diff --git a/source/Private/Get-Action.ps1 b/source/Private/Get-Action.ps1 index 3d24f11..894cca7 100644 --- a/source/Private/Get-Action.ps1 +++ b/source/Private/Get-Action.ps1 @@ -75,39 +75,48 @@ function Get-Action { return $Dictionary } "ConvertActions" { - $actionDictionary = switch ($ActionType) { - "Admin" { $Dictionary.AdminActions } - "Delegate" { $Dictionary.DelegateActions } - "Owner" { $Dictionary.OwnerActions } + try { + $actionDictionary = switch ($ActionType) { + "Admin" { $Dictionary.AdminActions } + "Delegate" { $Dictionary.DelegateActions } + "Owner" { $Dictionary.OwnerActions } + } + + $abbreviatedActions = @() + foreach ($action in $Actions) { + if ($actionDictionary.ContainsKey($action)) { + $abbreviatedActions += $actionDictionary[$action] + } + } + return $abbreviatedActions + } + catch { + throw $_ } - $abbreviatedActions = @() - foreach ($action in $Actions) { - if ($actionDictionary.ContainsKey($action)) { - $abbreviatedActions += $actionDictionary[$action] - } - } - return $abbreviatedActions } "ReverseActions" { - $reverseDictionary = @{} - $originalDictionary = switch ($ReverseActionType) { - "Admin" { $Dictionary.AdminActions } - "Delegate" { $Dictionary.DelegateActions } - "Owner" { $Dictionary.OwnerActions } - } - - foreach ($key in $originalDictionary.Keys) { - $reverseDictionary[$originalDictionary[$key]] = $key - } - - $fullNames = @() - foreach ($abbrAction in $AbbreviatedActions) { - if ($reverseDictionary.ContainsKey($abbrAction)) { - $fullNames += $reverseDictionary[$abbrAction] + try { + $reverseDictionary = @{} + $originalDictionary = switch ($ReverseActionType) { + "Admin" { $Dictionary.AdminActions } + "Delegate" { $Dictionary.DelegateActions } + "Owner" { $Dictionary.OwnerActions } } + foreach ($key in $originalDictionary.Keys) { + $reverseDictionary[$originalDictionary[$key]] = $key + } + $fullNames = @() + foreach ($abbrAction in $AbbreviatedActions) { + if ($reverseDictionary.ContainsKey($abbrAction)) { + $fullNames += $reverseDictionary[$abbrAction] + } + } + return $fullNames + } + catch { + throw $_ } - return $fullNames } } } diff --git a/source/tests/Test-ExternalSharingCalendars.ps1 b/source/tests/Test-ExternalSharingCalendars.ps1 index 0a43079..15d88d9 100644 --- a/source/tests/Test-ExternalSharingCalendars.ps1 +++ b/source/tests/Test-ExternalSharingCalendars.ps1 @@ -5,12 +5,14 @@ function Test-ExternalSharingCalendars { # Aligned # Parameters can be added if needed ) + begin { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 + # Initialization code, if needed $recnum = "1.3.3" - Write-Verbose "Running Test-ExternalSharingCalendars for $recnum..." + # Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated) # # Validate test for a pass: @@ -25,19 +27,12 @@ function Test-ExternalSharingCalendars { # - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled. # - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`. } + process { try { # Step: Retrieve sharing policies related to calendar sharing - # $sharingPolicies Mock Object - <# - $sharingPolicies = [PSCustomObject]@{ - Name = "Default Sharing Policy" - Domains = @("Anonymous:CalendarSharingFreeBusySimple") - Enabled = $true - Default = $true - } - #> $sharingPolicies = Get-CISExoOutput -Rec $recnum + # Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies $isExternalSharingDisabled = $true $sharingPolicyDetails = @() @@ -47,43 +42,47 @@ function Test-ExternalSharingCalendars { $sharingPolicyDetails += "$($policy.Name): Enabled" } } - # Retrieve calendars with publishing enabled (from 1.3.3b) - # $calendarDetails Mock Object - <# - $calendarDetails = @( - [PSCustomObject]@{ - Calendar = "SMBuser1@domain.com" - URL = "https://example.com/calendar/smbuser1" - }, - [PSCustomObject]@{ - Calendar = "SMBuser2@domain.com" - URL = "https://example.com/calendar/smbuser2" - }, - [PSCustomObject]@{ - Calendar = "SMBuser4@domain.com" - URL = "https://example.com/calendar/smbuser3" - } - ) - #> - $calendarDetails = Get-CISExoOutput -Rec "$("$recnum" + "b")" - # Build the failure reason string + $failureRemediation = @' +# Get all mailboxes +$mailboxes = Get-Mailbox -ResultSize Unlimited + +# Initialize a hashtable to store calendar folder names +$calendarFolders = @{} +# Get the default calendar folder names for all mailboxes +$mailboxes | ForEach-Object { + $calendarFolderName = [string](Get-EXOMailboxFolderStatistics $_.PrimarySmtpAddress -FolderScope Calendar | Where-Object { $_.FolderType -eq `'Calendar`' }).Name + $calendarFolders[$_.PrimarySmtpAddress] = $calendarFolderName +} +# Get the calendar folder settings for each mailbox +foreach ($mailbox in $mailboxes) { + $primarySmtpAddress = $mailbox.PrimarySmtpAddress + $calendarFolder = $calendarFolders[$primarySmtpAddress] + # Get users calendar folder settings for their default Calendar folder + $calendar = Get-MailboxCalendarFolder -Identity "$primarySmtpAddress:\$calendarFolder" + # Check if calendar publishing is enabled and display a message + if ($calendar.PublishEnabled) { + Write-Host -ForegroundColor Yellow "Calendar publishing is enabled for $primarySmtpAddress on $($calendar.PublishedCalendarUrl)" + } +} +'@ + # Step: Prepare failure reasons and details based on compliance (Condition A & B: Fail) $failureReasons = if (-not $isExternalSharingDisabled) { - $baseMessage = "Calendar sharing with external users is enabled in one or more policies." - if ($calendarDetails.Count -gt 0) { - $baseMessage += "`nPrior to remediating, check the following mailboxes that have calendar publishing enabled: `n$($calendarDetails -join '`n')" - } - $baseMessage + "Calendar sharing with external users is enabled in one or more policies.`n`n" + ` + "Use the following command to verify which users are sharing calendars prior to disabling:`n`n" + ` + $failureRemediation } else { "N/A" } + # Step: Prepare details for the audit result (Condition A & B: Pass/Fail) $details = if ($isExternalSharingDisabled) { "Calendar sharing with external users is disabled." } else { - "Enabled Sharing Policies:`n$($sharingPolicyDetails -join ', ')" + "Enabled Sharing Policies: $($sharingPolicyDetails -join ', ')" } + # Step: Create and populate the CISAuditResult object $params = @{ Rec = $recnum @@ -99,6 +98,7 @@ function Test-ExternalSharingCalendars { $auditResult = Get-TestError -LastError $LastError -recnum $recnum } } + end { # Return the audit result return $auditResult