fix: formatting
This commit is contained in:
DrIOS
@@ -2,7 +2,6 @@ function Test-AntiPhishingPolicy {
|
|||||||
[CmdletBinding()]
|
[CmdletBinding()]
|
||||||
[OutputType([CISAuditResult])]
|
[OutputType([CISAuditResult])]
|
||||||
param ()
|
param ()
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
$recnum = "2.1.7"
|
$recnum = "2.1.7"
|
||||||
Write-Verbose "Running Test-AntiPhishingPolicy for $recnum..."
|
Write-Verbose "Running Test-AntiPhishingPolicy for $recnum..."
|
||||||
@@ -22,14 +21,12 @@ function Test-AntiPhishingPolicy {
|
|||||||
- Condition B: Critical security features like Spoof Intelligence or Mailbox Intelligence are disabled in the relevant policies.
|
- Condition B: Critical security features like Spoof Intelligence or Mailbox Intelligence are disabled in the relevant policies.
|
||||||
#>
|
#>
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Step 1: Retrieve all anti-phishing policies
|
# Step 1: Retrieve all anti-phishing policies
|
||||||
#$VerbosePreference = "Continue"
|
#$VerbosePreference = "Continue"
|
||||||
Write-Verbose "Retrieving all anti-phishing policies..."
|
Write-Verbose "Retrieving all anti-phishing policies..."
|
||||||
$antiPhishPolicies = Get-CISExoOutput -Rec $recnum
|
$antiPhishPolicies = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Step 2: Initialize variables to track compliance and details
|
# Step 2: Initialize variables to track compliance and details
|
||||||
$compliantPolicy = $null
|
$compliantPolicy = $null
|
||||||
$details = @()
|
$details = @()
|
||||||
@@ -38,15 +35,12 @@ function Test-AntiPhishingPolicy {
|
|||||||
$policiesEvaluated = @()
|
$policiesEvaluated = @()
|
||||||
$PassedTests = @()
|
$PassedTests = @()
|
||||||
$FailedTests = @()
|
$FailedTests = @()
|
||||||
|
|
||||||
Write-Verbose "Evaluating each policy for compliance..."
|
Write-Verbose "Evaluating each policy for compliance..."
|
||||||
|
|
||||||
# Separate policies based on type
|
# Separate policies based on type
|
||||||
$strictPolicy = $antiPhishPolicies | Where-Object { $_.Identity -match "Strict Preset Security Policy" }
|
$strictPolicy = $antiPhishPolicies | Where-Object { $_.Identity -match "Strict Preset Security Policy" }
|
||||||
$standardPolicy = $antiPhishPolicies | Where-Object { $_.Identity -match "Standard Preset Security Policy" }
|
$standardPolicy = $antiPhishPolicies | Where-Object { $_.Identity -match "Standard Preset Security Policy" }
|
||||||
$customPolicies = $antiPhishPolicies | Where-Object { -not ($_.Identity -match "Strict Preset Security Policy" -or $_.Identity -match "Standard Preset Security Policy" -or $_.IsDefault) }
|
$customPolicies = $antiPhishPolicies | Where-Object { -not ($_.Identity -match "Strict Preset Security Policy" -or $_.Identity -match "Standard Preset Security Policy" -or $_.IsDefault) }
|
||||||
$defaultPolicy = $antiPhishPolicies | Where-Object { $_.IsDefault }
|
$defaultPolicy = $antiPhishPolicies | Where-Object { $_.IsDefault }
|
||||||
|
|
||||||
# Step 3: Check for Strict Preset Security Policy
|
# Step 3: Check for Strict Preset Security Policy
|
||||||
if ($null -ne $strictPolicy) {
|
if ($null -ne $strictPolicy) {
|
||||||
Write-Verbose "Evaluating policy: $($strictPolicy.Identity)"
|
Write-Verbose "Evaluating policy: $($strictPolicy.Identity)"
|
||||||
@@ -225,7 +219,6 @@ function Test-AntiPhishingPolicy {
|
|||||||
$auditResult = Get-TestError -LastError $_ -recnum $recnum
|
$auditResult = Get-TestError -LastError $_ -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
return $auditResult
|
return $auditResult
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -5,11 +5,9 @@ function Test-AuditDisabledFalse {
|
|||||||
param (
|
param (
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Conditions for 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
|
# Conditions for 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
|
||||||
#
|
#
|
||||||
# Validate test for a pass:
|
# Validate test for a pass:
|
||||||
@@ -25,18 +23,15 @@ function Test-AuditDisabledFalse {
|
|||||||
# - Condition A: The `AuditDisabled` organizational setting is set to `True` in the Microsoft 365 admin center.
|
# - Condition A: The `AuditDisabled` organizational setting is set to `True` in the Microsoft 365 admin center.
|
||||||
# - Condition B: Using PowerShell, the `AuditDisabled` property in the organization's configuration is set to `True`.
|
# - Condition B: Using PowerShell, the `AuditDisabled` property in the organization's configuration is set to `True`.
|
||||||
# - Condition C: Mailbox auditing is not enabled by default at the organizational level.
|
# - Condition C: Mailbox auditing is not enabled by default at the organizational level.
|
||||||
|
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "6.1.1"
|
$recnum = "6.1.1"
|
||||||
|
Write-Verbose "Running Test-AuditDisabledFalse for $recnum..."
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
|
# 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
|
||||||
|
|
||||||
# Retrieve the AuditDisabled configuration (Condition B)
|
# Retrieve the AuditDisabled configuration (Condition B)
|
||||||
$auditNotDisabled = Get-CISExoOutput -Rec $recnum
|
$auditNotDisabled = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $auditNotDisabled) {
|
$failureReasons = if (-not $auditNotDisabled) {
|
||||||
"AuditDisabled is set to True" # Condition A Fail
|
"AuditDisabled is set to True" # Condition A Fail
|
||||||
@@ -44,14 +39,12 @@ function Test-AuditDisabledFalse {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
$details = if ($auditNotDisabled) {
|
$details = if ($auditNotDisabled) {
|
||||||
"Audit is not disabled organizationally" # Condition C Pass
|
"Audit is not disabled organizationally" # Condition C Pass
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
"Audit is disabled organizationally" # Condition C Fail
|
"Audit is disabled organizationally" # Condition C Fail
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -67,7 +60,6 @@ function Test-AuditDisabledFalse {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,23 +5,20 @@ function Test-AuditLogSearch {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "3.1.1"
|
$recnum = "3.1.1"
|
||||||
|
Write-Verbose "Running Test-AuditLogSearch for $recnum..."
|
||||||
<#
|
<#
|
||||||
Conditions for 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
Conditions for 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
||||||
|
|
||||||
Validate test for a pass:
|
Validate test for a pass:
|
||||||
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
- Condition A: Audit log search is enabled in the Microsoft Purview compliance portal.
|
- Condition A: Audit log search is enabled in the Microsoft Purview compliance portal.
|
||||||
- Condition B: The audit log retains user and admin activity for 90 days.
|
- Condition B: The audit log retains user and admin activity for 90 days.
|
||||||
- Condition C: Audit log search capabilities are functional (search results are displayed for activities within the past 30 days).
|
- Condition C: Audit log search capabilities are functional (search results are displayed for activities within the past 30 days).
|
||||||
|
|
||||||
Validate test for a fail:
|
Validate test for a fail:
|
||||||
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
@@ -30,14 +27,10 @@ function Test-AuditLogSearch {
|
|||||||
- Condition C: Audit log search capabilities are non-functional (no search results are displayed for activities within the past 30 days).
|
- Condition C: Audit log search capabilities are non-functional (no search results are displayed for activities within the past 30 days).
