @()
+            $misconfiguredDetails = @()
 
-        foreach ($policy in $policies) {
+            foreach ($policy in $policies) {
-            # Get the detailed configuration of each policy
+                # Get the detailed configuration of each policy
-            $policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
+                $policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
 
-            # Check each required property and record failures
+                # Check each required property and record failures
-            $failures = @()
+                $failures = @()
-            if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" }
+                if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" }
-            if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" }
+                if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" }
-            if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" }
+                if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" }
-            if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" }
+                if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" }
-            if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" }
+                if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" }
-            if ($policyDetails.ScanUrls -ne $true) { $failures += "ScanUrls: False" }
+                if ($policyDetails.ScanUrls -ne $true) { $failures += "ScanUrls: False" }
-            if ($policyDetails.EnableForInternalSenders -ne $true) { $failures += "EnableForInternalSenders: False" }
+                if ($policyDetails.EnableForInternalSenders -ne $true) { $failures += "EnableForInternalSenders: False" }
-            if ($policyDetails.DeliverMessageAfterScan -ne $true) { $failures += "DeliverMessageAfterScan: False" }
+                if ($policyDetails.DeliverMessageAfterScan -ne $true) { $failures += "DeliverMessageAfterScan: False" }
-            if ($policyDetails.DisableUrlRewrite -ne $false) { $failures += "DisableUrlRewrite: True" }
+                if ($policyDetails.DisableUrlRewrite -ne $false) { $failures += "DisableUrlRewrite: True" }
 
-            # Only add details for policies that have misconfigurations
+                # Only add details for policies that have misconfigurations
-            if ($failures.Count -gt 0) {
+                if ($failures.Count -gt 0) {
-                $misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
+                    $misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
+                }
             }
-        }
 
-        # Prepare the final result
+            # Prepare the final result
-        $result = $misconfiguredDetails.Count -eq 0
+            $result = $misconfiguredDetails.Count -eq 0
-        $details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join ' | ' }
+            $details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join ' | ' }
-        $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
+            $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = "2.1.1"
+                Rec           = $recnum
-            Result         = $result
+                Result        = $result
-            Status         = if ($result) { "Pass" } else { "Fail" }
+                Status        = if ($result) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details       = $details
-            FailureReason  = $failureReasons
+                FailureReason = $failureReasons
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-SharePointAADB2B.ps1

@@ -11,21 +11,30 @@ function Test-SharePointAADB2B {
         # Initialization code, if needed
 
         $auditResult = [CISAuditResult]::new()
+        $recnum = "7.2.2"
     }
 
     process {
-        # 7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
+        try {
-        $SPOTenantAzureADB2B = Get-SPOTenant | Select-Object EnableAzureADB2BIntegration
+            # 7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
+            $SPOTenantAzureADB2B = Get-SPOTenant | Select-Object EnableAzureADB2BIntegration
 
-        # Populate the auditResult object with the required properties
+            # Populate the auditResult object with the required properties
-        $params = @{
+            $params = @{
-            Rec            = "7.2.2"
+                Rec           = $recnum
-            Result         = $SPOTenantAzureADB2B.EnableAzureADB2BIntegration
+                Result        = $SPOTenantAzureADB2B.EnableAzureADB2BIntegration
-            Status         = if ($SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Pass" } else { "Fail" }
+                Status        = if ($SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Pass" } else { "Fail" }
-            Details        = "EnableAzureADB2BIntegration: $($SPOTenantAzureADB2B.EnableAzureADB2BIntegration)"
+                Details       = "EnableAzureADB2BIntegration: $($SPOTenantAzureADB2B.EnableAzureADB2BIntegration)"
-            FailureReason  = if (-not $SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Azure AD B2B integration is not enabled" } else { "N/A" }
+                FailureReason = if (-not $SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Azure AD B2B integration is not enabled" } else { "N/A" }
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-SharePointExternalSharingDomains.ps1

@@ -11,22 +11,31 @@ function Test-SharePointExternalSharingDomains {
         # Initialization code, if needed
 
