From d037f82f602febf4a09c08290dd617ca28c84d01 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 8 Apr 2024 13:59:35 -0500
Subject: [PATCH] add: test for 1.1.4 guest users

---
 .../tests/Test-GuestUsersBiweeklyReview.ps1   | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 source/tests/Test-GuestUsersBiweeklyReview.ps1

diff --git a/source/tests/Test-GuestUsersBiweeklyReview.ps1 b/source/tests/Test-GuestUsersBiweeklyReview.ps1
new file mode 100644
index 0000000..b89ae85
--- /dev/null
+++ b/source/tests/Test-GuestUsersBiweeklyReview.ps1
@@ -0,0 +1,61 @@
+function Test-GuestUsersBiweeklyReview {
+    [CmdletBinding()]
+    param ()
+
+    begin {
+        #. .\source\Classes\CISAuditResult.ps1
+        $auditResults = @()
+    }
+
+    process {
+        # 1.1.4 (L1) Ensure Guest Users are reviewed at least biweekly
+        # The function will fail if guest users are found since they should be reviewed manually biweekly.
+
+        try {
+            # Connect to Microsoft Graph - placeholder for connection command
+            # Connect-MgGraph -Scopes "User.Read.All"
+            $guestUsers = Get-MgUser -All -Filter "UserType eq 'Guest'"
+
+            # Create an instance of CISAuditResult and populate it
+            $auditResult = [CISAuditResult]::new()
+            $auditResult.CISControl = "5.1, 5.3"
+            $auditResult.CISDescription = "Establish and Maintain an Inventory of Accounts, Disable Dormant Accounts"
+            $auditResult.Rec = "1.1.4"
+            $auditResult.RecDescription = "Ensure Guest Users are reviewed at least biweekly"
+            $auditResult.ELevel = "E3"
+            $auditResult.ProfileLevel = "L1"
+            $auditResult.IG1 = $true
+            $auditResult.IG2 = $true
+            $auditResult.IG3 = $true
+            $auditResult.CISControlVer = 'v8'
+
+            if ($guestUsers) {
+                $auditCommand = "Get-MgUser -All -Property UserType,UserPrincipalName | Where {`$_.UserType -ne 'Member'} | Format-Table UserPrincipalName, UserType"
+                $auditResult.Status = "Fail"
+                $auditResult.Result = $false
+                $auditResult.Details = "Manual review required. To list guest users, run: `"$auditCommand`"."
+                $auditResult.FailureReason = "Guest users present: $($guestUsers.Count)"
+            } else {
+                $auditResult.Status = "Pass"
+                $auditResult.Result = $true
+                $auditResult.Details = "No guest users found."
+                $auditResult.FailureReason = "N/A"
+            }
+        }
+        catch {
+            $auditResult.Status = "Error"
+            $auditResult.Result = $false
+            $auditResult.Details = "Error while attempting to check guest users. Error message: $($_.Exception.Message)"
+            $auditResult.FailureReason = "An error occurred during the audit check."
+        }
+
+        $auditResults += $auditResult
+    }
+
+    end {
+        # Return auditResults
+        return $auditResults
+    }
+}
+
+