vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add: error handling to tests

Browse Source
This commit is contained in:
DrIOS
2024-06-04 17:04:18 -05:00
parent 5c60f39dad
commit 2027e8b21b
54 changed files with 1545 additions and 1039 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
source/Private/Format-MissingActions.ps1 Normal file
View File

@@ -0,0 +1,26 @@
function Format-MissingActions {
param ([array]$missingActions)
$actionGroups = @{
"Admin" = @()
"Delegate" = @()
"Owner" = @()
}
foreach ($action in $missingActions) {
if ($action -match "(Admin|Delegate|Owner) action '([^']+)' missing") {
$type = $matches[1]
$actionName = $matches[2]
$actionGroups[$type] += $actionName
}
}
$formattedResults = @()
foreach ($type in $actionGroups.Keys) {
if ($actionGroups[$type].Count -gt 0) {
$formattedResults += "$($type) actions missing: $($actionGroups[$type] -join ', ')"
}
}
return $formattedResults -join '; '
}

26
source/Private/Initialize-CISAuditResult.ps1
View File

@@ -1,19 +1,23 @@
function Initialize-CISAuditResult {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]$Rec,
[Parameter(Mandatory = $true)]
[Parameter(Mandatory = $true, ParameterSetName = 'Full')]
[bool]$Result,
[Parameter(Mandatory = $true)]
[Parameter(Mandatory = $true, ParameterSetName = 'Full')]
[string]$Status,
[Parameter(Mandatory = $true)]
[Parameter(Mandatory = $true, ParameterSetName = 'Full')]
[string]$Details,
[Parameter(Mandatory = $true)]
[string]$FailureReason
[Parameter(Mandatory = $true, ParameterSetName = 'Full')]
[string]$FailureReason,
[Parameter(ParameterSetName = 'Error')]
[switch]$Failure
)
# Import the test definitions CSV file
@@ -22,6 +26,10 @@ function Initialize-CISAuditResult {
# Find the row that matches the provided recommendation (Rec)
$testDefinition = $testDefinitions | Where-Object { $_.Rec -eq $Rec }
if (-not $testDefinition) {
throw "Test definition for recommendation '$Rec' not found."
}
# Create an instance of CISAuditResult and populate it
$auditResult = [CISAuditResult]::new()
$auditResult.Rec = $Rec
@@ -36,10 +44,18 @@ function Initialize-CISAuditResult {
$auditResult.Automated = [bool]::Parse($testDefinition.Automated)
$auditResult.Connection = $testDefinition.Connection
$auditResult.CISControlVer = 'v8'
if ($PSCmdlet.ParameterSetName -eq 'Full') {
$auditResult.Result = $Result
$auditResult.Status = $Status
$auditResult.Details = $Details
$auditResult.FailureReason = $FailureReason
} elseif ($PSCmdlet.ParameterSetName -eq 'Error') {
$auditResult.Result = $false
$auditResult.Status = 'Fail'
$auditResult.Details = "An error occurred while processing the test."
$auditResult.FailureReason = "Initialization error: Failed to process the test."
}
return $auditResult
}

14
source/tests/Test-AdministrativeAccountCompliance.ps1
View File

@@ -1,16 +1,17 @@
function Test-AdministrativeAccountCompliance {
[CmdletBinding()]
param (
# Aligned
# Parameters can be added if needed
)
begin {
#. .\source\Classes\CISAuditResult.ps1
# Initialize the valid licenses
$validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
$recnum = "1.1.1"
}
process {
try {
$adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
$adminRoleUsers = @()
@@ -66,7 +67,7 @@ function Test-AdministrativeAccountCompliance {
# Create the parameter splat
$params = @{
Rec = "1.1.1"
Rec = $recnum
Result = $result
Status = $status
Details = $details
@@ -75,9 +76,14 @@ function Test-AdministrativeAccountCompliance {
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Output the result
return $auditResult
}
}

11
source/tests/Test-AntiPhishingPolicy.ps1
View File

@@ -10,9 +10,12 @@ function Test-AntiPhishingPolicy {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
#$auditResults = @()
$recnum = "2.1.7"
}
process {
try {
# 2.1.7 Ensure that an anti-phishing policy has been created
# Retrieve and validate the anti-phishing policies
@@ -61,7 +64,7 @@ function Test-AntiPhishingPolicy {
# Parameter splat for Initialize-CISAuditResult function
$params = @{
Rec = "2.1.7"
Rec = $recnum
Result = $nonCompliantItems.Count -eq 0
Status = if ($isCompliant) { "Pass" } else { "Fail" }
Details = $details
@@ -71,6 +74,12 @@ function Test-AntiPhishingPolicy {
# Create and populate the CISAuditResult object
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-AuditDisabledFalse.ps1
View File