|
||||||
#>
|
#>
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
# 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
# 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
||||||
|
|
||||||
$auditLogResult = Get-CISExoOutput -Rec $recnum
|
$auditLogResult = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $auditLogResult) {
|
$failureReasons = if (-not $auditLogResult) {
|
||||||
# Condition A (Fail): Audit log search is not enabled in the Microsoft Purview compliance portal
|
# Condition A (Fail): Audit log search is not enabled in the Microsoft Purview compliance portal
|
||||||
@@ -46,7 +39,6 @@ function Test-AuditLogSearch {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
$details = if ($auditLogResult) {
|
$details = if ($auditLogResult) {
|
||||||
# Condition A (Pass): Audit log search is enabled in the Microsoft Purview compliance portal
|
# Condition A (Pass): Audit log search is enabled in the Microsoft Purview compliance portal
|
||||||
"UnifiedAuditLogIngestionEnabled: True"
|
"UnifiedAuditLogIngestionEnabled: True"
|
||||||
@@ -54,7 +46,6 @@ function Test-AuditLogSearch {
|
|||||||
else {
|
else {
|
||||||
"UnifiedAuditLogIngestionEnabled: False"
|
"UnifiedAuditLogIngestionEnabled: False"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -70,9 +61,8 @@ function Test-AuditLogSearch {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -4,23 +4,20 @@ function Test-BlockMailForwarding {
|
|||||||
param (
|
param (
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "6.2.1"
|
$recnum = "6.2.1"
|
||||||
|
Write-Verbose "Running Test-BlockMailForwarding for $recnum..."
|
||||||
<#
|
<#
|
||||||
Conditions for 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
|
Conditions for 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
|
||||||
|
|
||||||
Validate test for a pass:
|
Validate test for a pass:
|
||||||
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
- Condition A: Transport rules do not forward email to external domains.
|
- Condition A: Transport rules do not forward email to external domains.
|
||||||
- Condition B: Anti-spam outbound policy is configured to disable automatic email forwarding to external domains.
|
- Condition B: Anti-spam outbound policy is configured to disable automatic email forwarding to external domains.
|
||||||
- Condition C: No exceptions to the forwarding rules unless explicitly defined by organizational policy.
|
- Condition C: No exceptions to the forwarding rules unless explicitly defined by organizational policy.
|
||||||
|
|
||||||
Validate test for a fail:
|
Validate test for a fail:
|
||||||
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
@@ -29,26 +26,20 @@ function Test-BlockMailForwarding {
|
|||||||
- Condition C: Unapproved exceptions to the forwarding rules are present.
|
- Condition C: Unapproved exceptions to the forwarding rules are present.
|
||||||
#>
|
#>
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
|
# 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
|
||||||
|
|
||||||
# Step 1: Retrieve the transport rules that redirect messages
|
# Step 1: Retrieve the transport rules that redirect messages
|
||||||
$transportRules,$nonCompliantSpamPolicies = Get-CISExoOutput -Rec $recnum
|
$transportRules,$nonCompliantSpamPolicies = Get-CISExoOutput -Rec $recnum
|
||||||
$transportForwardingBlocked = $transportRules.Count -eq 0
|
$transportForwardingBlocked = $transportRules.Count -eq 0
|
||||||
|
|
||||||
# Step 2: Check all anti-spam outbound policies
|
# Step 2: Check all anti-spam outbound policies
|
||||||
$nonCompliantSpamPoliciesArray = @($nonCompliantSpamPolicies)
|
$nonCompliantSpamPoliciesArray = @($nonCompliantSpamPolicies)
|
||||||
$spamForwardingBlocked = $nonCompliantSpamPoliciesArray.Count -eq 0
|
$spamForwardingBlocked = $nonCompliantSpamPoliciesArray.Count -eq 0
|
||||||
|
|
||||||
# Determine overall compliance
|
# Determine overall compliance
|
||||||
$forwardingBlocked = $transportForwardingBlocked -and $spamForwardingBlocked
|
$forwardingBlocked = $transportForwardingBlocked -and $spamForwardingBlocked
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = @()
|
$failureReasons = @()
|
||||||
$details = @()
|
$details = @()
|
||||||
|
|
||||||
if ($transportRules -ne 1) {
|
if ($transportRules -ne 1) {
|
||||||
# Fail Condition A
|
# Fail Condition A
|
||||||
$failureReasons += "Mail forwarding rules found: $($transportRules.Name -join ', ')"
|
$failureReasons += "Mail forwarding rules found: $($transportRules.Name -join ', ')"
|
||||||
@@ -58,7 +49,6 @@ function Test-BlockMailForwarding {
|
|||||||
}
|
}
|
||||||
$details += "`n"
|
$details += "`n"
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($nonCompliantSpamPoliciesArray.Count -gt 0) {
|
if ($nonCompliantSpamPoliciesArray.Count -gt 0) {
|
||||||
# Fail Condition B
|
# Fail Condition B
|
||||||
$failureReasons += "Outbound spam policies allowing automatic forwarding found."
|
$failureReasons += "Outbound spam policies allowing automatic forwarding found."
|
||||||
@@ -67,7 +57,6 @@ function Test-BlockMailForwarding {
|
|||||||
"$($_.Name)|$($_.AutoForwardingMode)"
|
"$($_.Name)|$($_.AutoForwardingMode)"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($failureReasons.Count -eq 0) {
|
if ($failureReasons.Count -eq 0) {
|
||||||
$failureReasons = "N/A"
|
$failureReasons = "N/A"
|
||||||
$details = "Both transport rules and outbound spam policies are configured correctly to block forwarding."
|
$details = "Both transport rules and outbound spam policies are configured correctly to block forwarding."
|
||||||
@@ -76,7 +65,6 @@ function Test-BlockMailForwarding {
|
|||||||
$failureReasons = $failureReasons -join " | "
|
$failureReasons = $failureReasons -join " | "
|
||||||
$details = $details -join "`n"
|
$details = $details -join "`n"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Populate the audit result
|
# Populate the audit result
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -92,9 +80,8 @@ function Test-BlockMailForwarding {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -8,7 +8,6 @@ function Test-BlockSharedMailboxSignIn {
|
|||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "1.2.2"
|
$recnum = "1.2.2"
|
||||||
Write-Verbose "Running Test-BlockSharedMailboxSignIn for $recnum..."
|
Write-Verbose "Running Test-BlockSharedMailboxSignIn for $recnum..."
|
||||||
@@ -26,7 +25,6 @@ function Test-BlockSharedMailboxSignIn {
|
|||||||
# - Condition A: One or more shared mailboxes have the "Sign-in blocked" option enabled in the properties pane on the Microsoft 365 admin center.
|
# - Condition A: One or more shared mailboxes have the "Sign-in blocked" option enabled in the properties pane on the Microsoft 365 admin center.
|
||||||
# - Condition B: Using PowerShell, the `AccountEnabled` property for one or more shared mailboxes is set to `True`.
|
# - Condition B: Using PowerShell, the `AccountEnabled` property for one or more shared mailboxes is set to `True`.
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Step: Retrieve shared mailbox details
|
# Step: Retrieve shared mailbox details
|
||||||
@@ -63,11 +61,9 @@ function Test-BlockSharedMailboxSignIn {
|
|||||||
$users = Get-CISAadOutput -Rec $recnum
|
$users = Get-CISAadOutput -Rec $recnum
|
||||||
# Step: Retrieve details of shared mailboxes from Azure AD (Condition B: Pass/Fail)
|
# Step: Retrieve details of shared mailboxes from Azure AD (Condition B: Pass/Fail)
|
||||||
$sharedMailboxDetails = $users | Where-Object {$_.objectid -in $objectids}
|
$sharedMailboxDetails = $users | Where-Object {$_.objectid -in $objectids}
|
||||||
|
|
||||||
# Step: Identify enabled mailboxes (Condition B: Pass/Fail)
|
# Step: Identify enabled mailboxes (Condition B: Pass/Fail)
|
||||||
$enabledMailboxes = $sharedMailboxDetails | Where-Object { $_.AccountEnabled } | ForEach-Object { $_.DisplayName }
|
$enabledMailboxes = $sharedMailboxDetails | Where-Object { $_.AccountEnabled } | ForEach-Object { $_.DisplayName }
|
||||||
$allBlocked = $enabledMailboxes.Count -eq 0
|
$allBlocked = $enabledMailboxes.Count -eq 0
|
||||||
|
|
||||||
# Step: Determine failure reasons based on enabled mailboxes (Condition A & B: Fail)
|
# Step: Determine failure reasons based on enabled mailboxes (Condition A & B: Fail)
|
||||||
$failureReasons = if (-not $allBlocked) {
|
$failureReasons = if (-not $allBlocked) {
|
||||||
"Some mailboxes have sign-in enabled (AccountEnabled:True):`n$($enabledMailboxes -join ', ')"
|
"Some mailboxes have sign-in enabled (AccountEnabled:True):`n$($enabledMailboxes -join ', ')"
|
||||||
@@ -75,7 +71,6 @@ function Test-BlockSharedMailboxSignIn {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Step: Prepare details for the audit result (Condition A & B: Pass/Fail)
|
# Step: Prepare details for the audit result (Condition A & B: Pass/Fail)
|
||||||
$details = if ($allBlocked) {
|
$details = if ($allBlocked) {
|
||||||
"All shared mailboxes have sign-in blocked."