         $auditResult = [CISAuditResult]::new()
+        $recnum = "7.2.6"
     }
 
     process {
-        # 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
+        try {
-        $SPOTenant = Get-SPOTenant | Select-Object SharingDomainRestrictionMode, SharingAllowedDomainList
+            # 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
-        $isDomainRestrictionConfigured = $SPOTenant.SharingDomainRestrictionMode -eq 'AllowList'
+            $SPOTenant = Get-SPOTenant | Select-Object SharingDomainRestrictionMode, SharingAllowedDomainList
+            $isDomainRestrictionConfigured = $SPOTenant.SharingDomainRestrictionMode -eq 'AllowList'
 
-        # Populate the auditResult object with the required properties
+            # Populate the auditResult object with the required properties
-        $params = @{
+            $params = @{
-            Rec            = "7.2.6"
+                Rec           = $recnum
-            Result         = $isDomainRestrictionConfigured
+                Result        = $isDomainRestrictionConfigured
-            Status         = if ($isDomainRestrictionConfigured) { "Pass" } else { "Fail" }
+                Status        = if ($isDomainRestrictionConfigured) { "Pass" } else { "Fail" }
-            Details        = "SharingDomainRestrictionMode: $($SPOTenant.SharingDomainRestrictionMode); SharingAllowedDomainList: $($SPOTenant.SharingAllowedDomainList)"
+                Details       = "SharingDomainRestrictionMode: $($SPOTenant.SharingDomainRestrictionMode); SharingAllowedDomainList: $($SPOTenant.SharingAllowedDomainList)"
-            FailureReason  = if (-not $isDomainRestrictionConfigured) { "Domain restrictions for SharePoint external sharing are not configured to 'AllowList'. Current setting: $($SPOTenant.SharingDomainRestrictionMode)" } else { "N/A" }
+                FailureReason = if (-not $isDomainRestrictionConfigured) { "Domain restrictions for SharePoint external sharing are not configured to 'AllowList'. Current setting: $($SPOTenant.SharingDomainRestrictionMode)" } else { "N/A" }
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-SharePointGuestsItemSharing.ps1

@@ -11,22 +11,31 @@ function Test-SharePointGuestsItemSharing {
         # Initialization code, if needed
 
         $auditResult = [CISAuditResult]::new()
+        $recnum = "7.2.5"
     }
 
     process {
-        # 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
+        try {
-        $SPOTenant = Get-SPOTenant | Select-Object PreventExternalUsersFromResharing
+            # 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
-        $isGuestResharingPrevented = $SPOTenant.PreventExternalUsersFromResharing
+            $SPOTenant = Get-SPOTenant | Select-Object PreventExternalUsersFromResharing
+            $isGuestResharingPrevented = $SPOTenant.PreventExternalUsersFromResharing
 
-        # Populate the auditResult object with the required properties
+            # Populate the auditResult object with the required properties
-        $params = @{
+            $params = @{
-            Rec            = "7.2.5"
+                Rec           = $recnum
-            Result         = $isGuestResharingPrevented
+                Result        = $isGuestResharingPrevented
-            Status         = if ($isGuestResharingPrevented) { "Pass" } else { "Fail" }
+                Status        = if ($isGuestResharingPrevented) { "Pass" } else { "Fail" }
-            Details        = "PreventExternalUsersFromResharing: $isGuestResharingPrevented"
+                Details       = "PreventExternalUsersFromResharing: $isGuestResharingPrevented"
-            FailureReason  = if (-not $isGuestResharingPrevented) { "Guest users can reshare items they don't own." } else { "N/A" }
+                FailureReason = if (-not $isGuestResharingPrevented) { "Guest users can reshare items they don't own." } else { "N/A" }
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-SpamPolicyAdminNotify.ps1

@@ -11,37 +11,46 @@ function Test-SpamPolicyAdminNotify {
         # Initialization code, if needed
 
         $auditResult = [CISAuditResult]::new()
+        $recnum = "2.1.6"
     }
 
     process {
-        # 2.1.6 Ensure Exchange Online Spam Policies are set to notify administrators
+        try {
+            # 2.1.6 Ensure Exchange Online Spam Policies are set to notify administrators
 
