vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: remediation info and mock object to 8.5.1

Browse Source
This commit is contained in:
DrIOS
2024-06-30 11:36:11 -05:00
parent 97fd8127d3
commit ad5ce2db7f
2 changed files with 35 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
source/Private/Get-CISMSTeamsOutput.ps1
View File

@@ -92,9 +92,29 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `AllowTeamsConsumer` setting is not `False`. # - Condition A: The `AllowTeamsConsumer` setting is not `False`.
# - Condition B: The `AllowPublicUsers` setting is not `False`. # - Condition B: The `AllowPublicUsers` setting is not `False`.
# - Condition C: The `AllowFederatedUsers` setting is `True` and the `AllowedDomains` contains unauthorized domain names or is not configured correctly. # - Condition C: The `AllowFederatedUsers` setting is `True` and the `AllowedDomains` contains unauthorized domain names or is not configured correctly.
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
# $externalAccessConfig Mock Object
<#
$externalAccessConfig = [PSCustomObject]@{
Identity = 'Global'
AllowedDomains = 'AllowAllKnownDomains'
BlockedDomains = @()
AllowFederatedUsers = $true
AllowPublicUsers = $true
AllowTeamsConsumer = $true
AllowTeamsConsumerInbound = $true
}
$ApprovedFederatedDomains = @('msn.com', 'google.com')
$externalAccessConfig = [PSCustomObject]@{
Identity = 'Global'
AllowedDomains = @('msn.com', 'google.com')
BlockedDomains = @()
AllowFederatedUsers = $true
AllowPublicUsers = $false
AllowTeamsConsumer = $false
AllowTeamsConsumerInbound = $true
}
#>
$externalAccessConfig = Get-CsTenantFederationConfiguration $externalAccessConfig = Get-CsTenantFederationConfiguration
return $externalAccessConfig return $externalAccessConfig
} }
@@ -117,7 +137,12 @@ function Get-CISMSTeamsOutput {
# - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings. # - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings.
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
# $teamsMeetingPolicy Mock Object
<#
$teamsMeetingPolicy = [PSCustomObject]@{
AllowAnonymousUsersToJoinMeeting = $true
}
#>
$teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global $teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global
return $teamsMeetingPolicy return $teamsMeetingPolicy
} }

16
source/tests/Test-NoAnonymousMeetingJoin.ps1
View File

@@ -5,14 +5,12 @@ function Test-NoAnonymousMeetingJoin {
# Aligned # Aligned
# Parameters can be defined here if needed # Parameters can be defined here if needed
) )
begin { begin {
# Dot source the class script if necessary # Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1 #. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed # Initialization code, if needed
$recnum = "8.5.1" $recnum = "8.5.1"
} }
process { process {
try { try {
# 8.5.1 (L2) Ensure anonymous users can't join a meeting # 8.5.1 (L2) Ensure anonymous users can't join a meeting
@@ -30,22 +28,23 @@ function Test-NoAnonymousMeetingJoin {
# - Condition A: `AllowAnonymousUsersToJoinMeeting` is not set to `False`. # - Condition A: `AllowAnonymousUsersToJoinMeeting` is not set to `False`.
# - Condition B: Verification using the UI shows that `Anonymous users can join a meeting` is not set to `Off` in the Global meeting policy. # - Condition B: Verification using the UI shows that `Anonymous users can join a meeting` is not set to `Off` in the Global meeting policy.
# - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings. # - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings.
# Connect to Teams PowerShell using Connect-MicrosoftTeams # Connect to Teams PowerShell using Connect-MicrosoftTeams
# $teamsMeetingPolicy Mock Object
<#
$teamsMeetingPolicy = [PSCustomObject]@{
AllowAnonymousUsersToJoinMeeting = $true
}
#>
$teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum $teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum
$allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting $allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance
$failureReasons = if ($allowAnonymousUsersToJoinMeeting) { $failureReasons = if ($allowAnonymousUsersToJoinMeeting) {
"Anonymous users are allowed to join meetings" "Anonymous users are allowed to join meetings, remediate with the following command if needed:`nSet-CsTeamsMeetingPolicy -Identity Global -AllowAnonymousUsersToJoinMeeting `$false"
} }
else { else {
"N/A" "N/A"
} }
$details = "AllowAnonymousUsersToJoinMeeting is set to $allowAnonymousUsersToJoinMeeting" $details = "AllowAnonymousUsersToJoinMeeting is set to $allowAnonymousUsersToJoinMeeting"
# Create and populate the CISAuditResult object # Create and populate the CISAuditResult object
$params = @{ $params = @{
Rec = $recnum Rec = $recnum
@@ -61,7 +60,6 @@ function Test-NoAnonymousMeetingJoin {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum $auditResult = Get-TestError -LastError $LastError -recnum $recnum
} }
} }
end { end {
# Return the audit result # Return the audit result
return $auditResult return $auditResult