add: Get-ExoOutput function and modified tests: '1.2.2', '1.3.3', '1.3.6', '2.1.1'
This commit is contained in:
DrIOS
@@ -30,7 +30,7 @@ function Test-BlockSharedMailboxSignIn {
|
||||
process {
|
||||
try {
|
||||
# Step: Retrieve shared mailbox details
|
||||
$MBX = Get-EXOMailbox -RecipientTypeDetails SharedMailbox
|
||||
$MBX = Get-ExoOutput -Rec $recnum
|
||||
|
||||
# Step: Retrieve details of shared mailboxes from Azure AD (Condition B: Pass/Fail)
|
||||
$sharedMailboxDetails = $MBX | ForEach-Object { Get-AzureADUser -ObjectId $_.ExternalDirectoryObjectId }
|
||||
|
||||
@@ -33,8 +33,7 @@ function Test-CustomerLockbox {
|
||||
process {
|
||||
try {
|
||||
# Step: Retrieve the organization configuration (Condition C: Pass/Fail)
|
||||
$orgConfig = Get-OrganizationConfig | Select-Object CustomerLockBoxEnabled
|
||||
$customerLockboxEnabled = $orgConfig.CustomerLockBoxEnabled
|
||||
$customerLockboxEnabled = Get-ExoOutput -Rec $recnum
|
||||
|
||||
# Step: Prepare failure reasons and details based on compliance (Condition A, B, & C: Fail)
|
||||
$failureReasons = if (-not $customerLockboxEnabled) {
|
||||
|
||||
@@ -31,7 +31,7 @@ function Test-ExternalSharingCalendars {
|
||||
process {
|
||||
try {
|
||||
# Step: Retrieve sharing policies related to calendar sharing
|
||||
$sharingPolicies = Get-SharingPolicy | Where-Object { $_.Domains -like '*CalendarSharing*' }
|
||||
$sharingPolicies = Get-ExoOutput -Rec $recnum
|
||||
|
||||
# Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies
|
||||
$isExternalSharingDisabled = $true
|
||||
|
||||
@@ -40,33 +40,12 @@ function Test-SafeLinksOfficeApps {
|
||||
}
|
||||
|
||||
process {
|
||||
if (Get-Command Get-SafeLinksPolicy -ErrorAction SilentlyContinue) {
|
||||
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
||||
# Retrieve all Safe Links policies
|
||||
$misconfiguredDetails = Get-ExoOutput -Rec $recnum
|
||||
# Misconfigured details returns 1 if EXO Commands needed for the test are not available
|
||||
if ($misconfiguredDetails -ne 1) {
|
||||
try {
|
||||
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
||||
# Retrieve all Safe Links policies
|
||||
$policies = Get-SafeLinksPolicy
|
||||
# Initialize the details collection
|
||||
$misconfiguredDetails = @()
|
||||
|
||||
foreach ($policy in $policies) {
|
||||
# Get the detailed configuration of each policy
|
||||
$policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
|
||||
|
||||
# Check each required property and record failures
|
||||
# Condition A: Checking policy settings
|
||||
$failures = @()
|
||||
if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" } # Email: On
|
||||
if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" } # Teams: On
|
||||
if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" } # Office 365 Apps: On
|
||||
if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" } # Click protection settings: On
|
||||
if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" } # Do not track when users click safe links: Off
|
||||
|
||||
# Only add details for policies that have misconfigurations
|
||||
if ($failures.Count -gt 0) {
|
||||
$misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
|
||||
}
|
||||
}
|
||||
|
||||
# Prepare the final result
|
||||
# Condition B: Ensuring no misconfigurations
|
||||
$result = $misconfiguredDetails.Count -eq 0
|
||||
|
||||
Reference in New Issue
Block a user