@@ -9,9 +9,12 @@ function Test-AuditDisabledFalse {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "6.1.1"
}
process {
try {
# 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
# Retrieve the AuditDisabled configuration
@@ -35,7 +38,7 @@ function Test-AuditDisabledFalse {
# Create and populate the CISAuditResult object
$params = @{
Rec = "6.1.1"
Rec = $recnum
Result = $auditNotDisabled
Status = if ($auditNotDisabled) { "Pass" } else { "Fail" }
Details = $details
@@ -43,6 +46,12 @@ function Test-AuditDisabledFalse {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-AuditLogSearch.ps1
View File

@@ -9,9 +9,12 @@ function Test-AuditLogSearch {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "3.1.1"
}
process {
try {
# 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
# Retrieve the audit log configuration
@@ -35,14 +38,20 @@ function Test-AuditLogSearch {
# Create and populate the CISAuditResult object
$params = @{
Rec = "3.1.1"
Rec = $recnum
Result = $auditLogResult
Status = if ($auditLogResult) { "Pass" } else { "Fail" }
Details = $details
FailureReason = $failureReasons
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {

12
source/tests/Test-BlockChannelEmails.ps1
View File

@@ -9,9 +9,12 @@ function Test-BlockChannelEmails {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.1.2"
}
process {
try {
# 8.1.2 (L1) Ensure users can't send emails to a channel email address
# Retrieve Teams client configuration
@@ -35,7 +38,7 @@ function Test-BlockChannelEmails {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.1.2"
Rec = $recnum
Result = -not $allowEmailIntoChannel
Status = if (-not $allowEmailIntoChannel) { "Pass" } else { "Fail" }
Details = $details
@@ -43,6 +46,13 @@ function Test-BlockChannelEmails {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

8
source/tests/Test-BlockMailForwarding.ps1
View File

@@ -12,6 +12,7 @@ function Test-BlockMailForwarding {
}
process {
try {
# 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
# Retrieve the transport rules that redirect messages
@@ -44,6 +45,13 @@ function Test-BlockMailForwarding {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec "6.2.1" -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-BlockSharedMailboxSignIn.ps1
View File

@@ -9,9 +9,12 @@ function Test-BlockSharedMailboxSignIn {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "1.2.2"
}
process {
try {
# 1.2.2 (L1) Ensure sign-in to shared mailboxes is blocked
# Retrieve shared mailbox details
@@ -37,7 +40,7 @@ function Test-BlockSharedMailboxSignIn {
# Create and populate the CISAuditResult object
$params = @{
Rec = "1.2.2"
Rec = $recnum
Result = $allBlocked
Status = if ($allBlocked) { "Pass" } else { "Fail" }
Details = $details
@@ -45,6 +48,13 @@ function Test-BlockSharedMailboxSignIn {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-CommonAttachmentFilter.ps1
View File

@@ -9,9 +9,11 @@ function Test-CommonAttachmentFilter {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "2.1.2"
}
process {
try {
# 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
# Retrieve the attachment filter policy
@@ -35,7 +37,7 @@ function Test-CommonAttachmentFilter {
# Create and populate the CISAuditResult object
$params = @{
Rec = "2.1.2"
Rec = $recnum
Result = $result
Status = if ($result) { "Pass" } else { "Fail" }
Details = $details
@@ -43,6 +45,13 @@ function Test-CommonAttachmentFilter {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-CustomerLockbox.ps1
View File

@@ -9,9 +9,12 @@ function Test-CustomerLockbox {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "1.3.6"
}
process {
try {
# 1.3.6 (L2) Ensure the customer lockbox feature is enabled
# Retrieve the organization configuration
@@ -35,7 +38,7 @@ function Test-CustomerLockbox {
# Create and populate the CISAuditResult object #
$params = @{
Rec = "1.3.6"
Rec = $recnum
Result = $customerLockboxEnabled
Status = if ($customerLockboxEnabled) { "Pass" } else { "Fail" }
Details = $details
@@ -43,6 +46,13 @@ function Test-CustomerLockbox {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-DialInBypassLobby.ps1
View File

@@ -9,9 +9,12 @@ function Test-DialInBypassLobby {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.4"
}
process {
try {
# 8.5.4 (L1) Ensure users dialing in can't bypass the lobby
# Retrieve Teams meeting policy for PSTN users
@@ -35,7 +38,7 @@ function Test-DialInBypassLobby {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.5.4"
Rec = $recnum
Result = $PSTNBypassDisabled
Status = if ($PSTNBypassDisabled) { "Pass" } else { "Fail" }
Details = $details
@@ -43,6 +46,13 @@ function Test-DialInBypassLobby {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-DisallowInfectedFilesDownload.ps1
View File

@@ -10,9 +10,12 @@ function Test-DisallowInfectedFilesDownload {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.3.1"
}
process {
try {
# 7.3.1 (L2) Ensure Office 365 SharePoint infected files are disallowed for download
# Retrieve the SharePoint tenant configuration
@@ -36,14 +39,20 @@ function Test-DisallowInfectedFilesDownload {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.3.1"
Rec = $recnum
Result = $isDisallowInfectedFileDownloadEnabled
Status = if ($isDisallowInfectedFileDownloadEnabled) { "Pass" } else { "Fail" }
Details = $details
FailureReason = $failureReasons
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {

12
source/tests/Test-EnableDKIM.ps1
View File

@@ -9,9 +9,12 @@ function Test-EnableDKIM {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "2.1.9"
}
process {
try {
# 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
# Retrieve DKIM configuration for all domains
@@ -36,7 +39,7 @@ function Test-EnableDKIM {
# Create and populate the CISAuditResult object
$params = @{
Rec = "2.1.9"
Rec = $recnum
Result = $dkimResult
Status = if ($dkimResult) { "Pass" } else { "Fail" }
Details = $details
@@ -44,6 +47,13 @@ function Test-EnableDKIM {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-ExternalNoControl.ps1
View File

@@ -10,9 +10,12 @@ function Test-ExternalNoControl {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.7"
}
process {
try {
# 8.5.7 (L1) Ensure external participants can't give or request control
# Retrieve Teams meeting policy for external participant control
@@ -36,7 +39,7 @@ function Test-ExternalNoControl {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.5.7"
Rec = $recnum
Result = $externalControlRestricted
Status = if ($externalControlRestricted) { "Pass" } else { "Fail" }
Details = $details
@@ -44,6 +47,13 @@ function Test-ExternalNoControl {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-ExternalSharingCalendars.ps1
View File

@@ -10,9 +10,12 @@ function Test-ExternalSharingCalendars {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "1.3.3"
}
process {
try {
# 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated)
# Retrieve sharing policies related to calendar sharing
@@ -45,7 +48,7 @@ function Test-ExternalSharingCalendars {
# Create and populate the CISAuditResult object
$params = @{
Rec = "1.3.3"
Rec = $recnum
Result = $isExternalSharingDisabled
Status = if ($isExternalSharingDisabled) { "Pass" } else { "Fail" }
Details = $details
@@ -53,6 +56,13 @@ function Test-ExternalSharingCalendars {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-GlobalAdminsCount.ps1
View File

@@ -10,9 +10,12 @@ function Test-GlobalAdminsCount {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "1.1.3"
}
process {
try {
# 1.1.3 (L1) Ensure that between two and four global admins are designated
# Retrieve global admin role and members
@@ -36,7 +39,7 @@ function Test-GlobalAdminsCount {
# Create and populate the CISAuditResult object
$params = @{
Rec = "1.1.3"
Rec = $recnum
Result = $globalAdminCount -ge 2 -and $globalAdminCount -le 4
Status = if ($globalAdminCount -ge 2 -and $globalAdminCount -le 4) { "Pass" } else { "Fail" }
Details = $details
@@ -44,6 +47,13 @@ function Test-GlobalAdminsCount {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-GuestAccessExpiration.ps1
View File

@@ -10,9 +10,12 @@ function Test-GuestAccessExpiration {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.2.9"
}
process {
try {
# 7.2.9 (L1) Ensure guest access to a site or OneDrive will expire automatically
# Retrieve SharePoint tenant settings related to guest access expiration
@@ -31,7 +34,7 @@ function Test-GuestAccessExpiration {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.2.9"
Rec = $recnum
Result = $isGuestAccessExpirationConfiguredCorrectly
Status = if ($isGuestAccessExpirationConfiguredCorrectly) { "Pass" } else { "Fail" }
Details = $details
@@ -39,6 +42,13 @@ function Test-GuestAccessExpiration {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-GuestUsersBiweeklyReview.ps1
View File

@@ -10,9 +10,11 @@ function Test-GuestUsersBiweeklyReview {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "1.1.4"
}
process {
try {
# 1.1.4 (L1) Ensure Guest Users are reviewed at least biweekly
@@ -38,7 +40,7 @@ function Test-GuestUsersBiweeklyReview {
# Create and populate the CISAuditResult object
$params = @{
Rec = "1.1.4"
Rec = $recnum
Result = -not $guestUsers
Status = if ($guestUsers) { "Fail" } else { "Pass" }
Details = $details
@@ -46,6 +48,13 @@ function Test-GuestUsersBiweeklyReview {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-IdentifyExternalEmail.ps1
View File

@@ -10,9 +10,12 @@ function Test-IdentifyExternalEmail {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "6.2.3"
}
process {
try {
# 6.2.3 (L1) Ensure email from external senders is identified
# Retrieve external sender tagging configuration
@@ -31,7 +34,7 @@ function Test-IdentifyExternalEmail {
# Create and populate the CISAuditResult object
$params = @{
Rec = "6.2.3"
Rec = $recnum
Result = $externalTaggingEnabled
Status = if ($externalTaggingEnabled) { "Pass" } else { "Fail" }
Details = $details
@@ -39,6 +42,13 @@ function Test-IdentifyExternalEmail {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

12
source/tests/Test-LinkSharingRestrictions.ps1
View File

@@ -10,9 +10,11 @@ function Test-LinkSharingRestrictions {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.2.7"
}
process {
try {
# 7.2.7 (L1) Ensure link sharing is restricted in SharePoint and OneDrive
# Retrieve link sharing configuration for SharePoint and OneDrive
@@ -31,13 +33,21 @@ function Test-LinkSharingRestrictions {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.2.7"
Rec = $recnum
Result = $isLinkSharingRestricted
Status = if ($isLinkSharingRestricted) { "Pass" } else { "Fail" }
Details = $details
FailureReason = $failureReasons
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {

