vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #123 from CriticalSolutionsNetwork/Test-8.5.3,8.6.1-logic

Browse Source 
Test 8.5.3,8.6.1 logic
This commit is contained in:
Doug Rios
2024-06-26 09:09:30 -05:00
committed by GitHub
parent abe18f1942 6ed0e239b7
commit 9402fde503
8 changed files with 85 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@@ -4,6 +4,16 @@ The format is based on and uses the types of changes according to [Keep a Change
## [Unreleased] ## [Unreleased]
### Fixed
- Fixed test 8.6.1 to include all of the following properties in it's checks and output: `ReportJunkToCustomizedAddress`, `ReportNotJunkToCustomizedAddress`, `ReportPhishToCustomizedAddress`,`ReportJunkAddresses`,`ReportNotJunkAddresses`,`ReportPhishAddresses`,`ReportChatMessageEnabled`,`ReportChatMessageToCustomizedAddressEnabled`
- Fixed help `about_M365FoundationsCISReport` examples.
- Fixed `Export-M365SecurityAuditTable` to properly export when nested table tests are not included.
### Changed
- Changed output of failure reason and details for 8.5.3 and 8.6.1 to be in line with other tests.
## [0.1.14] - 2024-06-23 ## [0.1.14] - 2024-06-23
### Fixed ### Fixed

20
help/about_M365FoundationsCISReport.md
View File

@@ -16,23 +16,23 @@ The module includes functionality to synchronize audit results with CIS benchmar
# EXAMPLES # EXAMPLES
```powershell ```powershell
# Example 1: Exporting a security audit table to a CSV file # Example 1: Performing a security audit based on CIS benchmarks
Export-M365SecurityAuditTable -OutputPath "C:\AuditReports\SecurityAudit.csv" $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
# Example 2: Retrieving licenses for users in administrative roles # Example 2: Exporting a security audit table to a CSV file
Get-AdminRoleUserLicense -RoleName "Global Administrator" Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests
# Example 3: Getting MFA status of users # Example 3: Retrieving licenses for users in administrative roles
Get-MFAStatus -UserPrincipalName "user@domain.com" Get-AdminRoleUserLicense
# Example 4: Performing a security audit based on CIS benchmarks # Example 4: Getting MFA status of users
Invoke-M365SecurityAudit -OutputPath "C:\AuditReports\AuditResults.xlsx" Get-MFAStatus -UserId "user@domain.com"
# Example 5: Removing rows with empty status values from a CSV file # Example 5: Removing rows with empty status values from a CSV file
Remove-RowsWithEmptyCSVStatus -InputPath "C:\AuditReports\AuditResults.csv" -OutputPath "C:\AuditReports\CleanedResults.csv" Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1"
# Example 6: Synchronizing CIS benchmark data with audit results # Example 6: Synchronizing CIS benchmark data with audit results
Sync-CISExcelAndCsvData -ExcelPath "C:\CISBenchmarks\CISBenchmark.xlsx" -CsvPath "C:\AuditReports\AuditResults.csv" Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles"
``` ```
# NOTE # NOTE

4
helpers/Build-Help.ps1
View File

@@ -37,6 +37,6 @@ $parameters = @{
LogPath = ".\log.txt" LogPath = ".\log.txt"
Encoding = [System.Text.Encoding]::UTF8 Encoding = [System.Text.Encoding]::UTF8
} }
Update-MarkdownHelpModule @parameters Update-MarkdownHelpModule @parameters -Force
Update-MarkdownHelpModule -Path ".\help" -RefreshModulePage Update-MarkdownHelpModule -Path ".\help" -RefreshModulePage -Force
New-ExternalHelp -Path ".\help" -OutputPath ".\source\en-US" -force New-ExternalHelp -Path ".\help" -OutputPath ".\source\en-US" -force

2
source/Private/Get-CISExoOutput.ps1
View File

@@ -284,7 +284,7 @@ function Get-CISExoOutput {
# Retrieve the necessary settings for Teams and Exchange Online # Retrieve the necessary settings for Teams and Exchange Online
# Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal. # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
# Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses. # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
$ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportChatMessageToCustomizedAddressEnabled $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress,ReportJunkAddresses,ReportNotJunkAddresses,ReportPhishAddresses,ReportChatMessageEnabled,ReportChatMessageToCustomizedAddressEnabled
return $ReportSubmissionPolicy return $ReportSubmissionPolicy
} }
default { throw "No match found for test: $Rec" } default { throw "No match found for test: $Rec" }