|
"All shared mailboxes have sign-in blocked."
|
||||||
@@ -83,7 +78,6 @@ function Test-BlockSharedMailboxSignIn {
|
|||||||
else {
|
else {
|
||||||
"AccountEnabled set to True Mailboxes: $($enabledMailboxes -join ', ')"
|
"AccountEnabled set to True Mailboxes: $($enabledMailboxes -join ', ')"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Step: Create and populate the CISAuditResult object
|
# Step: Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -99,7 +93,6 @@ function Test-BlockSharedMailboxSignIn {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,7 +5,6 @@ function Test-CommonAttachmentFilter {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
<#
|
<#
|
||||||
Conditions for 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
|
Conditions for 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
|
||||||
|
|||||||
@@ -29,7 +29,6 @@ function Test-CustomerLockbox {
|
|||||||
# - Condition B: Using the SecureScore portal, the Customer Lockbox feature is not enabled.
|
# - Condition B: Using the SecureScore portal, the Customer Lockbox feature is not enabled.
|
||||||
# - Condition C: Using PowerShell, the Customer Lockbox feature is not set to `True`.
|
# - Condition C: Using PowerShell, the Customer Lockbox feature is not set to `True`.
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Step: Retrieve the organization configuration (Condition C: Pass/Fail)
|
# Step: Retrieve the organization configuration (Condition C: Pass/Fail)
|
||||||
@@ -43,7 +42,6 @@ function Test-CustomerLockbox {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Step: Prepare details for the audit result (Condition A, B, & C: Pass/Fail)
|
# Step: Prepare details for the audit result (Condition A, B, & C: Pass/Fail)
|
||||||
$details = if ($customerLockboxEnabled) {
|
$details = if ($customerLockboxEnabled) {
|
||||||
"Customer Lockbox Enabled: True"
|
"Customer Lockbox Enabled: True"
|
||||||
@@ -51,7 +49,6 @@ function Test-CustomerLockbox {
|
|||||||
else {
|
else {
|
||||||
"Customer Lockbox Enabled: False"
|
"Customer Lockbox Enabled: False"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Step: Create and populate the CISAuditResult object
|
# Step: Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -67,7 +64,6 @@ function Test-CustomerLockbox {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,11 +5,9 @@ function Test-ExternalSharingCalendars {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "1.3.3"
|
$recnum = "1.3.3"
|
||||||
Write-Verbose "Running Test-ExternalSharingCalendars for $recnum..."
|
Write-Verbose "Running Test-ExternalSharingCalendars for $recnum..."
|
||||||
@@ -27,7 +25,6 @@ function Test-ExternalSharingCalendars {
|
|||||||
# - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled.
|
# - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled.
|
||||||
# - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`.
|
# - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`.
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Step: Retrieve sharing policies related to calendar sharing
|
# Step: Retrieve sharing policies related to calendar sharing
|
||||||
@@ -87,7 +84,6 @@ function Test-ExternalSharingCalendars {
|
|||||||
else {
|
else {
|
||||||
"Enabled Sharing Policies:`n$($sharingPolicyDetails -join ', ')"
|
"Enabled Sharing Policies:`n$($sharingPolicyDetails -join ', ')"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Step: Create and populate the CISAuditResult object
|
# Step: Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -103,7 +99,6 @@ function Test-ExternalSharingCalendars {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -9,10 +9,9 @@ function Test-IdentifyExternalEmail {
|
|||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "6.2.3"
|
$recnum = "6.2.3"
|
||||||
|
Write-Verbose "Running Test-IdentifyExternalEmail for $recnum..."
|
||||||
# Conditions for 6.2.3 (L1) Ensure email from external senders is identified
|
# Conditions for 6.2.3 (L1) Ensure email from external senders is identified
|
||||||
#
|
#
|
||||||
# Validate test for a pass:
|
# Validate test for a pass:
|
||||||
@@ -29,16 +28,12 @@ function Test-IdentifyExternalEmail {
|
|||||||
# - Condition B: The BypassAllowList contains unauthorized email addresses.
|
# - Condition B: The BypassAllowList contains unauthorized email addresses.
|
||||||
# - Condition C: External sender tag does not appear in email messages received from external sources.
|
# - Condition C: External sender tag does not appear in email messages received from external sources.
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
# 6.2.3 (L1) Ensure email from external senders is identified
|
# 6.2.3 (L1) Ensure email from external senders is identified
|
||||||
|
|
||||||
# Retrieve external sender tagging configuration
|
# Retrieve external sender tagging configuration
|
||||||
$externalInOutlook = Get-CISExoOutput -Rec $recnum
|
$externalInOutlook = Get-CISExoOutput -Rec $recnum
|
||||||
$externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
|
$externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $externalTaggingEnabled) {
|
$failureReasons = if (-not $externalTaggingEnabled) {
|
||||||
# Condition A: External tagging is not enabled using PowerShell for all identities.
|
# Condition A: External tagging is not enabled using PowerShell for all identities.
|
||||||
@@ -47,10 +42,8 @@ function Test-IdentifyExternalEmail {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Details for external tagging configuration
|
# Details for external tagging configuration
|
||||||
$details = "Enabled: $($externalTaggingEnabled); AllowList: $($externalInOutlook.AllowList)"
|
$details = "Enabled: $($externalTaggingEnabled); AllowList: $($externalInOutlook.AllowList)"
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -66,7 +59,6 @@ function Test-IdentifyExternalEmail {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,15 +5,12 @@ function Test-MailTipsEnabled {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
|
|
||||||
$auditResult = [CISAuditResult]::new()
|
|
||||||
$recnum = "6.5.2"
|
$recnum = "6.5.2"
|
||||||
|
Write-Verbose "Running Test-MailTipsEnabled for $recnum..."
|
||||||
# Conditions for 6.5.2 (L2) Ensure MailTips are enabled for end users
|
# Conditions for 6.5.2 (L2) Ensure MailTips are enabled for end users
|
||||||
#
|
#
|
||||||
# Validate test for a pass:
|
# Validate test for a pass:
|
||||||
@@ -32,18 +29,14 @@ function Test-MailTipsEnabled {
|
|||||||
# - Condition C: MailTipsGroupMetricsEnabled is not set to True.
|
# - Condition C: MailTipsGroupMetricsEnabled is not set to True.
|
||||||
# - Condition D: MailTipsLargeAudienceThreshold is not set to an acceptable value (default is 25).
|
# - Condition D: MailTipsLargeAudienceThreshold is not set to an acceptable value (default is 25).
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 6.5.2 (L2) Ensure MailTips are enabled for end users
|
# 6.5.2 (L2) Ensure MailTips are enabled for end users
|
||||||
|
|
||||||
# Retrieve organization configuration for MailTips settings
|
# Retrieve organization configuration for MailTips settings
|
||||||
$orgConfig = Get-CISExoOutput -Rec $recnum
|
$orgConfig = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Check the MailTips settings (Conditions A, B, C, D)
|
# Check the MailTips settings (Conditions A, B, C, D)
|
||||||
$allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25
|
$allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25
|
||||||
$externalRecipientsTipsEnabled = $orgConfig.MailTipsExternalRecipientsTipsEnabled
|
$externalRecipientsTipsEnabled = $orgConfig.MailTipsExternalRecipientsTipsEnabled
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not ($allTipsEnabled -and $externalRecipientsTipsEnabled)) {
|
$failureReasons = if (-not ($allTipsEnabled -and $externalRecipientsTipsEnabled)) {
|
||||||
"One or more MailTips settings are not configured as required."
|
"One or more MailTips settings are not configured as required."
|
||||||
@@ -51,14 +44,12 @@ function Test-MailTipsEnabled {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
$details = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) {
|
$details = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) {
|
||||||
"MailTipsAllTipsEnabled: $($orgConfig.MailTipsAllTipsEnabled); MailTipsExternalRecipientsTipsEnabled: $($orgConfig.MailTipsExternalRecipientsTipsEnabled); MailTipsGroupMetricsEnabled: $($orgConfig.MailTipsGroupMetricsEnabled); MailTipsLargeAudienceThreshold: $($orgConfig.MailTipsLargeAudienceThreshold)"
|
"MailTipsAllTipsEnabled: $($orgConfig.MailTipsAllTipsEnabled); MailTipsExternalRecipientsTipsEnabled: $($orgConfig.MailTipsExternalRecipientsTipsEnabled); MailTipsGroupMetricsEnabled: $($orgConfig.MailTipsGroupMetricsEnabled); MailTipsLargeAudienceThreshold: $($orgConfig.MailTipsLargeAudienceThreshold)"
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
"One or more MailTips settings are not configured as required."
|
"One or more MailTips settings are not configured as required."