-        # Get the default hosted outbound spam filter policy
+            # Get the default hosted outbound spam filter policy
-        $hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true }
+            $hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true }
 
-        # Check if both settings are enabled
+            # Check if both settings are enabled
-        $bccSuspiciousOutboundMailEnabled = $hostedOutboundSpamFilterPolicy.BccSuspiciousOutboundMail
+            $bccSuspiciousOutboundMailEnabled = $hostedOutboundSpamFilterPolicy.BccSuspiciousOutboundMail
-        $notifyOutboundSpamEnabled = $hostedOutboundSpamFilterPolicy.NotifyOutboundSpam
+            $notifyOutboundSpamEnabled = $hostedOutboundSpamFilterPolicy.NotifyOutboundSpam
-        $areSettingsEnabled = $bccSuspiciousOutboundMailEnabled -and $notifyOutboundSpamEnabled
+            $areSettingsEnabled = $bccSuspiciousOutboundMailEnabled -and $notifyOutboundSpamEnabled
 
-        # Prepare failure details if any setting is not enabled
+            # Prepare failure details if any setting is not enabled
-        $failureDetails = @()
+            $failureDetails = @()
-        if (-not $bccSuspiciousOutboundMailEnabled) {
+            if (-not $bccSuspiciousOutboundMailEnabled) {
-            $failureDetails += "BccSuspiciousOutboundMail is not enabled."
+                $failureDetails += "BccSuspiciousOutboundMail is not enabled."
-        }
+            }
-        if (-not $notifyOutboundSpamEnabled) {
+            if (-not $notifyOutboundSpamEnabled) {
-            $failureDetails += "NotifyOutboundSpam is not enabled."
+                $failureDetails += "NotifyOutboundSpam is not enabled."
+            }
+
+            # Create an instance of CISAuditResult and populate it
+            $params = @{
+                Rec           = $recnum
+                Result        = $areSettingsEnabled
+                Status        = if ($areSettingsEnabled) { "Pass" } else { "Fail" }
+                Details       = if ($areSettingsEnabled) { "Both BccSuspiciousOutboundMail and NotifyOutboundSpam are enabled." } else { $failureDetails -join ' ' }
+                FailureReason = if (-not $areSettingsEnabled) { "One or both spam policies are not set to notify administrators." } else { "N/A" }
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        # Create an instance of CISAuditResult and populate it
+            # Call Initialize-CISAuditResult with error parameters
-        $params = @{
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-            Rec            = "2.1.6"
-            Result         = $areSettingsEnabled
-            Status         = if ($areSettingsEnabled) { "Pass" } else { "Fail" }
-            Details        = if ($areSettingsEnabled) { "Both BccSuspiciousOutboundMail and NotifyOutboundSpam are enabled." } else { $failureDetails -join ' ' }
-            FailureReason  = if (-not $areSettingsEnabled) { "One or both spam policies are not set to notify administrators." } else { "N/A" }
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-TeamsExternalAccess.ps1

@@ -11,32 +11,41 @@ function Test-TeamsExternalAccess {
         # Initialization code, if needed
 
         $auditResult = [CISAuditResult]::new()
+        $recnum = "8.2.1"
     }
 
     process {
-        # 8.2.1 (L1) Ensure 'external access' is restricted in the Teams admin center
+        try {
+            # 8.2.1 (L1) Ensure 'external access' is restricted in the Teams admin center
 
-        # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            # Connect to Teams PowerShell using Connect-MicrosoftTeams
 
-        $externalAccessConfig = Get-CsTenantFederationConfiguration
+            $externalAccessConfig = Get-CsTenantFederationConfiguration
 
