diff --git a/source/Private/Get-TestError.ps1 b/source/Private/Get-TestError.ps1 index 8147137..96aa396 100644 --- a/source/Private/Get-TestError.ps1 +++ b/source/Private/Get-TestError.ps1 @@ -19,15 +19,15 @@ function Get-TestError { [cmdletBinding()] param ( $LastError, - $recnum + $RecNum ) # Retrieve the description from the test definitions - $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum } + $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum } $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" } - $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $LastError }) + $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $LastError }) # Call Initialize-CISAuditResult with error parameters - $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure - Write-Verbose "An error occurred during the test $recnum`: `n$LastError" -Verbose + $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure + Write-Verbose "An error occurred during the test $RecNum`: `n$LastError" -Verbose return $auditResult } diff --git a/source/Private/Invoke-TestFunction.ps1 b/source/Private/Invoke-TestFunction.ps1 index 0f118e4..97f12d9 100644 --- a/source/Private/Invoke-TestFunction.ps1 +++ b/source/Private/Invoke-TestFunction.ps1 @@ -33,7 +33,7 @@ function Invoke-TestFunction { return $result } catch { - Write-Error "An error occurred during the test $recnum`:: $_" + Write-Error "An error occurred during the test $RecNum`:: $_" $script:FailedTests.Add([PSCustomObject]@{ Test = $functionName; Error = $_ }) # Call Initialize-CISAuditResult with error parameters diff --git a/source/tests/Test-AdministrativeAccountCompliance.ps1 b/source/tests/Test-AdministrativeAccountCompliance.ps1 index c744408..ee4bc1c 100644 --- a/source/tests/Test-AdministrativeAccountCompliance.ps1 +++ b/source/tests/Test-AdministrativeAccountCompliance.ps1 @@ -7,14 +7,14 @@ function Test-AdministrativeAccountCompliance { # Condition B: The account is assigned a valid license (e.g., Microsoft Entra ID P1 or P2). # Condition C: The administrative account does not have any other application assignments (only valid licenses). $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2') - $recnum = "1.1.1" - Write-Verbose "Starting Test-AdministrativeAccountCompliance with Rec: $recnum" + $RecNum = "1.1.1" + Write-Verbose "Starting Test-AdministrativeAccountCompliance with Rec: $RecNum" } process { try { # Retrieve admin roles, assignments, and user details including licenses Write-Verbose "Retrieving admin roles, assignments, and user details including licenses" - $adminRoleAssignments = Get-CISMgOutput -Rec $recnum + $adminRoleAssignments = Get-CISMgOutput -Rec $RecNum $adminRoleUsers = @() foreach ($roleName in $adminRoleAssignments.Keys) { $assignments = $adminRoleAssignments[$roleName] @@ -80,7 +80,7 @@ function Test-AdministrativeAccountCompliance { Write-Verbose "Assessment completed. Result: $status" # Create the parameter splat $params = @{ - Rec = $recnum + Rec = $RecNum Result = $result Status = $status Details = $details @@ -90,7 +90,7 @@ function Test-AdministrativeAccountCompliance { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-AntiPhishingPolicy.ps1 b/source/tests/Test-AntiPhishingPolicy.ps1 index 135a667..6a21a11 100644 --- a/source/tests/Test-AntiPhishingPolicy.ps1 +++ b/source/tests/Test-AntiPhishingPolicy.ps1 @@ -3,8 +3,8 @@ function Test-AntiPhishingPolicy { [OutputType([CISAuditResult])] param () begin { - $recnum = "2.1.7" - Write-Verbose "Running Test-AntiPhishingPolicy for $recnum..." + $RecNum = "2.1.7" + Write-Verbose "Running Test-AntiPhishingPolicy for $RecNum..." #. .\source\Classes\CISAuditResult.ps1 <# Conditions for 2.1.7 (L1) Ensure robust anti-phishing policies are enforced @@ -26,7 +26,7 @@ function Test-AntiPhishingPolicy { # Step 1: Retrieve all anti-phishing policies #$VerbosePreference = "Continue" Write-Verbose "Retrieving all anti-phishing policies..." - $antiPhishPolicies = Get-CISExoOutput -Rec $recnum + $antiPhishPolicies = Get-CISExoOutput -Rec $RecNum # Step 2: Initialize variables to track compliance and details $compliantPolicy = $null $details = @() @@ -205,7 +205,7 @@ function Test-AntiPhishingPolicy { #$VerbosePreference = "SilentlyContinue" # Prepare the parameters for the audit result $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isOverallCompliant Status = if ($isOverallCompliant) { "Pass" } else { "Fail" } Details = $resultDetails @@ -215,8 +215,8 @@ function Test-AntiPhishingPolicy { $auditResult = Initialize-CISAuditResult @params } catch { - Write-Error "An error occurred during the test $recnum`:: $_" - $auditResult = Get-TestError -LastError $_ -recnum $recnum + Write-Error "An error occurred during the test $RecNum`:: $_" + $auditResult = Get-TestError -LastError $_ -RecNum $RecNum } } end { diff --git a/source/tests/Test-AuditDisabledFalse.ps1 b/source/tests/Test-AuditDisabledFalse.ps1 index ccfc555..baf2c63 100644 --- a/source/tests/Test-AuditDisabledFalse.ps1 +++ b/source/tests/Test-AuditDisabledFalse.ps1 @@ -24,14 +24,14 @@ function Test-AuditDisabledFalse { # - Condition B: Using PowerShell, the `AuditDisabled` property in the organization's configuration is set to `True`. # - Condition C: Mailbox auditing is not enabled by default at the organizational level. # Initialization code, if needed - $recnum = "6.1.1" - Write-Verbose "Running Test-AuditDisabledFalse for $recnum..." + $RecNum = "6.1.1" + Write-Verbose "Running Test-AuditDisabledFalse for $RecNum..." } process { try { # 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False' # Retrieve the AuditDisabled configuration (Condition B) - $auditNotDisabled = Get-CISExoOutput -Rec $recnum + $auditNotDisabled = Get-CISExoOutput -Rec $RecNum # Prepare failure reasons and details based on compliance $failureReasons = if (-not $auditNotDisabled) { "AuditDisabled is set to True" # Condition A Fail @@ -47,7 +47,7 @@ function Test-AuditDisabledFalse { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $auditNotDisabled Status = if ($auditNotDisabled) { "Pass" } else { "Fail" } Details = $details @@ -57,7 +57,7 @@ function Test-AuditDisabledFalse { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-AuditLogSearch.ps1 b/source/tests/Test-AuditLogSearch.ps1 index a1a8962..611c65d 100644 --- a/source/tests/Test-AuditLogSearch.ps1 +++ b/source/tests/Test-AuditLogSearch.ps1 @@ -9,8 +9,8 @@ function Test-AuditLogSearch { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "3.1.1" - Write-Verbose "Running Test-AuditLogSearch for $recnum..." + $RecNum = "3.1.1" + Write-Verbose "Running Test-AuditLogSearch for $RecNum..." <# Conditions for 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled Validate test for a pass: @@ -30,7 +30,7 @@ function Test-AuditLogSearch { process { try { # 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled - $auditLogResult = Get-CISExoOutput -Rec $recnum + $auditLogResult = Get-CISExoOutput -Rec $RecNum # Prepare failure reasons and details based on compliance $failureReasons = if (-not $auditLogResult) { # Condition A (Fail): Audit log search is not enabled in the Microsoft Purview compliance portal @@ -48,7 +48,7 @@ function Test-AuditLogSearch { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $auditLogResult Status = if ($auditLogResult) { "Pass" } else { "Fail" } Details = $details @@ -58,7 +58,7 @@ function Test-AuditLogSearch { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-BlockChannelEmails.ps1 b/source/tests/Test-BlockChannelEmails.ps1 index 4816471..e653a2d 100644 --- a/source/tests/Test-BlockChannelEmails.ps1 +++ b/source/tests/Test-BlockChannelEmails.ps1 @@ -9,8 +9,8 @@ function Test-BlockChannelEmails { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.1.2" - Write-Verbose "Running Test-BlockChannelEmails for $recnum..." + $RecNum = "8.1.2" + Write-Verbose "Running Test-BlockChannelEmails for $RecNum..." } process { try { @@ -30,7 +30,7 @@ function Test-BlockChannelEmails { # - Condition B: The setting `Users can send emails to a channel email address` is not set to `Off` in the Teams admin center. # - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled. # Retrieve Teams client configuration - $teamsClientConfig = Get-CISMSTeamsOutput -Rec $recnum + $teamsClientConfig = Get-CISMSTeamsOutput -Rec $RecNum $allowEmailIntoChannel = $teamsClientConfig.AllowEmailIntoChannel # Prepare failure reasons and details based on compliance $failureReasons = if ($allowEmailIntoChannel) { @@ -47,7 +47,7 @@ function Test-BlockChannelEmails { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = -not $allowEmailIntoChannel Status = if (-not $allowEmailIntoChannel) { "Pass" } else { "Fail" } Details = $details @@ -57,7 +57,7 @@ function Test-BlockChannelEmails { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-BlockMailForwarding.ps1 b/source/tests/Test-BlockMailForwarding.ps1 index 645b783..7025b2e 100644 --- a/source/tests/Test-BlockMailForwarding.ps1 +++ b/source/tests/Test-BlockMailForwarding.ps1 @@ -8,8 +8,8 @@ function Test-BlockMailForwarding { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "6.2.1" - Write-Verbose "Running Test-BlockMailForwarding for $recnum..." + $RecNum = "6.2.1" + Write-Verbose "Running Test-BlockMailForwarding for $RecNum..." <# Conditions for 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled Validate test for a pass: @@ -30,7 +30,7 @@ function Test-BlockMailForwarding { try { # 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled # Step 1: Retrieve the transport rules that redirect messages - $transportRules,$nonCompliantSpamPolicies = Get-CISExoOutput -Rec $recnum + $transportRules,$nonCompliantSpamPolicies = Get-CISExoOutput -Rec $RecNum $transportForwardingBlocked = $transportRules.Count -eq 0 # Step 2: Check all anti-spam outbound policies $nonCompliantSpamPoliciesArray = @($nonCompliantSpamPolicies) @@ -67,7 +67,7 @@ function Test-BlockMailForwarding { } # Populate the audit result $params = @{ - Rec = $recnum + Rec = $RecNum Result = $forwardingBlocked Status = if ($forwardingBlocked) { "Pass" } else { "Fail" } Details = $details @@ -77,7 +77,7 @@ function Test-BlockMailForwarding { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-BlockSharedMailboxSignIn.ps1 b/source/tests/Test-BlockSharedMailboxSignIn.ps1 index 69928ea..45027a4 100644 --- a/source/tests/Test-BlockSharedMailboxSignIn.ps1 +++ b/source/tests/Test-BlockSharedMailboxSignIn.ps1 @@ -9,8 +9,8 @@ function Test-BlockSharedMailboxSignIn { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "1.2.2" - Write-Verbose "Running Test-BlockSharedMailboxSignIn for $recnum..." + $RecNum = "1.2.2" + Write-Verbose "Running Test-BlockSharedMailboxSignIn for $RecNum..." # Conditions for 1.2.2 (L1) Ensure sign-in to shared mailboxes is blocked # # Validate test for a pass: @@ -36,7 +36,7 @@ function Test-BlockSharedMailboxSignIn { "abcddcba-98fe-76dc-a456-426614174000" ) #> - $objectids = Get-CISExoOutput -Rec $recnum + $objectids = Get-CISExoOutput -Rec $RecNum # Step: Retrieve user details from Azure AD # $users Mock Object <# @@ -58,7 +58,7 @@ function Test-BlockSharedMailboxSignIn { } ) #> - $users = Get-CISMgOutput -Rec $recnum + $users = Get-CISMgOutput -Rec $RecNum # Step: Retrieve details of shared mailboxes from Azure AD (Condition B: Pass/Fail) $sharedMailboxDetails = $users | Where-Object {$_.id -in $objectids} # Step: Identify enabled mailboxes (Condition B: Pass/Fail) @@ -80,7 +80,7 @@ function Test-BlockSharedMailboxSignIn { } # Step: Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $allBlocked # Pass: Condition A, Condition B Status = if ($allBlocked) { "Pass" } else { "Fail" } Details = $details @@ -90,7 +90,7 @@ function Test-BlockSharedMailboxSignIn { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-CommonAttachmentFilter.ps1 b/source/tests/Test-CommonAttachmentFilter.ps1 index 0abb2c8..4f866e0 100644 --- a/source/tests/Test-CommonAttachmentFilter.ps1 +++ b/source/tests/Test-CommonAttachmentFilter.ps1 @@ -24,8 +24,8 @@ function Test-CommonAttachmentFilter { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "2.1.2" - Write-Verbose "Running Test-CommonAttachmentFilter for $recnum..." + $RecNum = "2.1.2" + Write-Verbose "Running Test-CommonAttachmentFilter for $RecNum..." } process { try { @@ -35,7 +35,7 @@ function Test-CommonAttachmentFilter { # Retrieve the attachment filter policy # $result Mock Object # $result = $true - $result = Get-CISExoOutput -Rec $recnum + $result = Get-CISExoOutput -Rec $RecNum # Prepare failure reasons and details based on compliance $failureReasons = if (-not $result) { # Condition A: The Common Attachment Types Filter is not enabled in the Microsoft 365 Security & Compliance Center. @@ -53,7 +53,7 @@ function Test-CommonAttachmentFilter { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $result Status = if ($result) { "Pass" } else { "Fail" } Details = $details @@ -63,7 +63,7 @@ function Test-CommonAttachmentFilter { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-CustomerLockbox.ps1 b/source/tests/Test-CustomerLockbox.ps1 index 9f4b830..4391c43 100644 --- a/source/tests/Test-CustomerLockbox.ps1 +++ b/source/tests/Test-CustomerLockbox.ps1 @@ -11,8 +11,8 @@ function Test-CustomerLockbox { #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "1.3.6" - Write-Verbose "Running Test-CustomerLockbox for $recnum..." + $RecNum = "1.3.6" + Write-Verbose "Running Test-CustomerLockbox for $RecNum..." # Conditions for 1.3.6 (L2) Ensure the customer lockbox feature is enabled (Automated) # # Validate test for a pass: @@ -34,7 +34,7 @@ function Test-CustomerLockbox { # Step: Retrieve the organization configuration (Condition C: Pass/Fail) # $customerLockboxEnabled Mock Object # $customerLockboxEnabled = $true - $customerLockboxEnabled = Get-CISExoOutput -Rec $recnum + $customerLockboxEnabled = Get-CISExoOutput -Rec $RecNum # Step: Prepare failure reasons and details based on compliance (Condition A, B, & C: Fail) $failureReasons = if (-not $customerLockboxEnabled) { "Customer lockbox feature is not enabled." @@ -51,7 +51,7 @@ function Test-CustomerLockbox { } # Step: Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $customerLockboxEnabled Status = if ($customerLockboxEnabled) { "Pass" } else { "Fail" } Details = $details @@ -61,7 +61,7 @@ function Test-CustomerLockbox { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-DialInBypassLobby.ps1 b/source/tests/Test-DialInBypassLobby.ps1 index 6526715..39f8825 100644 --- a/source/tests/Test-DialInBypassLobby.ps1 +++ b/source/tests/Test-DialInBypassLobby.ps1 @@ -9,8 +9,8 @@ function Test-DialInBypassLobby { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.5.4" - Write-Verbose "Running Test-DialInBypassLobby for $recnum..." + $RecNum = "8.5.4" + Write-Verbose "Running Test-DialInBypassLobby for $RecNum..." } process { try { @@ -36,7 +36,7 @@ function Test-DialInBypassLobby { AllowPSTNUsersToBypassLobby = $true } #> - $CsTeamsMeetingPolicyPSTN = Get-CISMSTeamsOutput -Rec $recnum + $CsTeamsMeetingPolicyPSTN = Get-CISMSTeamsOutput -Rec $RecNum $PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby # Prepare failure reasons and details based on compliance $failureReasons = if (-not $PSTNBypassDisabled) { @@ -53,7 +53,7 @@ function Test-DialInBypassLobby { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $PSTNBypassDisabled Status = if ($PSTNBypassDisabled) { "Pass" } else { "Fail" } Details = $details @@ -63,7 +63,7 @@ function Test-DialInBypassLobby { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-DisallowInfectedFilesDownload.ps1 b/source/tests/Test-DisallowInfectedFilesDownload.ps1 index 8afd659..5d3dcdb 100644 --- a/source/tests/Test-DisallowInfectedFilesDownload.ps1 +++ b/source/tests/Test-DisallowInfectedFilesDownload.ps1 @@ -9,8 +9,8 @@ function Test-DisallowInfectedFilesDownload { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.3.1" - Write-Verbose "Running Test-DisallowInfectedFilesDownload for $recnum..." + $RecNum = "7.3.1" + Write-Verbose "Running Test-DisallowInfectedFilesDownload for $RecNum..." } process { try { @@ -36,7 +36,7 @@ function Test-DisallowInfectedFilesDownload { DisallowInfectedFileDownload = $false } #> - $SPOTenantDisallowInfectedFileDownload = Get-CISSpoOutput -Rec $recnum + $SPOTenantDisallowInfectedFileDownload = Get-CISSpoOutput -Rec $RecNum # Condition A: The `DisallowInfectedFileDownload` setting is set to `True` $isDisallowInfectedFileDownloadEnabled = $SPOTenantDisallowInfectedFileDownload.DisallowInfectedFileDownload # Prepare failure reasons and details based on compliance @@ -55,7 +55,7 @@ function Test-DisallowInfectedFilesDownload { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isDisallowInfectedFileDownloadEnabled Status = if ($isDisallowInfectedFileDownloadEnabled) { "Pass" } else { "Fail" } Details = $details @@ -65,7 +65,7 @@ function Test-DisallowInfectedFilesDownload { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-EnableDKIM.ps1 b/source/tests/Test-EnableDKIM.ps1 index 358d40d..6af21fd 100644 --- a/source/tests/Test-EnableDKIM.ps1 +++ b/source/tests/Test-EnableDKIM.ps1 @@ -10,8 +10,8 @@ function Test-EnableDKIM { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "2.1.9" - Write-Verbose "Running Test-EnableDKIM for $recnum..." + $RecNum = "2.1.9" + Write-Verbose "Running Test-EnableDKIM for $RecNum..." <# Conditions for 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains (Automated) Validate test for a pass: @@ -30,7 +30,7 @@ function Test-EnableDKIM { try { # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains # Retrieve DKIM configuration for all domains - $dkimConfig = Get-CISExoOutput -Rec $recnum + $dkimConfig = Get-CISExoOutput -Rec $RecNum if (-not $DomainName) { $dkimResult = ($dkimConfig | ForEach-Object { $_.Enabled }) -notcontains $false $dkimFailedDomains = $dkimConfig | Where-Object { -not $_.Enabled } | ForEach-Object { $_.Domain } @@ -62,7 +62,7 @@ function Test-EnableDKIM { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $dkimResult Status = if ($dkimResult) { "Pass" } else { "Fail" } Details = $details @@ -72,7 +72,7 @@ function Test-EnableDKIM { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-ExternalNoControl.ps1 b/source/tests/Test-ExternalNoControl.ps1 index deb78d9..ee5fc2f 100644 --- a/source/tests/Test-ExternalNoControl.ps1 +++ b/source/tests/Test-ExternalNoControl.ps1 @@ -9,8 +9,8 @@ function Test-ExternalNoControl { # Dot source the class script if necessary # . .