add: remediation info and mock object to 8.5.1
This commit is contained in:
DrIOS
@@ -92,9 +92,29 @@ function Get-CISMSTeamsOutput {
|
||||
# - Condition A: The `AllowTeamsConsumer` setting is not `False`.
|
||||
# - Condition B: The `AllowPublicUsers` setting is not `False`.
|
||||
# - Condition C: The `AllowFederatedUsers` setting is `True` and the `AllowedDomains` contains unauthorized domain names or is not configured correctly.
|
||||
|
||||
# Connect to Teams PowerShell using Connect-MicrosoftTeams
|
||||
|
||||
# $externalAccessConfig Mock Object
|
||||
<#
|
||||
$externalAccessConfig = [PSCustomObject]@{
|
||||
Identity = 'Global'
|
||||
AllowedDomains = 'AllowAllKnownDomains'
|
||||
BlockedDomains = @()
|
||||
AllowFederatedUsers = $true
|
||||
AllowPublicUsers = $true
|
||||
AllowTeamsConsumer = $true
|
||||
AllowTeamsConsumerInbound = $true
|
||||
}
|
||||
$ApprovedFederatedDomains = @('msn.com', 'google.com')
|
||||
$externalAccessConfig = [PSCustomObject]@{
|
||||
Identity = 'Global'
|
||||
AllowedDomains = @('msn.com', 'google.com')
|
||||
BlockedDomains = @()
|
||||
AllowFederatedUsers = $true
|
||||
AllowPublicUsers = $false
|
||||
AllowTeamsConsumer = $false
|
||||
AllowTeamsConsumerInbound = $true
|
||||
}
|
||||
#>
|
||||
$externalAccessConfig = Get-CsTenantFederationConfiguration
|
||||
return $externalAccessConfig
|
||||
}
|
||||
@@ -117,7 +137,12 @@ function Get-CISMSTeamsOutput {
|
||||
# - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings.
|
||||
|
||||
# Connect to Teams PowerShell using Connect-MicrosoftTeams
|
||||
|
||||
# $teamsMeetingPolicy Mock Object
|
||||
<#
|
||||
$teamsMeetingPolicy = [PSCustomObject]@{
|
||||
AllowAnonymousUsersToJoinMeeting = $true
|
||||
}
|
||||
#>
|
||||
$teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global
|
||||
return $teamsMeetingPolicy
|
||||
}
|
||||
|
||||
@@ -5,14 +5,12 @@ function Test-NoAnonymousMeetingJoin {
|
||||
# Aligned
|
||||
# Parameters can be defined here if needed
|
||||
)
|
||||
|
||||
begin {
|
||||
# Dot source the class script if necessary
|
||||
#. .\source\Classes\CISAuditResult.ps1
|
||||
# Initialization code, if needed
|
||||
$recnum = "8.5.1"
|
||||
}
|
||||
|
||||
process {
|
||||
try {
|
||||
# 8.5.1 (L2) Ensure anonymous users can't join a meeting
|
||||
@@ -30,22 +28,23 @@ function Test-NoAnonymousMeetingJoin {
|
||||
# - Condition A: `AllowAnonymousUsersToJoinMeeting` is not set to `False`.
|
||||
# - Condition B: Verification using the UI shows that `Anonymous users can join a meeting` is not set to `Off` in the Global meeting policy.
|
||||
# - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings.
|
||||
|
||||
# Connect to Teams PowerShell using Connect-MicrosoftTeams
|
||||
|
||||
# $teamsMeetingPolicy Mock Object
|
||||
<#
|
||||
$teamsMeetingPolicy = [PSCustomObject]@{
|
||||
AllowAnonymousUsersToJoinMeeting = $true
|
||||
}
|
||||
#>
|
||||
$teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum
|
||||
$allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting
|
||||
|
||||
# Prepare failure reasons and details based on compliance
|
||||
$failureReasons = if ($allowAnonymousUsersToJoinMeeting) {
|
||||
"Anonymous users are allowed to join meetings"
|
||||
"Anonymous users are allowed to join meetings, remediate with the following command if needed:`nSet-CsTeamsMeetingPolicy -Identity Global -AllowAnonymousUsersToJoinMeeting `$false"
|
||||
}
|
||||
else {
|
||||
"N/A"
|
||||
}
|
||||
|
||||
$details = "AllowAnonymousUsersToJoinMeeting is set to $allowAnonymousUsersToJoinMeeting"
|
||||
|
||||
# Create and populate the CISAuditResult object
|
||||
$params = @{
|
||||
Rec = $recnum
|
||||
@@ -61,7 +60,6 @@ function Test-NoAnonymousMeetingJoin {
|
||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||
}
|
||||
}
|
||||
|
||||
end {
|
||||
# Return the audit result
|
||||
return $auditResult
|
||||
|
||||
Reference in New Issue
Block a user