vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: Get-CISMSTeamsOutput function and updated respective tests

Browse Source
This commit is contained in:
DrIOS
2024-06-23 15:27:25 -05:00
parent a874836b8b
commit 917833b186
12 changed files with 283 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

296
source/Private/Get-CISMSTeamsOutput.ps1
View File

@@ -1,32 +1,278 @@
function Get-CISMSTeamsOutput <#
{ .SYNOPSIS
<# This is a sample Private function only visible within the module.
.SYNOPSIS .DESCRIPTION
This is a sample Private function only visible within the module. This sample function is not exported to the module and only return the data passed as parameter.
.EXAMPLE
.DESCRIPTION $null = Get-CISMSTeamsOutput -PrivateData 'NOTHING TO SEE HERE'
This sample function is not exported to the module and only return the data passed as parameter. .PARAMETER PrivateData
The PrivateData parameter is what will be returned without transformation.
.EXAMPLE #>
$null = Get-MSTeamsOutput -PrivateData 'NOTHING TO SEE HERE' function Get-CISMSTeamsOutput {
.PARAMETER PrivateData
The PrivateData parameter is what will be returned without transformation.
#>
[cmdletBinding()] [cmdletBinding()]
[OutputType([string])] [OutputType([string])]
param param(
( [Parameter(Mandatory = $true)]
[Parameter()]
[String] [String]
$PrivateData $Rec
) )
begin {
process # Begin Block #
{ <#
Write-Output $PrivateData # Tests
8.1.1
8.1.2
8.2.1
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
8.5.7
8.6.1
# Test number array
$testNumbers = @('8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', '8.5.7', '8.6.1')
#>
} }
process {
switch ($Rec) {
'8.1.1' {
# Test-TeamsExternalFileSharing.ps1
# 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
# Connect to Teams PowerShell using Connect-MicrosoftTeams
} # Condition A: The `AllowDropbox` setting is set to `False`.
# Condition B: The `AllowBox` setting is set to `False`.
# Condition C: The `AllowGoogleDrive` setting is set to `False`.
# Condition D: The `AllowShareFile` setting is set to `False`.
# Condition E: The `AllowEgnyte` setting is set to `False`.
# Assuming that 'approvedProviders' is a list of approved cloud storage service names
# This list must be defined according to your organization's approved cloud storage services
$clientConfig = Get-CsTeamsClientConfiguration
return $clientConfig
}
'8.1.2' {
# Test-BlockChannelEmails.ps1
# 8.1.2 (L1) Ensure users can't send emails to a channel email address
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: The `AllowEmailIntoChannel` setting in Teams is set to `False`.
# - Condition B: The setting `Users can send emails to a channel email address` is set to `Off` in the Teams admin center.
# - Condition C: Verification using PowerShell confirms that the `AllowEmailIntoChannel` setting is disabled.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `AllowEmailIntoChannel` setting in Teams is not set to `False`.
# - Condition B: The setting `Users can send emails to a channel email address` is not set to `Off` in the Teams admin center.
# - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled.
# Retrieve Teams client configuration
$teamsClientConfig = Get-CsTeamsClientConfiguration -Identity Global
return $teamsClientConfig
}
'8.2.1' {
# Test-TeamsExternalAccess.ps1
# 8.2.1 (L1) Ensure 'external access' is restricted in the Teams admin center
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: The `AllowTeamsConsumer` setting is `False`.
# - Condition B: The `AllowPublicUsers` setting is `False`.
# - Condition C: The `AllowFederatedUsers` setting is `False` or, if `True`, the `AllowedDomains` contains only authorized domain names.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `AllowTeamsConsumer` setting is not `False`.
# - Condition B: The `AllowPublicUsers` setting is not `False`.
# - Condition C: The `AllowFederatedUsers` setting is `True` and the `AllowedDomains` contains unauthorized domain names or is not configured correctly.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
$externalAccessConfig = Get-CsTenantFederationConfiguration
return $externalAccessConfig
}
'8.5.1' {
# Test-NoAnonymousMeetingJoin.ps1
# 8.5.1 (L2) Ensure anonymous users can't join a meeting
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: `AllowAnonymousUsersToJoinMeeting` is set to `False`.
# - Condition B: Verification using the UI confirms that `Anonymous users can join a meeting` is set to `Off` in the Global meeting policy.
# - Condition C: PowerShell command output indicates that anonymous users are not allowed to join meetings.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: `AllowAnonymousUsersToJoinMeeting` is not set to `False`.
# - Condition B: Verification using the UI shows that `Anonymous users can join a meeting` is not set to `Off` in the Global meeting policy.
# - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
$teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global
return $teamsMeetingPolicy
}
'8.5.2' {
# Test-NoAnonymousMeetingStart.ps1
# 8.5.2 (L1) Ensure anonymous users and dial-in callers can't start a meeting
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: The `AllowAnonymousUsersToStartMeeting` setting in the Teams admin center is set to `False`.
# - Condition B: The setting for anonymous users and dial-in callers starting a meeting is configured to ensure they must wait in the lobby.
# - Condition C: Verification using the UI confirms that the setting `Anonymous users and dial-in callers can start a meeting` is set to `Off`.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `AllowAnonymousUsersToStartMeeting` setting in the Teams admin center is not set to `False`.
# - Condition B: The setting for anonymous users and dial-in callers starting a meeting allows them to bypass the lobby.
# - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings
$CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting
return $CsTeamsMeetingPolicyAnonymous
}
'8.5.3' {
# Test-OrgOnlyBypassLobby.ps1
# 8.5.3 (L1) Ensure only people in my org can bypass the lobby
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is set to `EveryoneInCompanyExcludingGuests`.
# - Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI.
# - Condition C: Verification using the Microsoft Teams admin center confirms that the meeting join & lobby settings are configured as recommended.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
# - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI.
# - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for lobby bypass settings
$CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers
return $CsTeamsMeetingPolicyLobby
}
'8.5.4' {
# Test-DialInBypassLobby.ps1
# 8.5.4 (L1) Ensure users dialing in can't bypass the lobby
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: The `AllowPSTNUsersToBypassLobby` setting in the Global Teams meeting policy is set to `False`.
# - Condition B: Verification using the UI in the Microsoft Teams admin center confirms that "People dialing in can't bypass the lobby" is set to `Off`.
# - Condition C: Ensure that individuals who dial in by phone must wait in the lobby until admitted by a meeting organizer, co-organizer, or presenter.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `AllowPSTNUsersToBypassLobby` setting in the Global Teams meeting policy is not set to `False`.
# - Condition B: Verification using the UI in the Microsoft Teams admin center shows that "People dialing in can't bypass the lobby" is not set to `Off`.
# - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby.
# Retrieve Teams meeting policy for PSTN users
$CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby
return $CsTeamsMeetingPolicyPSTN
}
'8.5.5' {
# Test-MeetingChatNoAnonymous.ps1
# 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: The `MeetingChatEnabledType` setting in Teams is set to `EnabledExceptAnonymous`.
# - Condition B: The setting for meeting chat is configured to allow chat for everyone except anonymous users.
# - Condition C: Verification using the Teams Admin Center confirms that the meeting chat settings are configured as recommended.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `MeetingChatEnabledType` setting in Teams is not set to `EnabledExceptAnonymous`.
# - Condition B: The setting for meeting chat allows chat for anonymous users.
# - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended.
# Retrieve the Teams meeting policy for meeting chat
$CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType
return $CsTeamsMeetingPolicyChat
}
'8.5.6' {
# Test-OrganizersPresent.ps1
# 8.5.6 (L2) Ensure only organizers and co-organizers can present
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is set to `OrganizerOnlyUserOverride`.
# - Condition B: Verification using the Teams admin center confirms that the setting "Who can present" is configured to "Only organizers and co-organizers".
# - Condition C: Verification using PowerShell confirms that the `DesignatedPresenterRoleMode` is set to `OrganizerOnlyUserOverride`.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is not set to `OrganizerOnlyUserOverride`.
# - Condition B: Verification using the Teams admin center indicates that the setting "Who can present" is not configured to "Only organizers and co-organizers".
# - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`.
# Retrieve the Teams meeting policy for presenters
$CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode
return $CsTeamsMeetingPolicyPresenters
}
'8.5.7' {
# Test-ExternalNoControl.ps1
# 8.5.7 (L1) Ensure external participants can't give or request control
#
# Validate test for a pass:
# - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
# - Specific conditions to check:
# - Condition A: Ensure the `AllowExternalParticipantGiveRequestControl` setting in Teams is set to `False`.
# - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
# - Condition C: Verification using the UI confirms that external participants are unable to give or request control.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `AllowExternalParticipantGiveRequestControl` setting in Teams is not set to `False`.
# - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
# - Condition C: Verification using the UI indicates that external participants can give or request control.
# Retrieve Teams meeting policy for external participant control
$CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl
return $CsTeamsMeetingPolicyControl
}
'8.6.1' {
# Test-ReportSecurityInTeams.ps1
# 8.6.1 (L1) Ensure users can report security concerns in Teams
# Retrieve the necessary settings for Teams and Exchange Online
# Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
$CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
return $CsTeamsMessagingPolicy
}
default {
Write-Output "No matching action found"
}
}
}
end {
Write-Verbose "Retuning data for Rec: $Rec"
}
} # end function Get-CISMSTeamsOutput