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -74,7 +65,6 @@ function Test-MailTipsEnabled {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -4,11 +4,9 @@ function Test-MailboxAuditingE3 {
|
|||||||
param (
|
param (
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
<#
|
<#
|
||||||
Conditions for 6.1.2 (L1) Ensure mailbox auditing for E3 users is Enabled
|
Conditions for 6.1.2 (L1) Ensure mailbox auditing for E3 users is Enabled
|
||||||
|
|
||||||
Validate test for a pass:
|
Validate test for a pass:
|
||||||
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
@@ -16,7 +14,6 @@ function Test-MailboxAuditingE3 {
|
|||||||
- Condition B: The `AuditAdmin` actions include `ApplyRecord`, `Create`, `HardDelete`, `MoveToDeletedItems`, `SendAs`, `SendOnBehalf`, `SoftDelete`, `Update`, `UpdateCalendarDelegation`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
- Condition B: The `AuditAdmin` actions include `ApplyRecord`, `Create`, `HardDelete`, `MoveToDeletedItems`, `SendAs`, `SendOnBehalf`, `SoftDelete`, `Update`, `UpdateCalendarDelegation`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
||||||
- Condition C: The `AuditDelegate` actions include `ApplyRecord`, `Create`, `HardDelete`, `MoveToDeletedItems`, `SendAs`, `SendOnBehalf`, `SoftDelete`, `Update`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
- Condition C: The `AuditDelegate` actions include `ApplyRecord`, `Create`, `HardDelete`, `MoveToDeletedItems`, `SendAs`, `SendOnBehalf`, `SoftDelete`, `Update`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
||||||
- Condition D: The `AuditOwner` actions include `ApplyRecord`, `HardDelete`, `MoveToDeletedItems`, `SoftDelete`, `Update`, `UpdateCalendarDelegation`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
- Condition D: The `AuditOwner` actions include `ApplyRecord`, `HardDelete`, `MoveToDeletedItems`, `SoftDelete`, `Update`, `UpdateCalendarDelegation`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
||||||
|
|
||||||
Validate test for a fail:
|
Validate test for a fail:
|
||||||
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
@@ -25,24 +22,19 @@ function Test-MailboxAuditingE3 {
|
|||||||
- Condition C: The `AuditDelegate` actions do not include `ApplyRecord`, `Create`, `HardDelete`, `MoveToDeletedItems`, `SendAs`, `SendOnBehalf`, `SoftDelete`, `Update`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
- Condition C: The `AuditDelegate` actions do not include `ApplyRecord`, `Create`, `HardDelete`, `MoveToDeletedItems`, `SendAs`, `SendOnBehalf`, `SoftDelete`, `Update`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
||||||
- Condition D: The `AuditOwner` actions do not include `ApplyRecord`, `HardDelete`, `MoveToDeletedItems`, `SoftDelete`, `Update`, `UpdateCalendarDelegation`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
- Condition D: The `AuditOwner` actions do not include `ApplyRecord`, `HardDelete`, `MoveToDeletedItems`, `SoftDelete`, `Update`, `UpdateCalendarDelegation`, `UpdateFolderPermissions`, and `UpdateInboxRules`.
|
||||||
#>
|
#>
|
||||||
|
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
|
|
||||||
$actionDictionaries = Get-Action -Dictionaries
|
$actionDictionaries = Get-Action -Dictionaries
|
||||||
# E3 specific actions
|
# E3 specific actions
|
||||||
$AdminActions = $actionDictionaries.AdminActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
|
$AdminActions = $actionDictionaries.AdminActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
|
||||||
$DelegateActions = $actionDictionaries.DelegateActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed") }
|
$DelegateActions = $actionDictionaries.DelegateActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed") }
|
||||||
$OwnerActions = $actionDictionaries.OwnerActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
|
$OwnerActions = $actionDictionaries.OwnerActions.Keys | Where-Object { $_ -notin @("MailItemsAccessed", "Send") }
|
||||||
|
|
||||||
$allFailures = @()
|
$allFailures = @()
|
||||||
$recnum = "6.1.2"
|
$recnum = "6.1.2"
|
||||||
|
Write-Verbose "Running Test-MailboxAuditingE3 for $recnum..."
|
||||||
$allUsers = Get-CISMgOutput -Rec $recnum
|
$allUsers = Get-CISMgOutput -Rec $recnum
|
||||||
$processedUsers = @{} # Dictionary to track processed users
|
$processedUsers = @{} # Dictionary to track processed users
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
if ($null -ne $allUsers) {
|
if ($null -ne $allUsers) {
|
||||||
$mailboxes = Get-CISExoOutput -Rec $recnum
|
$mailboxes = Get-CISExoOutput -Rec $recnum
|
||||||
@@ -52,14 +44,11 @@ function Test-MailboxAuditingE3 {
|
|||||||
Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
|
Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
$userUPN = $user.UserPrincipalName
|
$userUPN = $user.UserPrincipalName
|
||||||
$mailbox = $mailboxes | Where-Object { $_.UserPrincipalName -eq $user.UserPrincipalName }
|
$mailbox = $mailboxes | Where-Object { $_.UserPrincipalName -eq $user.UserPrincipalName }
|
||||||
|
|
||||||
$missingAdminActions = @()
|
$missingAdminActions = @()
|
||||||
$missingDelegateActions = @()
|
$missingDelegateActions = @()
|
||||||
$missingOwnerActions = @()
|
$missingOwnerActions = @()
|
||||||
|
|
||||||
if ($mailbox.AuditEnabled) {
|
if ($mailbox.AuditEnabled) {
|
||||||
foreach ($action in $AdminActions) {
|
foreach ($action in $AdminActions) {
|
||||||
if ($mailbox.AuditAdmin -notcontains $action) {
|
if ($mailbox.AuditAdmin -notcontains $action) {
|
||||||
@@ -76,7 +65,6 @@ function Test-MailboxAuditingE3 {
|
|||||||
$missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner")
|
$missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
|
if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
|
||||||
$allFailures += "$userUPN|True|$($missingAdminActions -join ',')|$($missingDelegateActions -join ',')|$($missingOwnerActions -join ',')"
|
$allFailures += "$userUPN|True|$($missingAdminActions -join ',')|$($missingDelegateActions -join ',')|$($missingOwnerActions -join ',')"
|
||||||
}
|
}
|
||||||
@@ -84,11 +72,9 @@ function Test-MailboxAuditingE3 {
|
|||||||
else {
|
else {
|
||||||
$allFailures += "$userUPN|False|||" # Condition A for fail
|
$allFailures += "$userUPN|False|||" # Condition A for fail
|
||||||
}
|
}
|
||||||
|
|
||||||
# Mark the user as processed
|
# Mark the user as processed
|
||||||
$processedUsers[$user.UserPrincipalName] = $true
|
$processedUsers[$user.UserPrincipalName] = $true
|
||||||
}
|
}
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
if ($allFailures.Count -eq 0) {
|
if ($allFailures.Count -eq 0) {
|
||||||
$failureReasons = "N/A"
|
$failureReasons = "N/A"
|
||||||
@@ -102,7 +88,6 @@ function Test-MailboxAuditingE3 {
|
|||||||
else {
|
else {
|
||||||
"UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n")
|
"UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing`n" + ($allFailures -join "`n")
|
||||||
}
|
}
|
||||||
|
|
||||||
# Populate the audit result
|
# Populate the audit result
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -115,13 +100,10 @@ function Test-MailboxAuditingE3 {
|
|||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Error "An error occurred during the test: $_"
|
Write-Error "An error occurred during the test: $_"
|
||||||
|
|
||||||
# Retrieve the description from the test definitions
|
# Retrieve the description from the test definitions
|
||||||
$testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
|
$testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
|
||||||
$description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
|
$description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
|
||||||
|
|
||||||
$script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
|
$script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
|
||||||
|
|
||||||
# Call Initialize-CISAuditResult with error parameters
|
# Call Initialize-CISAuditResult with error parameters
|
||||||
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
|
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
|
||||||
}
|
}
|
||||||
@@ -137,15 +119,12 @@ function Test-MailboxAuditingE3 {
|
|||||||
$auditResult = Initialize-CISAuditResult @params
|
$auditResult = Initialize-CISAuditResult @params
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
$detailsLength = $details.Length
|
$detailsLength = $details.Length
|
||||||
Write-Verbose "Character count of the details: $detailsLength"
|
Write-Verbose "Character count of the details: $detailsLength"
|
||||||
|
|
||||||
if ($detailsLength -gt 32767) {
|
if ($detailsLength -gt 32767) {
|
||||||
Write-Verbose "Warning: The character count exceeds the limit for Excel cells."
