fix: 7.2.10 aligned with test-template
This commit is contained in:
DrIOS
@@ -1,37 +1,49 @@
|
|||||||
function Test-ReauthWithCode {
|
function Test-ReauthWithCode {
|
||||||
[CmdletBinding()]
|
[CmdletBinding()]
|
||||||
param (
|
param (
|
||||||
|
# Aligned
|
||||||
# Define your parameters here
|
# Define your parameters here
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Initialization code
|
# Dot source the class script if necessary
|
||||||
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
$auditResult = [CISAuditResult]::new()
|
# Initialization code, if needed
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
# 7.2.10 (L1) Ensure reauthentication with verification code is restricted
|
# 7.2.10 (L1) Ensure reauthentication with verification code is restricted
|
||||||
|
|
||||||
|
# Retrieve reauthentication settings for SharePoint Online
|
||||||
$SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays
|
$SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays
|
||||||
$isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15
|
$isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15
|
||||||
|
|
||||||
# Populate the auditResult object with the required properties
|
# Prepare failure reasons and details based on compliance
|
||||||
|
$failureReasons = if (-not $isReauthenticationRestricted) {
|
||||||
|
"Reauthentication with verification code does not require reauthentication within 15 days or less."
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
"N/A"
|
||||||
|
}
|
||||||
|
|
||||||
|
$details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)"
|
||||||
|
|
||||||
|
# Create and populate the CISAuditResult object
|
||||||
|
$auditResult = [CISAuditResult]::new()
|
||||||
|
$auditResult.Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" }
|
||||||
|
$auditResult.ELevel = "E3"
|
||||||
|
$auditResult.ProfileLevel = "L1"
|
||||||
|
$auditResult.Rec = "7.2.10"
|
||||||
|
$auditResult.RecDescription = "Ensure reauthentication with verification code is restricted"
|
||||||
$auditResult.CISControlVer = "v8"
|
$auditResult.CISControlVer = "v8"
|
||||||
$auditResult.CISControl = "0.0"
|
$auditResult.CISControl = "0.0"
|
||||||
$auditResult.CISDescription = "Explicitly Not Mapped"
|
$auditResult.CISDescription = "Explicitly Not Mapped"
|
||||||
|
|
||||||
$auditResult.Rec = "7.2.10"
|
|
||||||
$auditResult.ELevel = "E3"
|
|
||||||
$auditResult.ProfileLevel = "L1"
|
|
||||||
$auditResult.IG1 = $false
|
$auditResult.IG1 = $false
|
||||||
$auditResult.IG2 = $false
|
$auditResult.IG2 = $false
|
||||||
$auditResult.IG3 = $false
|
$auditResult.IG3 = $false
|
||||||
$auditResult.RecDescription = "Ensure reauthentication with verification code is restricted"
|
|
||||||
|
|
||||||
$auditResult.Result = $isReauthenticationRestricted
|
$auditResult.Result = $isReauthenticationRestricted
|
||||||
$auditResult.Details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)"
|
$auditResult.Details = $details
|
||||||
$auditResult.FailureReason = if (-not $isReauthenticationRestricted) { "Reauthentication with verification code does not require reauthentication within 15 days or less." } else { "N/A" }
|
$auditResult.FailureReason = $failureReasons
|
||||||
$auditResult.Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
|
|||||||
Reference in New Issue
Block a user