11
source/tests/Test-MailTipsEnabled.ps1
View File

@@ -11,9 +11,11 @@ function Test-MailTipsEnabled {
# Initialization code, if needed
$auditResult = [CISAuditResult]::new()
$recnum = "6.5.2"
}
process {
try {
# 6.5.2 (L2) Ensure MailTips are enabled for end users
# Retrieve organization configuration for MailTips settings
@@ -38,7 +40,7 @@ function Test-MailTipsEnabled {
# Create and populate the CISAuditResult object
$params = @{
Rec = "6.5.2"
Rec = $recnum
Result = $allTipsEnabled -and $externalRecipientsTipsEnabled
Status = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) { "Pass" } else { "Fail" }
Details = $details
@@ -46,6 +48,13 @@ function Test-MailTipsEnabled {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

18
source/tests/Test-MailboxAuditingE3.ps1
View File

@@ -19,15 +19,17 @@ function Test-MailboxAuditingE3 {
$allFailures = @()
$allUsers = Get-AzureADUser -All $true
$processedUsers = @{} # Dictionary to track processed users
$recnum = "6.1.2"
}
process {
try {
foreach ($user in $allUsers) {
if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
continue
}
try {
$licenseDetails = Get-MgUserLicenseDetail -UserId $user.UserPrincipalName
$hasOfficeE3 = ($licenseDetails | Where-Object { $_.SkuPartNumber -in $e3SkuPartNumbers }).Count -gt 0
Write-Verbose "Evaluating user $($user.UserPrincipalName) for Office E3 license."
@@ -61,10 +63,6 @@ function Test-MailboxAuditingE3 {
$processedUsers[$user.UserPrincipalName] = $true
}
}
catch {
Write-Warning "Could not retrieve license details for user $($user.UserPrincipalName): $_"
}
}
# Prepare failure reasons and details based on compliance
$failureReasons = if ($allFailures.Count -eq 0) { "N/A" } else { "Audit issues detected." }
@@ -72,13 +70,21 @@ function Test-MailboxAuditingE3 {
# Populate the audit result
$params = @{
Rec = "6.1.2"
Rec = $recnum
Result = $allFailures.Count -eq 0
Status = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
Details = $details
FailureReason = $failureReasons
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {

18
source/tests/Test-MailboxAuditingE5.ps1
View File

@@ -20,15 +20,17 @@ function Test-MailboxAuditingE5 {
$allFailures = @()
$allUsers = Get-AzureADUser -All $true
$processedUsers = @{} # Dictionary to track processed users
$recnum = "6.1.3"
}
process {
try {
foreach ($user in $allUsers) {
if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
continue
}
try {
$licenseDetails = Get-MgUserLicenseDetail -UserId $user.UserPrincipalName
$hasOfficeE5 = ($licenseDetails | Where-Object { $_.SkuPartNumber -in $e5SkuPartNumbers }).Count -gt 0
Write-Verbose "Evaluating user $($user.UserPrincipalName) for Office E5 license."
@@ -66,10 +68,7 @@ function Test-MailboxAuditingE5 {
# Adding verbose output to indicate the user does not have an E5 license
Write-Verbose "User $($user.UserPrincipalName) does not have an Office E5 license."
}
}
catch {
Write-Warning "Could not retrieve license details for user $($user.UserPrincipalName): $_"
}
}
# Prepare failure reasons and details based on compliance
@@ -78,7 +77,7 @@ function Test-MailboxAuditingE5 {
# Populate the audit result
$params = @{
Rec = "6.1.3"
Rec = $recnum
Result = $allFailures.Count -eq 0
Status = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" }
Details = $details
@@ -86,6 +85,13 @@ function Test-MailboxAuditingE5 {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
return $auditResult

12
source/tests/Test-ManagedApprovedPublicGroups.ps1
View File

@@ -9,10 +9,11 @@ function Test-ManagedApprovedPublicGroups {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "1.2.1"
}
process {
try {
# 1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist (Automated)
# Retrieve all public groups
@@ -36,7 +37,7 @@ function Test-ManagedApprovedPublicGroups {
# Create and populate the CISAuditResult object
$params = @{
Rec = "1.2.1"
Rec = $recnum
Result = $null -eq $allGroups -or $allGroups.Count -eq 0
Status = if ($null -eq $allGroups -or $allGroups.Count -eq 0) { "Pass" } else { "Fail" }
Details = $details
@@ -44,6 +45,13 @@ function Test-ManagedApprovedPublicGroups {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResults

11
source/tests/Test-MeetingChatNoAnonymous.ps1
View File

@@ -9,9 +9,11 @@ function Test-MeetingChatNoAnonymous {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.5"
}
process {
try {
# 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
# Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -32,7 +34,7 @@ function Test-MeetingChatNoAnonymous {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.5.5"
Rec = $recnum
Result = $chatAnonDisabled
Status = if ($chatAnonDisabled) { "Pass" } else { "Fail" }
Details = $details
@@ -40,6 +42,13 @@ function Test-MeetingChatNoAnonymous {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

