From 917833b186c52066b681772406a85328c61c11f7 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Sun, 23 Jun 2024 15:27:25 -0500 Subject: [PATCH] add: Get-CISMSTeamsOutput function and updated respective tests --- source/Private/Get-CISMSTeamsOutput.ps1 | 296 ++++++++++++++++-- source/tests/Test-BlockChannelEmails.ps1 | 2 +- source/tests/Test-DialInBypassLobby.ps1 | 2 +- source/tests/Test-ExternalNoControl.ps1 | 3 +- source/tests/Test-MeetingChatNoAnonymous.ps1 | 2 +- source/tests/Test-NoAnonymousMeetingJoin.ps1 | 2 +- source/tests/Test-NoAnonymousMeetingStart.ps1 | 2 +- source/tests/Test-OrgOnlyBypassLobby.ps1 | 2 +- source/tests/Test-OrganizersPresent.ps1 | 2 +- source/tests/Test-ReportSecurityInTeams.ps1 | 2 +- source/tests/Test-TeamsExternalAccess.ps1 | 4 +- .../tests/Test-TeamsExternalFileSharing.ps1 | 3 +- 12 files changed, 283 insertions(+), 39 deletions(-) diff --git a/source/Private/Get-CISMSTeamsOutput.ps1 b/source/Private/Get-CISMSTeamsOutput.ps1 index 70c28a6..79768fe 100644 --- a/source/Private/Get-CISMSTeamsOutput.ps1 +++ b/source/Private/Get-CISMSTeamsOutput.ps1 @@ -1,32 +1,278 @@ -function Get-CISMSTeamsOutput -{ - <# - .SYNOPSIS - This is a sample Private function only visible within the module. - - .DESCRIPTION - This sample function is not exported to the module and only return the data passed as parameter. - - .EXAMPLE - $null = Get-MSTeamsOutput -PrivateData 'NOTHING TO SEE HERE' - - .PARAMETER PrivateData - The PrivateData parameter is what will be returned without transformation. - - #> +<# + .SYNOPSIS + This is a sample Private function only visible within the module. + .DESCRIPTION + This sample function is not exported to the module and only return the data passed as parameter. + .EXAMPLE + $null = Get-CISMSTeamsOutput -PrivateData 'NOTHING TO SEE HERE' + .PARAMETER PrivateData + The PrivateData parameter is what will be returned without transformation. +#> +function Get-CISMSTeamsOutput { [cmdletBinding()] [OutputType([string])] - param - ( - [Parameter()] + param( + [Parameter(Mandatory = $true)] [String] - $PrivateData + $Rec ) - - process - { - Write-Output $PrivateData + begin { + # Begin Block # + <# + # Tests + 8.1.1 + 8.1.2 + 8.2.1 + 8.5.1 + 8.5.2 + 8.5.3 + 8.5.4 + 8.5.5 + 8.5.6 + 8.5.7 + 8.6.1 + # Test number array + $testNumbers = @('8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', '8.5.7', '8.6.1') + #> } + process { + switch ($Rec) { + '8.1.1' { + # Test-TeamsExternalFileSharing.ps1 + # 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services + # Connect to Teams PowerShell using Connect-MicrosoftTeams -} + # Condition A: The `AllowDropbox` setting is set to `False`. + # Condition B: The `AllowBox` setting is set to `False`. + # Condition C: The `AllowGoogleDrive` setting is set to `False`. + # Condition D: The `AllowShareFile` setting is set to `False`. + # Condition E: The `AllowEgnyte` setting is set to `False`. + + # Assuming that 'approvedProviders' is a list of approved cloud storage service names + # This list must be defined according to your organization's approved cloud storage services + $clientConfig = Get-CsTeamsClientConfiguration + return $clientConfig + } + '8.1.2' { + # Test-BlockChannelEmails.ps1 + # 8.1.2 (L1) Ensure users can't send emails to a channel email address + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: The `AllowEmailIntoChannel` setting in Teams is set to `False`. + # - Condition B: The setting `Users can send emails to a channel email address` is set to `Off` in the Teams admin center. + # - Condition C: Verification using PowerShell confirms that the `AllowEmailIntoChannel` setting is disabled. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: The `AllowEmailIntoChannel` setting in Teams is not set to `False`. + # - Condition B: The setting `Users can send emails to a channel email address` is not set to `Off` in the Teams admin center. + # - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled. + + # Retrieve Teams client configuration + $teamsClientConfig = Get-CsTeamsClientConfiguration -Identity Global + return $teamsClientConfig + } + '8.2.1' { + # Test-TeamsExternalAccess.ps1 + # 8.2.1 (L1) Ensure 'external access' is restricted in the Teams admin center + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: The `AllowTeamsConsumer` setting is `False`. + # - Condition B: The `AllowPublicUsers` setting is `False`. + # - Condition C: The `AllowFederatedUsers` setting is `False` or, if `True`, the `AllowedDomains` contains only authorized domain names. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: The `AllowTeamsConsumer` setting is not `False`. + # - Condition B: The `AllowPublicUsers` setting is not `False`. + # - Condition C: The `AllowFederatedUsers` setting is `True` and the `AllowedDomains` contains unauthorized domain names or is not configured correctly. + + # Connect to Teams PowerShell using Connect-MicrosoftTeams + + $externalAccessConfig = Get-CsTenantFederationConfiguration + return $externalAccessConfig + } + '8.5.1' { + # Test-NoAnonymousMeetingJoin.ps1 + # 8.5.1 (L2) Ensure anonymous users can't join a meeting + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: `AllowAnonymousUsersToJoinMeeting` is set to `False`. + # - Condition B: Verification using the UI confirms that `Anonymous users can join a meeting` is set to `Off` in the Global meeting policy. + # - Condition C: PowerShell command output indicates that anonymous users are not allowed to join meetings. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: `AllowAnonymousUsersToJoinMeeting` is not set to `False`. + # - Condition B: Verification using the UI shows that `Anonymous users can join a meeting` is not set to `Off` in the Global meeting policy. + # - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings. + + # Connect to Teams PowerShell using Connect-MicrosoftTeams + + $teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global + return $teamsMeetingPolicy + } + '8.5.2' { + # Test-NoAnonymousMeetingStart.ps1 + # 8.5.2 (L1) Ensure anonymous users and dial-in callers can't start a meeting + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: The `AllowAnonymousUsersToStartMeeting` setting in the Teams admin center is set to `False`. + # - Condition B: The setting for anonymous users and dial-in callers starting a meeting is configured to ensure they must wait in the lobby. + # - Condition C: Verification using the UI confirms that the setting `Anonymous users and dial-in callers can start a meeting` is set to `Off`. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: The `AllowAnonymousUsersToStartMeeting` setting in the Teams admin center is not set to `False`. + # - Condition B: The setting for anonymous users and dial-in callers starting a meeting allows them to bypass the lobby. + # - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`. + + # Connect to Teams PowerShell using Connect-MicrosoftTeams + + # Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings + $CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting + return $CsTeamsMeetingPolicyAnonymous + } + '8.5.3' { + # Test-OrgOnlyBypassLobby.ps1 + # 8.5.3 (L1) Ensure only people in my org can bypass the lobby + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is set to `EveryoneInCompanyExcludingGuests`. + # - Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI. + # - Condition C: Verification using the Microsoft Teams admin center confirms that the meeting join & lobby settings are configured as recommended. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`. + # - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI. + # - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended. + + # Connect to Teams PowerShell using Connect-MicrosoftTeams + + # Retrieve the Teams meeting policy for lobby bypass settings + $CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers + return $CsTeamsMeetingPolicyLobby + } + '8.5.4' { + # Test-DialInBypassLobby.ps1 + # 8.5.4 (L1) Ensure users dialing in can't bypass the lobby + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: The `AllowPSTNUsersToBypassLobby` setting in the Global Teams meeting policy is set to `False`. + # - Condition B: Verification using the UI in the Microsoft Teams admin center confirms that "People dialing in can't bypass the lobby" is set to `Off`. + # - Condition C: Ensure that individuals who dial in by phone must wait in the lobby until admitted by a meeting organizer, co-organizer, or presenter. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: The `AllowPSTNUsersToBypassLobby` setting in the Global Teams meeting policy is not set to `False`. + # - Condition B: Verification using the UI in the Microsoft Teams admin center shows that "People dialing in can't bypass the lobby" is not set to `Off`. + # - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby. + + # Retrieve Teams meeting policy for PSTN users + $CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby + return $CsTeamsMeetingPolicyPSTN + } + '8.5.5' { + # Test-MeetingChatNoAnonymous.ps1 + # 8.5.5 (L2) Ensure meeting chat does not allow anonymous users + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: The `MeetingChatEnabledType` setting in Teams is set to `EnabledExceptAnonymous`. + # - Condition B: The setting for meeting chat is configured to allow chat for everyone except anonymous users. + # - Condition C: Verification using the Teams Admin Center confirms that the meeting chat settings are configured as recommended. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: The `MeetingChatEnabledType` setting in Teams is not set to `EnabledExceptAnonymous`. + # - Condition B: The setting for meeting chat allows chat for anonymous users. + # - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended. + + # Retrieve the Teams meeting policy for meeting chat + $CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType + return $CsTeamsMeetingPolicyChat + } + '8.5.6' { + # Test-OrganizersPresent.ps1 + # 8.5.6 (L2) Ensure only organizers and co-organizers can present + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is set to `OrganizerOnlyUserOverride`. + # - Condition B: Verification using the Teams admin center confirms that the setting "Who can present" is configured to "Only organizers and co-organizers". + # - Condition C: Verification using PowerShell confirms that the `DesignatedPresenterRoleMode` is set to `OrganizerOnlyUserOverride`. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is not set to `OrganizerOnlyUserOverride`. + # - Condition B: Verification using the Teams admin center indicates that the setting "Who can present" is not configured to "Only organizers and co-organizers". + # - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`. + + # Retrieve the Teams meeting policy for presenters + $CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode + return $CsTeamsMeetingPolicyPresenters + } + '8.5.7' { + # Test-ExternalNoControl.ps1 + # 8.5.7 (L1) Ensure external participants can't give or request control + # + # Validate test for a pass: + # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. + # - Specific conditions to check: + # - Condition A: Ensure the `AllowExternalParticipantGiveRequestControl` setting in Teams is set to `False`. + # - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command. + # - Condition C: Verification using the UI confirms that external participants are unable to give or request control. + # + # Validate test for a fail: + # - Confirm that the failure conditions in the automated test are consistent with the manual audit results. + # - Specific conditions to check: + # - Condition A: The `AllowExternalParticipantGiveRequestControl` setting in Teams is not set to `False`. + # - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command. + # - Condition C: Verification using the UI indicates that external participants can give or request control. + + # Retrieve Teams meeting policy for external participant control + $CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl + return $CsTeamsMeetingPolicyControl + } + '8.6.1' { + # Test-ReportSecurityInTeams.ps1 + # 8.6.1 (L1) Ensure users can report security concerns in Teams + + # Retrieve the necessary settings for Teams and Exchange Online + # Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'. + $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting + return $CsTeamsMessagingPolicy + } + default { + Write-Output "No matching action found" + } + } + } + end { + Write-Verbose "Retuning data for Rec: $Rec" + } +} # end function Get-CISMSTeamsOutput diff --git a/source/tests/Test-BlockChannelEmails.ps1 b/source/tests/Test-BlockChannelEmails.ps1 index a6f2827..26f13dd 100644 --- a/source/tests/Test-BlockChannelEmails.ps1 +++ b/source/tests/Test-BlockChannelEmails.ps1 @@ -33,7 +33,7 @@ function Test-BlockChannelEmails { # - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled. # Retrieve Teams client configuration - $teamsClientConfig = Get-CsTeamsClientConfiguration -Identity Global + $teamsClientConfig = Get-CISMSTeamsOutput -Rec $recnum $allowEmailIntoChannel = $teamsClientConfig.AllowEmailIntoChannel # Prepare failure reasons and details based on compliance diff --git a/source/tests/Test-DialInBypassLobby.ps1 b/source/tests/Test-DialInBypassLobby.ps1 index 52f7afd..89bce50 100644 --- a/source/tests/Test-DialInBypassLobby.ps1 +++ b/source/tests/Test-DialInBypassLobby.ps1 @@ -33,7 +33,7 @@ function Test-DialInBypassLobby { # - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby. # Retrieve Teams meeting policy for PSTN users - $CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby + $CsTeamsMeetingPolicyPSTN = Get-CISMSTeamsOutput -Rec $recnum $PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby # Prepare failure reasons and details based on compliance diff --git a/source/tests/Test-ExternalNoControl.ps1 b/source/tests/Test-ExternalNoControl.ps1 index 462bb43..70a69fa 100644 --- a/source/tests/Test-ExternalNoControl.ps1 +++ b/source/tests/Test-ExternalNoControl.ps1 @@ -34,7 +34,8 @@ function Test-ExternalNoControl { # - Condition C: Verification using the UI indicates that external participants can give or request control. # Retrieve Teams meeting policy for external participant control - $CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl + $CsTeamsMeetingPolicyControl = Get-CISMSTeamsOutput -Rec $recnum + # Check if external participants can give or request control $externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl # Prepare failure reasons and details based on compliance diff --git a/source/tests/Test-MeetingChatNoAnonymous.ps1 b/source/tests/Test-MeetingChatNoAnonymous.ps1 index 25b9367..4420efc 100644 --- a/source/tests/Test-MeetingChatNoAnonymous.ps1 +++ b/source/tests/Test-MeetingChatNoAnonymous.ps1 @@ -32,7 +32,7 @@ function Test-MeetingChatNoAnonymous { # - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended. # Retrieve the Teams meeting policy for meeting chat - $CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType + $CsTeamsMeetingPolicyChat = Get-CISMSTeamsOutput -Rec $recnum # Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous' $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous' diff --git a/source/tests/Test-NoAnonymousMeetingJoin.ps1 b/source/tests/Test-NoAnonymousMeetingJoin.ps1 index e859a53..bad4009 100644 --- a/source/tests/Test-NoAnonymousMeetingJoin.ps1 +++ b/source/tests/Test-NoAnonymousMeetingJoin.ps1 @@ -33,7 +33,7 @@ function Test-NoAnonymousMeetingJoin { # Connect to Teams PowerShell using Connect-MicrosoftTeams - $teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global + $teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum $allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting # Prepare failure reasons and details based on compliance diff --git a/source/tests/Test-NoAnonymousMeetingStart.ps1 b/source/tests/Test-NoAnonymousMeetingStart.ps1 index 0a9b2dc..04498e0 100644 --- a/source/tests/Test-NoAnonymousMeetingStart.ps1 +++ b/source/tests/Test-NoAnonymousMeetingStart.ps1 @@ -34,7 +34,7 @@ function Test-NoAnonymousMeetingStart { # Connect to Teams PowerShell using Connect-MicrosoftTeams # Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings - $CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting + $CsTeamsMeetingPolicyAnonymous = Get-CISMSTeamsOutput -Rec $recnum $anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting # Prepare failure reasons and details based on compliance diff --git a/source/tests/Test-OrgOnlyBypassLobby.ps1 b/source/tests/Test-OrgOnlyBypassLobby.ps1 index b039c4d..104181e 100644 --- a/source/tests/Test-OrgOnlyBypassLobby.ps1 +++ b/source/tests/Test-OrgOnlyBypassLobby.ps1 @@ -34,7 +34,7 @@ function Test-OrgOnlyBypassLobby { # Connect to Teams PowerShell using Connect-MicrosoftTeams # Retrieve the Teams meeting policy for lobby bypass settings - $CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers + $CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $recnum $lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests' # Prepare failure reasons and details based on compliance diff --git a/source/tests/Test-OrganizersPresent.ps1 b/source/tests/Test-OrganizersPresent.ps1 index c57ad39..4a3be9f 100644 --- a/source/tests/Test-OrganizersPresent.ps1 +++ b/source/tests/Test-OrganizersPresent.ps1 @@ -32,7 +32,7 @@ function Test-OrganizersPresent { # - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`. # Retrieve the Teams meeting policy for presenters - $CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode + $CsTeamsMeetingPolicyPresenters = Get-CISMSTeamsOutput -Rec $recnum $presenterRoleRestricted = $CsTeamsMeetingPolicyPresenters.DesignatedPresenterRoleMode -eq 'OrganizerOnlyUserOverride' # Prepare failure reasons and details based on compliance diff --git a/source/tests/Test-ReportSecurityInTeams.ps1 b/source/tests/Test-ReportSecurityInTeams.ps1 index 94de4c6..c5c822a 100644 --- a/source/tests/Test-ReportSecurityInTeams.ps1 +++ b/source/tests/Test-ReportSecurityInTeams.ps1 @@ -21,7 +21,7 @@ function Test-ReportSecurityInTeams { # Retrieve the necessary settings for Teams and Exchange Online # Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'. - $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting + $CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $recnum # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal. # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses. $ReportSubmissionPolicy = Get-CISExoOutput -Rec $recnum diff --git a/source/tests/Test-TeamsExternalAccess.ps1 b/source/tests/Test-TeamsExternalAccess.ps1 index a6d4bbb..787720b 100644 --- a/source/tests/Test-TeamsExternalAccess.ps1 +++ b/source/tests/Test-TeamsExternalAccess.ps1 @@ -10,8 +10,6 @@ function Test-TeamsExternalAccess { # Dot source the class script if necessary # . .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - - $auditResult = [CISAuditResult]::new() $recnum = "8.2.1" } @@ -35,7 +33,7 @@ function Test-TeamsExternalAccess { # Connect to Teams PowerShell using Connect-MicrosoftTeams - $externalAccessConfig = Get-CsTenantFederationConfiguration + $externalAccessConfig = Get-CISMSTeamsOutput -Rec $recnum $allowedDomainsLimited = $false if ($externalAccessConfig.AllowFederatedUsers -and $externalAccessConfig.AllowedDomains -and $externalAccessConfig.AllowedDomains.AllowedDomain.Count -gt 0) { diff --git a/source/tests/Test-TeamsExternalFileSharing.ps1 b/source/tests/Test-TeamsExternalFileSharing.ps1 index 6502fa0..7f61ec1 100644 --- a/source/tests/Test-TeamsExternalFileSharing.ps1 +++ b/source/tests/Test-TeamsExternalFileSharing.ps1 @@ -26,9 +26,8 @@ function Test-TeamsExternalFileSharing { # Assuming that 'approvedProviders' is a list of approved cloud storage service names # This list must be defined according to your organization's approved cloud storage services + $clientConfig = Get-CISMSTeamsOutput -Rec $recnum $approvedProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte") - $clientConfig = Get-CsTeamsClientConfiguration - $isCompliant = $true $nonCompliantProviders = @()