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.5.7" - Write-Verbose "Running Test-ExternalNoControl for $recnum..." + $RecNum = "8.5.7" + Write-Verbose "Running Test-ExternalNoControl for $RecNum..." } process { try { @@ -36,7 +36,7 @@ function Test-ExternalNoControl { AllowExternalParticipantGiveRequestControl = $true } #> - $CsTeamsMeetingPolicyControl = Get-CISMSTeamsOutput -Rec $recnum + $CsTeamsMeetingPolicyControl = Get-CISMSTeamsOutput -Rec $RecNum # Check if external participants can give or request control $externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl # Prepare failure reasons and details based on compliance @@ -54,7 +54,7 @@ function Test-ExternalNoControl { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $externalControlRestricted Status = if ($externalControlRestricted) { "Pass" } else { "Fail" } Details = $details @@ -64,7 +64,7 @@ function Test-ExternalNoControl { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-ExternalSharingCalendars.ps1 b/source/tests/Test-ExternalSharingCalendars.ps1 index 9169261..ca17c21 100644 --- a/source/tests/Test-ExternalSharingCalendars.ps1 +++ b/source/tests/Test-ExternalSharingCalendars.ps1 @@ -11,7 +11,7 @@ function Test-ExternalSharingCalendars { #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "1.3.3" + $RecNum = "1.3.3" # Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated) # @@ -31,7 +31,7 @@ function Test-ExternalSharingCalendars { process { try { # Step: Retrieve sharing policies related to calendar sharing - $sharingPolicies = Get-CISExoOutput -Rec $recnum + $sharingPolicies = Get-CISExoOutput -Rec $RecNum # Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies $isExternalSharingDisabled = $true @@ -85,7 +85,7 @@ foreach ($mailbox in $mailboxes) { # Step: Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isExternalSharingDisabled Status = if ($isExternalSharingDisabled) { "Pass" } else { "Fail" } Details = $details @@ -95,7 +95,7 @@ foreach ($mailbox in $mailboxes) { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } diff --git a/source/tests/Test-GlobalAdminsCount.ps1 b/source/tests/Test-GlobalAdminsCount.ps1 index e75d645..c664575 100644 --- a/source/tests/Test-GlobalAdminsCount.ps1 +++ b/source/tests/Test-GlobalAdminsCount.ps1 @@ -23,12 +23,12 @@ function Test-GlobalAdminsCount { # - Condition B: The number of global admins is more than 4. # - Condition C: Any discrepancies or errors in retrieving the list of global admin usernames. # Initialization code, if needed - $recnum = "1.1.3" - Write-Verbose "Starting Test-GlobalAdminsCount with Rec: $recnum" + $RecNum = "1.1.3" + Write-Verbose "Starting Test-GlobalAdminsCount with Rec: $RecNum" } process { try { - $globalAdmins = Get-CISMgOutput -Rec $recnum + $globalAdmins = Get-CISMgOutput -Rec $RecNum # Step: Count the number of global admins $globalAdminCount = $globalAdmins.Count # Step: Retrieve and format the usernames of global admins @@ -49,7 +49,7 @@ function Test-GlobalAdminsCount { $details = "Count: $globalAdminCount; Users: $globalAdminUsernames" # Step: Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $globalAdminCount -ge 2 -and $globalAdminCount -le 4 Status = if ($globalAdminCount -ge 2 -and $globalAdminCount -le 4) { "Pass" } else { "Fail" } Details = $details @@ -59,7 +59,7 @@ function Test-GlobalAdminsCount { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-GuestAccessExpiration.ps1 b/source/tests/Test-GuestAccessExpiration.ps1 index 666ad61..84f1b87 100644 --- a/source/tests/Test-GuestAccessExpiration.ps1 +++ b/source/tests/Test-GuestAccessExpiration.ps1 @@ -9,8 +9,8 @@ function Test-GuestAccessExpiration { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.9" - Write-Verbose "Running Test-GuestAccessExpiration for $recnum..." + $RecNum = "7.2.9" + Write-Verbose "Running Test-GuestAccessExpiration for $RecNum..." } process { try { @@ -37,7 +37,7 @@ function Test-GuestAccessExpiration { ExternalUserExpireInDays = "60" } #> - $SPOTenantGuestAccess = Get-CISSpoOutput -Rec $recnum + $SPOTenantGuestAccess = Get-CISSpoOutput -Rec $RecNum $isGuestAccessExpirationConfiguredCorrectly = $SPOTenantGuestAccess.ExternalUserExpirationRequired -and $SPOTenantGuestAccess.ExternalUserExpireInDays -le 30 # Prepare failure reasons and details based on compliance $failureReasons = if (-not $isGuestAccessExpirationConfiguredCorrectly) { @@ -50,7 +50,7 @@ function Test-GuestAccessExpiration { $details = "ExternalUserExpirationRequired: $($SPOTenantGuestAccess.ExternalUserExpirationRequired); ExternalUserExpireInDays: $($SPOTenantGuestAccess.ExternalUserExpireInDays)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isGuestAccessExpirationConfiguredCorrectly Status = if ($isGuestAccessExpirationConfiguredCorrectly) { "Pass" } else { "Fail" } Details = $details @@ -60,7 +60,7 @@ function Test-GuestAccessExpiration { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-GuestUsersBiweeklyReview.ps1 b/source/tests/Test-GuestUsersBiweeklyReview.ps1 index 1f4c633..1bd3208 100644 --- a/source/tests/Test-GuestUsersBiweeklyReview.ps1 +++ b/source/tests/Test-GuestUsersBiweeklyReview.ps1 @@ -11,7 +11,7 @@ function Test-GuestUsersBiweeklyReview { #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "1.1.4" + $RecNum = "1.1.4" } process { @@ -41,7 +41,7 @@ function Test-GuestUsersBiweeklyReview { # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = -not $guestUsers Status = if ($guestUsers) { "Fail" } else { "Pass" } Details = $details @@ -51,7 +51,7 @@ function Test-GuestUsersBiweeklyReview { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } diff --git a/source/tests/Test-IdentifyExternalEmail.ps1 b/source/tests/Test-IdentifyExternalEmail.ps1 index 5191899..6efe09c 100644 --- a/source/tests/Test-IdentifyExternalEmail.ps1 +++ b/source/tests/Test-IdentifyExternalEmail.ps1 @@ -10,8 +10,8 @@ function Test-IdentifyExternalEmail { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "6.2.3" - Write-Verbose "Running Test-IdentifyExternalEmail for $recnum..." + $RecNum = "6.2.3" + Write-Verbose "Running Test-IdentifyExternalEmail for $RecNum..." # Conditions for 6.2.3 (L1) Ensure email from external senders is identified # # Validate test for a pass: @@ -32,7 +32,7 @@ function Test-IdentifyExternalEmail { try { # 6.2.3 (L1) Ensure email from external senders is identified # Retrieve external sender tagging configuration - $externalInOutlook = Get-CISExoOutput -Rec $recnum + $externalInOutlook = Get-CISExoOutput -Rec $RecNum $externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true # Prepare failure reasons and details based on compliance $failureReasons = if (-not $externalTaggingEnabled) { @@ -46,7 +46,7 @@ function Test-IdentifyExternalEmail { $details = "Enabled: $($externalTaggingEnabled); AllowList: $($externalInOutlook.AllowList)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $externalTaggingEnabled Status = if ($externalTaggingEnabled) { "Pass" } else { "Fail" } Details = $details @@ -56,7 +56,7 @@ function Test-IdentifyExternalEmail { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-LinkSharingRestrictions.ps1 b/source/tests/Test-LinkSharingRestrictions.ps1 index 08fdab0..e073bf1 100644 --- a/source/tests/Test-LinkSharingRestrictions.ps1 +++ b/source/tests/Test-LinkSharingRestrictions.ps1 @@ -10,8 +10,8 @@ function Test-LinkSharingRestrictions { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.7" - Write-Verbose "Running Test-LinkSharingRestrictions for $recnum..." + $RecNum = "7.2.7" + Write-Verbose "Running Test-LinkSharingRestrictions for $RecNum..." } process { try { @@ -37,7 +37,7 @@ function Test-LinkSharingRestrictions { DefaultSharingLinkType = "Direct" } #> - $SPOTenantLinkSharing = Get-CISSpoOutput -Rec $recnum + $SPOTenantLinkSharing = Get-CISSpoOutput -Rec $RecNum $isLinkSharingRestricted = $SPOTenantLinkSharing.DefaultSharingLinkType -eq 'Direct' # Or 'SpecificPeople' as per the recommendation # Prepare failure reasons and details based on compliance $failureReasons = if (-not $isLinkSharingRestricted) { @@ -50,7 +50,7 @@ function Test-LinkSharingRestrictions { $details = "DefaultSharingLinkType: $($SPOTenantLinkSharing.DefaultSharingLinkType)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isLinkSharingRestricted Status = if ($isLinkSharingRestricted) { "Pass" } else { "Fail" } Details = $details @@ -60,7 +60,7 @@ function Test-LinkSharingRestrictions { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-MailTipsEnabled.ps1 b/source/tests/Test-MailTipsEnabled.ps1 index be58075..4cec4ea 100644 --- a/source/tests/Test-MailTipsEnabled.ps1 +++ b/source/tests/Test-MailTipsEnabled.ps1 @@ -9,8 +9,8 @@ function Test-MailTipsEnabled { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "6.5.2" - Write-Verbose "Running Test-MailTipsEnabled for $recnum..." + $RecNum = "6.5.2" + Write-Verbose "Running Test-MailTipsEnabled for $RecNum..." # Conditions for 6.5.2 (L2) Ensure MailTips are enabled for end users # # Validate test for a pass: @@ -33,7 +33,7 @@ function Test-MailTipsEnabled { try { # 6.5.2 (L2) Ensure MailTips are enabled for end users # Retrieve organization configuration for MailTips settings - $orgConfig = Get-CISExoOutput -Rec $recnum + $orgConfig = Get-CISExoOutput -Rec $RecNum # Check the MailTips settings (Conditions A, B, C, D) $allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25 $externalRecipientsTipsEnabled = $orgConfig.MailTipsExternalRecipientsTipsEnabled @@ -52,7 +52,7 @@ function Test-MailTipsEnabled { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $allTipsEnabled -and $externalRecipientsTipsEnabled Status = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) { "Pass" } else { "Fail" } Details = $details @@ -62,7 +62,7 @@ function Test-MailTipsEnabled { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-MailboxAuditingE3.ps1 b/source/tests/Test-MailboxAuditingE3.ps1 index d95968b..406126a 100644 --- a/source/tests/Test-MailboxAuditingE3.ps1 +++ b/source/tests/Test-MailboxAuditingE3.ps1 @@ -24,8 +24,8 @@ function Test-MailboxAuditingE3 { #> # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 - $recnum = "6.1.2" - $version = $recnum + $RecNum = "6.1.2" + $version = $RecNum $actionDictionaries = Get-Action -Dictionaries -Version $version # E3 specific actions $AdminActions = $actionDictionaries.AdminActions.Keys @@ -33,13 +33,13 @@ function Test-MailboxAuditingE3 { $OwnerActions = $actionDictionaries.OwnerActions.Keys $allFailures = @() - Write-Verbose "Running Test-MailboxAuditingE3 for $recnum..." - $allUsers = Get-CISMgOutput -Rec $recnum + Write-Verbose "Running Test-MailboxAuditingE3 for $RecNum..." + $allUsers = Get-CISMgOutput -Rec $RecNum $processedUsers = @{} # Dictionary to track processed users } process { if ($null -ne $allUsers) { - $mailboxes = Get-CISExoOutput -Rec $recnum + $mailboxes = Get-CISExoOutput -Rec $RecNum try { foreach ($user in $allUsers) { if ($processedUsers.ContainsKey($user.UserPrincipalName)) { @@ -92,7 +92,7 @@ function Test-MailboxAuditingE3 { } # Populate the audit result $params = @{ - Rec = $recnum + Rec = $RecNum Result = $allFailures.Count -eq 0 Status = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" } Details = $details @@ -101,18 +101,18 @@ function Test-MailboxAuditingE3 { $auditResult = Initialize-CISAuditResult @params } catch { - Write-Error "An error occurred during the test $recnum`:: $_" + Write-Error "An error occurred during the test $RecNum`:: $_" # Retrieve the description from the test definitions - $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum } + $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum } $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" } - $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ }) + $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ }) # Call Initialize-CISAuditResult with error parameters - $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure + $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure } } else { $params = @{ - Rec = $recnum + Rec = $RecNum Result = $false Status = "Fail" Details = "No M365 E3 licenses found." diff --git a/source/tests/Test-MailboxAuditingE5.ps1 b/source/tests/Test-MailboxAuditingE5.ps1 index 7dfbe81..42bc6d1 100644 --- a/source/tests/Test-MailboxAuditingE5.ps1 +++ b/source/tests/Test-MailboxAuditingE5.ps1 @@ -24,20 +24,20 @@ function Test-MailboxAuditingE5 { # - Condition B: AuditAdmin actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SendAs, SendOnBehalf, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules. # - Condition C: AuditDelegate actions do not include all of the following: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, SendAs, SendOnBehalf, SoftDelete, Update, UpdateFolderPermissions, UpdateInboxRules. # - Condition D: AuditOwner actions do not include all of the following: ApplyRecord, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules. - $recnum = "6.1.3" - $version = $recnum + $RecNum = "6.1.3" + $version = $RecNum $actionDictionaries = Get-Action -Dictionaries -Version $version $AdminActions = $actionDictionaries.AdminActions.Keys $DelegateActions = $actionDictionaries.DelegateActions.Keys $OwnerActions = $actionDictionaries.OwnerActions.Keys $allFailures = @() $processedUsers = @{} - Write-Verbose "Running Test-MailboxAuditingE5 for $recnum..." - $allUsers = Get-CISMgOutput -Rec $recnum + Write-Verbose "Running Test-MailboxAuditingE5 for $RecNum..." + $allUsers = Get-CISMgOutput -Rec $RecNum } process { if ($null -ne $allUsers) { - $mailboxes = Get-CISExoOutput -Rec $recnum + $mailboxes = Get-CISExoOutput -Rec $RecNum try { foreach ($user in $allUsers) { if ($processedUsers.ContainsKey($user.UserPrincipalName)) { @@ -94,7 +94,7 @@ function Test-MailboxAuditingE5 { # $details = Initialize-LargeTestTable -lineCount 3000 # Adjust the lineCount to exceed 32,000 characters # Populate the audit result $params = @{ - Rec = $recnum + Rec = $RecNum Result = $allFailures.Count -eq 0 Status = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" } Details = $details @@ -103,18 +103,18 @@ function Test-MailboxAuditingE5 { $auditResult = Initialize-CISAuditResult @params } catch { - Write-Error "An error occurred during the test $recnum`:: $_" + Write-Error "An error occurred during the test $RecNum`:: $_" # Retrieve the description from the test definitions - $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum } + $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum } $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" } - $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ }) + $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ }) # Call Initialize-CISAuditResult with error parameters - $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure + $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure } } else { $params = @{ - Rec = $recnum + Rec = $RecNum Result = $false Status = "Fail" Details = "No M365 E5 licenses found." diff --git a/source/tests/Test-ManagedApprovedPublicGroups.ps1 b/source/tests/Test-ManagedApprovedPublicGroups.ps1 index 4903afe..6e42f34 100644 --- a/source/tests/Test-ManagedApprovedPublicGroups.ps1 +++ b/source/tests/Test-ManagedApprovedPublicGroups.ps1 @@ -8,8 +8,8 @@ function Test-ManagedApprovedPublicGroups { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "1.2.1" - Write-Verbose "Starting Test-ManagedApprovedPublicGroups with Rec: $recnum" + $RecNum = "1.2.1" + Write-Verbose "Starting Test-ManagedApprovedPublicGroups with Rec: $RecNum" # Conditions for 1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist (Automated) # # Validate test for a pass: @@ -27,7 +27,7 @@ function Test-ManagedApprovedPublicGroups { process { try { # Step: Retrieve all groups with visibility set to 'Public' - $allGroups = Get-CISMgOutput -Rec $recnum + $allGroups = Get-CISMgOutput -Rec $RecNum # Step: Determine failure reasons based on the presence of public groups $failureReasons = if ($null -ne $allGroups -and $allGroups.Count -gt 0) { "There are public groups present that are not organizationally managed/approved." @@ -45,7 +45,7 @@ function Test-ManagedApprovedPublicGroups { } # Step: Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $null -eq $allGroups -or $allGroups.Count -eq 0 Status = if ($null -eq $allGroups -or $allGroups.Count -eq 0) { "Pass" } else { "Fail" } Details = $details @@ -55,7 +55,7 @@ function Test-ManagedApprovedPublicGroups { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-MeetingChatNoAnonymous.ps1 b/source/tests/Test-MeetingChatNoAnonymous.ps1 index 5e281b7..835f433 100644 --- a/source/tests/Test-MeetingChatNoAnonymous.ps1 +++ b/source/tests/Test-MeetingChatNoAnonymous.ps1 @@ -9,8 +9,8 @@ function Test-MeetingChatNoAnonymous { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.5.5" - Write-Verbose "Running Test-MeetingChatNoAnonymous for $recnum..." + $RecNum = "8.5.5" + Write-Verbose "Running Test-MeetingChatNoAnonymous for $RecNum..." } process { try { @@ -36,7 +36,7 @@ function Test-MeetingChatNoAnonymous { MeetingChatEnabledType = "Enabled" } #> - $CsTeamsMeetingPolicyChat = Get-CISMSTeamsOutput -Rec $recnum + $CsTeamsMeetingPolicyChat = Get-CISMSTeamsOutput -Rec $RecNum # Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous' $chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous' # Prepare failure reasons and details based on compliance @@ -49,7 +49,7 @@ function Test-MeetingChatNoAnonymous { $details = "MeetingChatEnabledType is set to $($CsTeamsMeetingPolicyChat.MeetingChatEnabledType)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $chatAnonDisabled Status = if ($chatAnonDisabled) { "Pass" } else { "Fail" } Details = $details @@ -59,7 +59,7 @@ function Test-MeetingChatNoAnonymous { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-ModernAuthExchangeOnline.ps1 b/source/tests/Test-ModernAuthExchangeOnline.ps1 index 90f82d5..5c44526 100644 --- a/source/tests/Test-ModernAuthExchangeOnline.ps1 +++ b/source/tests/Test-ModernAuthExchangeOnline.ps1 @@ -23,14 +23,14 @@ function Test-ModernAuthExchangeOnline { # - Condition A: Modern authentication for Exchange Online is not enabled. # - Condition B: Exchange Online clients do not use modern authentication to log in to Microsoft 365 mailboxes. # - Condition C: Users of older email clients, such as Outlook 2013 and Outlook 2016, are still able to authenticate to Exchange using Basic Authentication. - $recnum = "6.5.1" - Write-Verbose "Running Test-ModernAuthExchangeOnline for $recnum..." + $RecNum = "6.5.1" + Write-Verbose "Running Test-ModernAuthExchangeOnline for $RecNum..." } process { try { # 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled # Check modern authentication setting in Exchange Online configuration (Condition A and B) - $orgConfig = Get-CISExoOutput -Rec $recnum + $orgConfig = Get-CISExoOutput -Rec $RecNum # Prepare failure reasons and details based on compliance $failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) { "Modern authentication is disabled" @@ -42,7 +42,7 @@ function Test-ModernAuthExchangeOnline { $details = "OAuth2ClientProfileEnabled: $($orgConfig.OAuth2ClientProfileEnabled) for Organization: $($orgConfig.Name)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $orgConfig.OAuth2ClientProfileEnabled Status = if ($orgConfig.OAuth2ClientProfileEnabled) { "Pass" } else { "Fail" } Details = $details @@ -52,7 +52,7 @@ function Test-ModernAuthExchangeOnline { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-ModernAuthSharePoint.ps1 b/source/tests/Test-ModernAuthSharePoint.ps1 index 15fbb81..f1a711c 100644 --- a/source/tests/Test-ModernAuthSharePoint.ps1 +++ b/source/tests/Test-ModernAuthSharePoint.ps1 @@ -11,8 +11,8 @@ function Test-ModernAuthSharePoint { #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.1" - Write-Verbose "Running Test-ModernAuthSharePoint for $recnum..." + $RecNum = "7.2.1" + Write-Verbose "Running Test-ModernAuthSharePoint for $RecNum..." <# # Conditions for 7.2.1 (L1) Ensure modern authentication for SharePoint applications is required ## Validate test for a pass: @@ -36,7 +36,7 @@ function Test-ModernAuthSharePoint { LegacyAuthProtocolsEnabled = $true } #> - $SPOTenant = Get-CISSpoOutput -Rec $recnum + $SPOTenant = Get-CISSpoOutput -Rec $RecNum $modernAuthForSPRequired = -not $SPOTenant.LegacyAuthProtocolsEnabled # Prepare failure reasons and details based on