docs: Comment conditions on each test

source/tests/Test-ExternalNoControl.ps1

@@ -8,7 +8,7 @@ function Test-ExternalNoControl {
 
     begin {
         # Dot source the class script if necessary
-        #. .\source\Classes\CISAuditResult.ps1
+        # . .\source\Classes\CISAuditResult.ps1
 
         # Initialization code, if needed
         $recnum = "8.5.7"
@@ -17,36 +17,50 @@ function Test-ExternalNoControl {
     process {
 
         try {
-        # 8.5.7 (L1) Ensure external participants can't give or request control
+            # 8.5.7 (L1) Ensure external participants can't give or request control
+            #
+            # Validate test for a pass:
+            # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+            # - Specific conditions to check:
+            #   - Condition A: Ensure the `AllowExternalParticipantGiveRequestControl` setting in Teams is set to `False`.
+            #   - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
+            #   - Condition C: Verification using the UI confirms that external participants are unable to give or request control.
+            #
+            # Validate test for a fail:
+            # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+            # - Specific conditions to check:
+            #   - Condition A: The `AllowExternalParticipantGiveRequestControl` setting in Teams is not set to `False`.
+            #   - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
+            #   - Condition C: Verification using the UI indicates that external participants can give or request control.
 
-        # Retrieve Teams meeting policy for external participant control
+            # Retrieve Teams meeting policy for external participant control
-        $CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl
+            $CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl
-        $externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl
+            $externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl
 
-        # Prepare failure reasons and details based on compliance
+            # Prepare failure reasons and details based on compliance
-        $failureReasons = if (-not $externalControlRestricted) {
+            $failureReasons = if (-not $externalControlRestricted) {
-            "External participants can give or request control"
+                "External participants can give or request control"
-        }
+            }
-        else {
+            else {
-            "N/A"
+                "N/A"
-        }
+            }
 
-        $details = if ($externalControlRestricted) {
+            $details = if ($externalControlRestricted) {
-            "AllowExternalParticipantGiveRequestControl is set to False"
+                "AllowExternalParticipantGiveRequestControl is set to False"
-        }
+            }
-        else {
+            else {
-            "AllowExternalParticipantGiveRequestControl is set to True"
+                "AllowExternalParticipantGiveRequestControl is set to True"
-        }
+            }
 
-        # Create and populate the CISAuditResult object
+            # Create and populate the CISAuditResult object
-        $params = @{
+            $params = @{
-            Rec            = $recnum
+                Rec            = $recnum
-            Result         = $externalControlRestricted
+                Result         = $externalControlRestricted
-            Status         = if ($externalControlRestricted) { "Pass" } else { "Fail" }
+                Status         = if ($externalControlRestricted) { "Pass" } else { "Fail" }
-            Details        = $details
+                Details        = $details
-            FailureReason  = $failureReasons
+                FailureReason  = $failureReasons
-        }
+            }
-        $auditResult = Initialize-CISAuditResult @params
+            $auditResult = Initialize-CISAuditResult @params
         }
         catch {
             Write-Error "An error occurred during the test: $_"

source/tests/Test-MeetingChatNoAnonymous.ps1

@@ -16,11 +16,24 @@ function Test-MeetingChatNoAnonymous {
     process {
         try {
             # 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
-
+            #
-            # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            # Validate test for a pass:
+            # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+            # - Specific conditions to check:
+            #   - Condition A: The `MeetingChatEnabledType` setting in Teams is set to `EnabledExceptAnonymous`.
+            #   - Condition B: The setting for meeting chat is configured to allow chat for everyone except anonymous users.
+            #   - Condition C: Verification using the Teams Admin Center confirms that the meeting chat settings are configured as recommended.
+            #
+            # Validate test for a fail:
+            # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+            # - Specific conditions to check:
+            #   - Condition A: The `MeetingChatEnabledType` setting in Teams is not set to `EnabledExceptAnonymous`.
+            #   - Condition B: The setting for meeting chat allows chat for anonymous users.
+            #   - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended.
 
             # Retrieve the Teams meeting policy for meeting chat
             $CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType
+            # Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous'
             $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous'
 
             # Prepare failure reasons and details based on compliance

source/tests/Test-OrganizersPresent.ps1

@@ -16,8 +16,20 @@ function Test-OrganizersPresent {
     process {
         try {
             # 8.5.6 (L2) Ensure only organizers and co-organizers can present
-
+            #
-            # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            # Validate test for a pass:
+            # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+            # - Specific conditions to check:
+            #   - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is set to `OrganizerOnlyUserOverride`.
+            #   - Condition B: Verification using the Teams admin center confirms that the setting "Who can present" is configured to "Only organizers and co-organizers".
+            #   - Condition C: Verification using PowerShell confirms that the `DesignatedPresenterRoleMode` is set to `OrganizerOnlyUserOverride`.
+            #
+            # Validate test for a fail:
+            # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+            # - Specific conditions to check:
+            #   - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is not set to `OrganizerOnlyUserOverride`.
+            #   - Condition B: Verification using the Teams admin center indicates that the setting "Who can present" is not configured to "Only organizers and co-organizers".
+            #   - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`.
 
             # Retrieve the Teams meeting policy for presenters
             $CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode

source/tests/Test-ReportSecurityInTeams.ps1

@@ -9,6 +9,7 @@ function Test-ReportSecurityInTeams {
     begin {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
+
         # Initialization code, if needed
         $recnum = "8.6.1"
     }
@@ -18,9 +19,14 @@ function Test-ReportSecurityInTeams {
             # 8.6.1 (L1) Ensure users can report security concerns in Teams
 
             # Retrieve the necessary settings for Teams and Exchange Online
+            # Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
             $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
+
+            # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
+            # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
             $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportChatMessageToCustomizedAddressEnabled
 
+            # Check if all the required settings are enabled
             $securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and
             $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
             $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress -and
@@ -66,7 +72,7 @@ function Test-ReportSecurityInTeams {
     }
 
     end {
-        # Return auditResult
+        # Return the audit result
         return $auditResult
     }
 }