2
source/tests/Test-BlockChannelEmails.ps1
View File

@@ -33,7 +33,7 @@ function Test-BlockChannelEmails {
# - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled. # - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled.
# Retrieve Teams client configuration # Retrieve Teams client configuration
$teamsClientConfig = Get-CsTeamsClientConfiguration -Identity Global $teamsClientConfig = Get-CISMSTeamsOutput -Rec $recnum
$allowEmailIntoChannel = $teamsClientConfig.AllowEmailIntoChannel $allowEmailIntoChannel = $teamsClientConfig.AllowEmailIntoChannel
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance

2
source/tests/Test-DialInBypassLobby.ps1
View File

@@ -33,7 +33,7 @@ function Test-DialInBypassLobby {
# - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby. # - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby.
# Retrieve Teams meeting policy for PSTN users # Retrieve Teams meeting policy for PSTN users
$CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby $CsTeamsMeetingPolicyPSTN = Get-CISMSTeamsOutput -Rec $recnum
$PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby $PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance

3
source/tests/Test-ExternalNoControl.ps1
View File

@@ -34,7 +34,8 @@ function Test-ExternalNoControl {
# - Condition C: Verification using the UI indicates that external participants can give or request control. # - Condition C: Verification using the UI indicates that external participants can give or request control.
# Retrieve Teams meeting policy for external participant control # Retrieve Teams meeting policy for external participant control
$CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl $CsTeamsMeetingPolicyControl = Get-CISMSTeamsOutput -Rec $recnum
# Check if external participants can give or request control
$externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl $externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance

2
source/tests/Test-MeetingChatNoAnonymous.ps1
View File

@@ -32,7 +32,7 @@ function Test-MeetingChatNoAnonymous {
# - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended. # - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended.
# Retrieve the Teams meeting policy for meeting chat # Retrieve the Teams meeting policy for meeting chat
$CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType $CsTeamsMeetingPolicyChat = Get-CISMSTeamsOutput -Rec $recnum
# Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous' # Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous'
$chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous' $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous'

2
source/tests/Test-NoAnonymousMeetingJoin.ps1
View File

@@ -33,7 +33,7 @@ function Test-NoAnonymousMeetingJoin {
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
$teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global $teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum
$allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting $allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance

2
source/tests/Test-NoAnonymousMeetingStart.ps1
View File

@@ -34,7 +34,7 @@ function Test-NoAnonymousMeetingStart {
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings # Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings
$CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting $CsTeamsMeetingPolicyAnonymous = Get-CISMSTeamsOutput -Rec $recnum
$anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting $anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance

2
source/tests/Test-OrgOnlyBypassLobby.ps1
View File

@@ -34,7 +34,7 @@ function Test-OrgOnlyBypassLobby {
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for lobby bypass settings # Retrieve the Teams meeting policy for lobby bypass settings
$CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers $CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $recnum
$lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests' $lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests'
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance

2
source/tests/Test-OrganizersPresent.ps1
View File

@@ -32,7 +32,7 @@ function Test-OrganizersPresent {
# - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`. # - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`.
# Retrieve the Teams meeting policy for presenters # Retrieve the Teams meeting policy for presenters
$CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode $CsTeamsMeetingPolicyPresenters = Get-CISMSTeamsOutput -Rec $recnum
$presenterRoleRestricted = $CsTeamsMeetingPolicyPresenters.DesignatedPresenterRoleMode -eq 'OrganizerOnlyUserOverride' $presenterRoleRestricted = $CsTeamsMeetingPolicyPresenters.DesignatedPresenterRoleMode -eq 'OrganizerOnlyUserOverride'
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance

2
source/tests/Test-ReportSecurityInTeams.ps1
View File

@@ -21,7 +21,7 @@ function Test-ReportSecurityInTeams {
# Retrieve the necessary settings for Teams and Exchange Online # Retrieve the necessary settings for Teams and Exchange Online
# Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'. # Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
$CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting $CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $recnum
# Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal. # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
# Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses. # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
$ReportSubmissionPolicy = Get-CISExoOutput -Rec $recnum $ReportSubmissionPolicy = Get-CISExoOutput -Rec $recnum

4
source/tests/Test-TeamsExternalAccess.ps1
View File

@@ -10,8 +10,6 @@ function Test-TeamsExternalAccess {
# Dot source the class script if necessary # Dot source the class script if necessary
# . .\source\Classes\CISAuditResult.ps1 # . .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed # Initialization code, if needed
$auditResult = [CISAuditResult]::new()
$recnum = "8.2.1" $recnum = "8.2.1"
} }
@@ -35,7 +33,7 @@ function Test-TeamsExternalAccess {
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
$externalAccessConfig = Get-CsTenantFederationConfiguration $externalAccessConfig = Get-CISMSTeamsOutput -Rec $recnum
$allowedDomainsLimited = $false $allowedDomainsLimited = $false
if ($externalAccessConfig.AllowFederatedUsers -and $externalAccessConfig.AllowedDomains -and $externalAccessConfig.AllowedDomains.AllowedDomain.Count -gt 0) { if ($externalAccessConfig.AllowFederatedUsers -and $externalAccessConfig.AllowedDomains -and $externalAccessConfig.AllowedDomains.AllowedDomain.Count -gt 0) {

3
source/tests/Test-TeamsExternalFileSharing.ps1
View File

@@ -26,9 +26,8 @@ function Test-TeamsExternalFileSharing {
# Assuming that 'approvedProviders' is a list of approved cloud storage service names # Assuming that 'approvedProviders' is a list of approved cloud storage service names
# This list must be defined according to your organization's approved cloud storage services # This list must be defined according to your organization's approved cloud storage services
$clientConfig = Get-CISMSTeamsOutput -Rec $recnum
$approvedProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte") $approvedProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte")
$clientConfig = Get-CsTeamsClientConfiguration
$isCompliant = $true $isCompliant = $true
$nonCompliantProviders = @() $nonCompliantProviders = @()