vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 8.5.3 simplified output and added object comment

Browse Source
This commit is contained in:
DrIOS
2024-06-30 11:46:53 -05:00
parent 1d2fa9ea3a
commit 540fe11ce9
2 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
source/Private/Get-CISMSTeamsOutput.ps1
View File

@@ -164,7 +164,7 @@ function Get-CISMSTeamsOutput {
# - Condition B: The setting for anonymous users and dial-in callers starting a meeting allows them to bypass the lobby. # - Condition B: The setting for anonymous users and dial-in callers starting a meeting allows them to bypass the lobby.
# - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`. # - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`.
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
# $teamsMeetingPolicy Mock Object # $CsTeamsMeetingPolicyAnonymous Mock Object
<# <#
$CsTeamsMeetingPolicyAnonymous = [PSCustomObject]@{ $CsTeamsMeetingPolicyAnonymous = [PSCustomObject]@{
AllowAnonymousUsersToStartMeeting = $true AllowAnonymousUsersToStartMeeting = $true
@@ -191,10 +191,14 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`. # - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
# - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI. # - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI.
# - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended. # - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for lobby bypass settings # Retrieve the Teams meeting policy for lobby bypass settings
# $CsTeamsMeetingPolicyLobby Mock Object
<#
$CsTeamsMeetingPolicyLobby = [PSCustomObject]@{
AutoAdmittedUsers = "OrganizerOnly"
}
#>
$CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers $CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers
return $CsTeamsMeetingPolicyLobby return $CsTeamsMeetingPolicyLobby
} }

8
source/tests/Test-OrgOnlyBypassLobby.ps1
View File

@@ -30,28 +30,23 @@ function Test-OrgOnlyBypassLobby {
# - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`. # - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
# - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI. # - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI.
# - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended. # - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for lobby bypass settings # Retrieve the Teams meeting policy for lobby bypass settings
$CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $recnum $CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $recnum
$lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests' $lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests'
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance
$failureReasons = if (-not $lobbyBypassRestricted) { $failureReasons = if (-not $lobbyBypassRestricted) {
# Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended. # Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
"AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)" "AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)"
}else { }else {
"N/A" "N/A"
} }
$details = if ($lobbyBypassRestricted) { $details = if ($lobbyBypassRestricted) {
# Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI. # Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI.
"Only people in the organization can bypass the lobby." "Only people in the organization can bypass the lobby."
}else { }else {
# Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`. # Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
"External participants can bypass the lobby" "AutoAdmittedUsers is not set to EveryoneInCompanyExcludingGuests"
} }
# Create and populate the CISAuditResult object # Create and populate the CISAuditResult object
$params = @{ $params = @{
@@ -68,7 +63,6 @@ function Test-OrgOnlyBypassLobby {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum $auditResult = Get-TestError -LastError $LastError -recnum $recnum
} }
} }
end { end {
# Return the audit result # Return the audit result
return $auditResult return $auditResult