fix: scope function and antiphishing policy comments
This commit is contained in:
DrIOS
@@ -2,47 +2,57 @@ function Get-ScopeOverlap {
|
|||||||
[CmdletBinding()]
|
[CmdletBinding()]
|
||||||
param (
|
param (
|
||||||
[Parameter(Mandatory = $true)]
|
[Parameter(Mandatory = $true)]
|
||||||
[PSCustomObject]$Policy, # The primary policy whose scope we are evaluating
|
[PSCustomObject]$Policy,
|
||||||
|
|
||||||
[Parameter(Mandatory = $true)]
|
[Parameter(Mandatory = $true)]
|
||||||
[PSCustomObject[]]$OtherPolicies # A list of other policies to compare for scope overlap
|
[PSCustomObject[]]$OtherPolicies
|
||||||
)
|
)
|
||||||
# Write a verbose message indicating the policy being evaluated for overlap
|
Write-Verbose "Checking for scope overlap with policy: $($Policy.Name)..."
|
||||||
Write-Verbose "Checking for scope overlap with $($Policy.Name)..."
|
$overlapDetected = $false
|
||||||
# Initialize variables to track overlap status and overlapping entities
|
$overlappingDetails = @()
|
||||||
$overlapDetected = $false # Tracks if any overlap is detected
|
# Extract the correct scope properties for the current policy
|
||||||
$overlappingEntities = @() # Stores details of overlapping entities for logging
|
$policyScope = @{
|
||||||
# Build the scope string of the current policy by concatenating users, groups, and domains
|
Users = $Policy.TargetedUsersToProtect
|
||||||
$policyScope = @(
|
Domains = $Policy.TargetedDomainsToProtect
|
||||||
$Policy.Users -join ',', # Users within the policy's scope
|
}
|
||||||
$Policy.Groups -join ',', # Groups within the policy's scope
|
# Log the current policy's scope
|
||||||
$Policy.Domains -join ',' # Domains within the policy's scope
|
foreach ($key in $policyScope.Keys) {
|
||||||
) -join ',' # Combine all into a single string
|
Write-Verbose "Policy $($Policy.Name) $key scope: $($policyScope[$key] -join ', ')"
|
||||||
# Iterate through each policy in the list of other policies
|
}
|
||||||
|
# Compare with the scope of other policies
|
||||||
foreach ($otherPolicy in $OtherPolicies) {
|
foreach ($otherPolicy in $OtherPolicies) {
|
||||||
if ($null -ne $otherPolicy) { # Skip null or empty policies
|
if ($null -ne $otherPolicy) {
|
||||||
# Build the scope string for the other policy
|
# Extract the correct scope properties for the other policy
|
||||||
$otherScope = @(
|
$otherScope = @{
|
||||||
$otherPolicy.Users -join ',', # Users within the other policy's scope
|
Users = $otherPolicy.TargetedUsersToProtect
|
||||||
$otherPolicy.Groups -join ',', # Groups within the other policy's scope
|
Domains = $otherPolicy.TargetedDomainsToProtect
|
||||||
$otherPolicy.Domains -join ',' # Domains within the other policy's scope
|
}
|
||||||
) -join ',' # Combine all into a single string
|
# Log the other policy's scope
|
||||||
# Check if the current policy's scope matches any part of the other policy's scope
|
Write-Verbose "Comparing with policy: $($otherPolicy.Name)..."
|
||||||
if ($policyScope -match $otherScope) {
|
foreach ($key in $otherScope.Keys) {
|
||||||
$overlapDetected = $true # Mark overlap as detected
|
Write-Verbose "$($otherPolicy.Name) $key scope: $($otherScope[$key] -join ', ')"
|
||||||
# Log overlapping entities for clarity
|
}
|
||||||
$overlappingEntities += @(
|
# Compare scopes (intersection) and detect overlap
|
||||||
"Users: $($otherPolicy.Users)",
|
foreach ($key in $policyScope.Keys) {
|
||||||
"Groups: $($otherPolicy.Groups)",
|
$overlap = $policyScope[$key] | Where-Object { $otherScope[$key] -contains $_ }
|
||||||
"Domains: $($otherPolicy.Domains)"
|
if ($overlap) {
|
||||||
)
|
$overlapDetected = $true
|
||||||
Write-Verbose "Overlap detected between $($Policy.Name) and $($otherPolicy.Name)." # Log the overlap
|
$overlappingDetails += "Overlap detected in $key between $($Policy.Name) and $($otherPolicy.Name): $($overlap -join ', ')"
|
||||||
|
Write-Verbose "Overlap detected in $key`: $($overlap -join ', ')"
|
||||||
|
} else {
|
||||||
|
Write-Verbose "No overlap detected for $key between $($Policy.Name) and $($otherPolicy.Name)."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# If overlap is detected, log the specific overlapping entities
|
# Provide a clear summary of overlapping details
|
||||||
if ($overlapDetected) {
|
if ($overlapDetected) {
|
||||||
Write-Verbose "Overlapping entities: $($overlappingEntities -join '; ')" # Log overlapping users, groups, or domains
|
Write-Verbose "Summary of overlaps for policy $($Policy.Name):"
|
||||||
|
foreach ($detail in $overlappingDetails) {
|
||||||
|
Write-Verbose " $detail"
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Write-Verbose "No overlapping entities found for policy $($Policy.Name)."
