changed name of output functions with prefix 'CIS'
This commit is contained in:
DrIOS
@@ -4,11 +4,11 @@
|
|||||||
.DESCRIPTION
|
.DESCRIPTION
|
||||||
This sample function is not exported to the module and only return the data passed as parameter.
|
This sample function is not exported to the module and only return the data passed as parameter.
|
||||||
.EXAMPLE
|
.EXAMPLE
|
||||||
$null = Get-ExoOutput -PrivateData 'NOTHING TO SEE HERE'
|
$null = Get-CISExoOutput -PrivateData 'NOTHING TO SEE HERE'
|
||||||
.PARAMETER PrivateData
|
.PARAMETER PrivateData
|
||||||
The PrivateData parameter is what will be returned without transformation.
|
The PrivateData parameter is what will be returned without transformation.
|
||||||
#>
|
#>
|
||||||
function Get-ExoOutput {
|
function Get-CISExoOutput {
|
||||||
[cmdletBinding()]
|
[cmdletBinding()]
|
||||||
[OutputType([string])]
|
[OutputType([string])]
|
||||||
param(
|
param(
|
||||||
@@ -293,5 +293,5 @@ function Get-ExoOutput {
|
|||||||
end {
|
end {
|
||||||
Write-Verbose "Retuning data for Rec: $Rec"
|
Write-Verbose "Retuning data for Rec: $Rec"
|
||||||
}
|
}
|
||||||
} # end function Get-MgOutput
|
} # end function Get-CISExoOutput
|
||||||
|
|
||||||
32
source/Private/Get-CISMSTeamsOutput.ps1
Normal file
32
source/Private/Get-CISMSTeamsOutput.ps1
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
function Get-CISMSTeamsOutput
|
||||||
|
{
|
||||||
|
<#
|
||||||
|
.SYNOPSIS
|
||||||
|
This is a sample Private function only visible within the module.
|
||||||
|
|
||||||
|
.DESCRIPTION
|
||||||
|
This sample function is not exported to the module and only return the data passed as parameter.
|
||||||
|
|
||||||
|
.EXAMPLE
|
||||||
|
$null = Get-MSTeamsOutput -PrivateData 'NOTHING TO SEE HERE'
|
||||||
|
|
||||||
|
.PARAMETER PrivateData
|
||||||
|
The PrivateData parameter is what will be returned without transformation.
|
||||||
|
|
||||||
|
#>
|
||||||
|
[cmdletBinding()]
|
||||||
|
[OutputType([string])]
|
||||||
|
param
|
||||||
|
(
|
||||||
|
[Parameter()]
|
||||||
|
[String]
|
||||||
|
$PrivateData
|
||||||
|
)
|
||||||
|
|
||||||
|
process
|
||||||
|
{
|
||||||
|
Write-Output $PrivateData
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
function Get-MgOutput {
|
function Get-CISMgOutput {
|
||||||
<#
|
<#
|
||||||
.SYNOPSIS
|
.SYNOPSIS
|
||||||
This is a sample Private function only visible within the module.
|
This is a sample Private function only visible within the module.
|
||||||
@@ -7,7 +7,7 @@ function Get-MgOutput {
|
|||||||
This sample function is not exported to the module and only return the data passed as parameter.
|
This sample function is not exported to the module and only return the data passed as parameter.
|
||||||
|
|
||||||
.EXAMPLE
|
.EXAMPLE
|
||||||
$null = Get-MgOutput -PrivateData 'NOTHING TO SEE HERE'
|
$null = Get-CISMgOutput -PrivateData 'NOTHING TO SEE HERE'
|
||||||
|
|
||||||
.PARAMETER PrivateData
|
.PARAMETER PrivateData
|
||||||
The PrivateData parameter is what will be returned without transformation.
|
The PrivateData parameter is what will be returned without transformation.
