docs: Comment conditions on each test

source/tests/Test-ExternalNoControl.ps1

@@ -18,6 +18,20 @@ function Test-ExternalNoControl {
 
         try {
             # 8.5.7 (L1) Ensure external participants can't give or request control
+            #
+            # Validate test for a pass:
+            # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+            # - Specific conditions to check:
+            #   - Condition A: Ensure the `AllowExternalParticipantGiveRequestControl` setting in Teams is set to `False`.
+            #   - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
+            #   - Condition C: Verification using the UI confirms that external participants are unable to give or request control.
+            #
+            # Validate test for a fail:
+            # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+            # - Specific conditions to check:
+            #   - Condition A: The `AllowExternalParticipantGiveRequestControl` setting in Teams is not set to `False`.
+            #   - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
+            #   - Condition C: Verification using the UI indicates that external participants can give or request control.
 
             # Retrieve Teams meeting policy for external participant control
             $CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl

source/tests/Test-MeetingChatNoAnonymous.ps1

@@ -16,11 +16,24 @@ function Test-MeetingChatNoAnonymous {
     process {
         try {
             # 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
-
-            # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            #
+            # Validate test for a pass:
+            # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+            # - Specific conditions to check:
+            #   - Condition A: The `MeetingChatEnabledType` setting in Teams is set to `EnabledExceptAnonymous`.
+            #   - Condition B: The setting for meeting chat is configured to allow chat for everyone except anonymous users.
+            #   - Condition C: Verification using the Teams Admin Center confirms that the meeting chat settings are configured as recommended.
+            #
+            # Validate test for a fail:
+            # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+            # - Specific conditions to check:
+            #   - Condition A: The `MeetingChatEnabledType` setting in Teams is not set to `EnabledExceptAnonymous`.
+            #   - Condition B: The setting for meeting chat allows chat for anonymous users.
+            #   - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended.
 
             # Retrieve the Teams meeting policy for meeting chat
             $CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType
+            # Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous'
             $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous'
 
             # Prepare failure reasons and details based on compliance

source/tests/Test-OrganizersPresent.ps1

@@ -16,8 +16,20 @@ function Test-OrganizersPresent {
     process {
         try {
             # 8.5.6 (L2) Ensure only organizers and co-organizers can present
-
-            # Connect to Teams PowerShell using Connect-MicrosoftTeams
+            #
+            # Validate test for a pass:
+            # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+            # - Specific conditions to check:
+            #   - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is set to `OrganizerOnlyUserOverride`.
+            #   - Condition B: Verification using the Teams admin center confirms that the setting "Who can present" is configured to "Only organizers and co-organizers".
+            #   - Condition C: Verification using PowerShell confirms that the `DesignatedPresenterRoleMode` is set to `OrganizerOnlyUserOverride`.
+            #
+            # Validate test for a fail:
+            # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+            # - Specific conditions to check:
+            #   - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is not set to `OrganizerOnlyUserOverride`.
+            #   - Condition B: Verification using the Teams admin center indicates that the setting "Who can present" is not configured to "Only organizers and co-organizers".
+            #   - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`.
 
             # Retrieve the Teams meeting policy for presenters
             $CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode

source/tests/Test-ReportSecurityInTeams.ps1

@@ -9,6 +9,7 @@ function Test-ReportSecurityInTeams {
     begin {
         # Dot source the class script if necessary
         #. .\source\Classes\CISAuditResult.ps1
+
         # Initialization code, if needed
         $recnum = "8.6.1"
     }
@@ -18,9 +19,14 @@ function Test-ReportSecurityInTeams {
             # 8.6.1 (L1) Ensure users can report security concerns in Teams
 
             # Retrieve the necessary settings for Teams and Exchange Online
+            # Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
             $CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
+
+            # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
+            # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
             $ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportChatMessageToCustomizedAddressEnabled
 
+            # Check if all the required settings are enabled
             $securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and
             $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
             $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress -and
@@ -66,7 +72,7 @@ function Test-ReportSecurityInTeams {
     }
 
     end {
-        # Return auditResult
+        # Return the audit result
         return $auditResult
     }
 }