9
source/tests/Test-ModernAuthExchangeOnline.ps1
View File

@@ -9,6 +9,7 @@ function Test-ModernAuthExchangeOnline {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "6.5.1"
}
process {
@@ -30,7 +31,7 @@ function Test-ModernAuthExchangeOnline {
# Create and populate the CISAuditResult object
$params = @{
Rec = "6.5.1"
Rec = $recnum
Result = $orgConfig.OAuth2ClientProfileEnabled
Status = if ($orgConfig.OAuth2ClientProfileEnabled) { "Pass" } else { "Fail" }
Details = $details
@@ -40,8 +41,12 @@ function Test-ModernAuthExchangeOnline {
}
catch {
Write-Error "An error occurred while testing modern authentication for Exchange Online: $_"
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {

11
source/tests/Test-ModernAuthSharePoint.ps1
View File

@@ -9,9 +9,11 @@ function Test-ModernAuthSharePoint {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.2.1"
}
process {
try {
# 7.2.1 (L1) Ensure modern authentication for SharePoint applications is required
$SPOTenant = Get-SPOTenant | Select-Object -Property LegacyAuthProtocolsEnabled
$modernAuthForSPRequired = -not $SPOTenant.LegacyAuthProtocolsEnabled
@@ -28,7 +30,7 @@ function Test-ModernAuthSharePoint {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.2.1"
Rec = $recnum
Result = $modernAuthForSPRequired
Status = if ($modernAuthForSPRequired) { "Pass" } else { "Fail" }
Details = $details
@@ -36,6 +38,13 @@ function Test-ModernAuthSharePoint {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-NoAnonymousMeetingJoin.ps1
View File

@@ -9,9 +9,11 @@ function Test-NoAnonymousMeetingJoin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.1"
}
process {
try {
# 8.5.1 (L2) Ensure anonymous users can't join a meeting
# Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -31,7 +33,7 @@ function Test-NoAnonymousMeetingJoin {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.5.1"
Rec = $recnum
Result = -not $allowAnonymousUsersToJoinMeeting
Status = if (-not $allowAnonymousUsersToJoinMeeting) { "Pass" } else { "Fail" }
Details = $details
@@ -39,6 +41,13 @@ function Test-NoAnonymousMeetingJoin {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-NoAnonymousMeetingStart.ps1
View File

@@ -9,9 +9,11 @@ function Test-NoAnonymousMeetingStart {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.2"
}
process {
try {
# 8.5.2 (L1) Ensure anonymous users and dial-in callers can't start a meeting
# Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -31,7 +33,7 @@ function Test-NoAnonymousMeetingStart {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.5.2"
Rec = $recnum
Result = $anonymousStartDisabled
Status = if ($anonymousStartDisabled) { "Pass" } else { "Fail" }
Details = $details
@@ -39,6 +41,13 @@ function Test-NoAnonymousMeetingStart {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-NoWhitelistDomains.ps1
View File

@@ -9,9 +9,11 @@ function Test-NoWhitelistDomains {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "6.2.2"
}
process {
try {
# 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
# Retrieve transport rules that whitelist specific domains
@@ -35,7 +37,7 @@ function Test-NoWhitelistDomains {
# Create and populate the CISAuditResult object
$params = @{
Rec = "6.2.2"
Rec = $recnum
Result = -not $whitelistedRules
Status = if ($whitelistedRules) { "Fail" } else { "Pass" }
Details = $details
@@ -43,6 +45,13 @@ function Test-NoWhitelistDomains {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-NotifyMalwareInternal.ps1
View File

@@ -9,9 +9,11 @@ function Test-NotifyMalwareInternal {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "2.1.3"
}
process {
try {
# 2.1.3 Ensure notifications for internal users sending malware is Enabled
# Retrieve all 'Custom' malware filter policies and check notification settings
@@ -44,7 +46,7 @@ function Test-NotifyMalwareInternal {
# Create and populate the CISAuditResult object
$params = @{
Rec = "2.1.3"
Rec = $recnum
Result = $result
Status = if ($result) { "Pass" } else { "Fail" }
Details = $details
@@ -52,6 +54,13 @@ function Test-NotifyMalwareInternal {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-OneDriveContentRestrictions.ps1
View File

@@ -9,9 +9,11 @@ function Test-OneDriveContentRestrictions {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.2.4"
}
process {
try {
# 7.2.4 (L2) Ensure OneDrive content sharing is restricted
# Retrieve OneDrive sharing capability settings
@@ -35,7 +37,7 @@ function Test-OneDriveContentRestrictions {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.2.4"
Rec = $recnum
Result = $isOneDriveSharingRestricted
Status = if ($isOneDriveSharingRestricted) { "Pass" } else { "Fail" }
Details = $details
@@ -43,6 +45,13 @@ function Test-OneDriveContentRestrictions {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-OneDriveSyncRestrictions.ps1
View File