|
Write-Verbose "Warning: The character count exceeds the limit for Excel cells."
|
||||||
}
|
}
|
||||||
|
|
||||||
return $auditResult
|
return $auditResult
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,11 +4,9 @@ function Test-MailboxAuditingE5 {
|
|||||||
param (
|
param (
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Conditions for 6.1.3 (L1) Ensure mailbox auditing for E5 users is Enabled
|
# Conditions for 6.1.3 (L1) Ensure mailbox auditing for E5 users is Enabled
|
||||||
#
|
#
|
||||||
# Validate test for a pass:
|
# Validate test for a pass:
|
||||||
@@ -26,18 +24,16 @@ function Test-MailboxAuditingE5 {
|
|||||||
# - Condition B: AuditAdmin actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SendAs, SendOnBehalf, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules.
|
# - Condition B: AuditAdmin actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SendAs, SendOnBehalf, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules.
|
||||||
# - Condition C: AuditDelegate actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, SendAs, SendOnBehalf, SoftDelete, Update, UpdateFolderPermissions, UpdateInboxRules.
|
# - Condition C: AuditDelegate actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, SendAs, SendOnBehalf, SoftDelete, Update, UpdateFolderPermissions, UpdateInboxRules.
|
||||||
# - Condition D: AuditOwner actions do not include all of the following: ApplyRecord, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules.
|
# - Condition D: AuditOwner actions do not include all of the following: ApplyRecord, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules.
|
||||||
|
|
||||||
$actionDictionaries = Get-Action -Dictionaries
|
$actionDictionaries = Get-Action -Dictionaries
|
||||||
$AdminActions = $actionDictionaries.AdminActions.Keys
|
$AdminActions = $actionDictionaries.AdminActions.Keys
|
||||||
$DelegateActions = $actionDictionaries.DelegateActions.Keys
|
$DelegateActions = $actionDictionaries.DelegateActions.Keys
|
||||||
$OwnerActions = $actionDictionaries.OwnerActions.Keys
|
$OwnerActions = $actionDictionaries.OwnerActions.Keys
|
||||||
|
|
||||||
$allFailures = @()
|
$allFailures = @()
|
||||||
$processedUsers = @{}
|
$processedUsers = @{}
|
||||||
$recnum = "6.1.3"
|
$recnum = "6.1.3"
|
||||||
|
Write-Verbose "Running Test-MailboxAuditingE5 for $recnum..."
|
||||||
$allUsers = Get-CISMgOutput -Rec $recnum
|
$allUsers = Get-CISMgOutput -Rec $recnum
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
if ($null -ne $allUsers) {
|
if ($null -ne $allUsers) {
|
||||||
$mailboxes = Get-CISExoOutput -Rec $recnum
|
$mailboxes = Get-CISExoOutput -Rec $recnum
|
||||||
@@ -47,14 +43,11 @@ function Test-MailboxAuditingE5 {
|
|||||||
Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
|
Write-Verbose "Skipping already processed user: $($user.UserPrincipalName)"
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
$mailbox = $mailboxes | Where-Object { $_.UserPrincipalName -eq $user.UserPrincipalName }
|
$mailbox = $mailboxes | Where-Object { $_.UserPrincipalName -eq $user.UserPrincipalName }
|
||||||
$userUPN = $user.UserPrincipalName
|
$userUPN = $user.UserPrincipalName
|
||||||
|
|
||||||
$missingAdminActions = @()
|
$missingAdminActions = @()
|
||||||
$missingDelegateActions = @()
|
$missingDelegateActions = @()
|
||||||
$missingOwnerActions = @()
|
$missingOwnerActions = @()
|
||||||
|
|
||||||
if ($mailbox.AuditEnabled) {
|
if ($mailbox.AuditEnabled) {
|
||||||
# Validate Admin actions
|
# Validate Admin actions
|
||||||
foreach ($action in $AdminActions) {
|
foreach ($action in $AdminActions) {
|
||||||
@@ -74,7 +67,6 @@ function Test-MailboxAuditingE5 {
|
|||||||
$missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner") # Condition D
|
$missingOwnerActions += (Get-Action -Actions $action -ActionType "Owner") # Condition D
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
|
if ($missingAdminActions.Count -gt 0 -or $missingDelegateActions.Count -gt 0 -or $missingOwnerActions.Count -gt 0) {
|
||||||
$allFailures += "$userUPN|True|$($missingAdminActions -join ',')|$($missingDelegateActions -join ',')|$($missingOwnerActions -join ',')"
|
$allFailures += "$userUPN|True|$($missingAdminActions -join ',')|$($missingDelegateActions -join ',')|$($missingOwnerActions -join ',')"
|
||||||
}
|
}
|
||||||
@@ -82,11 +74,9 @@ function Test-MailboxAuditingE5 {
|
|||||||
else {
|
else {
|
||||||
$allFailures += "$userUPN|False|||" # Condition A for fail
|
$allFailures += "$userUPN|False|||" # Condition A for fail
|
||||||
}
|
}
|
||||||
|
|
||||||
# Mark the user as processed
|
# Mark the user as processed
|
||||||
$processedUsers[$user.UserPrincipalName] = $true
|
$processedUsers[$user.UserPrincipalName] = $true
|
||||||
}
|
}
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
if ($allFailures.Count -eq 0) {
|
if ($allFailures.Count -eq 0) {
|
||||||
$failureReasons = "N/A"
|
$failureReasons = "N/A"
|
||||||
@@ -113,13 +103,10 @@ function Test-MailboxAuditingE5 {
|
|||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Error "An error occurred during the test: $_"
|
Write-Error "An error occurred during the test: $_"
|
||||||
|
|
||||||
# Retrieve the description from the test definitions
|
# Retrieve the description from the test definitions
|
||||||
$testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
|
$testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
|
||||||
$description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
|
$description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
|
||||||
|
|
||||||
$script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
|
$script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
|
||||||
|
|
||||||
# Call Initialize-CISAuditResult with error parameters
|
# Call Initialize-CISAuditResult with error parameters
|
||||||
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
|
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
|
||||||
}
|
}
|
||||||
@@ -135,15 +122,12 @@ function Test-MailboxAuditingE5 {
|
|||||||
$auditResult = Initialize-CISAuditResult @params
|
$auditResult = Initialize-CISAuditResult @params
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
$detailsLength = $details.Length
|
$detailsLength = $details.Length
|
||||||
Write-Verbose "Character count of the details: $detailsLength"
|
Write-Verbose "Character count of the details: $detailsLength"
|
||||||
|
|
||||||
if ($detailsLength -gt 32767) {
|
if ($detailsLength -gt 32767) {
|
||||||
Write-Verbose "Warning: The character count exceeds the limit for Excel cells."
|
Write-Verbose "Warning: The character count exceeds the limit for Excel cells."
|
||||||
}
|
}
|
||||||
|
|
||||||
return $auditResult
|
return $auditResult
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -5,11 +5,9 @@ function Test-ModernAuthExchangeOnline {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Define your parameters here
|
# Define your parameters here
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Conditions for 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
|
# Conditions for 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
|
||||||
#
|
#
|
||||||
# Validate test for a pass:
|
# Validate test for a pass:
|
||||||
@@ -25,17 +23,14 @@ function Test-ModernAuthExchangeOnline {
|
|||||||
# - Condition A: Modern authentication for Exchange Online is not enabled.
|
# - Condition A: Modern authentication for Exchange Online is not enabled.
|
||||||
# - Condition B: Exchange Online clients do not use modern authentication to log in to Microsoft 365 mailboxes.
|
# - Condition B: Exchange Online clients do not use modern authentication to log in to Microsoft 365 mailboxes.
|
||||||
# - Condition C: Users of older email clients, such as Outlook 2013 and Outlook 2016, are still able to authenticate to Exchange using Basic Authentication.
|
# - Condition C: Users of older email clients, such as Outlook 2013 and Outlook 2016, are still able to authenticate to Exchange using Basic Authentication.
|
||||||
|
|
||||||
$recnum = "6.5.1"
|
$recnum = "6.5.1"
|
||||||
|
Write-Verbose "Running Test-ModernAuthExchangeOnline for $recnum..."
