From 381b8ebeb8a6d7ae80aaa155db016f2ce6eaa78e Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 23 Jun 2024 14:28:51 -0500 Subject: [PATCH] add: Get-ExoOutput function and updated tests --- source/Private/Get-ExoOutput.ps1 | 235 ++++++++++++++++-- source/tests/Test-AntiPhishingPolicy.ps1 | 2 +- source/tests/Test-AuditDisabledFalse.ps1 | 3 +- source/tests/Test-AuditLogSearch.ps1 | 4 +- source/tests/Test-BlockMailForwarding.ps1 | 6 +- source/tests/Test-CommonAttachmentFilter.ps1 | 3 +- source/tests/Test-EnableDKIM.ps1 | 2 +- source/tests/Test-IdentifyExternalEmail.ps1 | 2 +- source/tests/Test-MailTipsEnabled.ps1 | 2 +- source/tests/Test-MailboxAuditingE3.ps1 | 2 +- source/tests/Test-MailboxAuditingE5.ps1 | 2 +- .../tests/Test-ModernAuthExchangeOnline.ps1 | 4 +- source/tests/Test-NoWhitelistDomains.ps1 | 3 +- source/tests/Test-NotifyMalwareInternal.ps1 | 2 +- source/tests/Test-ReportSecurityInTeams.ps1 | 5 +- source/tests/Test-RestrictOutlookAddins.ps1 | 19 +- .../Test-RestrictStorageProvidersOutlook.ps1 | 2 +- source/tests/Test-SafeAttachmentsPolicy.ps1 | 5 +- source/tests/Test-SafeAttachmentsTeams.ps1 | 13 +- source/tests/Test-SpamPolicyAdminNotify.ps1 | 2 +- 20 files changed, 239 insertions(+), 79 deletions(-) diff --git a/source/Private/Get-ExoOutput.ps1 b/source/Private/Get-ExoOutput.ps1 index 6300f3b..224e5eb 100644 --- a/source/Private/Get-ExoOutput.ps1 +++ b/source/Private/Get-ExoOutput.ps1 @@ -23,6 +23,33 @@ function Get-ExoOutput { begin { # Begin Block # + <# + 1.2.2 + 1.3.3 + 1.3.6 + 2.1.1 + 2.1.2 + 2.1.3 + 2.1.4 + 2.1.5 + 2.1.6 + 2.1.7 + 2.1.9 + 3.1.1 + 6.1.1 + 6.1.2 + 6.1.3 + 6.2.1 + 6.2.2 + 6.2.3 + 6.3.1 + 6.5.1 + 6.5.2 + 6.5.3 + 8.6.1 + + $testNumbers = @('1.2.2', '1.3.3', '1.3.6', '2.1.1', '2.1.2', '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '8.6.1') + #> } process { switch ($Rec) { @@ -94,25 +121,195 @@ function Get-ExoOutput { # [bool] return $result } - '2.1.3' { Write-Output "Matched 2.1.3" } - '2.1.4' { Write-Output "Matched 2.1.4" } - '2.1.5' { Write-Output "Matched 2.1.5" } - '2.1.6' { Write-Output "Matched 2.1.6" } - '2.1.7' { Write-Output "Matched 2.1.7" } - '2.1.9' { Write-Output "Matched 2.1.9" } - '3.1.1' { Write-Output "Matched 3.1.1" } - '6.1.1' { Write-Output "Matched 6.1.1" } - '6.1.2' { Write-Output "Matched 6.1.2" } - '6.1.3' { Write-Output "Matched 6.1.3" } - '6.2.1' { Write-Output "Matched 6.2.1" } - '6.2.2' { Write-Output "Matched 6.2.2" } - '6.2.3' { Write-Output "Matched 6.2.3" } - '6.3.1' { Write-Output "Matched 6.3.1" } - '6.5.1' { Write-Output "Matched 6.5.1" } - '6.5.2' { Write-Output "Matched 6.5.2" } - '6.5.3' { Write-Output "Matched 6.5.3" } - '8.6.1' { Write-Output "Matched 8.6.1" } - default { Write-Output "No match found" } + '2.1.3' { + # Test-NotifyMalwareInternal.ps1 + # 2.1.3 Ensure notifications for internal users sending malware is Enabled + + # Retrieve all 'Custom' malware filter policies and check notification settings + $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' } + # [object[]] + return $malwareNotifications + } + '2.1.4' { + # Test-SafeAttachmentsPolicy.ps1 + if (Get-Command Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue) { + # Retrieve all Safe Attachment policies where Enable is set to True + # Check if ErrorAction needed below + $safeAttachmentPolicies = Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue | Where-Object { $_.Enable -eq $true } + # [object[]] + return $safeAttachmentPolicies + else { + return 1 + } + } + } + '2.1.5' { + # Test-SafeAttachmentsTeams.ps1 + if (Get-Command Get-AtpPolicyForO365 -ErrorAction SilentlyContinue) { + # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled + # Retrieve the ATP policies for Office 365 and check Safe Attachments settings + $atpPolicies = Get-AtpPolicyForO365 + # Check if the required ATP policies are enabled + $atpPolicyResult = $atpPolicies | Where-Object { + $_.EnableATPForSPOTeamsODB -eq $true -and + $_.EnableSafeDocs -eq $true -and + $_.AllowSafeDocsOpen -eq $false + } + # [psobject[]] + return $atpPolicyResult + } + else { + return 1 + } + } + '2.1.6' { + # Test-SpamPolicyAdminNotify.ps1 + # Retrieve the default hosted outbound spam filter policy + $hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true } + return $hostedOutboundSpamFilterPolicy + + } + '2.1.7' { + # Test-AntiPhishingPolicy.ps1 + # Condition A: Ensure that an anti-phishing policy has been created + $antiPhishPolicies = Get-AntiPhishPolicy + return $antiPhishPolicies + } + '2.1.9' { + # Test-EnableDKIM.ps1 + # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains + + # Retrieve DKIM configuration for all domains + $dkimConfig = Get-DkimSigningConfig | Select-Object Domain, Enabled + # [object[]] + return $dkimConfig + } + '3.1.1' { + # Test-AuditLogSearch.ps1 + # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled + + # Retrieve the audit log configuration + $auditLogConfig = Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled + # + $auditLogResult = $auditLogConfig.UnifiedAuditLogIngestionEnabled + # [bool] + return $auditLogResult + } + '6.1.1' { + # Test-AuditDisabledFalse.ps1 + # 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False' + + # Retrieve the AuditDisabled configuration (Condition B) + $auditDisabledConfig = Get-OrganizationConfig | Select-Object AuditDisabled + # [bool] + $auditNotDisabled = -not $auditDisabledConfig.AuditDisabled + return $auditNotDisabled + } + '6.1.2' { + # Test-MailboxAuditingE3.ps1 + $mailboxes = Get-EXOMailbox -PropertySets Audit + # [object[]] + return $mailboxes + } + '6.1.3' { + # Test-MailboxAuditingE5.ps1 + $mailboxes = Get-EXOMailbox -PropertySets Audit + # [object[]] + return $mailboxes + } + '6.2.1' { + # Test-BlockMailForwarding.ps1 + # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled + # Step 1: Retrieve the transport rules that redirect messages + $transportRules = Get-TransportRule | Where-Object { $null -ne $_.RedirectMessageTo } + if ($null -eq $transportRules) { + $transportRules = 1 + } + # Step 2: Check all anti-spam outbound policies + $outboundSpamPolicies = Get-HostedOutboundSpamFilterPolicy + $nonCompliantSpamPolicies = $outboundSpamPolicies | Where-Object { $_.AutoForwardingMode -ne 'Off' } + return $transportRules, $nonCompliantSpamPolicies + + } + '6.2.2' { + # Test-NoWhitelistDomains.ps1 + # 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains + + # Retrieve transport rules that whitelist specific domains + # Condition A: Checking for transport rules that whitelist specific domains + # [object[]] + $whitelistedRules = Get-TransportRule | Where-Object { $_.SetSCL -eq -1 -and $null -ne $_.SenderDomainIs } + return $whitelistedRules + } + '6.2.3' { + # Test-IdentifyExternalEmail.ps1 + # 6.2.3 (L1) Ensure email from external senders is identified + + # Retrieve external sender tagging configuration + # [object[]] + $externalInOutlook = Get-ExternalInOutlook + return $externalInOutlook + } + '6.3.1' { + # Test-RestrictOutlookAddins.ps1 + # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed + $customPolicyFailures = @() + # Check all mailboxes for custom policies with unallowed add-ins + $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy + + if ($roleAssignmentPolicies.RoleAssignmentPolicy) { + foreach ($policy in $roleAssignmentPolicies) { + if ($policy.RoleAssignmentPolicy) { + $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy + $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles } + + # Condition B: Using PowerShell, verify that MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are not assigned to users. + if ($foundRoles) { + $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')" + } + } + } + } + # Check Default Role Assignment Policy + $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy" + return $customPolicyFailures, $defaultPolicy + } + '6.5.1' { + # Test-ModernAuthExchangeOnline.ps1 + # Ensuring the ExchangeOnlineManagement module is available + # 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled + + # Check modern