From 2f8d7b358a6ae41d43f0df20b9fc8d51c97aa796 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Tue, 28 May 2024 09:55:57 -0500
Subject: [PATCH] fix: 1.2.2 aligned with test-template

---
 .../tests/Test-BlockSharedMailboxSignIn.ps1   | 44 ++++++++++++-------
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/source/tests/Test-BlockSharedMailboxSignIn.ps1 b/source/tests/Test-BlockSharedMailboxSignIn.ps1
index b74afad..31e49a3 100644
--- a/source/tests/Test-BlockSharedMailboxSignIn.ps1
+++ b/source/tests/Test-BlockSharedMailboxSignIn.ps1
@@ -1,48 +1,60 @@
 function Test-BlockSharedMailboxSignIn {
     [CmdletBinding()]
     param (
+        # Aligned
         # Parameters can be added if needed
     )
 
     begin {
-        # Dot source the class script
+        # Dot source the class script if necessary
 
-        $auditResults = @()
+        # Initialization code, if needed
     }
 
     process {
         # 1.2.2 (L1) Ensure sign-in to shared mailboxes is blocked
-        # Pass if all shared mailboxes have AccountEnabled set to False.
-        # Fail if any shared mailbox has AccountEnabled set to True.
-        # Review: Details property - Add verbosity.
 
+        # Retrieve shared mailbox details
         $MBX = Get-EXOMailbox -RecipientTypeDetails SharedMailbox
         $sharedMailboxDetails = $MBX | ForEach-Object { Get-AzureADUser -ObjectId $_.ExternalDirectoryObjectId }
         $enabledMailboxes = $sharedMailboxDetails | Where-Object { $_.AccountEnabled } | ForEach-Object { $_.DisplayName }
         $allBlocked = $enabledMailboxes.Count -eq 0
 
-        # Create an instance of CISAuditResult and populate it
+        # Prepare failure reasons and details based on compliance
+        $failureReasons = if (-not $allBlocked) {
+            "Some mailboxes have sign-in enabled: $($enabledMailboxes -join ', ')"
+        }
+        else {
+            "N/A"
+        }
+
+        $details = if ($allBlocked) {
+            "All shared mailboxes have sign-in blocked."
+        }
+        else {
+            "Enabled Mailboxes: $($enabledMailboxes -join ', ')"
+        }
+
+        # Create and populate the CISAuditResult object
         $auditResult = [CISAuditResult]::new()
         $auditResult.CISControlVer = "v8"
-        $auditResult.CISControl = "0.0" # Control is explicitly not mapped
+        $auditResult.CISControl = "0.0"  # Control is explicitly not mapped
         $auditResult.CISDescription = "Explicitly Not Mapped"
         $auditResult.Rec = "1.2.2"
         $auditResult.ELevel = "E3"
         $auditResult.ProfileLevel = "L1"
-        $auditResult.IG1 = $false # Control is not mapped, hence IG1 is false
-        $auditResult.IG2 = $false # Control is not mapped, hence IG2 is false
-        $auditResult.IG3 = $false # Control is not mapped, hence IG3 is false
+        $auditResult.IG1 = $false  # Control is not mapped, hence IG1 is false
+        $auditResult.IG2 = $false  # Control is not mapped, hence IG2 is false
+        $auditResult.IG3 = $false  # Control is not mapped, hence IG3 is false
         $auditResult.RecDescription = "Ensure sign-in to shared mailboxes is blocked"
         $auditResult.Result = $allBlocked
-        $auditResult.Details = "Enabled Mailboxes: $($enabledMailboxes -join ', ')"
-        $auditResult.FailureReason = if ($allBlocked) { "N/A" } else { "Some mailboxes have sign-in enabled: $($enabledMailboxes -join ', ')" }
+        $auditResult.Details = $details
+        $auditResult.FailureReason = $failureReasons
         $auditResult.Status = if ($allBlocked) { "Pass" } else { "Fail" }
-
-        $auditResults += $auditResult
     }
 
     end {
-        # Return auditResults
-        return $auditResults
+        # Return the audit result
+        return $auditResult
     }
 }