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
|
# 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
|
||||||
|
|
||||||
# Check modern authentication setting in Exchange Online configuration (Condition A and B)
|
# Check modern authentication setting in Exchange Online configuration (Condition A and B)
|
||||||
$orgConfig = Get-CISExoOutput -Rec $recnum
|
$orgConfig = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) {
|
$failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) {
|
||||||
"Modern authentication is disabled"
|
"Modern authentication is disabled"
|
||||||
@@ -43,10 +38,8 @@ function Test-ModernAuthExchangeOnline {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Details include the current setting (Condition A and B)
|
# Details include the current setting (Condition A and B)
|
||||||
$details = "OAuth2ClientProfileEnabled: $($orgConfig.OAuth2ClientProfileEnabled) for Organization: $($orgConfig.Name)"
|
$details = "OAuth2ClientProfileEnabled: $($orgConfig.OAuth2ClientProfileEnabled) for Organization: $($orgConfig.Name)"
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -56,15 +49,12 @@ function Test-ModernAuthExchangeOnline {
|
|||||||
FailureReason = $failureReasons
|
FailureReason = $failureReasons
|
||||||
}
|
}
|
||||||
$auditResult = Initialize-CISAuditResult @params
|
$auditResult = Initialize-CISAuditResult @params
|
||||||
|
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
$LastError = $_
|
$LastError = $_
|
||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,24 +5,20 @@ function Test-NoWhitelistDomains {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Define your parameters here
|
# Define your parameters here
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "6.2.2"
|
$recnum = "6.2.2"
|
||||||
|
Write-Verbose "Running Test-NoWhitelistDomains for $recnum..."
|
||||||
<#
|
<#
|
||||||
Conditions for 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains (Automated)
|
Conditions for 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains (Automated)
|
||||||
|
|
||||||
Validate test for a pass:
|
Validate test for a pass:
|
||||||
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
- Condition A: No mail transport rules whitelist any specific domains.
|
- Condition A: No mail transport rules whitelist any specific domains.
|
||||||
- Condition B: Verification of mail transport rules using PowerShell shows no domains are whitelisted.
|
- Condition B: Verification of mail transport rules using PowerShell shows no domains are whitelisted.
|
||||||
- Condition C: Manual review in Exchange Online admin center confirms no whitelisted domains in transport rules.
|
- Condition C: Manual review in Exchange Online admin center confirms no whitelisted domains in transport rules.
|
||||||
|
|
||||||
Validate test for a fail:
|
Validate test for a fail:
|
||||||
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
@@ -31,11 +27,9 @@ function Test-NoWhitelistDomains {
|
|||||||
- Condition C: Manual review in Exchange Online admin center shows whitelisted domains in transport rules.
|
- Condition C: Manual review in Exchange Online admin center shows whitelisted domains in transport rules.
|
||||||
#>
|
#>
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
|
# 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
|
||||||
|
|
||||||
# Retrieve transport rules that whitelist specific domains
|
# Retrieve transport rules that whitelist specific domains
|
||||||
# Condition A: Checking for transport rules that whitelist specific domains
|
# Condition A: Checking for transport rules that whitelist specific domains
|
||||||
$whitelistedRules = Get-CISExoOutput -Rec $recnum
|
$whitelistedRules = Get-CISExoOutput -Rec $recnum
|
||||||
@@ -47,7 +41,6 @@ function Test-NoWhitelistDomains {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Condition C: Prepare details about the whitelisted rules if found
|
# Condition C: Prepare details about the whitelisted rules if found
|
||||||
$details = if ($whitelistedRules) {
|
$details = if ($whitelistedRules) {
|
||||||
$ruleDetails = $whitelistedRules | ForEach-Object { "{0}: {1}" -f $_.Name, ($_.SenderDomainIs -join ', ') }
|
$ruleDetails = $whitelistedRules | ForEach-Object { "{0}: {1}" -f $_.Name, ($_.SenderDomainIs -join ', ') }
|
||||||
@@ -56,7 +49,6 @@ function Test-NoWhitelistDomains {
|
|||||||
else {
|
else {
|
||||||
"No transport rules whitelisting specific domains found."
|
"No transport rules whitelisting specific domains found."
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -72,7 +64,6 @@ function Test-NoWhitelistDomains {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return auditResult
|
# Return auditResult
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,7 +5,6 @@ function Test-NotifyMalwareInternal {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Parameters can be added if needed
|
# Parameters can be added if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
<#
|
<#
|
||||||
# Conditions for 2.1.3 (L1) Ensure notifications for internal users sending malware is Enabled
|
# Conditions for 2.1.3 (L1) Ensure notifications for internal users sending malware is Enabled
|
||||||
@@ -22,14 +21,12 @@ function Test-NotifyMalwareInternal {
|
|||||||
# - Condition A: Notifications for internal users sending malware are not enabled in the Microsoft 365 Security & Compliance Center.
|
# - Condition A: Notifications for internal users sending malware are not enabled in the Microsoft 365 Security & Compliance Center.
|
||||||
# - Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `False` or does not include any valid email addresses for notifications.
|
# - Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `False` or does not include any valid email addresses for notifications.
|
||||||
#>
|
#>
|
||||||
|
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "2.1.3"
|
$recnum = "2.1.3"
|
||||||
Write-Verbose "Running Test-NotifyMalwareInternal for $recnum..."
|
Write-Verbose "Running Test-NotifyMalwareInternal for $recnum..."
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 2.1.3 Ensure notifications for internal users sending malware is Enabled
|
# 2.1.3 Ensure notifications for internal users sending malware is Enabled
|
||||||
@@ -51,7 +48,6 @@ function Test-NotifyMalwareInternal {
|
|||||||
)
|
)
|
||||||
#>
|
#>
|
||||||
$malwareNotifications = Get-CISExoOutput -Rec $recnum
|
$malwareNotifications = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications.
|
# Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications.
|
||||||
$policiesToReport = @()
|
$policiesToReport = @()
|
||||||
foreach ($policy in $malwareNotifications) {
|
foreach ($policy in $malwareNotifications) {
|
||||||
@@ -59,10 +55,8 @@ function Test-NotifyMalwareInternal {
|
|||||||
$policiesToReport += "$($policy.Identity): Notifications Disabled"
|
$policiesToReport += "$($policy.Identity): Notifications Disabled"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Determine the result based on the presence of custom policies without notifications
|
# Determine the result based on the presence of custom policies without notifications
|
||||||
$result = $policiesToReport.Count -eq 0
|
$result = $policiesToReport.Count -eq 0
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if ($result) {
|
$failureReasons = if ($result) {
|
||||||
"N/A"
|
"N/A"
|
||||||
@@ -71,14 +65,12 @@ function Test-NotifyMalwareInternal {
|
|||||||
# Condition A: Notifications for internal users sending malware are not enabled in the Microsoft 365 Security & Compliance Center.
|
# Condition A: Notifications for internal users sending malware are not enabled in the Microsoft 365 Security & Compliance Center.
|
||||||
"Some custom policies do not have notifications for internal users sending malware enabled."
|
"Some custom policies do not have notifications for internal users sending malware enabled."
|
||||||
}
|
}
|
||||||
|
|
||||||
$details = if ($result) {
|
$details = if ($result) {
|
||||||
"All custom malware policies have notifications enabled."
|
"All custom malware policies have notifications enabled."