@@ -9,9 +9,11 @@ function Test-OneDriveSyncRestrictions {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.3.2"
}
process {
try {
# 7.3.2 (L2) Ensure OneDrive sync is restricted for unmanaged devices
# Retrieve OneDrive sync client restriction settings
@@ -35,7 +37,7 @@ function Test-OneDriveSyncRestrictions {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.3.2"
Rec = $recnum
Result = $isSyncRestricted
Status = if ($isSyncRestricted) { "Pass" } else { "Fail" }
Details = $details
@@ -43,6 +45,13 @@ function Test-OneDriveSyncRestrictions {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-OrgOnlyBypassLobby.ps1
View File

@@ -9,9 +9,11 @@ function Test-OrgOnlyBypassLobby {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.3"
}
process {
try {
# 8.5.3 (L1) Ensure only people in my org can bypass the lobby
# Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -37,7 +39,7 @@ function Test-OrgOnlyBypassLobby {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.5.3"
Rec = $recnum
Result = $lobbyBypassRestricted
Status = if ($lobbyBypassRestricted) { "Pass" } else { "Fail" }
Details = $details
@@ -45,6 +47,13 @@ function Test-OrgOnlyBypassLobby {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-OrganizersPresent.ps1
View File

@@ -9,9 +9,11 @@ function Test-OrganizersPresent {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.6"
}
process {
try {
# 8.5.6 (L2) Ensure only organizers and co-organizers can present
# Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -37,7 +39,7 @@ function Test-OrganizersPresent {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.5.6"
Rec = $recnum
Result = $presenterRoleRestricted
Status = if ($presenterRoleRestricted) { "Pass" } else { "Fail" }
Details = $details
@@ -45,6 +47,13 @@ function Test-OrganizersPresent {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-PasswordHashSync.ps1
View File

@@ -9,9 +9,11 @@ function Test-PasswordHashSync {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "5.1.8.1"
}
process {
try {
# 5.1.8.1 (L1) Ensure password hash sync is enabled for hybrid deployments
# Pass if OnPremisesSyncEnabled is True. Fail otherwise.
@@ -31,7 +33,7 @@ function Test-PasswordHashSync {
# Create and populate the CISAuditResult object
$params = @{
Rec = "5.1.8.1"
Rec = $recnum
Result = $hashSyncResult
Status = if ($hashSyncResult) { "Pass" } else { "Fail" }
Details = $details
@@ -39,6 +41,13 @@ function Test-PasswordHashSync {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-PasswordNeverExpirePolicy.ps1
View File

@@ -10,9 +10,11 @@ function Test-PasswordNeverExpirePolicy {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "1.3.1"
}
process {
try {
# 1.3.1 (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'
# Pass if PasswordValidityPeriodInDays is 0. Fail otherwise.
@@ -31,7 +33,7 @@ function Test-PasswordNeverExpirePolicy {
# Create and populate the CISAuditResult object
$params = @{
Rec = "1.3.1"
Rec = $recnum
Result = $passwordPolicy -eq 0
Status = if ($passwordPolicy -eq 0) { "Pass" } else { "Fail" }
Details = $details
@@ -39,6 +41,13 @@ function Test-PasswordNeverExpirePolicy {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-ReauthWithCode.ps1
View File

@@ -9,9 +9,11 @@ function Test-ReauthWithCode {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.2.10"
}
process {
try {
# 7.2.10 (L1) Ensure reauthentication with verification code is restricted
# Retrieve reauthentication settings for SharePoint Online
@@ -30,7 +32,7 @@ function Test-ReauthWithCode {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.2.10"
Rec = $recnum
Result = $isReauthenticationRestricted
Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" }
Details = $details
@@ -38,6 +40,13 @@ function Test-ReauthWithCode {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-ReportSecurityInTeams.ps1
View File

@@ -9,9 +9,11 @@ function Test-ReportSecurityInTeams {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.6.1"
}
process {
try {
# 8.6.1 (L1) Ensure users can report security concerns in Teams
# Retrieve the necessary settings for Teams and Exchange Online
@@ -40,7 +42,7 @@ function Test-ReportSecurityInTeams {
# Create and populate the CISAuditResult object
$params = @{
Rec = "8.6.1"
Rec = $recnum
Result = $securityReportEnabled
Status = if ($securityReportEnabled) { "Pass" } else { "Fail" }
Details = $details
@@ -48,6 +50,13 @@ function Test-ReportSecurityInTeams {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-RestrictCustomScripts.ps1
View File

@@ -9,9 +9,11 @@ function Test-RestrictCustomScripts {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.3.4"
}
process {
try {
# 7.3.4 (L1) Ensure custom script execution is restricted on site collections
# Retrieve all site collections and select necessary properties
@@ -45,7 +47,7 @@ function Test-RestrictCustomScripts {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.3.4"
Rec = $recnum
Result = $complianceResult
Status = if ($complianceResult) { "Pass" } else { "Fail" }
Details = $details
@@ -53,6 +55,13 @@ function Test-RestrictCustomScripts {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-RestrictExternalSharing.ps1
View File