authentication setting in Exchange Online configuration (Condition A and B) + $orgConfig = Get-OrganizationConfig | Select-Object -Property Name, OAuth2ClientProfileEnabled + return $orgConfig + } + '6.5.2' { + # Test-MailTipsEnabled.ps1 + # 6.5.2 (L2) Ensure MailTips are enabled for end users + # Retrieve organization configuration for MailTips settings + # [object] + $orgConfig = Get-OrganizationConfig | Select-Object MailTipsAllTipsEnabled, MailTipsExternalRecipientsTipsEnabled, MailTipsGroupMetricsEnabled, MailTipsLargeAudienceThreshold + return $orgConfig + } + '6.5.3' { + # Test-RestrictStorageProvidersOutlook.ps1 + # 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web + # Retrieve all OwaMailbox policies + # [object[]] + $owaPolicies = Get-OwaMailboxPolicy + return $owaPolicies + } + '8.6.1' { + # Test-ReportSecurityInTeams.ps1 + # 8.6.1 (L1) Ensure users can report security concerns in Teams + + # Retrieve the necessary settings for Teams and Exchange Online + # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal. + # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses. + $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportChatMessageToCustomizedAddressEnabled + return $ReportSubmissionPolicy + } + default { throw "No match found for test: $Rec" } } } end { diff --git a/source/tests/Test-AntiPhishingPolicy.ps1 b/source/tests/Test-AntiPhishingPolicy.ps1 index 24cb320..843bc12 100644 --- a/source/tests/Test-AntiPhishingPolicy.ps1 +++ b/source/tests/Test-AntiPhishingPolicy.ps1 @@ -34,7 +34,7 @@ function Test-AntiPhishingPolicy { try { # Condition A: Ensure that an anti-phishing policy has been created - $antiPhishPolicies = Get-AntiPhishPolicy + $antiPhishPolicies = Get-ExoOutput -Rec $recnum # Condition B: Verify the anti-phishing policy settings using PowerShell $validatedPolicies = $antiPhishPolicies | Where-Object { diff --git a/source/tests/Test-AuditDisabledFalse.ps1 b/source/tests/Test-AuditDisabledFalse.ps1 index 263e929..edd7f11 100644 --- a/source/tests/Test-AuditDisabledFalse.ps1 +++ b/source/tests/Test-AuditDisabledFalse.ps1 @@ -35,8 +35,7 @@ function Test-AuditDisabledFalse { # 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False' # Retrieve the AuditDisabled configuration (Condition B) - $auditDisabledConfig = Get-OrganizationConfig | Select-Object AuditDisabled - $auditNotDisabled = -not $auditDisabledConfig.AuditDisabled + $auditNotDisabled = Get-ExoOutput -Rec $recnum # Prepare failure reasons and details based on compliance $failureReasons = if (-not $auditNotDisabled) { diff --git a/source/tests/Test-AuditLogSearch.ps1 b/source/tests/Test-AuditLogSearch.ps1 index 90e828e..578138b 100644 --- a/source/tests/Test-AuditLogSearch.ps1 +++ b/source/tests/Test-AuditLogSearch.ps1 @@ -36,9 +36,7 @@ function Test-AuditLogSearch { try { # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled - # Retrieve the audit log configuration - $auditLogConfig = Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled - $auditLogResult = $auditLogConfig.UnifiedAuditLogIngestionEnabled + $auditLogResult = Get-ExoOutput -Rec $recnum # Prepare failure reasons and details based on compliance $failureReasons = if (-not $auditLogResult) { diff --git a/source/tests/Test-BlockMailForwarding.ps1 b/source/tests/Test-BlockMailForwarding.ps1 index 4dab7a9..d9de8f6 100644 --- a/source/tests/Test-BlockMailForwarding.ps1 +++ b/source/tests/Test-BlockMailForwarding.ps1 @@ -35,12 +35,10 @@ function Test-BlockMailForwarding { # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled # Step 1: Retrieve the transport rules that redirect messages - $transportRules = Get-TransportRule | Where-Object { $null -ne $_.RedirectMessageTo } + $transportRules,$nonCompliantSpamPolicies = Get-ExoOutput -Rec $recnum $transportForwardingBlocked = $transportRules.Count -eq 0 # Step 2: Check all anti-spam outbound policies - $outboundSpamPolicies = Get-HostedOutboundSpamFilterPolicy - $nonCompliantSpamPolicies = $outboundSpamPolicies | Where-Object { $_.AutoForwardingMode -ne 'Off' } $nonCompliantSpamPoliciesArray = @($nonCompliantSpamPolicies) $spamForwardingBlocked = $nonCompliantSpamPoliciesArray.Count -eq 0 @@ -51,7 +49,7 @@ function Test-BlockMailForwarding { $failureReasons = @() $details = @() - if ($transportRules.Count -gt 0) { + if ($transportRules -ne 1) { # Fail Condition A $failureReasons += "Mail forwarding rules found: $($transportRules.Name -join ', ')" $details += "Transport Rules Details:`nRule Name|Redirects To" diff --git a/source/tests/Test-CommonAttachmentFilter.ps1 b/source/tests/Test-CommonAttachmentFilter.ps1 index 0384880..0840121 100644 --- a/source/tests/Test-CommonAttachmentFilter.ps1 +++ b/source/tests/Test-CommonAttachmentFilter.ps1 @@ -38,8 +38,7 @@ function Test-CommonAttachmentFilter { # Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`. # Retrieve the attachment filter policy - $attachmentFilter = Get-MalwareFilterPolicy -Identity Default | Select-Object EnableFileFilter - $result = $attachmentFilter.EnableFileFilter + $result = Get-ExoOutput -Rec $recnum # Prepare failure reasons and details based on compliance $failureReasons = if (-not $result) { diff --git a/source/tests/Test-EnableDKIM.ps1 b/source/tests/Test-EnableDKIM.ps1 index e686dd7..7c55c4a 100644 --- a/source/tests/Test-EnableDKIM.ps1 +++ b/source/tests/Test-EnableDKIM.ps1 @@ -36,7 +36,7 @@ function Test-EnableDKIM { # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains # Retrieve DKIM configuration for all domains - $dkimConfig = Get-DkimSigningConfig | Select-Object Domain, Enabled + $dkimConfig = Get-ExoOutput -Rec $recnum $dkimResult = ($dkimConfig | ForEach-Object { $_.Enabled }) -notcontains $false $dkimFailedDomains = $dkimConfig | Where-Object { -not $_.Enabled } | ForEach-Object { $_.Domain } diff --git a/source/tests/Test-IdentifyExternalEmail.ps1 b/source/tests/Test-IdentifyExternalEmail.ps1 index 21f96ca..b8920ec 100644 --- a/source/tests/Test-IdentifyExternalEmail.ps1 +++ b/source/tests/Test-IdentifyExternalEmail.ps1 @@ -36,7 +36,7 @@ function Test-IdentifyExternalEmail { # 6.2.3 (L1) Ensure email from external senders is identified # Retrieve external sender tagging configuration - $externalInOutlook = Get-ExternalInOutlook + $externalInOutlook = Get-ExoOutput -Rec $recnum $externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true # Prepare failure reasons and details based on compliance diff --git a/source/tests/Test-MailTipsEnabled.ps1 b/source/tests/Test-MailTipsEnabled.ps1 index 4869fe8..94197c0 100644 --- a/source/tests/Test-MailTipsEnabled.ps1 +++ b/source/tests/Test-MailTipsEnabled.ps1 @@ -38,7 +38,7 @@ function Test-MailTipsEnabled { # 6.5.2 (L2) Ensure MailTips are enabled for end users # Retrieve organization configuration for MailTips settings - $orgConfig = Get-OrganizationConfig | Select-Object MailTipsAllTipsEnabled, MailTipsExternalRecipientsTipsEnabled, MailTipsGroupMetricsEnabled, MailTipsLargeAudienceThreshold + $orgConfig = Get-ExoOutput -Rec $recnum # Check the MailTips settings (Conditions A, B, C, D) $allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25 diff --git a/source/tests/Test-MailboxAuditingE3.ps1 b/source/tests/Test-MailboxAuditingE3.ps1 index 33be83f..ba8198c 100644 --- a/source/tests/Test-MailboxAuditingE3.ps1 +++ b/source/tests/Test-MailboxAuditingE3.ps1 @@ -45,7 +45,7 @@ function Test-MailboxAuditingE3 { process { if ($null -ne $allUsers) { - $mailboxes = Get-EXOMailbox -PropertySets Audit + $mailboxes = Get-ExoOutput -Rec $recnum try { foreach ($user in $allUsers) { if ($processedUsers.ContainsKey($user.UserPrincipalName)) { diff --git a/source/tests/Test-MailboxAuditingE5.ps1 b/source/tests/Test-MailboxAuditingE5.ps1 index 24adda4..6c218e0 100644 --- a/source/tests/Test-MailboxAuditingE5.ps1 +++ b/source/tests/Test-MailboxAuditingE5.ps1 @@ -40,7 +40,7 @@ function Test-MailboxAuditingE5 { process { if ($null -ne $allUsers) { - $mailboxes = Get-EXOMailbox -PropertySets Audit + $mailboxes = Get-ExoOutput -Rec $recnum try { foreach ($user in $allUsers) { if ($processedUsers.ContainsKey($user.UserPrincipalName)) { diff --git a/source/tests/Test-ModernAuthExchangeOnline.ps1 b/source/tests/Test-ModernAuthExchangeOnline.ps1 index e856abf..f9bac64 100644 --- a/source/tests/Test-ModernAuthExchangeOnline.ps1 +++ b/source/tests/Test-ModernAuthExchangeOnline.ps1 @@ -31,12 +31,10 @@ function Test-ModernAuthExchangeOnline { process { try { - # Ensuring the ExchangeOnlineManagement module is available - # 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled # Check modern authentication setting in Exchange Online configuration (Condition A and B) - $orgConfig = Get-OrganizationConfig | Select-Object -Property Name, OAuth2ClientProfileEnabled + $orgConfig = Get-ExoOutput -Rec $recnum # Prepare failure reasons and details based on compliance $failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) { diff --git a/source/tests/Test-NoWhitelistDomains.ps1 b/source/tests/Test-NoWhitelistDomains.ps1 index b9c6d0b..37441bb 100644 --- a/source/tests/Test-NoWhitelistDomains.ps1 +++ b/source/tests/Test-NoWhitelistDomains.ps1 @@ -38,8 +38,7 @@ function Test-NoWhitelistDomains { # Retrieve transport rules that whitelist specific domains # Condition A: Checking for transport rules that whitelist specific domains - $whitelistedRules = Get-TransportRule | Where-Object { $_.SetSCL -eq -1 -and $null -ne $_.SenderDomainIs } - + $whitelistedRules = Get-ExoOutput -Rec $recnum # Prepare failure reasons and details based on compliance # Condition B: Prepare failure reasons based on the presence of whitelisted rules $failureReasons = if ($whitelistedRules) { diff --git a/source/tests/Test-NotifyMalwareInternal.ps1 b/source/tests/Test-NotifyMalwareInternal.ps1 index 6c15c9a..f2a17f3 100644 --- a/source/tests/Test-NotifyMalwareInternal.ps1 +++ b/source/tests/Test-NotifyMalwareInternal.ps1 @@ -34,7 +34,7 @@ function Test-NotifyMalwareInternal { # 2.1.3 Ensure notifications for internal users sending malware is Enabled # Retrieve all 'Custom' malware filter policies and check notification settings - $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' } + $malwareNotifications = Get-ExoOutput -Rec $recnum # Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications. $policiesToReport = @() diff --git a/source/tests/Test-ReportSecurityInTeams.ps1 b/source/tests/Test-ReportSecurityInTeams.ps1 index 23b1c47..1b27dd7 100644 --- a/source/tests/Test-ReportSecurityInTeams.ps1 +++ b/source/tests/Test-ReportSecurityInTeams.ps1 @@ -16,16 +16,15 @@ function Test-ReportSecurityInTeams { process { try { + # Test-ReportSecurityInTeams.ps1 # 8.6.1 (L1) Ensure users can report security concerns in Teams # Retrieve the necessary settings for Teams and Exchange Online # Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'. $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting - # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal. # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses. - $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportChatMessageToCustomizedAddressEnabled - + $ReportSubmissionPolicy = Get-ExoOutput -Rec $recnum # Check if all the required settings are enabled $securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and diff --git a/source/tests/Test-RestrictOutlookAddins.ps1 b/source/tests/Test-RestrictOutlookAddins.ps1 index 6b6eb20..a4537ca 100644 --- a/source/tests/Test-RestrictOutlookAddins.ps1 +++ b/source/tests/Test-RestrictOutlookAddins.ps1 @@ -11,7 +11,6 @@ function Test-RestrictOutlookAddins { #. .