compliance $failureReasons = if (-not $modernAuthForSPRequired) { @@ -48,7 +48,7 @@ function Test-ModernAuthSharePoint { $details = "LegacyAuthProtocolsEnabled: $($SPOTenant.LegacyAuthProtocolsEnabled)" # Details for Condition B # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $modernAuthForSPRequired Status = if ($modernAuthForSPRequired) { "Pass" } else { "Fail" } Details = $details @@ -58,7 +58,7 @@ function Test-ModernAuthSharePoint { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-NoAnonymousMeetingJoin.ps1 b/source/tests/Test-NoAnonymousMeetingJoin.ps1 index d9d82dd..f31bf17 100644 --- a/source/tests/Test-NoAnonymousMeetingJoin.ps1 +++ b/source/tests/Test-NoAnonymousMeetingJoin.ps1 @@ -9,8 +9,8 @@ function Test-NoAnonymousMeetingJoin { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.5.1" - Write-Verbose "Running Test-NoAnonymousMeetingJoin for $recnum..." + $RecNum = "8.5.1" + Write-Verbose "Running Test-NoAnonymousMeetingJoin for $RecNum..." } process { try { @@ -36,7 +36,7 @@ function Test-NoAnonymousMeetingJoin { AllowAnonymousUsersToJoinMeeting = $true } #> - $teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum + $teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $RecNum $allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting # Prepare failure reasons and details based on compliance $failureReasons = if ($allowAnonymousUsersToJoinMeeting) { @@ -48,7 +48,7 @@ function Test-NoAnonymousMeetingJoin { $details = "AllowAnonymousUsersToJoinMeeting is set to $allowAnonymousUsersToJoinMeeting" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = -not $allowAnonymousUsersToJoinMeeting Status = if (-not $allowAnonymousUsersToJoinMeeting) { "Pass" } else { "Fail" } Details = $details @@ -58,7 +58,7 @@ function Test-NoAnonymousMeetingJoin { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-NoAnonymousMeetingStart.ps1 b/source/tests/Test-NoAnonymousMeetingStart.ps1 index cb92a64..becf0d8 100644 --- a/source/tests/Test-NoAnonymousMeetingStart.ps1 +++ b/source/tests/Test-NoAnonymousMeetingStart.ps1 @@ -9,8 +9,8 @@ function Test-NoAnonymousMeetingStart { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.5.2" - Write-Verbose "Running Test-NoAnonymousMeetingStart for $recnum..." + $RecNum = "8.5.2" + Write-Verbose "Running Test-NoAnonymousMeetingStart for $RecNum..." } process { try { @@ -31,7 +31,7 @@ function Test-NoAnonymousMeetingStart { # - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`. # Connect to Teams PowerShell using Connect-MicrosoftTeams # Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings - $CsTeamsMeetingPolicyAnonymous = Get-CISMSTeamsOutput -Rec $recnum + $CsTeamsMeetingPolicyAnonymous = Get-CISMSTeamsOutput -Rec $RecNum $anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting # Prepare failure reasons and details based on compliance $failureReasons = if ($anonymousStartDisabled) { @@ -43,7 +43,7 @@ function Test-NoAnonymousMeetingStart { $details = "AllowAnonymousUsersToStartMeeting is set to $($CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting)" # Condition C # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $anonymousStartDisabled Status = if ($anonymousStartDisabled) { "Pass" } else { "Fail" } Details = $details @@ -53,7 +53,7 @@ function Test-NoAnonymousMeetingStart { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-NoWhitelistDomains.ps1 b/source/tests/Test-NoWhitelistDomains.ps1 index dc8f958..b967445 100644 --- a/source/tests/Test-NoWhitelistDomains.ps1 +++ b/source/tests/Test-NoWhitelistDomains.ps1 @@ -9,8 +9,8 @@ function Test-NoWhitelistDomains { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "6.2.2" - Write-Verbose "Running Test-NoWhitelistDomains for $recnum..." + $RecNum = "6.2.2" + Write-Verbose "Running Test-NoWhitelistDomains for $RecNum..." <# Conditions for 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains (Automated) Validate test for a pass: @@ -32,7 +32,7 @@ function Test-NoWhitelistDomains { # 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains # Retrieve transport rules that whitelist specific domains # Condition A: Checking for transport rules that whitelist specific domains - $whitelistedRules = Get-CISExoOutput -Rec $recnum + $whitelistedRules = Get-CISExoOutput -Rec $RecNum # Prepare failure reasons and details based on compliance # Condition B: Prepare failure reasons based on the presence of whitelisted rules $failureReasons = if ($whitelistedRules) { @@ -51,7 +51,7 @@ function Test-NoWhitelistDomains { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = -not $whitelistedRules Status = if ($whitelistedRules) { "Fail" } else { "Pass" } Details = $details @@ -61,7 +61,7 @@ function Test-NoWhitelistDomains { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-NotifyMalwareInternal.ps1 b/source/tests/Test-NotifyMalwareInternal.ps1 index f836b8a..2a17b93 100644 --- a/source/tests/Test-NotifyMalwareInternal.ps1 +++ b/source/tests/Test-NotifyMalwareInternal.ps1 @@ -24,8 +24,8 @@ function Test-NotifyMalwareInternal { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "2.1.3" - Write-Verbose "Running Test-NotifyMalwareInternal for $recnum..." + $RecNum = "2.1.3" + Write-Verbose "Running Test-NotifyMalwareInternal for $RecNum..." } process { try { @@ -47,7 +47,7 @@ function Test-NotifyMalwareInternal { } ) #> - $malwareNotifications = Get-CISExoOutput -Rec $recnum + $malwareNotifications = Get-CISExoOutput -Rec $RecNum # Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications. $policiesToReport = @() foreach ($policy in $malwareNotifications) { @@ -73,7 +73,7 @@ function Test-NotifyMalwareInternal { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $result Status = if ($result) { "Pass" } else { "Fail" } Details = $details @@ -83,7 +83,7 @@ function Test-NotifyMalwareInternal { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-OneDriveContentRestrictions.ps1 b/source/tests/Test-OneDriveContentRestrictions.ps1 index d97da01..c1ba7e2 100644 --- a/source/tests/Test-OneDriveContentRestrictions.ps1 +++ b/source/tests/Test-OneDriveContentRestrictions.ps1 @@ -24,8 +24,8 @@ function Test-OneDriveContentRestrictions { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.4" - Write-Verbose "Running Test-OneDriveContentRestrictions for $recnum..." + $RecNum = "7.2.4" + Write-Verbose "Running Test-OneDriveContentRestrictions for $RecNum..." } process { try { @@ -37,7 +37,7 @@ function Test-OneDriveContentRestrictions { OneDriveSharingCapability = "ExternalUserAndGuestSharing" } #> - $SPOTenant = Get-CISSpoOutput -Rec $recnum + $SPOTenant = Get-CISSpoOutput -Rec $RecNum $isOneDriveSharingRestricted = $SPOTenant.OneDriveSharingCapability -eq 'Disabled' # Prepare failure reasons and details based on compliance $failureReasons = if (-not $isOneDriveSharingRestricted) { @@ -55,7 +55,7 @@ function Test-OneDriveContentRestrictions { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isOneDriveSharingRestricted Status = if ($isOneDriveSharingRestricted) { "Pass" } else { "Fail" } Details = $details @@ -65,7 +65,7 @@ function Test-OneDriveContentRestrictions { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-OneDriveSyncRestrictions.ps1 b/source/tests/Test-OneDriveSyncRestrictions.ps1 index b78eeae..6767bfc 100644 --- a/source/tests/Test-OneDriveSyncRestrictions.ps1 +++ b/source/tests/Test-OneDriveSyncRestrictions.ps1 @@ -9,8 +9,8 @@ function Test-OneDriveSyncRestrictions { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.3.2" - Write-Verbose "Running Test-OneDriveSyncRestrictions for $recnum..." + $RecNum = "7.3.2" + Write-Verbose "Running Test-OneDriveSyncRestrictions for $RecNum..." } process { try { @@ -30,7 +30,7 @@ function Test-OneDriveSyncRestrictions { # - Condition B: "TenantRestrictionEnabled" is set to False. # - Condition C: "AllowedDomainList" does not contain the trusted domain GUIDs from the on-premises environment. # Retrieve OneDrive sync client restriction settings - $SPOTenantSyncClientRestriction = Get-CISSpoOutput -Rec $recnum + $SPOTenantSyncClientRestriction = Get-CISSpoOutput -Rec $RecNum $isSyncRestricted = $SPOTenantSyncClientRestriction.TenantRestrictionEnabled -and $SPOTenantSyncClientRestriction.AllowedDomainList # Condition A: Check if TenantRestrictionEnabled is True # Condition B: Ensure AllowedDomainList contains trusted domains GUIDs @@ -52,7 +52,7 @@ function Test-OneDriveSyncRestrictions { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isSyncRestricted Status = if ($isSyncRestricted) { "Pass" } else { "Fail" } Details = $details @@ -62,7 +62,7 @@ function Test-OneDriveSyncRestrictions { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-OrgOnlyBypassLobby.ps1 b/source/tests/Test-OrgOnlyBypassLobby.ps1 index b3213a1..8c127ff 100644 --- a/source/tests/Test-OrgOnlyBypassLobby.ps1 +++ b/source/tests/Test-OrgOnlyBypassLobby.ps1 @@ -9,8 +9,8 @@ function Test-OrgOnlyBypassLobby { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.5.3" - Write-Verbose "Running Test-OrgOnlyBypassLobby for $recnum..." + $RecNum = "8.5.3" + Write-Verbose "Running Test-OrgOnlyBypassLobby for $RecNum..." } process { try { @@ -31,7 +31,7 @@ function Test-OrgOnlyBypassLobby { # - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended. # Connect to Teams PowerShell using Connect-MicrosoftTeams # Retrieve the Teams meeting policy for lobby bypass settings - $CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $recnum + $CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $RecNum $lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests' # Prepare failure reasons and details based on compliance $failureReasons = if (-not $lobbyBypassRestricted) { @@ -49,7 +49,7 @@ function