vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: return when higest policy passes.

Browse Source
This commit is contained in:
DrIOS
2024-12-30 13:52:34 -06:00
parent a0b524104d
commit e1ef81a249
3 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -12,6 +12,7 @@ The format is based on and uses the types of changes according to [Keep a Change
- Steps to function to account for new logic and create an updated test definition object when version 4.0.0 is selected. - Steps to function to account for new logic and create an updated test definition object when version 4.0.0 is selected.
- Test-AdministrativeAccountCompliance4 function for v4.0.0 rec# 1.1.1 test. - Test-AdministrativeAccountCompliance4 function for v4.0.0 rec# 1.1.1 test.
- Updated Get-CISMgOutput function to include the new test definition case for 1.1.1,1.1.4 and 2.1.7. - Updated Get-CISMgOutput function to include the new test definition case for 1.1.1,1.1.4 and 2.1.7.
- Updated Get-CISExoOutput function to include the new test definition case for 2.1.7.
- New public function for generating version specific lists of recommendation numbers. - New public function for generating version specific lists of recommendation numbers.
- Check in main public function to check for 4.0.0 rec numbers when 3.0.0 is selected as the M365 benchmark version. - Check in main public function to check for 4.0.0 rec numbers when 3.0.0 is selected as the M365 benchmark version.
- Rec numbers to include and exclude rec numbers for version 4.0.0 so the 'validate set' works correctly. - Rec numbers to include and exclude rec numbers for version 4.0.0 so the 'validate set' works correctly.
@@ -20,7 +21,8 @@ The format is based on and uses the types of changes according to [Keep a Change
### Fixed ### Fixed
- Fixed Pnp PowerShell MgGraph assembly load error with workaround to load the mggraph assembly as soon as it's imported with a call to Get-MgGroup. - Fixed Pnp PowerShell MgGraph assembly load error with workaround to load the MgGraph assembly as soon as it's imported with a call to Get-MgGroup.
- Phish policy test to return if highest priority policy conforms to the benchmark.
## [0.1.26] - 2024-08-04 ## [0.1.26] - 2024-08-04

1
source/Private/Get-ScopeOverlap.ps1
View File

@@ -3,7 +3,6 @@ function Get-ScopeOverlap {
param ( param (
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[PSCustomObject]$Policy, [PSCustomObject]$Policy,
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[PSCustomObject[]]$OtherPolicies [PSCustomObject[]]$OtherPolicies
) )

10
source/tests/Test-AntiPhishingPolicy4.ps1
View File

@@ -31,10 +31,8 @@ function Test-AntiPhishingPolicy4 {
if ($isCompliant) { if ($isCompliant) {
$strictStandardCompliant = $true $strictStandardCompliant = $true
$compliantPolicies += $policy.Name $compliantPolicies += $policy.Name
# If Strict is compliant, stop evaluating further Write-Verbose "Compliant policy found: $($policy.Name). Ending evaluation."
if ($policy.Name -eq 'Strict Preset Security Policy') { return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($policy.Name)" -FailureReason 'None'
break
}
} else { } else {
$nonCompliantPolicies += $policy.Name $nonCompliantPolicies += $policy.Name
} }
@@ -57,6 +55,8 @@ function Test-AntiPhishingPolicy4 {
$isCompliant = Get-PhishPolicyCompliance -policy $policy $isCompliant = Get-PhishPolicyCompliance -policy $policy
if ($isCompliant) { if ($isCompliant) {
$compliantPolicies += $policy.Name $compliantPolicies += $policy.Name
Write-Verbose "Compliant custom policy found: $($policy.Name). Ending evaluation."
return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($policy.Name)" -FailureReason 'None'
} else { } else {
$nonCompliantPolicies += $policy.Name $nonCompliantPolicies += $policy.Name
} }
@@ -78,6 +78,8 @@ function Test-AntiPhishingPolicy4 {
$isCompliant = Get-PhishPolicyCompliance -policy $defaultPolicy $isCompliant = Get-PhishPolicyCompliance -policy $defaultPolicy
if ($isCompliant) { if ($isCompliant) {
$compliantPolicies += $defaultPolicy.Name $compliantPolicies += $defaultPolicy.Name
Write-Verbose "Compliant default policy found: $($defaultPolicy.Name)."
return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($defaultPolicy.Name)" -FailureReason 'None'
} else { } else {
$nonCompliantPolicies += $defaultPolicy.Name $nonCompliantPolicies += $defaultPolicy.Name
} }