9
source/Public/Export-M365SecurityAuditTable.ps1
View File

@@ -191,7 +191,7 @@ function Export-M365SecurityAuditTable {
} }
else { else {
if ($ExportOriginalTests) { if ($ExportOriginalTests) {
Write-Information "No specified tests were included in the export other than the full audit results." -InformationAction Continue Write-Information "Full audit results exported however, none of the following tests had exports: `n1.1.1, 1.3.1, 6.1.2, 6.1.3, 7.3.4" -InformationAction Continue
} }
else { else {
Write-Information "No specified tests were included in the export." -InformationAction Continue Write-Information "No specified tests were included in the export." -InformationAction Continue
@@ -201,9 +201,12 @@ function Export-M365SecurityAuditTable {
if ($ExportOriginalTests) { if ($ExportOriginalTests) {
# Define the test numbers to check # Define the test numbers to check
$TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4" $TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
if ($exportedTests.Count -gt 0) {
# Check for large details and update the AuditResults array
$updatedAuditResults = Get-ExceededLengthResultDetail -AuditResults $AuditResults -TestNumbersToCheck $TestNumbersToCheck -ExportedTests $exportedTests -DetailsLengthLimit 30000 -PreviewLineCount 25 $updatedAuditResults = Get-ExceededLengthResultDetail -AuditResults $AuditResults -TestNumbersToCheck $TestNumbersToCheck -ExportedTests $exportedTests -DetailsLengthLimit 30000 -PreviewLineCount 25
}
else {
$updatedAuditResults = $auditResults
}
$originalFileName = "$ExportPath\$timestamp`_M365FoundationsAudit.csv" $originalFileName = "$ExportPath\$timestamp`_M365FoundationsAudit.csv"
if ($ExportToExcel) { if ($ExportToExcel) {
$xlsxPath = [System.IO.Path]::ChangeExtension($originalFileName, '.xlsx') $xlsxPath = [System.IO.Path]::ChangeExtension($originalFileName, '.xlsx')

20
source/en-US/about_M365FoundationsCISReport.help.txt
View File

@@ -28,23 +28,23 @@ Optional Subtopics
is always up-to-date with the latest audit findings. is always up-to-date with the latest audit findings.
EXAMPLES EXAMPLES
# Example 1: Exporting a security audit table to a CSV file # Example 1: Performing a security audit based on CIS benchmarks
Export-M365SecurityAuditTable -OutputPath "C:\AuditReports\SecurityAudit.csv" $auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com"
# Example 2: Retrieving licenses for users in administrative roles # Example 2: Exporting a security audit table to a CSV file
Get-AdminRoleUserLicense -RoleName "Global Administrator" Export-M365SecurityAuditTable -ExportAllTests -AuditResults $auditResults -ExportPath "C:\temp" -ExportOriginalTests
# Example 3: Getting MFA status of users # Example 3: Retrieving licenses for users in administrative roles
Get-MFAStatus -UserPrincipalName "user@domain.com" Get-AdminRoleUserLicense
# Example 4: Performing a security audit based on CIS benchmarks # Example 4: Getting MFA status of users
Invoke-M365SecurityAudit -OutputPath "C:\AuditReports\AuditResults.xlsx" Get-MFAStatus -UserId "user@domain.com"
# Example 5: Removing rows with empty status values from a CSV file # Example 5: Removing rows with empty status values from a CSV file
Remove-RowsWithEmptyCSVStatus -InputPath "C:\AuditReports\AuditResults.csv" -OutputPath "C:\AuditReports\CleanedResults.csv" Remove-RowsWithEmptyCSVStatus -FilePath "C:\Reports\Report.xlsx" -WorksheetName "Sheet1"
# Example 6: Synchronizing CIS benchmark data with audit results # Example 6: Synchronizing CIS benchmark data with audit results
Sync-CISExcelAndCsvData -ExcelPath "C:\CISBenchmarks\CISBenchmark.xlsx" -CsvPath "C:\AuditReports\AuditResults.csv" Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -CsvPath "path\to\data.csv" -SheetName "Combined Profiles"
NOTE NOTE
Ensure that you have the necessary permissions and administrative roles in Ensure that you have the necessary permissions and administrative roles in