@@ -9,9 +9,11 @@ function Test-RestrictExternalSharing {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "7.2.3"
}
process {
try {
# 7.2.3 (L1) Ensure external content sharing is restricted
# Retrieve the SharingCapability setting for the SharePoint tenant
@@ -30,7 +32,7 @@ function Test-RestrictExternalSharing {
# Create and populate the CISAuditResult object
$params = @{
Rec = "7.2.3"
Rec = $recnum
Result = $isRestricted
Status = if ($isRestricted) { "Pass" } else { "Fail" }
Details = $details
@@ -38,6 +40,13 @@ function Test-RestrictExternalSharing {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-RestrictOutlookAddins.ps1
View File

@@ -12,9 +12,11 @@ function Test-RestrictOutlookAddins {
$customPolicyFailures = @()
$defaultPolicyFailureDetails = @()
$relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps')
$recnum = "6.3.1"
}
process {
try {
# 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
# Check all mailboxes for custom policies with unallowed add-ins
@@ -62,7 +64,7 @@ function Test-RestrictOutlookAddins {
# Create and populate the CISAuditResult object
$params = @{
Rec = "6.3.1"
Rec = $recnum
Result = $isCompliant
Status = if ($isCompliant) { "Pass" } else { "Fail" }
Details = $detailsString
@@ -70,6 +72,13 @@ function Test-RestrictOutlookAddins {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-RestrictStorageProvidersOutlook.ps1
View File

@@ -9,9 +9,11 @@ function Test-RestrictStorageProvidersOutlook {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "6.5.3"
}
process {
try {
# 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
# Retrieve all OwaMailbox policies
@@ -38,7 +40,7 @@ function Test-RestrictStorageProvidersOutlook {
# Create and populate the CISAuditResult object
$params = @{
Rec = "6.5.3"
Rec = $recnum
Result = $allPoliciesRestricted
Status = if ($allPoliciesRestricted) { "Pass" } else { "Fail" }
Details = $details
@@ -46,6 +48,13 @@ function Test-RestrictStorageProvidersOutlook {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-RestrictTenantCreation.ps1
View File

@@ -9,9 +9,11 @@ function Test-RestrictTenantCreation {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "5.1.2.3"
}
process {
try {
# 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
# Retrieve the tenant creation policy
@@ -30,7 +32,7 @@ function Test-RestrictTenantCreation {
# Create and populate the CISAuditResult object
$params = @{
Rec = "5.1.2.3"
Rec = $recnum
Result = $tenantCreationResult
Status = if ($tenantCreationResult) { "Pass" } else { "Fail" }
Details = $details
@@ -38,6 +40,13 @@ function Test-RestrictTenantCreation {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-SafeAttachmentsPolicy.ps1
View File

@@ -9,9 +9,11 @@ function Test-SafeAttachmentsPolicy {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "2.1.4"
}
process {
try {
# 2.1.4 (L2) Ensure Safe Attachments policy is enabled
# Retrieve all Safe Attachment policies where Enable is set to True
@@ -35,7 +37,7 @@ function Test-SafeAttachmentsPolicy {
# Create and populate the CISAuditResult object
$params = @{
Rec = "2.1.4"
Rec = $recnum
Result = $result
Status = if ($result) { "Pass" } else { "Fail" }
Details = $details
@@ -43,6 +45,13 @@ function Test-SafeAttachmentsPolicy {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-SafeAttachmentsTeams.ps1
View File

@@ -9,9 +9,11 @@ function Test-SafeAttachmentsTeams {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "2.1.5"
}
process {
try {
# 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
# Retrieve the ATP policies for Office 365 and check Safe Attachments settings
@@ -42,7 +44,7 @@ function Test-SafeAttachmentsTeams {
# Create and populate the CISAuditResult object
$params = @{
Rec = "2.1.5"
Rec = $recnum
Result = $result
Status = if ($result) { "Pass" } else { "Fail" }
Details = $details
@@ -50,6 +52,13 @@ function Test-SafeAttachmentsTeams {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-SafeLinksOfficeApps.ps1
View File

@@ -9,9 +9,11 @@ function Test-SafeLinksOfficeApps {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "2.1.1"
}
process {
try {
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
# Retrieve all Safe Links policies
@@ -49,7 +51,7 @@ function Test-SafeLinksOfficeApps {
# Create and populate the CISAuditResult object
$params = @{
Rec = "2.1.1"
Rec = $recnum
Result = $result
Status = if ($result) { "Pass" } else { "Fail" }
Details = $details
@@ -57,6 +59,13 @@ function Test-SafeLinksOfficeApps {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return the audit result