-        $allowedDomainsLimited = $false
+            $allowedDomainsLimited = $false
-        if ($externalAccessConfig.AllowFederatedUsers -and $externalAccessConfig.AllowedDomains -and $externalAccessConfig.AllowedDomains.AllowedDomain.Count -gt 0) {
+            if ($externalAccessConfig.AllowFederatedUsers -and $externalAccessConfig.AllowedDomains -and $externalAccessConfig.AllowedDomains.AllowedDomain.Count -gt 0) {
-            $allowedDomainsLimited = $true
+                $allowedDomainsLimited = $true
+            }
+
+            # Check if the configurations are as recommended
+            $isCompliant = -not $externalAccessConfig.AllowTeamsConsumer -and -not $externalAccessConfig.AllowPublicUsers -and (-not $externalAccessConfig.AllowFederatedUsers -or $allowedDomainsLimited)
+
+            # Create an instance of CISAuditResult and populate it
+            $params = @{
+                Rec           = $recnum
+                Result        = $isCompliant
+                Status        = if ($isCompliant) { "Pass" } else { "Fail" }
+                Details       = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited"
+                FailureReason = if (-not $isCompliant) { "One or more external access configurations are not compliant." } else { "N/A" }
+            }
+            $auditResult = Initialize-CISAuditResult @params
         }
+        catch {
+            Write-Error "An error occurred during the test: $_"
 
-        # Check if the configurations are as recommended
+            # Call Initialize-CISAuditResult with error parameters
-        $isCompliant = -not $externalAccessConfig.AllowTeamsConsumer -and -not $externalAccessConfig.AllowPublicUsers -and (-not $externalAccessConfig.AllowFederatedUsers -or $allowedDomainsLimited)
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
-
-        # Create an instance of CISAuditResult and populate it
-        $params = @{
-            Rec            = "8.2.1"
-            Result         = $isCompliant
-            Status         = if ($isCompliant) { "Pass" } else { "Fail" }
-            Details        = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited"
-            FailureReason  = if (-not $isCompliant) { "One or more external access configurations are not compliant." } else { "N/A" }
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {

source/tests/Test-TeamsExternalFileSharing.ps1

@@ -11,36 +11,45 @@ function Test-TeamsExternalFileSharing {
         # Initialization code, if needed
 
         $auditResult = [CISAuditResult]::new()
+        $recnum = "8.1.1"
     }
 
     process {
-        # 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
+        try {
-        # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            # 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
+            # Connect to Teams PowerShell using Connect-MicrosoftTeams
 
-        # Assuming that 'approvedProviders' is a list of approved cloud storage service names
+            # Assuming that 'approvedProviders' is a list of approved cloud storage service names
-        # This list must be defined according to your organization's approved cloud storage services
+            # This list must be defined according to your organization's approved cloud storage services
-        $approvedProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte")
+            $approvedProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte")
-        $clientConfig = Get-CsTeamsClientConfiguration
+            $clientConfig = Get-CsTeamsClientConfiguration
 
-        $isCompliant = $true
+            $isCompliant = $true
-        $nonCompliantProviders = @()
+            $nonCompliantProviders = @()
 
-        foreach ($provider in $approvedProviders) {
+            foreach ($provider in $approvedProviders) {
-            if (-not $clientConfig.$provider) {
+                if (-not $clientConfig.$provider) {
-                $isCompliant = $false
+                    $isCompliant = $false
-                $nonCompliantProviders += $provider
+                    $nonCompliantProviders += $provider
+                }
             }
-        }
 
-        # Create an instance of CISAuditResult and populate it
+            # Create an instance of CISAuditResult and populate it
-        $params = @{
+            $params = @{
-            Rec            = "8.1.1"
+                Rec           = $recnum
-            Result         = $isCompliant
+                Result        = $isCompliant
-            Status         = if ($isCompliant) { "Pass" } else { "Fail" }
+                Status        = if ($isCompliant) { "Pass" } else { "Fail" }
-            Details        = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { "All cloud storage services are approved providers" }
+                Details       = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { "All cloud storage services are approved providers" }
-            FailureReason  = if (-not $isCompliant) { "The following non-approved providers are enabled: $($nonCompliantProviders -join ', ')" } else { "N/A" }
+                FailureReason = if (-not $isCompliant) { "The following non-approved providers are enabled: $($nonCompliantProviders -join ', ')" } else { "N/A" }
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
         }
-        $auditResult = Initialize-CISAuditResult @params
     }
 
     end {