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
"Misconfigured Policies: $($policiesToReport -join '`n')"
|
"Misconfigured Policies: $($policiesToReport -join '`n')"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -94,7 +86,6 @@ function Test-NotifyMalwareInternal {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,20 +5,17 @@ function Test-ReportSecurityInTeams {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Parameters can be defined here if needed
|
# Parameters can be defined here if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "8.6.1"
|
$recnum = "8.6.1"
|
||||||
|
Write-Verbose "Running Test-ReportSecurityInTeams for $recnum..."
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Test-ReportSecurityInTeams.ps1
|
# Test-ReportSecurityInTeams.ps1
|
||||||
# 8.6.1 (L1) Ensure users can report security concerns in Teams
|
# 8.6.1 (L1) Ensure users can report security concerns in Teams
|
||||||
|
|
||||||
# Retrieve the necessary settings for Teams and Exchange Online
|
# Retrieve the necessary settings for Teams and Exchange Online
|
||||||
# Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
|
# Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
|
||||||
$CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $recnum
|
$CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $recnum
|
||||||
@@ -35,7 +32,6 @@ function Test-ReportSecurityInTeams {
|
|||||||
$null -ne $ReportSubmissionPolicy.ReportPhishAddresses -and
|
$null -ne $ReportSubmissionPolicy.ReportPhishAddresses -and
|
||||||
$ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled -and
|
$ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled -and
|
||||||
-not $ReportSubmissionPolicy.ReportChatMessageEnabled
|
-not $ReportSubmissionPolicy.ReportChatMessageEnabled
|
||||||
|
|
||||||
$detailsString = @"
|
$detailsString = @"
|
||||||
The following settings are required for users to report security concerns in Teams:
|
The following settings are required for users to report security concerns in Teams:
|
||||||
|
|
||||||
@@ -75,7 +71,6 @@ ReportChatMessageToCustomizedAddressEnabled: True
|
|||||||
else {
|
else {
|
||||||
$faildetailstring
|
$faildetailstring
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -91,7 +86,6 @@ ReportChatMessageToCustomizedAddressEnabled: True
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,16 +5,14 @@ function Test-RestrictOutlookAddins {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Parameters could include credentials or other necessary data
|
# Parameters could include credentials or other necessary data
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Initialization code
|
# Initialization code
|
||||||
$defaultPolicyFailureDetails = @()
|
$defaultPolicyFailureDetails = @()
|
||||||
$relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps')
|
$relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps')
|
||||||
$recnum = "6.3.1"
|
$recnum = "6.3.1"
|
||||||
|
Write-Verbose "Running Test-RestrictOutlookAddins for $recnum..."
|
||||||
# Conditions for 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
|
# Conditions for 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
|
||||||
#
|
#
|
||||||
# Validate test for a pass:
|
# Validate test for a pass:
|
||||||
@@ -29,21 +27,17 @@ function Test-RestrictOutlookAddins {
|
|||||||
# - Condition A: One or more of the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are checked under Other roles.
|
# - Condition A: One or more of the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are checked under Other roles.
|
||||||
# - Condition B: Using PowerShell, verify that MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are assigned to users.
|
# - Condition B: Using PowerShell, verify that MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are assigned to users.
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
|
# 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
|
||||||
|
|
||||||
# Check all mailboxes for custom policies with unallowed add-ins
|
# Check all mailboxes for custom policies with unallowed add-ins
|
||||||
# Check Default Role Assignment Policy
|
# Check Default Role Assignment Policy
|
||||||
$customPolicyFailures, $defaultPolicy = Get-CISExoOutput -Rec $recnum
|
$customPolicyFailures, $defaultPolicy = Get-CISExoOutput -Rec $recnum
|
||||||
$defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
|
$defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
|
||||||
|
|
||||||
# Condition A: Verify that the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are unchecked under Other roles.
|
# Condition A: Verify that the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are unchecked under Other roles.
|
||||||
if ($defaultPolicyRoles) {
|
if ($defaultPolicyRoles) {
|
||||||
$defaultPolicyFailureDetails = $defaultPolicyRoles
|
$defaultPolicyFailureDetails = $defaultPolicyRoles
|
||||||
}
|
}
|
||||||
|
|
||||||
# Prepare result details string
|
# Prepare result details string
|
||||||
$detailsString = ""
|
$detailsString = ""
|
||||||
if ($customPolicyFailures) {
|
if ($customPolicyFailures) {
|
||||||
@@ -53,7 +47,6 @@ function Test-RestrictOutlookAddins {
|
|||||||
else {
|
else {
|
||||||
$detailsString += "Custom Policy Failures: None | "
|
$detailsString += "Custom Policy Failures: None | "
|
||||||
}
|
}
|
||||||
|
|
||||||
$detailsString += "Default Role Assignment Policy: "
|
$detailsString += "Default Role Assignment Policy: "
|
||||||
if ($defaultPolicyFailureDetails) {
|
if ($defaultPolicyFailureDetails) {
|
||||||
$detailsString += ($defaultPolicyFailureDetails -join ', ')
|
$detailsString += ($defaultPolicyFailureDetails -join ', ')
|
||||||
@@ -61,10 +54,8 @@ function Test-RestrictOutlookAddins {
|
|||||||
else {
|
else {
|
||||||
$detailsString += "Compliant"
|
$detailsString += "Compliant"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Determine result based on findings
|
# Determine result based on findings
|
||||||
$isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails)
|
$isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails)
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -80,7 +71,6 @@ function Test-RestrictOutlookAddins {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -5,7 +5,6 @@ function Test-RestrictStorageProvidersOutlook {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Parameters can be added here if needed
|
# Parameters can be added here if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
<#
|
<#
|
||||||
# 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
|
# 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
|
||||||
@@ -22,25 +21,21 @@ function Test-RestrictStorageProvidersOutlook {
|
|||||||
# - Condition A: Using PowerShell, verify that `AdditionalStorageProvidersAvailable` is not set to `False` in the OwaMailboxPolicy.
|
# - Condition A: Using PowerShell, verify that `AdditionalStorageProvidersAvailable` is not set to `False` in the OwaMailboxPolicy.
|
||||||
# - Condition B: Ensure that the command `Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable` does not return `False`.
|
# - Condition B: Ensure that the command `Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable` does not return `False`.
|
||||||
#>
|
#>
|
||||||
|
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "6.5.3"
|
$recnum = "6.5.3"
|
||||||
|
Write-Verbose "Running Test-RestrictStorageProvidersOutlook for $recnum..."
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
|
# 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
|
||||||
|
|
||||||
# Retrieve all OwaMailbox policies
|
# Retrieve all OwaMailbox policies
|
||||||
$owaPolicies = Get-CISExoOutput -Rec $recnum
|
$owaPolicies = Get-CISExoOutput -Rec $recnum
|
||||||
# Condition A: Check if AdditionalStorageProvidersAvailable is set to False
|
# Condition A: Check if AdditionalStorageProvidersAvailable is set to False
|
||||||
$nonCompliantPolicies = $owaPolicies | Where-Object { $_.AdditionalStorageProvidersAvailable }
|
$nonCompliantPolicies = $owaPolicies | Where-Object { $_.AdditionalStorageProvidersAvailable }
|
||||||
|
|
||||||
# Determine compliance
|
# Determine compliance
|
||||||
$allPoliciesRestricted = $nonCompliantPolicies.Count -eq 0
|
$allPoliciesRestricted = $nonCompliantPolicies.Count -eq 0
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if ($allPoliciesRestricted) {
|
$failureReasons = if ($allPoliciesRestricted) {
|
||||||
"N/A"
|
"N/A"
|
||||||
@@ -48,14 +43,12 @@ function Test-RestrictStorageProvidersOutlook {
|
|||||||
else {
|
else {
|
||||||
"One or more OwaMailbox policies allow AdditionalStorageProvidersAvailable."
|
"One or more OwaMailbox policies allow AdditionalStorageProvidersAvailable."