\source\Classes\CISAuditResult.ps1 # Initialization code - $customPolicyFailures = @() $defaultPolicyFailureDetails = @() $relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps') $recnum = "6.3.1" @@ -36,24 +35,8 @@ function Test-RestrictOutlookAddins { # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed # Check all mailboxes for custom policies with unallowed add-ins - $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy - - if ($roleAssignmentPolicies.RoleAssignmentPolicy) { - foreach ($policy in $roleAssignmentPolicies) { - if ($policy.RoleAssignmentPolicy) { - $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy - $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles } - - # Condition B: Using PowerShell, verify that MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are not assigned to users. - if ($foundRoles) { - $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')" - } - } - } - } - # Check Default Role Assignment Policy - $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy" + $customPolicyFailures, $defaultPolicy = Get-ExoOutput -Rec $recnum $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles } # Condition A: Verify that the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are unchecked under Other roles. diff --git a/source/tests/Test-RestrictStorageProvidersOutlook.ps1 b/source/tests/Test-RestrictStorageProvidersOutlook.ps1 index 820796d..a5f310a 100644 --- a/source/tests/Test-RestrictStorageProvidersOutlook.ps1 +++ b/source/tests/Test-RestrictStorageProvidersOutlook.ps1 @@ -34,7 +34,7 @@ function Test-RestrictStorageProvidersOutlook { # 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web # Retrieve all OwaMailbox policies - $owaPolicies = Get-OwaMailboxPolicy + $owaPolicies = Get-ExoOutput -Rec $recnum # Condition A: Check if AdditionalStorageProvidersAvailable is set to False $nonCompliantPolicies = $owaPolicies | Where-Object { $_.AdditionalStorageProvidersAvailable } diff --git a/source/tests/Test-SafeAttachmentsPolicy.ps1 b/source/tests/Test-SafeAttachmentsPolicy.ps1 index be2faf4..fa22622 100644 --- a/source/tests/Test-SafeAttachmentsPolicy.ps1 +++ b/source/tests/Test-SafeAttachmentsPolicy.ps1 @@ -28,10 +28,9 @@ function Test-SafeAttachmentsPolicy { } process { - if (Get-Command Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue) { + $safeAttachmentPolicies = Get-ExoOutput -Rec $recnum + if ($safeAttachmentPolicies -ne 1) { try { - # Retrieve all Safe Attachment policies where Enable is set to True - $safeAttachmentPolicies = Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue | Where-Object { $_.Enable -eq $true } # Check if any Safe Attachments policy is enabled (Condition A) $result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0 diff --git a/source/tests/Test-SafeAttachmentsTeams.ps1 b/source/tests/Test-SafeAttachmentsTeams.ps1 index ceb7547..123cdbb 100644 --- a/source/tests/Test-SafeAttachmentsTeams.ps1 +++ b/source/tests/Test-SafeAttachmentsTeams.ps1 @@ -31,18 +31,9 @@ function Test-SafeAttachmentsTeams { } process { - if (Get-Command Get-AtpPolicyForO365 -ErrorAction SilentlyContinue) { + $atpPolicyResult = Get-ExoOutput -Rec $recnum + if ($atpPolicyResult -ne 1) { try { - # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled - # Retrieve the ATP policies for Office 365 and check Safe Attachments settings - $atpPolicies = Get-AtpPolicyForO365 - # Check if the required ATP policies are enabled - $atpPolicyResult = $atpPolicies | Where-Object { - $_.EnableATPForSPOTeamsODB -eq $true -and - $_.EnableSafeDocs -eq $true -and - $_.AllowSafeDocsOpen -eq $false - } - # Condition A: Check Safe Attachments for SharePoint # Condition B: Check Safe Attachments for OneDrive # Condition C: Check Safe Attachments for Microsoft Teams diff --git a/source/tests/Test-SpamPolicyAdminNotify.ps1 b/source/tests/Test-SpamPolicyAdminNotify.ps1 index 314d6fd..81116fa 100644 --- a/source/tests/Test-SpamPolicyAdminNotify.ps1 +++ b/source/tests/Test-SpamPolicyAdminNotify.ps1 @@ -38,7 +38,7 @@ function Test-SpamPolicyAdminNotify { # 2.1.6 Ensure Exchange Online Spam Policies are set to notify administrators # Retrieve the default hosted outbound spam filter policy - $hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true } + $hostedOutboundSpamFilterPolicy = Get-ExoOutput -Rec $recnum # Check if both settings are enabled (Condition A and Condition B for pass) $bccSuspiciousOutboundMailEnabled = $hostedOutboundSpamFilterPolicy.BccSuspiciousOutboundMail