vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 2.1.1,2.1.4,2.1.5 surpress error messages and create a standard object when no e5

Browse Source
This commit is contained in:
DrIOS
2024-06-14 09:23:03 -05:00
parent 273630839e
commit ccacf76e6c
3 changed files with 49 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
source/tests/Test-SafeAttachmentsPolicy.ps1
View File

@@ -1,10 +1,7 @@
function Test-SafeAttachmentsPolicy { function Test-SafeAttachmentsPolicy {
[CmdletBinding()] [CmdletBinding()]
[OutputType([CISAuditResult])] [OutputType([CISAuditResult])]
param ( param ()
# Aligned
# Parameters can be added if needed
)
begin { begin {
# Dot source the class script if necessary # Dot source the class script if necessary
@@ -33,42 +30,58 @@ function Test-SafeAttachmentsPolicy {
- Condition D: The policy is disabled. - Condition D: The policy is disabled.
#> #>
} }
process { process {
# Retrieve all Safe Attachment policies where Enable is set to True if (Get-Command Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue) {
$safeAttachmentPolicies = Get-SafeAttachmentPolicy | Where-Object { $_.Enable -eq $true }
if ($null -ne $safeAttachmentPolicies) {
try { try {
# 2.1.4 (L2) Ensure Safe Attachments policy is enabled # Retrieve all Safe Attachment policies where Enable is set to True
$safeAttachmentPolicies = Get-SafeAttachmentPolicy -ErrorAction SilentlyContinue | Where-Object { $_.Enable -eq $true }
# Check if any Safe Attachments policy is enabled (Condition A)
# Condition A: Check if any Safe Attachments policy is enabled
$result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0 $result = $null -ne $safeAttachmentPolicies -and $safeAttachmentPolicies.Count -gt 0
# Condition B, C, D: Additional checks can be added here if more detailed policy attributes are required # Initialize details and failure reasons
$details = @()
$failureReasons = @()
# Determine details and failure reasons based on the presence of enabled policies foreach ($policy in $safeAttachmentPolicies) {
$details = if ($result) { # Initialize policy detail and failed status
"Enabled Safe Attachments Policies: $($safeAttachmentPolicies.Name -join ', ')" $failed = $false
}
else { # Check if the policy action is set to "Dynamic Delivery" or "Quarantine" (Condition C)
"No Safe Attachments Policies are enabled." if ($policy.Action -notin @("DynamicDelivery", "Quarantine")) {
$failureReasons += "Policy '$($policy.Name)' action is not set to 'Dynamic Delivery' or 'Quarantine'."
$failed = $true
} }
$failureReasons = if ($result) { # Check if the policy is not disabled (Condition D)
"N/A" if (-not $policy.Enable) {
$failureReasons += "Policy '$($policy.Name)' is disabled."
$failed = $true
} }
else {
"Safe Attachments policy is not enabled." # Add policy details to the details array
$details += [PSCustomObject]@{
Policy = $policy.Name
Enabled = $policy.Enable
Action = $policy.Action
Failed = $failed
} }
}
# The result is a pass if there are no failure reasons
$result = $failureReasons.Count -eq 0
# Format details for output
$detailsString = $details | Format-Table -AutoSize | Out-String
$failureReasonsString = ($failureReasons | ForEach-Object { $_ }) -join ' '
# Create and populate the CISAuditResult object # Create and populate the CISAuditResult object
$params = @{ $params = @{
Rec = $recnum Rec = $recnum
Result = $result Result = $result
Status = if ($result) { "Pass" } else { "Fail" } Status = if ($result) { "Pass" } else { "Fail" }
Details = $details Details = $detailsString
FailureReason = $failureReasons FailureReason = if ($result) { "N/A" } else { $failureReasonsString }
} }
$auditResult = Initialize-CISAuditResult @params $auditResult = Initialize-CISAuditResult @params
} }
@@ -102,4 +115,3 @@ function Test-SafeAttachmentsPolicy {
return $auditResult return $auditResult
} }
} }

11
source/tests/Test-SafeAttachmentsTeams.ps1
View File

@@ -31,12 +31,11 @@ function Test-SafeAttachmentsTeams {
} }
process { process {
# Retrieve the ATP policies for Office 365 and check Safe Attachments settings if (Get-Command Get-AtpPolicyForO365 -ErrorAction SilentlyContinue) {
[void]($atpPolicies = Get-AtpPolicyForO365)
if ($null -ne $atpPolicies) {
try { try {
# 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled # 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
# Retrieve the ATP policies for Office 365 and check Safe Attachments settings
$atpPolicies = Get-AtpPolicyForO365
# Check if the required ATP policies are enabled # Check if the required ATP policies are enabled
$atpPolicyResult = $atpPolicies | Where-Object { $atpPolicyResult = $atpPolicies | Where-Object {
$_.EnableATPForSPOTeamsODB -eq $true -and $_.EnableATPForSPOTeamsODB -eq $true -and
@@ -92,8 +91,8 @@ function Test-SafeAttachmentsTeams {
Rec = $recnum Rec = $recnum
Result = $false Result = $false
Status = "Fail" Status = "Fail"
Details = "No M365 E3 licenses found." Details = "No M365 E5 licenses found."
FailureReason = "The audit is for M365 E3 licenses, but no such licenses were found." FailureReason = "The audit is for M365 E5 licenses and the required EXO commands will not be available otherwise."
} }
$auditResult = Initialize-CISAuditResult @params $auditResult = Initialize-CISAuditResult @params
} }

7
source/tests/Test-SafeLinksOfficeApps.ps1
View File

@@ -40,12 +40,11 @@ function Test-SafeLinksOfficeApps {
} }
process { process {
# Retrieve all Safe Links policies if (Get-Command Get-SafeLinksPolicy -ErrorAction SilentlyContinue) {
[void]($policies = Get-SafeLinksPolicy)
if ($null -ne $policies) {
try { try {
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
# Retrieve all Safe Links policies
$policies = Get-SafeLinksPolicy
# Initialize the details collection # Initialize the details collection
$misconfiguredDetails = @() $misconfiguredDetails = @()