docs: Update Formatting
This commit is contained in:
DrIOS
@@ -1,16 +1,12 @@
|
||||
<#
|
||||
.SYNOPSIS
|
||||
This is a sample Private function only visible within the module.
|
||||
|
||||
.DESCRIPTION
|
||||
This sample function is not exported to the module and only return the data passed as parameter.
|
||||
|
||||
.EXAMPLE
|
||||
$null = Get-ExoOutput -PrivateData 'NOTHING TO SEE HERE'
|
||||
|
||||
.PARAMETER PrivateData
|
||||
The PrivateData parameter is what will be returned without transformation.
|
||||
|
||||
#>
|
||||
function Get-ExoOutput {
|
||||
[cmdletBinding()]
|
||||
@@ -20,7 +16,6 @@ function Get-ExoOutput {
|
||||
[String]
|
||||
$Rec
|
||||
)
|
||||
|
||||
begin {
|
||||
# Begin Block #
|
||||
<#
|
||||
@@ -82,11 +77,9 @@ function Get-ExoOutput {
|
||||
$policies = Get-SafeLinksPolicy
|
||||
# Initialize the details collection
|
||||
$misconfiguredDetails = @()
|
||||
|
||||
foreach ($policy in $policies) {
|
||||
# Get the detailed configuration of each policy
|
||||
$policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
|
||||
|
||||
# Check each required property and record failures
|
||||
# Condition A: Checking policy settings
|
||||
$failures = @()
|
||||
@@ -95,7 +88,6 @@ function Get-ExoOutput {
|
||||
if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" } # Office 365 Apps: On
|
||||
if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" } # Click protection settings: On
|
||||
if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" } # Do not track when users click safe links: Off
|
||||
|
||||
# Only add details for policies that have misconfigurations
|
||||
if ($failures.Count -gt 0) {
|
||||
$misconfiguredDetails += "Policy: $($policy.Name); Failures: $($failures -join ', ')"
|
||||
@@ -107,14 +99,12 @@ function Get-ExoOutput {
|
||||
else {
|
||||
return 1
|
||||
}
|
||||
|
||||
}
|
||||
'2.1.2' {
|
||||
# Test-CommonAttachmentFilter.ps1
|
||||
# 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
|
||||
# Condition A: The Common Attachment Types Filter is enabled in the Microsoft 365 Security & Compliance Center.
|
||||
# Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
||||
|
||||
# Retrieve the attachment filter policy
|
||||
$attachmentFilter = Get-MalwareFilterPolicy -Identity Default | Select-Object EnableFileFilter
|
||||
$result = $attachmentFilter.EnableFileFilter
|
||||
@@ -124,7 +114,6 @@ function Get-ExoOutput {
|
||||
'2.1.3' {
|
||||
# Test-NotifyMalwareInternal.ps1
|
||||
# 2.1.3 Ensure notifications for internal users sending malware is Enabled
|
||||
|
||||
# Retrieve all 'Custom' malware filter policies and check notification settings
|
||||
$malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' }
|
||||
# [object[]]
|
||||
@@ -167,7 +156,6 @@ function Get-ExoOutput {
|
||||
# Retrieve the default hosted outbound spam filter policy
|
||||
$hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true }
|
||||
return $hostedOutboundSpamFilterPolicy
|
||||
|
||||
}
|
||||
'2.1.7' {
|
||||
# Test-AntiPhishingPolicy.ps1
|
||||
@@ -178,7 +166,6 @@ function Get-ExoOutput {
|
||||
'2.1.9' {
|
||||
# Test-EnableDKIM.ps1
|
||||
# 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
|
||||
|
||||
# Retrieve DKIM configuration for all domains
|
||||
$dkimConfig = Get-DkimSigningConfig | Select-Object Domain, Enabled
|
||||
# [object[]]
|
||||
@@ -187,7 +174,6 @@ function Get-ExoOutput {
|
||||
'3.1.1' {
|
||||
# Test-AuditLogSearch.ps1
|
||||
# 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
||||
|
||||
# Retrieve the audit log configuration
|
||||
$auditLogConfig = Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled
|
||||
#
|
||||
@@ -198,7 +184,6 @@ function Get-ExoOutput {
|
||||
'6.1.1' {
|
||||
# Test-AuditDisabledFalse.ps1
|
||||
# 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
|
||||
|
||||
# Retrieve the AuditDisabled configuration (Condition B)
|
||||
$auditDisabledConfig = Get-OrganizationConfig | Select-Object AuditDisabled
|
||||
# [bool]
|
||||
@@ -229,12 +214,10 @@ function Get-ExoOutput {
|
||||
$outboundSpamPolicies = Get-HostedOutboundSpamFilterPolicy
|
||||
$nonCompliantSpamPolicies = $outboundSpamPolicies | Where-Object { $_.AutoForwardingMode -ne 'Off' }
|
||||
return $transportRules, $nonCompliantSpamPolicies
|
||||
|
||||
}
|
||||
'6.2.2' {
|
||||
# Test-NoWhitelistDomains.ps1
|
||||
# 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
|
||||
|
||||
# Retrieve transport rules that whitelist specific domains
|
||||
# Condition A: Checking for transport rules that whitelist specific domains
|
||||
# [object[]]
|
||||
@@ -244,7 +227,6 @@ function Get-ExoOutput {
|
||||
'6.2.3' {
|
||||
# Test-IdentifyExternalEmail.ps1
|
||||
# 6.2.3 (L1) Ensure email from external senders is identified
|
||||
|
||||
# Retrieve external sender tagging configuration
|
||||
# [object[]]
|
||||
$externalInOutlook = Get-ExternalInOutlook
|
||||
@@ -256,13 +238,11 @@ function Get-ExoOutput {
|
||||
$customPolicyFailures = @()
|
||||
# Check all mailboxes for custom policies with unallowed add-ins
|
||||
$roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy
|
||||
|
||||
if ($roleAssignmentPolicies.RoleAssignmentPolicy) {
|
||||
foreach ($policy in $roleAssignmentPolicies) {
|
||||
if ($policy.RoleAssignmentPolicy) {
|
||||
$rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy
|
||||
$foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles }
|
||||
|
||||
# Condition B: Using PowerShell, verify that MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are not assigned to users.
|
||||
if ($foundRoles) {
|
||||
$customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')"
|
||||
@@ -278,7 +258,6 @@ function Get-ExoOutput {
|
||||
# Test-ModernAuthExchangeOnline.ps1
|
||||
# Ensuring the ExchangeOnlineManagement module is available
|
||||
# 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
|
||||
|
||||
# Check modern authentication setting in Exchange Online configuration (Condition A and B)
|
||||
$orgConfig = Get-OrganizationConfig | Select-Object -Property Name, OAuth2ClientProfileEnabled
|
||||
return $orgConfig
|
||||
@@ -302,7 +281,6 @@ function Get-ExoOutput {
|
||||
'8.6.1' {
|
||||
# Test-ReportSecurityInTeams.ps1
|
||||
# 8.6.1 (L1) Ensure users can report security concerns in Teams
|
||||
|
||||
# Retrieve the necessary settings for Teams and Exchange Online
|
||||
# Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
|
||||
# Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
|
||||
|
||||
Reference in New Issue
Block a user