16
source/tests/Test-OrgOnlyBypassLobby.ps1
View File

@@ -39,22 +39,20 @@ function Test-OrgOnlyBypassLobby {
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance
$failureReasons = if (-not $lobbyBypassRestricted) { $failureReasons = if (-not $lobbyBypassRestricted) {
# Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`. # Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
"External participants can bypass the lobby" "AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)"
}
else { }else {
"N/A" "N/A"
} }
$details = if ($lobbyBypassRestricted) { $details = if ($lobbyBypassRestricted) {
# Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI. # Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI.
"Only people in the organization can bypass the lobby." "Only people in the organization can bypass the lobby."
}else {
# Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
"External participants can bypass the lobby"
} }
else {
# Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
"AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)"
}
# Create and populate the CISAuditResult object # Create and populate the CISAuditResult object
$params = @{ $params = @{
Rec = $recnum Rec = $recnum

46
source/tests/Test-ReportSecurityInTeams.ps1
View File

@@ -30,21 +30,51 @@ function Test-ReportSecurityInTeams {
$ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
$ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress -and $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress -and
$ReportSubmissionPolicy.ReportPhishToCustomizedAddress -and $ReportSubmissionPolicy.ReportPhishToCustomizedAddress -and
$ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled $null -ne $ReportSubmissionPolicy.ReportJunkAddresses -and
$null -ne $ReportSubmissionPolicy.ReportNotJunkAddresses -and
$null -ne $ReportSubmissionPolicy.ReportPhishAddresses -and
$ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled -and
-not $ReportSubmissionPolicy.ReportChatMessageEnabled
$detailsString = @"
The following settings are required for users to report security concerns in Teams:
MS Teams:
AllowSecurityEndUserReporting: True
EXO:
ReportJunkToCustomizedAddress: True
ReportNotJunkToCustomizedAddress: True
ReportPhishToCustomizedAddress: True
ReportJunkAddresses: <security@contoso.com>
ReportNotJunkAddresses: <security@contoso.com>
ReportPhishAddresses: <security@contoso.com>
ReportChatMessageEnabled: False
ReportChatMessageToCustomizedAddressEnabled: True
"@
$faildetailstring = "Users cannot report security concerns in Teams due to one or more of the found incorrect settings:`n`n" +
"MSTeams: `nAllowSecurityEndUserReporting: $($CsTeamsMessagingPolicy.AllowSecurityEndUserReporting); `n`n" +
"EXO: `nReportJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportJunkToCustomizedAddress); `n" +
"ReportNotJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress); `n" +
"ReportPhishToCustomizedAddress: $($ReportSubmissionPolicy.ReportPhishToCustomizedAddress); `n" +
"ReportJunkAddresses: $($ReportSubmissionPolicy.ReportJunkAddresses -join ', '); `n" +
"ReportNotJunkAddresses: $($ReportSubmissionPolicy.ReportNotJunkAddresses -join ', '); `n" +
"ReportPhishAddresses: $($ReportSubmissionPolicy.ReportPhishAddresses -join ', '); `n" +
"ReportChatMessageEnabled: $($ReportSubmissionPolicy.ReportChatMessageEnabled); `n" +
"ReportChatMessageToCustomizedAddressEnabled: $($ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled); "
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance
$failureReasons = if (-not $securityReportEnabled) { $failureReasons = if (-not $securityReportEnabled) {
"Users cannot report security concerns in Teams due to one or more incorrect settings" $detailsString
} }
else { else {
"N/A" "N/A"
} }
$details = if ($securityReportEnabled) {
$details = "AllowSecurityEndUserReporting: $($CsTeamsMessagingPolicy.AllowSecurityEndUserReporting); " + "Users can report security concerns in Teams."
"ReportJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportJunkToCustomizedAddress); " + }
"ReportNotJunkToCustomizedAddress: $($ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress); " + else {
"ReportPhishToCustomizedAddress: $($ReportSubmissionPolicy.ReportPhishToCustomizedAddress); " + $faildetailstring
"ReportChatMessageToCustomizedAddressEnabled: $($ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled)" }
# Create and populate the CISAuditResult object # Create and populate the CISAuditResult object
$params = @{ $params = @{