|
||||||
}
|
}
|
||||||
|
|
||||||
$details = if ($allPoliciesRestricted) {
|
$details = if ($allPoliciesRestricted) {
|
||||||
"All OwaMailbox policies restrict AdditionalStorageProvidersAvailable"
|
"All OwaMailbox policies restrict AdditionalStorageProvidersAvailable"
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
"Non-compliant OwaMailbox policies: $($nonCompliantPolicies.Name -join ', ')"
|
"Non-compliant OwaMailbox policies: $($nonCompliantPolicies.Name -join ', ')"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -71,7 +64,6 @@ function Test-RestrictStorageProvidersOutlook {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -2,7 +2,6 @@ function Test-SafeAttachmentsPolicy {
|
|||||||
[CmdletBinding()]
|
[CmdletBinding()]
|
||||||
[OutputType([CISAuditResult])]
|
[OutputType([CISAuditResult])]
|
||||||
param ()
|
param ()
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
$recnum = "2.1.4"
|
$recnum = "2.1.4"
|
||||||
Write-Verbose "Running Test-SafeAttachmentsPolicy for $recnum..."
|
Write-Verbose "Running Test-SafeAttachmentsPolicy for $recnum..."
|
||||||
@@ -13,7 +12,6 @@ function Test-SafeAttachmentsPolicy {
|
|||||||
- Check if the policy's action is set to 'Block'.
|
- Check if the policy's action is set to 'Block'.
|
||||||
- Confirm the QuarantineTag is set to 'AdminOnlyAccessPolicy'.
|
- Confirm the QuarantineTag is set to 'AdminOnlyAccessPolicy'.
|
||||||
- Verify that the Redirect setting is disabled.
|
- Verify that the Redirect setting is disabled.
|
||||||
|
|
||||||
Validate test for a fail:
|
Validate test for a fail:
|
||||||
- If the highest priority Safe Attachments policy's action is not set to 'Block'.
|
- If the highest priority Safe Attachments policy's action is not set to 'Block'.
|
||||||
- If the QuarantineTag is not set to 'AdminOnlyAccessPolicy'.
|
- If the QuarantineTag is not set to 'AdminOnlyAccessPolicy'.
|
||||||
@@ -55,11 +53,11 @@ function Test-SafeAttachmentsPolicy {
|
|||||||
# The result is a pass if there are no failure reasons
|
# The result is a pass if there are no failure reasons
|
||||||
$result = $failureReasons.Count -eq 0
|
$result = $failureReasons.Count -eq 0
|
||||||
$details = [PSCustomObject]@{
|
$details = [PSCustomObject]@{
|
||||||
Policy = $highestPriorityPolicy.Identity
|
Policy = $highestPriorityPolicy.Identity
|
||||||
Action = $highestPriorityPolicy.Action
|
Action = $highestPriorityPolicy.Action
|
||||||
QuarantineTag = $highestPriorityPolicy.QuarantineTag
|
QuarantineTag = $highestPriorityPolicy.QuarantineTag
|
||||||
Redirect = $highestPriorityPolicy.Redirect
|
Redirect = $highestPriorityPolicy.Redirect
|
||||||
Enabled = $highestPriorityPolicy.Enable
|
Enabled = $highestPriorityPolicy.Enable
|
||||||
}
|
}
|
||||||
# Format details for output manually
|
# Format details for output manually
|
||||||
$detailsString = "Policy|Action|QuarantineTag|Redirect|Enabled`n" + ($details |
|
$detailsString = "Policy|Action|QuarantineTag|Redirect|Enabled`n" + ($details |
|
||||||
|
|||||||
@@ -8,7 +8,6 @@ function Test-SafeAttachmentsTeams {
|
|||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|
||||||
# Conditions for 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
|
# Conditions for 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
|
||||||
#
|
#
|
||||||
# Validate test for a pass:
|
# Validate test for a pass:
|
||||||
@@ -24,7 +23,6 @@ function Test-SafeAttachmentsTeams {
|
|||||||
# - Condition A: Safe Attachments for SharePoint is not enabled.
|
# - Condition A: Safe Attachments for SharePoint is not enabled.
|
||||||
# - Condition B: Safe Attachments for OneDrive is not enabled.
|
# - Condition B: Safe Attachments for OneDrive is not enabled.
|
||||||
# - Condition C: Safe Attachments for Microsoft Teams is not enabled.
|
# - Condition C: Safe Attachments for Microsoft Teams is not enabled.
|
||||||
|
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "2.1.5"
|
$recnum = "2.1.5"
|
||||||
Write-Verbose "Running Test-SafeAttachmentsTeams for $recnum..."
|
Write-Verbose "Running Test-SafeAttachmentsTeams for $recnum..."
|
||||||
|
|||||||
@@ -5,7 +5,6 @@ function Test-SafeLinksOfficeApps {
|
|||||||
# Aligned
|
# Aligned
|
||||||
# Define your parameters here if needed
|
# Define your parameters here if needed
|
||||||
)
|
)
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
@@ -14,7 +13,6 @@ function Test-SafeLinksOfficeApps {
|
|||||||
Write-Verbose "Running Test-SafeLinksOfficeApps for $recnum..."
|
Write-Verbose "Running Test-SafeLinksOfficeApps for $recnum..."
|
||||||
<#
|
<#
|
||||||
Conditions for 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
Conditions for 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
||||||
|
|
||||||
Validate test for a pass:
|
Validate test for a pass:
|
||||||
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
@@ -25,7 +23,6 @@ function Test-SafeLinksOfficeApps {
|
|||||||
- Click protection settings: On
|
- Click protection settings: On
|
||||||
- Do not track when users click safe links: Off
|
- Do not track when users click safe links: Off
|
||||||
- Condition B: Using the Exchange Online PowerShell Module, Safe Links policies are retrieved, and the relevant policy shows Safe Links for Office applications is enabled.
|
- Condition B: Using the Exchange Online PowerShell Module, Safe Links policies are retrieved, and the relevant policy shows Safe Links for Office applications is enabled.
|
||||||
|
|
||||||
Validate test for a fail:
|
Validate test for a fail:
|
||||||
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
||||||
- Specific conditions to check:
|
- Specific conditions to check:
|
||||||
@@ -38,7 +35,6 @@ function Test-SafeLinksOfficeApps {
|
|||||||
- Condition B: Using the Exchange Online PowerShell Module, Safe Links policies are retrieved, and the relevant policy shows Safe Links for Office applications is not enabled.
|
- Condition B: Using the Exchange Online PowerShell Module, Safe Links policies are retrieved, and the relevant policy shows Safe Links for Office applications is not enabled.
|
||||||
#>
|
#>
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
||||||
# Retrieve all Safe Links policies
|
# Retrieve all Safe Links policies
|
||||||
@@ -51,7 +47,6 @@ function Test-SafeLinksOfficeApps {
|
|||||||
$result = $misconfiguredDetails.Count -eq 0
|
$result = $misconfiguredDetails.Count -eq 0
|
||||||
$details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join '`n' }
|
$details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join '`n' }
|
||||||
$failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
|
$failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -64,13 +59,10 @@ function Test-SafeLinksOfficeApps {
|
|||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Error "An error occurred during the test: $_"
|
Write-Error "An error occurred during the test: $_"
|
||||||
|
|
||||||
# Retrieve the description from the test definitions
|
# Retrieve the description from the test definitions
|
||||||
$testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
|
$testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum }
|
||||||
$description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
|
$description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
|
||||||
|
|
||||||
$script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
|
$script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ })
|
||||||
|
|
||||||
# Call Initialize-CISAuditResult with error parameters
|
# Call Initialize-CISAuditResult with error parameters
|
||||||
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
|
$auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
|
||||||
}
|
}
|
||||||
@@ -86,7 +78,6 @@ function Test-SafeLinksOfficeApps {
|
|||||||
$auditResult = Initialize-CISAuditResult @params
|
$auditResult = Initialize-CISAuditResult @params
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
|||||||
@@ -2,7 +2,6 @@ function Test-SpamPolicyAdminNotify {
|
|||||||
[CmdletBinding()]
|
[CmdletBinding()]
|
||||||
[OutputType([CISAuditResult])]
|
[OutputType([CISAuditResult])]
|
||||||
param ()
|
param ()
|
||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
|
|||||||
Reference in New Issue
Block a user