|
||||||
@@ -81,5 +81,5 @@ function Get-MgOutput {
|
|||||||
end {
|
end {
|
||||||
Write-Verbose "Retuning data for Rec: $Rec"
|
Write-Verbose "Retuning data for Rec: $Rec"
|
||||||
}
|
}
|
||||||
} # end function Get-MgOutput
|
} # end function Get-CISMgOutput
|
||||||
|
|
||||||
@@ -17,7 +17,7 @@ function Test-AdministrativeAccountCompliance {
|
|||||||
try {
|
try {
|
||||||
# Retrieve admin roles, assignments, and user details including licenses
|
# Retrieve admin roles, assignments, and user details including licenses
|
||||||
Write-Verbose "Retrieving admin roles, assignments, and user details including licenses"
|
Write-Verbose "Retrieving admin roles, assignments, and user details including licenses"
|
||||||
$adminRoleAssignments = Get-MgOutput -Rec $recnum
|
$adminRoleAssignments = Get-CISMgOutput -Rec $recnum
|
||||||
|
|
||||||
$adminRoleUsers = @()
|
$adminRoleUsers = @()
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ function Test-AntiPhishingPolicy {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
# Condition A: Ensure that an anti-phishing policy has been created
|
# Condition A: Ensure that an anti-phishing policy has been created
|
||||||
$antiPhishPolicies = Get-ExoOutput -Rec $recnum
|
$antiPhishPolicies = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Condition B: Verify the anti-phishing policy settings using PowerShell
|
# Condition B: Verify the anti-phishing policy settings using PowerShell
|
||||||
$validatedPolicies = $antiPhishPolicies | Where-Object {
|
$validatedPolicies = $antiPhishPolicies | Where-Object {
|
||||||
|
|||||||
@@ -35,7 +35,7 @@ function Test-AuditDisabledFalse {
|
|||||||
# 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
|
# 6.1.1 (L1) Ensure 'AuditDisabled' organizationally is set to 'False'
|
||||||
|
|
||||||
# Retrieve the AuditDisabled configuration (Condition B)
|
# Retrieve the AuditDisabled configuration (Condition B)
|
||||||
$auditNotDisabled = Get-ExoOutput -Rec $recnum
|
$auditNotDisabled = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $auditNotDisabled) {
|
$failureReasons = if (-not $auditNotDisabled) {
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ function Test-AuditLogSearch {
|
|||||||
try {
|
try {
|
||||||
# 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
# 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
||||||
|
|
||||||
$auditLogResult = Get-ExoOutput -Rec $recnum
|
$auditLogResult = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $auditLogResult) {
|
$failureReasons = if (-not $auditLogResult) {
|
||||||
|
|||||||
@@ -35,7 +35,7 @@ function Test-BlockMailForwarding {
|
|||||||
# 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
|
# 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled
|
||||||
|
|
||||||
# Step 1: Retrieve the transport rules that redirect messages
|
# Step 1: Retrieve the transport rules that redirect messages
|
||||||
$transportRules,$nonCompliantSpamPolicies = Get-ExoOutput -Rec $recnum
|
$transportRules,$nonCompliantSpamPolicies = Get-CISExoOutput -Rec $recnum
|
||||||
$transportForwardingBlocked = $transportRules.Count -eq 0
|
$transportForwardingBlocked = $transportRules.Count -eq 0
|
||||||
|
|
||||||
# Step 2: Check all anti-spam outbound policies
|
# Step 2: Check all anti-spam outbound policies
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ function Test-BlockSharedMailboxSignIn {
|
|||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Step: Retrieve shared mailbox details
|
# Step: Retrieve shared mailbox details
|
||||||
$MBX = Get-ExoOutput -Rec $recnum
|
$MBX = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Step: Retrieve details of shared mailboxes from Azure AD (Condition B: Pass/Fail)
|
# Step: Retrieve details of shared mailboxes from Azure AD (Condition B: Pass/Fail)
|
||||||
$sharedMailboxDetails = $MBX | ForEach-Object { Get-AzureADUser -ObjectId $_.ExternalDirectoryObjectId }
|
$sharedMailboxDetails = $MBX | ForEach-Object { Get-AzureADUser -ObjectId $_.ExternalDirectoryObjectId }
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ function Test-CommonAttachmentFilter {
|
|||||||
# Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
# Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
||||||
|
|
||||||
# Retrieve the attachment filter policy
|
# Retrieve the attachment filter policy
|
||||||
$result = Get-ExoOutput -Rec $recnum
|
$result = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $result) {
|
$failureReasons = if (-not $result) {
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ function Test-CustomerLockbox {
|
|||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Step: Retrieve the organization configuration (Condition C: Pass/Fail)
|
# Step: Retrieve the organization configuration (Condition C: Pass/Fail)
|
||||||
$customerLockboxEnabled = Get-ExoOutput -Rec $recnum
|
$customerLockboxEnabled = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Step: Prepare failure reasons and details based on compliance (Condition A, B, & C: Fail)
|
# Step: Prepare failure reasons and details based on compliance (Condition A, B, & C: Fail)
|
||||||
$failureReasons = if (-not $customerLockboxEnabled) {
|
$failureReasons = if (-not $customerLockboxEnabled) {
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ function Test-EnableDKIM {
|
|||||||
# 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
|
# 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains
|
||||||
|
|
||||||
# Retrieve DKIM configuration for all domains
|
# Retrieve DKIM configuration for all domains
|
||||||
$dkimConfig = Get-ExoOutput -Rec $recnum
|
$dkimConfig = Get-CISExoOutput -Rec $recnum
|
||||||
$dkimResult = ($dkimConfig | ForEach-Object { $_.Enabled }) -notcontains $false
|
$dkimResult = ($dkimConfig | ForEach-Object { $_.Enabled }) -notcontains $false
|
||||||
$dkimFailedDomains = $dkimConfig | Where-Object { -not $_.Enabled } | ForEach-Object { $_.Domain }
|
$dkimFailedDomains = $dkimConfig | Where-Object { -not $_.Enabled } | ForEach-Object { $_.Domain }
|
||||||
|
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ function Test-ExternalSharingCalendars {
|
|||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Step: Retrieve sharing policies related to calendar sharing
|
# Step: Retrieve sharing policies related to calendar sharing
|
||||||
$sharingPolicies = Get-ExoOutput -Rec $recnum
|
$sharingPolicies = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies
|
# Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies
|
||||||
$isExternalSharingDisabled = $true
|
$isExternalSharingDisabled = $true
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ function Test-GlobalAdminsCount {
|
|||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
$globalAdmins = Get-MgOutput -Rec $recnum
|
$globalAdmins = Get-CISMgOutput -Rec $recnum
|
||||||
|
|
||||||
# Step: Count the number of global admins
|
# Step: Count the number of global admins
|
||||||
$globalAdminCount = $globalAdmins.Count
|
$globalAdminCount = $globalAdmins.Count
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ function Test-IdentifyExternalEmail {
|
|||||||
# 6.2.3 (L1) Ensure email from external senders is identified
|
# 6.2.3 (L1) Ensure email from external senders is identified
|
||||||
|
|
||||||
# Retrieve external sender tagging configuration
|
# Retrieve external sender tagging configuration
|
||||||
$externalInOutlook = Get-ExoOutput -Rec $recnum
|
$externalInOutlook = Get-CISExoOutput -Rec $recnum
|
||||||
$externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
|
$externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ function Test-MailTipsEnabled {
|
|||||||
# 6.5.2 (L2) Ensure MailTips are enabled for end users
|
# 6.5.2 (L2) Ensure MailTips are enabled for end users
|
||||||
|
|
||||||
# Retrieve organization configuration for MailTips settings
|
# Retrieve organization configuration for MailTips settings
|
||||||
$orgConfig = Get-ExoOutput -Rec $recnum
|
$orgConfig = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Check the MailTips settings (Conditions A, B, C, D)
|
# Check the MailTips settings (Conditions A, B, C, D)
|
||||||
$allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25
|
$allTipsEnabled = $orgConfig.MailTipsAllTipsEnabled -and $orgConfig.MailTipsGroupMetricsEnabled -and $orgConfig.MailTipsLargeAudienceThreshold -eq 25
|
||||||
|
|||||||
@@ -38,14 +38,14 @@ function Test-MailboxAuditingE3 {
