fix: return when higest policy passes.

2024-12-30 13:52:34 -06:00
parent a0b524104d
commit e1ef81a249
3 changed files with 9 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ The format is based on and uses the types of changes according to [Keep a Change
 - Steps to function to account for new logic and create an updated test definition object when version 4.0.0 is selected.
 - Test-AdministrativeAccountCompliance4 function for v4.0.0 rec# 1.1.1 test.
 - Updated Get-CISMgOutput function to include the new test definition case for 1.1.1,1.1.4 and 2.1.7.
+- Updated Get-CISExoOutput function to include the new test definition case for 2.1.7.
 - New public function for generating version specific lists of recommendation numbers.
 - Check in main public function to check for 4.0.0 rec numbers when 3.0.0 is selected as the M365 benchmark version.
 - Rec numbers to include and exclude rec numbers for version 4.0.0 so the 'validate set' works correctly.
@@ -20,7 +21,8 @@ The format is based on and uses the types of changes according to [Keep a Change

 ### Fixed

- Fixed Pnp PowerShell MgGraph assembly load error with workaround to load the mggraph assembly as soon as it's imported with a call to Get-MgGroup.
+- Fixed Pnp PowerShell MgGraph assembly load error with workaround to load the MgGraph assembly as soon as it's imported with a call to Get-MgGroup.
+- Phish policy test to return if highest priority policy conforms to the benchmark.

 ## [0.1.26] - 2024-08-04

--- a/source/Private/Get-ScopeOverlap.ps1
+++ b/source/Private/Get-ScopeOverlap.ps1
@@ -3,7 +3,6 @@ function Get-ScopeOverlap {
    param (
        [Parameter(Mandatory = $true)]
        [PSCustomObject]$Policy,
-
        [Parameter(Mandatory = $true)]
        [PSCustomObject[]]$OtherPolicies
    )
--- a/source/tests/Test-AntiPhishingPolicy4.ps1
+++ b/source/tests/Test-AntiPhishingPolicy4.ps1
@@ -31,10 +31,8 @@ function Test-AntiPhishingPolicy4 {
                    if ($isCompliant) {
                        $strictStandardCompliant = $true
                        $compliantPolicies += $policy.Name
-                        # If Strict is compliant, stop evaluating further
-                        if ($policy.Name -eq 'Strict Preset Security Policy') {
-                            break
-                        }
+                        Write-Verbose "Compliant policy found: $($policy.Name). Ending evaluation."
+                        return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($policy.Name)" -FailureReason 'None'
                    } else {
                        $nonCompliantPolicies += $policy.Name
                    }
@@ -57,6 +55,8 @@ function Test-AntiPhishingPolicy4 {
                        $isCompliant = Get-PhishPolicyCompliance -policy $policy
                        if ($isCompliant) {
                            $compliantPolicies += $policy.Name
+                            Write-Verbose "Compliant custom policy found: $($policy.Name). Ending evaluation."
+                            return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($policy.Name)" -FailureReason 'None'
                        } else {
                            $nonCompliantPolicies += $policy.Name
                        }
@@ -78,6 +78,8 @@ function Test-AntiPhishingPolicy4 {
                        $isCompliant = Get-PhishPolicyCompliance -policy $defaultPolicy
                        if ($isCompliant) {
                            $compliantPolicies += $defaultPolicy.Name
+                            Write-Verbose "Compliant default policy found: $($defaultPolicy.Name)."
+                            return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($defaultPolicy.Name)" -FailureReason 'None'
                        } else {
                            $nonCompliantPolicies += $defaultPolicy.Name
                        }