11
source/tests/Test-SharePointAADB2B.ps1
View File

@@ -11,15 +11,17 @@ function Test-SharePointAADB2B {
# Initialization code, if needed
$auditResult = [CISAuditResult]::new()
$recnum = "7.2.2"
}
process {
try {
# 7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
$SPOTenantAzureADB2B = Get-SPOTenant | Select-Object EnableAzureADB2BIntegration
# Populate the auditResult object with the required properties
$params = @{
Rec = "7.2.2"
Rec = $recnum
Result = $SPOTenantAzureADB2B.EnableAzureADB2BIntegration
Status = if ($SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Pass" } else { "Fail" }
Details = "EnableAzureADB2BIntegration: $($SPOTenantAzureADB2B.EnableAzureADB2BIntegration)"
@@ -27,6 +29,13 @@ function Test-SharePointAADB2B {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-SharePointExternalSharingDomains.ps1
View File

@@ -11,16 +11,18 @@ function Test-SharePointExternalSharingDomains {
# Initialization code, if needed
$auditResult = [CISAuditResult]::new()
$recnum = "7.2.6"
}
process {
try {
# 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
$SPOTenant = Get-SPOTenant | Select-Object SharingDomainRestrictionMode, SharingAllowedDomainList
$isDomainRestrictionConfigured = $SPOTenant.SharingDomainRestrictionMode -eq 'AllowList'
# Populate the auditResult object with the required properties
$params = @{
Rec = "7.2.6"
Rec = $recnum
Result = $isDomainRestrictionConfigured
Status = if ($isDomainRestrictionConfigured) { "Pass" } else { "Fail" }
Details = "SharingDomainRestrictionMode: $($SPOTenant.SharingDomainRestrictionMode); SharingAllowedDomainList: $($SPOTenant.SharingAllowedDomainList)"
@@ -28,6 +30,13 @@ function Test-SharePointExternalSharingDomains {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-SharePointGuestsItemSharing.ps1
View File

@@ -11,16 +11,18 @@ function Test-SharePointGuestsItemSharing {
# Initialization code, if needed
$auditResult = [CISAuditResult]::new()
$recnum = "7.2.5"
}
process {
try {
# 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
$SPOTenant = Get-SPOTenant | Select-Object PreventExternalUsersFromResharing
$isGuestResharingPrevented = $SPOTenant.PreventExternalUsersFromResharing
# Populate the auditResult object with the required properties
$params = @{
Rec = "7.2.5"
Rec = $recnum
Result = $isGuestResharingPrevented
Status = if ($isGuestResharingPrevented) { "Pass" } else { "Fail" }
Details = "PreventExternalUsersFromResharing: $isGuestResharingPrevented"
@@ -28,6 +30,13 @@ function Test-SharePointGuestsItemSharing {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-SpamPolicyAdminNotify.ps1
View File

@@ -11,9 +11,11 @@ function Test-SpamPolicyAdminNotify {
# Initialization code, if needed
$auditResult = [CISAuditResult]::new()
$recnum = "2.1.6"
}
process {
try {
# 2.1.6 Ensure Exchange Online Spam Policies are set to notify administrators
# Get the default hosted outbound spam filter policy
@@ -35,7 +37,7 @@ function Test-SpamPolicyAdminNotify {
# Create an instance of CISAuditResult and populate it
$params = @{
Rec = "2.1.6"
Rec = $recnum
Result = $areSettingsEnabled
Status = if ($areSettingsEnabled) { "Pass" } else { "Fail" }
Details = if ($areSettingsEnabled) { "Both BccSuspiciousOutboundMail and NotifyOutboundSpam are enabled." } else { $failureDetails -join ' ' }
@@ -43,6 +45,13 @@ function Test-SpamPolicyAdminNotify {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-TeamsExternalAccess.ps1
View File

@@ -11,9 +11,11 @@ function Test-TeamsExternalAccess {
# Initialization code, if needed
$auditResult = [CISAuditResult]::new()
$recnum = "8.2.1"
}
process {
try {
# 8.2.1 (L1) Ensure 'external access' is restricted in the Teams admin center
# Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -30,7 +32,7 @@ function Test-TeamsExternalAccess {
# Create an instance of CISAuditResult and populate it
$params = @{
Rec = "8.2.1"
Rec = $recnum
Result = $isCompliant
Status = if ($isCompliant) { "Pass" } else { "Fail" }
Details = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited"
@@ -38,6 +40,13 @@ function Test-TeamsExternalAccess {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult

11
source/tests/Test-TeamsExternalFileSharing.ps1
View File

@@ -11,9 +11,11 @@ function Test-TeamsExternalFileSharing {
# Initialization code, if needed
$auditResult = [CISAuditResult]::new()
$recnum = "8.1.1"
}
process {
try {
# 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
# Connect to Teams PowerShell using Connect-MicrosoftTeams
@@ -34,7 +36,7 @@ function Test-TeamsExternalFileSharing {
# Create an instance of CISAuditResult and populate it
$params = @{
Rec = "8.1.1"
Rec = $recnum
Result = $isCompliant
Status = if ($isCompliant) { "Pass" } else { "Fail" }
Details = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { "All cloud storage services are approved providers" }
@@ -42,6 +44,13 @@ function Test-TeamsExternalFileSharing {
}
$auditResult = Initialize-CISAuditResult @params
}
catch {
Write-Error "An error occurred during the test: $_"
# Call Initialize-CISAuditResult with error parameters
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
}
}
end {
# Return auditResult