|
|||||||
|
|
||||||
$allFailures = @()
|
$allFailures = @()
|
||||||
$recnum = "6.1.2"
|
$recnum = "6.1.2"
|
||||||
$allUsers = Get-MgOutput -Rec $recnum
|
$allUsers = Get-CISMgOutput -Rec $recnum
|
||||||
$processedUsers = @{} # Dictionary to track processed users
|
$processedUsers = @{} # Dictionary to track processed users
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
if ($null -ne $allUsers) {
|
if ($null -ne $allUsers) {
|
||||||
$mailboxes = Get-ExoOutput -Rec $recnum
|
$mailboxes = Get-CISExoOutput -Rec $recnum
|
||||||
try {
|
try {
|
||||||
foreach ($user in $allUsers) {
|
foreach ($user in $allUsers) {
|
||||||
if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
|
if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
|
||||||
|
|||||||
@@ -35,12 +35,12 @@ function Test-MailboxAuditingE5 {
|
|||||||
$allFailures = @()
|
$allFailures = @()
|
||||||
$processedUsers = @{}
|
$processedUsers = @{}
|
||||||
$recnum = "6.1.3"
|
$recnum = "6.1.3"
|
||||||
$allUsers = Get-MgOutput -Rec $recnum
|
$allUsers = Get-CISMgOutput -Rec $recnum
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
if ($null -ne $allUsers) {
|
if ($null -ne $allUsers) {
|
||||||
$mailboxes = Get-ExoOutput -Rec $recnum
|
$mailboxes = Get-CISExoOutput -Rec $recnum
|
||||||
try {
|
try {
|
||||||
foreach ($user in $allUsers) {
|
foreach ($user in $allUsers) {
|
||||||
if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
|
if ($processedUsers.ContainsKey($user.UserPrincipalName)) {
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ function Test-ManagedApprovedPublicGroups {
|
|||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# Step: Retrieve all groups with visibility set to 'Public'
|
# Step: Retrieve all groups with visibility set to 'Public'
|
||||||
$allGroups = Get-MgOutput -Rec $recnum
|
$allGroups = Get-CISMgOutput -Rec $recnum
|
||||||
|
|
||||||
# Step: Determine failure reasons based on the presence of public groups
|
# Step: Determine failure reasons based on the presence of public groups
|
||||||
$failureReasons = if ($null -ne $allGroups -and $allGroups.Count -gt 0) {
|
$failureReasons = if ($null -ne $allGroups -and $allGroups.Count -gt 0) {
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ function Test-ModernAuthExchangeOnline {
|
|||||||
# 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
|
# 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
|
||||||
|
|
||||||
# Check modern authentication setting in Exchange Online configuration (Condition A and B)
|
# Check modern authentication setting in Exchange Online configuration (Condition A and B)
|
||||||
$orgConfig = Get-ExoOutput -Rec $recnum
|
$orgConfig = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) {
|
$failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) {
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ function Test-NoWhitelistDomains {
|
|||||||
|
|
||||||
# Retrieve transport rules that whitelist specific domains
|
# Retrieve transport rules that whitelist specific domains
|
||||||
# Condition A: Checking for transport rules that whitelist specific domains
|
# Condition A: Checking for transport rules that whitelist specific domains
|
||||||
$whitelistedRules = Get-ExoOutput -Rec $recnum
|
$whitelistedRules = Get-CISExoOutput -Rec $recnum
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
# Condition B: Prepare failure reasons based on the presence of whitelisted rules
|
# Condition B: Prepare failure reasons based on the presence of whitelisted rules
|
||||||
$failureReasons = if ($whitelistedRules) {
|
$failureReasons = if ($whitelistedRules) {
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ function Test-NotifyMalwareInternal {
|
|||||||
# 2.1.3 Ensure notifications for internal users sending malware is Enabled
|
# 2.1.3 Ensure notifications for internal users sending malware is Enabled
|
||||||
|
|
||||||
# Retrieve all 'Custom' malware filter policies and check notification settings
|
# Retrieve all 'Custom' malware filter policies and check notification settings
|
||||||
$malwareNotifications = Get-ExoOutput -Rec $recnum
|
$malwareNotifications = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications.
