docs: Comment conditions on each test

source/tests/Test-SafeLinksOfficeApps.ps1

@@ -11,6 +11,32 @@ function Test-SafeLinksOfficeApps {
         #. .\source\Classes\CISAuditResult.ps1
         # Initialization code, if needed
         $recnum = "2.1.1"
+
+        <#
+        Conditions for 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
+
+        Validate test for a pass:
+        - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+        - Specific conditions to check:
+          - Condition A: In the Microsoft 365 security center, Safe Links policy for Office applications is enabled and the following protection settings are set:
+            - Office 365 Apps: On
+            - Teams: On
+            - Email: On
+            - Click protection settings: On
+            - Do not track when users click safe links: Off
+          - Condition B: Using the Exchange Online PowerShell Module, Safe Links policies are retrieved, and the relevant policy shows Safe Links for Office applications is enabled.
+
+        Validate test for a fail:
+        - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+        - Specific conditions to check:
+          - Condition A: In the Microsoft 365 security center, Safe Links policy for Office applications is not enabled or one or more of the required protection settings are not set correctly.
+            - Office 365 Apps: Off
+            - Teams: Off
+            - Email: Off
+            - Click protection settings: Off
+            - Do not track when users click safe links: On
+          - Condition B: Using the Exchange Online PowerShell Module, Safe Links policies are retrieved, and the relevant policy shows Safe Links for Office applications is not enabled.
+        #>
     }
 
     process {
@@ -28,16 +54,13 @@ function Test-SafeLinksOfficeApps {
                 $policyDetails = Get-SafeLinksPolicy -Identity $policy.Name
 
                 # Check each required property and record failures
+                # Condition A: Checking policy settings
                 $failures = @()
-                if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" }
-                if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" }
-                if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" }
-                if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" }
-                if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" }
-                if ($policyDetails.ScanUrls -ne $true) { $failures += "ScanUrls: False" }
-                if ($policyDetails.EnableForInternalSenders -ne $true) { $failures += "EnableForInternalSenders: False" }
-                if ($policyDetails.DeliverMessageAfterScan -ne $true) { $failures += "DeliverMessageAfterScan: False" }
-                if ($policyDetails.DisableUrlRewrite -ne $false) { $failures += "DisableUrlRewrite: True" }
+                if ($policyDetails.EnableSafeLinksForEmail -ne $true) { $failures += "EnableSafeLinksForEmail: False" } # Email: On
+                if ($policyDetails.EnableSafeLinksForTeams -ne $true) { $failures += "EnableSafeLinksForTeams: False" } # Teams: On
+                if ($policyDetails.EnableSafeLinksForOffice -ne $true) { $failures += "EnableSafeLinksForOffice: False" } # Office 365 Apps: On
+                if ($policyDetails.TrackClicks -ne $true) { $failures += "TrackClicks: False" } # Click protection settings: On
+                if ($policyDetails.AllowClickThrough -ne $false) { $failures += "AllowClickThrough: True" } # Do not track when users click safe links: Off
 
                 # Only add details for policies that have misconfigurations
                 if ($failures.Count -gt 0) {
@@ -46,6 +69,7 @@ function Test-SafeLinksOfficeApps {
             }
 
             # Prepare the final result
+            # Condition B: Ensuring no misconfigurations
             $result = $misconfiguredDetails.Count -eq 0
             $details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join ' | ' }
             $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }