vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 5.1.2.3 aligned with test-template

Browse Source
This commit is contained in:
DrIOS
2024-05-28 14:24:09 -05:00
parent 532cb942e8
commit c1e94ff3bc
1 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
source/tests/Test-RestrictTenantCreation.ps1
View File

@@ -1,22 +1,34 @@
function Test-RestrictTenantCreation { function Test-RestrictTenantCreation {
[CmdletBinding()] [CmdletBinding()]
param ( param (
# Aligned
# Parameters can be added if needed # Parameters can be added if needed
) )
begin { begin {
# Dot source the class script # Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
$auditResults = @() # Initialization code, if needed
} }
process { process {
# 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes' # 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
# Pass if AllowedToCreateTenants is False. Fail otherwise.
# Retrieve the tenant creation policy
$tenantCreationPolicy = (Get-MgPolicyAuthorizationPolicy).DefaultUserRolePermissions | Select-Object AllowedToCreateTenants $tenantCreationPolicy = (Get-MgPolicyAuthorizationPolicy).DefaultUserRolePermissions | Select-Object AllowedToCreateTenants
$tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants $tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants
# Create an instance of CISAuditResult and populate it # Prepare failure reasons and details based on compliance
$failureReasons = if ($tenantCreationResult) {
"N/A"
}
else {
"Non-admin users can create tenants"
}
$details = "AllowedToCreateTenants: $($tenantCreationPolicy.AllowedToCreateTenants)"
# Create and populate the CISAuditResult object
$auditResult = [CISAuditResult]::new() $auditResult = [CISAuditResult]::new()
$auditResult.Status = if ($tenantCreationResult) { "Pass" } else { "Fail" } $auditResult.Status = if ($tenantCreationResult) { "Pass" } else { "Fail" }
$auditResult.ELevel = "E3" $auditResult.ELevel = "E3"
@@ -30,14 +42,14 @@ function Test-RestrictTenantCreation {
$auditResult.IG2 = $false $auditResult.IG2 = $false
$auditResult.IG3 = $false $auditResult.IG3 = $false
$auditResult.Result = $tenantCreationResult $auditResult.Result = $tenantCreationResult
$auditResult.Details = "AllowedToCreateTenants: $($tenantCreationPolicy.AllowedToCreateTenants)" $auditResult.Details = $details
$auditResult.FailureReason = if (-not $tenantCreationResult) { "Non-admin users can create tenants" } else { "N/A" } $auditResult.FailureReason = $failureReasons
$auditResults += $auditResult
} }
end { end {
# Return auditResults # Return the audit result
return $auditResults return $auditResult
} }
} }
# Additional helper functions (if any)