|
# Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications.
|
||||||
$policiesToReport = @()
|
$policiesToReport = @()
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ function Test-PasswordHashSync {
|
|||||||
# 5.1.8.1 (L1) Ensure password hash sync is enabled for hybrid deployments
|
# 5.1.8.1 (L1) Ensure password hash sync is enabled for hybrid deployments
|
||||||
|
|
||||||
# Retrieve password hash sync status (Condition A and C)
|
# Retrieve password hash sync status (Condition A and C)
|
||||||
$passwordHashSync = Get-MgOutput -Rec $recnum
|
$passwordHashSync = Get-CISMgOutput -Rec $recnum
|
||||||
$hashSyncResult = $passwordHashSync
|
$hashSyncResult = $passwordHashSync
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ function Test-ReportSecurityInTeams {
|
|||||||
$CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
|
$CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
|
||||||
# Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
|
# Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
|
||||||
# Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
|
# Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
|
||||||
$ReportSubmissionPolicy = Get-ExoOutput -Rec $recnum
|
$ReportSubmissionPolicy = Get-CISExoOutput -Rec $recnum
|
||||||
# Check if all the required settings are enabled
|
# Check if all the required settings are enabled
|
||||||
$securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and
|
$securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and
|
||||||
$ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
|
$ReportSubmissionPolicy.ReportJunkToCustomizedAddress -and
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ function Test-RestrictOutlookAddins {
|
|||||||
|
|
||||||
# Check all mailboxes for custom policies with unallowed add-ins
|
# Check all mailboxes for custom policies with unallowed add-ins
|
||||||
# Check Default Role Assignment Policy
|
# Check Default Role Assignment Policy
|
||||||
$customPolicyFailures, $defaultPolicy = Get-ExoOutput -Rec $recnum
|
$customPolicyFailures, $defaultPolicy = Get-CISExoOutput -Rec $recnum
|
||||||
$defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
|
$defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
|
||||||
|
|
||||||
# Condition A: Verify that the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are unchecked under Other roles.
|
# Condition A: Verify that the roles MyCustomApps, MyMarketplaceApps, and MyReadWriteMailboxApps are unchecked under Other roles.
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ function Test-RestrictStorageProvidersOutlook {
|
|||||||
# 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
|
# 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
|
||||||
|
|
||||||
# Retrieve all OwaMailbox policies
|
# Retrieve all OwaMailbox policies
|
||||||
$owaPolicies = Get-ExoOutput -Rec $recnum
|
$owaPolicies = Get-CISExoOutput -Rec $recnum
|
||||||
# Condition A: Check if AdditionalStorageProvidersAvailable is set to False
|
# Condition A: Check if AdditionalStorageProvidersAvailable is set to False
|
||||||
$nonCompliantPolicies = $owaPolicies | Where-Object { $_.AdditionalStorageProvidersAvailable }
|
$nonCompliantPolicies = $owaPolicies | Where-Object { $_.AdditionalStorageProvidersAvailable }
|
||||||
|
|
||||||
|
|||||||
@@ -35,7 +35,7 @@ function Test-RestrictTenantCreation {
|
|||||||
# 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
|
# 5.1.2.3 (L1) Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
|
||||||
|
|
||||||
# Retrieve the tenant creation policy
|
# Retrieve the tenant creation policy
|
||||||
$tenantCreationPolicy = Get-MgOutput -Rec $recnum
|
$tenantCreationPolicy = Get-CISMgOutput -Rec $recnum
|
||||||
$tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants
|
$tenantCreationResult = -not $tenantCreationPolicy.AllowedToCreateTenants
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ function Test-SafeAttachmentsPolicy {
|
|||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
$safeAttachmentPolicies = Get-ExoOutput -Rec $recnum
|
$safeAttachmentPolicies = Get-CISExoOutput -Rec $recnum
|
||||||
if ($safeAttachmentPolicies -ne 1) {
|
if ($safeAttachmentPolicies -ne 1) {
|
||||||
try {
|
try {
|
||||||
# Check if any Safe Attachments policy is enabled (Condition A)
|
# Check if any Safe Attachments policy is enabled (Condition A)
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ function Test-SafeAttachmentsTeams {
|
|||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
$atpPolicyResult = Get-ExoOutput -Rec $recnum
|
$atpPolicyResult = Get-CISExoOutput -Rec $recnum
|
||||||
if ($atpPolicyResult -ne 1) {
|
if ($atpPolicyResult -ne 1) {
|
||||||
try {
|
try {
|
||||||
# Condition A: Check Safe Attachments for SharePoint
|
# Condition A: Check Safe Attachments for SharePoint
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ function Test-SafeLinksOfficeApps {
|
|||||||
process {
|
process {
|
||||||
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
||||||
# Retrieve all Safe Links policies
|
# Retrieve all Safe Links policies
|
||||||
$misconfiguredDetails = Get-ExoOutput -Rec $recnum
|
$misconfiguredDetails = Get-CISExoOutput -Rec $recnum
|
||||||
# Misconfigured details returns 1 if EXO Commands needed for the test are not available
|
# Misconfigured details returns 1 if EXO Commands needed for the test are not available
|
||||||
if ($misconfiguredDetails -ne 1) {
|
if ($misconfiguredDetails -ne 1) {
|
||||||
try {
|
try {
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ function Test-SpamPolicyAdminNotify {
|
|||||||
# 2.1.6 Ensure Exchange Online Spam Policies are set to notify administrators
|
# 2.1.6 Ensure Exchange Online Spam Policies are set to notify administrators
|
||||||
|
|
||||||
# Retrieve the default hosted outbound spam filter policy
|
# Retrieve the default hosted outbound spam filter policy
|
||||||
$hostedOutboundSpamFilterPolicy = Get-ExoOutput -Rec $recnum
|
$hostedOutboundSpamFilterPolicy = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Check if both settings are enabled (Condition A and Condition B for pass)
|
# Check if both settings are enabled (Condition A and Condition B for pass)
|
||||||
$bccSuspiciousOutboundMailEnabled = $hostedOutboundSpamFilterPolicy.BccSuspiciousOutboundMail
|
$bccSuspiciousOutboundMailEnabled = $hostedOutboundSpamFilterPolicy.BccSuspiciousOutboundMail
|
||||||
|
|||||||
27
tests/Unit/Private/Get-CISMgOutput.tests.ps1
Normal file
27
tests/Unit/Private/Get-CISMgOutput.tests.ps1
Normal file
@@ -0,0 +1,27 @@
|
|||||||
|
$ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path
|
||||||
|
$ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{
|
||||||
|
($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and
|
||||||
|
$(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } )
|
||||||
|
}).BaseName
|
||||||
|
|
||||||
|
|
||||||
|
Import-Module $ProjectName
|
||||||
|
|
||||||
|
InModuleScope $ProjectName {
|
||||||
|
Describe Get-PrivateFunction {
|
||||||
|
Context 'Default' {
|
||||||
|
BeforeEach {
|
||||||
|
$return = Get-PrivateFunction -PrivateData 'string'
|
||||||
|
}
|
||||||
|
|
||||||
|
It 'Returns a single object' {
|
||||||
|
($return | Measure-Object).Count | Should -Be 1
|
||||||
|
}
|
||||||
|
|
||||||
|
It 'Returns a string based on the parameter PrivateData' {
|
||||||
|
$return | Should -Be 'string'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Reference in New Issue
Block a user