|
||||||
}
|
}
|
||||||
# Return whether overlap was detected (true/false)
|
|
||||||
return $overlapDetected
|
return $overlapDetected
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -26,11 +26,15 @@ function Test-AntiPhishingPolicy4 {
|
|||||||
$strictStandardCompliant = $false
|
$strictStandardCompliant = $false
|
||||||
foreach ($policy in @($strictPolicy, $standardPolicy)) {
|
foreach ($policy in @($strictPolicy, $standardPolicy)) {
|
||||||
if ($null -ne $policy) {
|
if ($null -ne $policy) {
|
||||||
# Check if the strict or standard policy is compliant
|
# Check if the Strict or Standard policy is compliant
|
||||||
$isCompliant = Get-PhishPolicyCompliance -policy $policy
|
$isCompliant = Get-PhishPolicyCompliance -policy $policy
|
||||||
if ($isCompliant) {
|
if ($isCompliant) {
|
||||||
$strictStandardCompliant = $true
|
$strictStandardCompliant = $true
|
||||||
$compliantPolicies += $policy.Name
|
$compliantPolicies += $policy.Name
|
||||||
|
# If Strict is compliant, stop evaluating further
|
||||||
|
if ($policy.Name -eq 'Strict Preset Security Policy') {
|
||||||
|
break
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$nonCompliantPolicies += $policy.Name
|
$nonCompliantPolicies += $policy.Name
|
||||||
}
|
}
|
||||||
@@ -39,8 +43,8 @@ function Test-AntiPhishingPolicy4 {
|
|||||||
# Step 3: Evaluate custom policies if strict and standard are not compliant
|
# Step 3: Evaluate custom policies if strict and standard are not compliant
|
||||||
if (-not $strictStandardCompliant) {
|
if (-not $strictStandardCompliant) {
|
||||||
Write-Verbose 'Evaluating custom policies for compliance...'
|
Write-Verbose 'Evaluating custom policies for compliance...'
|
||||||
# Filter custom policies that match any rules in $antiPhishRules and sort by priority
|
# Filter custom policies using $antiPhishRules to exclude default, strict, and standard
|
||||||
$customPolicies = $antiPhishPolicies | Where-Object { $antiPhishRules.AntiPhishPolicy -contains $_.Name }
|
$customPolicies = $antiPhishPolicies | Where-Object { $antiPhishRules.AntiPhishPolicy -contains $_.Name -and $_.Name -notin @('Strict Preset Security Policy', 'Standard Preset Security Policy', 'Office365 AntiPhish Default') }
|
||||||
$customPolicies = $customPolicies | Sort-Object -Property { $antiPhishRules | Where-Object { $_.AntiPhishPolicy -eq $_.Name } | Select-Object -ExpandProperty Priority }
|
$customPolicies = $customPolicies | Sort-Object -Property { $antiPhishRules | Where-Object { $_.AntiPhishPolicy -eq $_.Name } | Select-Object -ExpandProperty Priority }
|
||||||
foreach ($policy in $customPolicies) {
|
foreach ($policy in $customPolicies) {
|
||||||
# Check for scope overlap between custom policies and strict/standard policies
|
# Check for scope overlap between custom policies and strict/standard policies
|
||||||
@@ -65,7 +69,7 @@ function Test-AntiPhishingPolicy4 {
|
|||||||
$defaultPolicy = $antiPhishPolicies | Where-Object { $_.Name -eq 'Office365 AntiPhish Default' }
|
$defaultPolicy = $antiPhishPolicies | Where-Object { $_.Name -eq 'Office365 AntiPhish Default' }
|
||||||
if ($null -ne $defaultPolicy) {
|
if ($null -ne $defaultPolicy) {
|
||||||
# Check for scope overlap between the default policy and other policies
|
# Check for scope overlap between the default policy and other policies
|
||||||
$scopeOverlap = Get-ScopeOverlap -Policy $defaultPolicy -OtherPolicies @($strictPolicy, $standardPolicy, $antiPhishPolicies | Where-Object { $_.Name -ne 'Office365 AntiPhish Default' })
|
$scopeOverlap = Get-ScopeOverlap -Policy $defaultPolicy -OtherPolicies @($strictPolicy, $standardPolicy, $customPolicies)
|
||||||
if ($scopeOverlap) {
|
if ($scopeOverlap) {
|
||||||
$failureReasons += "Default policy overlaps with other scoped policies."
|
$failureReasons += "Default policy overlaps with other scoped policies."
|
||||||
$nonCompliantPolicies += $defaultPolicy.Name
|
$nonCompliantPolicies += $defaultPolicy.Name
|
||||||
@@ -111,4 +115,4 @@ function Test-AntiPhishingPolicy4 {
|
|||||||
# Return the audit result object
|
# Return the audit result object
|
||||||
return $auditResult
|
return $auditResult
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user