Test-OrgOnlyBypassLobby { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $lobbyBypassRestricted Status = if ($lobbyBypassRestricted) { "Pass" } else { "Fail" } Details = $details @@ -59,7 +59,7 @@ function Test-OrgOnlyBypassLobby { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-OrganizersPresent.ps1 b/source/tests/Test-OrganizersPresent.ps1 index b4d4867..3cebd2e 100644 --- a/source/tests/Test-OrganizersPresent.ps1 +++ b/source/tests/Test-OrganizersPresent.ps1 @@ -9,8 +9,8 @@ function Test-OrganizersPresent { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.5.6" - Write-Verbose "Running Test-OrganizersPresent for $recnum..." + $RecNum = "8.5.6" + Write-Verbose "Running Test-OrganizersPresent for $RecNum..." } process { try { @@ -36,7 +36,7 @@ function Test-OrganizersPresent { DesignatedPresenterRoleMode = "Enabled" } #> - $CsTeamsMeetingPolicyPresenters = Get-CISMSTeamsOutput -Rec $recnum + $CsTeamsMeetingPolicyPresenters = Get-CISMSTeamsOutput -Rec $RecNum $presenterRoleRestricted = $CsTeamsMeetingPolicyPresenters.DesignatedPresenterRoleMode -eq 'OrganizerOnlyUserOverride' # Prepare failure reasons and details based on compliance $failureReasons = if (-not $presenterRoleRestricted) { @@ -53,7 +53,7 @@ function Test-OrganizersPresent { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $presenterRoleRestricted Status = if ($presenterRoleRestricted) { "Pass" } else { "Fail" } Details = $details @@ -63,7 +63,7 @@ function Test-OrganizersPresent { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-PasswordHashSync.ps1 b/source/tests/Test-PasswordHashSync.ps1 index eb14f2d..1937c35 100644 --- a/source/tests/Test-PasswordHashSync.ps1 +++ b/source/tests/Test-PasswordHashSync.ps1 @@ -24,14 +24,14 @@ function Test-PasswordHashSync { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "5.1.8.1" - Write-Verbose "Starting Test-PasswordHashSync with Rec: $recnum" + $RecNum = "5.1.8.1" + Write-Verbose "Starting Test-PasswordHashSync with Rec: $RecNum" } process { try { # 5.1.8.1 (L1) Ensure password hash sync is enabled for hybrid deployments # Retrieve password hash sync status (Condition A and C) - $passwordHashSync = Get-CISMgOutput -Rec $recnum + $passwordHashSync = Get-CISMgOutput -Rec $RecNum $hashSyncResult = $passwordHashSync # Prepare failure reasons and details based on compliance $failureReasons = if (-not $hashSyncResult) { @@ -43,7 +43,7 @@ function Test-PasswordHashSync { $details = "OnPremisesSyncEnabled: $($passwordHashSync)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $hashSyncResult Status = if ($hashSyncResult) { "Pass" } else { "Fail" } Details = $details @@ -53,7 +53,7 @@ function Test-PasswordHashSync { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-PasswordNeverExpirePolicy.ps1 b/source/tests/Test-PasswordNeverExpirePolicy.ps1 index 4f97c1f..f54a927 100644 --- a/source/tests/Test-PasswordNeverExpirePolicy.ps1 +++ b/source/tests/Test-PasswordNeverExpirePolicy.ps1 @@ -11,7 +11,7 @@ function Test-PasswordNeverExpirePolicy { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "1.3.1" + $RecNum = "1.3.1" $overallResult = $true $detailsList = @() $failureReasonsList = @() @@ -39,7 +39,7 @@ function Test-PasswordNeverExpirePolicy { process { try { # Step: Retrieve all domains or a specific domain - $domains = Get-CISMgOutput -Rec $recnum -DomainName $DomainName + $domains = Get-CISMgOutput -Rec $RecNum -DomainName $DomainName foreach ($domain in $domains) { $domainName = $domain.Id $isDefault = $domain.IsDefault @@ -68,7 +68,7 @@ function Test-PasswordNeverExpirePolicy { $finalDetails = $detailsList -join "`n" # Step: Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $overallResult Status = if ($overallResult) { "Pass" } else { "Fail" } Details = $finalDetails @@ -78,7 +78,7 @@ function Test-PasswordNeverExpirePolicy { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-ReauthWithCode.ps1 b/source/tests/Test-ReauthWithCode.ps1 index 1ec2bb0..653c03c 100644 --- a/source/tests/Test-ReauthWithCode.ps1 +++ b/source/tests/Test-ReauthWithCode.ps1 @@ -24,8 +24,8 @@ function Test-ReauthWithCode { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.10" - Write-Verbose "Running Test-ReauthWithCode for $recnum..." + $RecNum = "7.2.10" + Write-Verbose "Running Test-ReauthWithCode for $RecNum..." } process { try { @@ -38,7 +38,7 @@ function Test-ReauthWithCode { EmailAttestationReAuthDays = "30" } #> - $SPOTenantReauthentication = Get-CISSpoOutput -Rec $recnum + $SPOTenantReauthentication = Get-CISSpoOutput -Rec $RecNum $isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15 # Prepare failure reasons and details based on compliance $failureReasons = if (-not $isReauthenticationRestricted) { @@ -51,7 +51,7 @@ function Test-ReauthWithCode { $details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isReauthenticationRestricted Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" } Details = $details @@ -61,7 +61,7 @@ function Test-ReauthWithCode { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-ReportSecurityInTeams.ps1 b/source/tests/Test-ReportSecurityInTeams.ps1 index 961f341..a711b81 100644 --- a/source/tests/Test-ReportSecurityInTeams.ps1 +++ b/source/tests/Test-ReportSecurityInTeams.ps1 @@ -9,8 +9,8 @@ function Test-ReportSecurityInTeams { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.6.1" - Write-Verbose "Running Test-ReportSecurityInTeams for $recnum..." + $RecNum = "8.6.1" + Write-Verbose "Running Test-ReportSecurityInTeams for $RecNum..." } process { try { @@ -24,7 +24,7 @@ function Test-ReportSecurityInTeams { AllowSecurityEndUserReporting = $true } #> - $CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $recnum + $CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $RecNum # Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal. # Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses. # $ReportSubmissionPolicy Mock Object @@ -40,7 +40,7 @@ function Test-ReportSecurityInTeams { ReportChatMessageToCustomizedAddressEnabled = $false } #> - $ReportSubmissionPolicy = Get-CISExoOutput -Rec $recnum + $ReportSubmissionPolicy = Get-CISExoOutput -Rec $RecNum # Check if all the required settings are enabled $securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and $ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and @@ -92,7 +92,7 @@ ReportChatMessageToCustomizedAddressEnabled: True } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $securityReportEnabled Status = if ($securityReportEnabled) { "Pass" } else { "Fail" } Details = $details @@ -102,7 +102,7 @@ ReportChatMessageToCustomizedAddressEnabled: True } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-RestrictCustomScripts.ps1 b/source/tests/Test-RestrictCustomScripts.ps1 index b9f9cda..b0cd00a 100644 --- a/source/tests/Test-RestrictCustomScripts.ps1 +++ b/source/tests/Test-RestrictCustomScripts.ps1 @@ -8,8 +8,8 @@ function Test-RestrictCustomScripts { # Dot source the class script if necessary # . .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.3.4" - Write-Verbose "Running Test-RestrictCustomScripts for $recnum..." + $RecNum = "7.3.4" + Write-Verbose "Running Test-RestrictCustomScripts for $RecNum..." } process { try { @@ -37,7 +37,7 @@ function Test-RestrictCustomScripts { DenyAddAndCustomizePages = "Enabled" } #> - $SPOSitesCustomScript = Get-CISSpoOutput -Rec $recnum + $SPOSitesCustomScript = Get-CISSpoOutput -Rec $RecNum # Process URLs to replace 'sharepoint.com' with '' $processedUrls = $SPOSitesCustomScript | ForEach-Object { $_.Url = $_.Url -replace 'sharepoint\.com', '' @@ -99,7 +99,7 @@ function Test-RestrictCustomScripts { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $complianceResult Status = if ($complianceResult) { "Pass" } else { "Fail" } Details = $details @@ -109,7 +109,7 @@ function Test-RestrictCustomScripts { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } diff --git a/source/tests/Test-RestrictExternalSharing.ps1 b/source/tests/Test-RestrictExternalSharing.ps1 index a84a53e..cb1eb84 100644 --- a/source/tests/Test-RestrictExternalSharing.ps1 +++ b/source/tests/Test-RestrictExternalSharing.ps1 @@ -24,8 +24,8 @@ function Test-RestrictExternalSharing { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.3" - Write-Verbose "Running Test-RestrictExternalSharing for $recnum..." + $RecNum = "7.2.3" + Write-Verbose "Running Test-RestrictExternalSharing for $RecNum..." } process { try { @@ -36,7 +36,7 @@ function Test-RestrictExternalSharing { SharingCapability = "ExternalUserAndGuestSharing" } #> - $SPOTenantSharingCapability = Get-CISSpoOutput -Rec $recnum + $SPOTenantSharingCapability = Get-CISSpoOutput -Rec $RecNum $isRestricted = $SPOTenantSharingCapability.SharingCapability -in @('ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly', 'Disabled') # Prepare failure reasons and details based on compliance # Condition B: Using PowerShell, the SharingCapability property for the SharePoint tenant is set to "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly", or "Disabled". @@ -54,7 +54,7 @@ function Test-RestrictExternalSharing { $details = "SharingCapability: $($SPOTenantSharingCapability.SharingCapability)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isRestricted Status = if ($isRestricted) { "Pass" } else { "Fail" } Details = $details @@ -64,7 +64,7 @@ function Test-RestrictExternalSharing { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-RestrictOutlookAddins.ps1 b/source/tests/Test-RestrictOutlookAddins.ps1 index 94755d0..13289e9 100644 --- a/source/tests/Test-RestrictOutlookAddins.ps1 +++ b/source/tests/Test-RestrictOutlookAddins.ps1 @@ -11,8 +11,8 @@ function Test-RestrictOutlookAddins { # Initialization code $defaultPolicyFailureDetails = @() $relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps') - $recnum = "6.3.1" - Write-Verbose "Running Test-RestrictOutlookAddins for $recnum..." + $RecNum = "6.3.1" + Write-Verbose "Running Test-RestrictOutlookAddins for $RecNum..." # Conditions for 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed # # Validate test for a pass: @@ -32,7 +32,7 @@ function Test-RestrictOutlookAddins { # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed # Check all mailboxes for custom policies with unallowed add-ins # Check Default Role Assignment Policy - $customPolicyFailures, $defaultPolicy = Get-CISExoOutput -Rec $recnum + $customPolicyFailures, $defaultPolicy = Get-CISExoOutput -Rec $RecNum $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles } # Condition A: Verify that the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are unchecked under Other roles. if ($defaultPolicyRoles) { @@ -58,7 +58,7 @@ function Test-RestrictOutlookAddins { $isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails) # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isCompliant Status = if ($isCompliant) { "Pass" } else { "Fail" } Details = $detailsString @@ -68,7 +68,7 @@ function Test-RestrictOutlookAddins { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-RestrictStorageProvidersOutlook.ps1 b/source/tests/Test-RestrictStorageProvidersOutlook.ps1 index 0160d82..e508ba2 100644 --- a/source/tests/Test-RestrictStorageProvidersOutlook.ps1 +++ b/source/tests/Test-RestrictStorageProvidersOutlook.ps1 @@ -24,14 +24,14 @@ function Test-RestrictStorageProvidersOutlook { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "6.5.3" - Write-Verbose "Running Test-RestrictStorageProvidersOutlook for $recnum..." + $RecNum = "6.5.3" + Write-Verbose "Running Test-RestrictStorageProvidersOutlook for $RecNum..." } process { try { # 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web # Retrieve all OwaMailbox policies - $owaPolicies = Get-CISExoOutput -Rec $recnum + $owaPolicies = Get-CISExoOutput -Rec $RecNum # Condition A: Check if AdditionalStorageProvidersAvailable is set to False $nonCompliantPolicies = $owaPolicies | Where-Object { $_.AdditionalStorageProvidersAvailable } # Determine compliance @@ -51,7 +51,7 @@ function Test-RestrictStorageProvidersOutlook { } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $allPoliciesRestricted Status = if ($allPoliciesRestricted) { "Pass" } else { "Fail" } Details = $details @@ -61,7 +61,7 @@ function Test-RestrictStorageProvidersOutlook { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-RestrictTenantCreation.ps1 b/source/tests/Test-RestrictTenantCreation.ps1 index 4f34647..be147ef 100644 --- a/source/tests/Test-RestrictTenantCreation.ps1 +++ b/source/tests/Test-RestrictTenantCreation.ps1 @@ -9,8 +9,8 @@ function Test-RestrictTenantCreation { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "5.1.2.3" - Write-Verbose "Starting Test-RestrictTenantCreation with Rec: $recnum" + $RecNum = "5.1.2.3" + Write-Verbose "Starting Test-RestrictTenantCreation with Rec: $RecNum" <# Conditions for 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes' Validate test for a pass: @@ -29,7 +29,7 @@ function Test-RestrictTenantCreation { try { # 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes' # Retrieve the tenant creation policy - $tenantCreationPolicy = Get-CISMgOutput -Rec $recnum + $tenantCreationPolicy = Get-CISMgOutput -Rec $RecNum $tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants # Prepare failure reasons and details based on compliance $failureReasons = if ($tenantCreationResult) { @@ -41,7 +41,7 @@ function Test-RestrictTenantCreation { $details = "AllowedToCreateTenants: $($tenantCreationPolicy.AllowedToCreateTenants)" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $tenantCreationResult Status = if ($tenantCreationResult) { "Pass" } else { "Fail" } Details = $details @@ -51,7 +51,7 @@ function Test-RestrictTenantCreation { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-SafeAttachmentsPolicy.ps1 b/source/tests/Test-SafeAttachmentsPolicy.ps1 index b6c257c..c22243a 100644 --- a/source/tests/Test-SafeAttachmentsPolicy.ps1 +++ b/source/tests/Test-SafeAttachmentsPolicy.ps1 @@ -6,8 +6,8 @@ function Test-SafeAttachmentsPolicy { [string]$DomainName ) begin { - $recnum = "2.1.4" - Write-Verbose "Running Test-SafeAttachmentsPolicy for $recnum..." + $RecNum = "2.1.4" + Write-Verbose "Running Test-SafeAttachmentsPolicy for $RecNum..." <# Conditions for 2.1.4 (L2) Ensure Safe Attachments policy is enabled: Validate test for a pass: @@ -36,7 +36,7 @@ function Test-SafeAttachmentsPolicy { } ) #> - $safeAttachmentPolicies, $safeAttachmentRules = Get-CISExoOutput -Rec $recnum + $safeAttachmentPolicies, $safeAttachmentRules = Get-CISExoOutput -Rec $RecNum $safeAttachmentPolicies = $safeAttachmentPolicies | Where-Object { $_.Identity -in $safeAttachmentRules.SafeAttachmentPolicy } if ($safeAttachmentPolicies -ne 1) { try { @@ -81,7 +81,7 @@ function Test-SafeAttachmentsPolicy { $failureReasonsString = ($failureReasons -join "`n") # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $result Status = if ($result) { "Pass" } else { "Fail" } Details = $detailsString @@ -90,18 +90,18 @@ function Test-SafeAttachmentsPolicy { $auditResult = Initialize-CISAuditResult @params } catch { - Write-Error "An error occurred during the test $recnum`:: $_" + Write-Error "An error occurred during the test $RecNum`:: $_" # Retrieve the description from the test definitions - $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum } + $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum } $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" } - $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ }) + $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ }) # Call Initialize-CISAuditResult with error parameters - $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure + $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure } } else { $params = @{ - Rec = $recnum + Rec = $RecNum Result = $false Status = "Fail" Details = "No Safe Attachments policies found." diff --git a/source/tests/Test-SafeAttachmentsTeams.ps1 b/source/tests/Test-SafeAttachmentsTeams.ps1 index d931347..bb99684 100644 --- a/source/tests/Test-SafeAttachmentsTeams.ps1 +++ b/source/tests/Test-SafeAttachmentsTeams.ps1 @@ -24,8 +24,8 @@ function Test-SafeAttachmentsTeams { # - Condition B: Safe Attachments for OneDrive is not enabled. # - Condition C: Safe Attachments for Microsoft Teams is not enabled. # Initialization code, if needed - $recnum = "2.1.5" - Write-Verbose "Running Test-SafeAttachmentsTeams for $recnum..." + $RecNum = "2.1.5" + Write-Verbose "Running Test-SafeAttachmentsTeams for $RecNum..." } process { # $atpPolicyResult Mock Object @@ -39,7 +39,7 @@ function Test-SafeAttachmentsTeams { } ) #> - $atpPolicyResult = Get-CISExoOutput -Rec $recnum + $atpPolicyResult = Get-CISExoOutput -Rec $RecNum if ($atpPolicyResult -ne 1) { try { # Condition A: Check Safe Attachments for SharePoint @@ -79,7 +79,7 @@ AllowSafeDocsOpen: $($_.AllowSafeDocsOpen) } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $result Status = if ($result) { "Pass" } else { "Fail" } Details = $details @@ -88,18 +88,18 @@ AllowSafeDocsOpen: $($_.AllowSafeDocsOpen) $auditResult = Initialize-CISAuditResult @params } catch { - Write-Error "An error occurred during the test $recnum`:: $_" + Write-Error "An error occurred during the test $RecNum`:: $_" # Retrieve the description from the test definitions - $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum } + $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum } $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" } - $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ }) + $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ }) # Call Initialize-CISAuditResult with error parameters - $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure + $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure } } else { $params = @{ - Rec = $recnum + Rec = $RecNum Result = $false Status = "Fail" Details = "No M365 E5 licenses found." diff --git a/source/tests/Test-SafeLinksOfficeApps.ps1 b/source/tests/Test-SafeLinksOfficeApps.ps1 index 25433ab..8ceb0f8 100644 --- a/source/tests/Test-SafeLinksOfficeApps.ps1 +++ b/source/tests/Test-SafeLinksOfficeApps.ps1 @@ -9,8 +9,8 @@ function Test-SafeLinksOfficeApps { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "2.1.1" - Write-Verbose "Running Test-SafeLinksOfficeApps for $recnum..." + $RecNum = "2.1.1" + Write-Verbose "Running Test-SafeLinksOfficeApps for $RecNum..." <# Conditions for 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled Validate test for a pass: @@ -38,7 +38,7 @@ function Test-SafeLinksOfficeApps { process { # 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled # Retrieve all Safe Links policies - $misconfiguredDetails = Get-CISExoOutput -Rec $recnum + $misconfiguredDetails = Get-CISExoOutput -Rec $RecNum # Misconfigured details returns 1 if EXO Commands needed for the test are not available if ($misconfiguredDetails -ne 1) { try { @@ -49,7 +49,7 @@ function Test-SafeLinksOfficeApps { $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" } # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $result Status = if ($result) { "Pass" } else { "Fail" } Details = $details @@ -58,18 +58,18 @@ function Test-SafeLinksOfficeApps { $auditResult = Initialize-CISAuditResult @params } catch { - Write-Error "An error occurred during the test $recnum`:: $_" + Write-Error "An error occurred during the test $RecNum`:: $_" # Retrieve the description from the test definitions - $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $recnum } + $testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum } $description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" } - $script:FailedTests.Add([PSCustomObject]@{ Rec = $recnum; Description = $description; Error = $_ }) + $script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ }) # Call Initialize-CISAuditResult with error parameters - $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure + $auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure } } else { $params = @{ - Rec = $recnum + Rec = $RecNum Result = $false Status = "Fail" Details = "No M365 E5 licenses found." diff --git a/source/tests/Test-SharePointAADB2B.ps1 b/source/tests/Test-SharePointAADB2B.ps1 index f39e445..a45c368 100644 --- a/source/tests/Test-SharePointAADB2B.ps1 +++ b/source/tests/Test-SharePointAADB2B.ps1 @@ -24,8 +24,8 @@ function Test-SharePointAADB2B { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.2" - Write-Verbose "Running Test-SharePointAADB2B for $recnum..." + $RecNum = "7.2.2" + Write-Verbose "Running Test-SharePointAADB2B for $RecNum..." } process { try { @@ -36,10 +36,10 @@ function Test-SharePointAADB2B { EnableAzureADB2BIntegration = $false } #> - $SPOTenantAzureADB2B = Get-CISSpoOutput -Rec $recnum + $SPOTenantAzureADB2B = Get-CISSpoOutput -Rec $RecNum # Populate the auditResult object with the required properties $params = @{ - Rec = $recnum + Rec = $RecNum Result = $SPOTenantAzureADB2B.EnableAzureADB2BIntegration Status = if ($SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Pass" } else { "Fail" } Details = "EnableAzureADB2BIntegration: $($SPOTenantAzureADB2B.EnableAzureADB2BIntegration)" @@ -49,7 +49,7 @@ function Test-SharePointAADB2B { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-SharePointExternalSharingDomains.ps1 b/source/tests/Test-SharePointExternalSharingDomains.ps1 index 1d26a5b..aea8d3c 100644 --- a/source/tests/Test-SharePointExternalSharingDomains.ps1 +++ b/source/tests/Test-SharePointExternalSharingDomains.ps1 @@ -9,8 +9,8 @@ function Test-SharePointExternalSharingDomains { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.6" - Write-Verbose "Running Test-SharePointExternalSharingDomains for $recnum..." + $RecNum = "7.2.6" + Write-Verbose "Running Test-SharePointExternalSharingDomains for $RecNum..." # Conditions for 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists # # Validate test for a pass: @@ -30,7 +30,7 @@ function Test-SharePointExternalSharingDomains { process { try { # 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists - $SPOTenant = Get-CISSpoOutput -Rec $recnum + $SPOTenant = Get-CISSpoOutput -Rec $RecNum # $SPOTenant Mock Object <# $SPOTenant = [PSCustomObject]@{ @@ -41,7 +41,7 @@ function Test-SharePointExternalSharingDomains { $isDomainRestrictionConfigured = $SPOTenant.SharingDomainRestrictionMode -eq 'AllowList' # Populate the auditResult object with the required properties $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isDomainRestrictionConfigured Status = if ($isDomainRestrictionConfigured) { "Pass" } else { "Fail" } Details = "SharingDomainRestrictionMode: $($SPOTenant.SharingDomainRestrictionMode); SharingAllowedDomainList: $($SPOTenant.SharingAllowedDomainList)" @@ -51,7 +51,7 @@ function Test-SharePointExternalSharingDomains { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-SharePointGuestsItemSharing.ps1 b/source/tests/Test-SharePointGuestsItemSharing.ps1 index f11fc4a..7ca404e 100644 --- a/source/tests/Test-SharePointGuestsItemSharing.ps1 +++ b/source/tests/Test-SharePointGuestsItemSharing.ps1 @@ -9,8 +9,8 @@ function Test-SharePointGuestsItemSharing { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "7.2.5" - Write-Verbose "Running Test-SharePointGuestsItemSharing for $recnum..." + $RecNum = "7.2.5" + Write-Verbose "Running Test-SharePointGuestsItemSharing for $RecNum..." # Conditions for 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own # # Validate test for a pass: @@ -36,11 +36,11 @@ function Test-SharePointGuestsItemSharing { PreventExternalUsersFromResharing = $false } #> - $SPOTenant = Get-CISSpoOutput -Rec $recnum + $SPOTenant = Get-CISSpoOutput -Rec $RecNum $isGuestResharingPrevented = $SPOTenant.PreventExternalUsersFromResharing # Populate the auditResult object with the required properties $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isGuestResharingPrevented Status = if ($isGuestResharingPrevented) { "Pass" } else { "Fail" } Details = "PreventExternalUsersFromResharing: $isGuestResharingPrevented" @@ -50,7 +50,7 @@ function Test-SharePointGuestsItemSharing { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-SpamPolicyAdminNotify.ps1 b/source/tests/Test-SpamPolicyAdminNotify.ps1 index bb5e7d4..867abaa 100644 --- a/source/tests/Test-SpamPolicyAdminNotify.ps1 +++ b/source/tests/Test-SpamPolicyAdminNotify.ps1 @@ -23,8 +23,8 @@ function Test-SpamPolicyAdminNotify { Note: - While the primary focus is on the default policy, the function also retrieves and displays settings from additional policies that are not default, providing comprehensive insight into the organization's configuration. These additional policies are not used to determine the test's pass/fail status but are included in the details for informational purposes. #> - $recnum = "2.1.6" - Write-Verbose "Running Test-SpamPolicyAdminNotify for $recnum..." + $RecNum = "2.1.6" + Write-Verbose "Running Test-SpamPolicyAdminNotify for $RecNum..." } process { try { @@ -57,7 +57,7 @@ function Test-SpamPolicyAdminNotify { } ) #> - $spamPolicies = Get-CISExoOutput -Rec $recnum + $spamPolicies = Get-CISExoOutput -Rec $RecNum $defaultPolicy = $spamPolicies | Where-Object { $_.IsDefault -eq $true } $additionalPolicies = $spamPolicies | Where-Object { $_.IsDefault -eq $false } $details = @() @@ -99,7 +99,7 @@ function Test-SpamPolicyAdminNotify { $failureReasonsString = $failureReasons -join "`n" # Create and populate the CISAuditResult object $params = @{ - Rec = $recnum + Rec = $RecNum Result = $result Status = if ($result) { "Pass" } else { "Fail" } Details = $detailsString @@ -108,8 +108,8 @@ function Test-SpamPolicyAdminNotify { $auditResult = Initialize-CISAuditResult @params } catch { - Write-Error "An error occurred during the test $recnum`:: $_" - $auditResult = Get-TestError -LastError $_ -recnum $recnum + Write-Error "An error occurred during the test $RecNum`:: $_" + $auditResult = Get-TestError -LastError $_ -RecNum $RecNum } } end { diff --git a/source/tests/Test-TeamsExternalAccess.ps1 b/source/tests/Test-TeamsExternalAccess.ps1 index f28262a..574e3ca 100644 --- a/source/tests/Test-TeamsExternalAccess.ps1 +++ b/source/tests/Test-TeamsExternalAccess.ps1 @@ -9,8 +9,8 @@ function Test-TeamsExternalAccess { # Dot source the class script if necessary # . .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.2.1" - Write-Verbose "Running Test-TeamsExternalAccess for $recnum..." + $RecNum = "8.2.1" + Write-Verbose "Running Test-TeamsExternalAccess for $RecNum..." } process { try { @@ -45,7 +45,7 @@ function Test-TeamsExternalAccess { AllowTeamsConsumerInbound = $true } #> - $externalAccessConfig = Get-CISMSTeamsOutput -Rec $recnum + $externalAccessConfig = Get-CISMSTeamsOutput -Rec $RecNum # Testing #$externalAccessConfig.AllowedDomains = @("msn.com", "google.com") #$externalAccessConfig.AllowTeamsConsumer = $false @@ -71,7 +71,7 @@ function Test-TeamsExternalAccess { $isCompliant = -not $externalAccessConfig.AllowTeamsConsumer -and -not $externalAccessConfig.AllowPublicUsers -and (-not $externalAccessConfig.AllowFederatedUsers -or ($allowedDomainsLimited -and $allowedDomainsMatch)) # Create an instance of CISAuditResult and populate it $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isCompliant Status = if ($isCompliant) { "Pass" } else { "Fail" } Details = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited; AllowedDomains match: $allowedDomainsMatch; Invalid Domains: $($invalidDomains -join ', ')" @@ -81,7 +81,7 @@ function Test-TeamsExternalAccess { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end { diff --git a/source/tests/Test-TeamsExternalFileSharing.ps1 b/source/tests/Test-TeamsExternalFileSharing.ps1 index faca09b..8aea871 100644 --- a/source/tests/Test-TeamsExternalFileSharing.ps1 +++ b/source/tests/Test-TeamsExternalFileSharing.ps1 @@ -9,8 +9,8 @@ function Test-TeamsExternalFileSharing { # Dot source the class script if necessary # . .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed - $recnum = "8.1.1" - Write-Verbose "Running Test-TeamsExternalFileSharing for $recnum..." + $RecNum = "8.1.1" + Write-Verbose "Running Test-TeamsExternalFileSharing for $RecNum..." } process { try { @@ -24,7 +24,7 @@ function Test-TeamsExternalFileSharing { # Assuming that 'approvedProviders' is a list of approved cloud storage service names # This list must be defined according to your organization's approved cloud storage services # Retrieve the current Teams client configuration - $clientConfig = Get-CISMSTeamsOutput -Rec $recnum + $clientConfig = Get-CISMSTeamsOutput -Rec $RecNum # Testing #$clientconfig.AllowGoogleDrive = $false #$clientconfig.AllowBox = $false @@ -57,7 +57,7 @@ function Test-TeamsExternalFileSharing { } # Create an instance of CISAuditResult and populate it $params = @{ - Rec = $recnum + Rec = $RecNum Result = $isCompliant Status = if ($isCompliant) { "Pass" } else { "Fail" } Details = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { $basePassDetails } @@ -67,7 +67,7 @@ function Test-TeamsExternalFileSharing { } catch { $LastError = $_ - $auditResult = Get-TestError -LastError $LastError -recnum $recnum + $auditResult = Get-TestError -LastError $LastError -RecNum $RecNum } } end {