vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change: Test-ExternalSharingCalendars reverted to simple test

Browse Source
This commit is contained in:
DrIOS
2024-07-07 10:24:32 -05:00
parent 904e36c376
commit f91af6e725
2 changed files with 72 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
source/Private/Get-Action.ps1
View File

@@ -75,6 +75,7 @@ function Get-Action {
return $Dictionary return $Dictionary
} }
"ConvertActions" { "ConvertActions" {
try {
$actionDictionary = switch ($ActionType) { $actionDictionary = switch ($ActionType) {
"Admin" { $Dictionary.AdminActions } "Admin" { $Dictionary.AdminActions }
"Delegate" { $Dictionary.DelegateActions } "Delegate" { $Dictionary.DelegateActions }
@@ -89,18 +90,22 @@ function Get-Action {
} }
return $abbreviatedActions return $abbreviatedActions
} }
catch {
throw $_
}
}
"ReverseActions" { "ReverseActions" {
try {
$reverseDictionary = @{} $reverseDictionary = @{}
$originalDictionary = switch ($ReverseActionType) { $originalDictionary = switch ($ReverseActionType) {
"Admin" { $Dictionary.AdminActions } "Admin" { $Dictionary.AdminActions }
"Delegate" { $Dictionary.DelegateActions } "Delegate" { $Dictionary.DelegateActions }
"Owner" { $Dictionary.OwnerActions } "Owner" { $Dictionary.OwnerActions }
} }
foreach ($key in $originalDictionary.Keys) { foreach ($key in $originalDictionary.Keys) {
$reverseDictionary[$originalDictionary[$key]] = $key $reverseDictionary[$originalDictionary[$key]] = $key
} }
$fullNames = @() $fullNames = @()
foreach ($abbrAction in $AbbreviatedActions) { foreach ($abbrAction in $AbbreviatedActions) {
if ($reverseDictionary.ContainsKey($abbrAction)) { if ($reverseDictionary.ContainsKey($abbrAction)) {
@@ -109,5 +114,9 @@ function Get-Action {
} }
return $fullNames return $fullNames
} }
catch {
throw $_
}
}
} }
} }

70
source/tests/Test-ExternalSharingCalendars.ps1
View File

@@ -5,12 +5,14 @@ function Test-ExternalSharingCalendars {
# Aligned # Aligned
# Parameters can be added if needed # Parameters can be added if needed
) )
begin { begin {
# Dot source the class script if necessary # Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1 #. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed # Initialization code, if needed
$recnum = "1.3.3" $recnum = "1.3.3"
Write-Verbose "Running Test-ExternalSharingCalendars for $recnum..."
# Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated) # Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated)
# #
# Validate test for a pass: # Validate test for a pass:
@@ -25,19 +27,12 @@ function Test-ExternalSharingCalendars {
# - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled. # - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled.
# - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`. # - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`.
} }
process { process {
try { try {
# Step: Retrieve sharing policies related to calendar sharing # Step: Retrieve sharing policies related to calendar sharing
# $sharingPolicies Mock Object
<#
$sharingPolicies = [PSCustomObject]@{
Name = "Default Sharing Policy"
Domains = @("Anonymous:CalendarSharingFreeBusySimple")
Enabled = $true
Default = $true
}
#>
$sharingPolicies = Get-CISExoOutput -Rec $recnum $sharingPolicies = Get-CISExoOutput -Rec $recnum
# Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies # Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies
$isExternalSharingDisabled = $true $isExternalSharingDisabled = $true
$sharingPolicyDetails = @() $sharingPolicyDetails = @()
@@ -47,43 +42,47 @@ function Test-ExternalSharingCalendars {
$sharingPolicyDetails += "$($policy.Name): Enabled" $sharingPolicyDetails += "$($policy.Name): Enabled"
} }
} }
# Retrieve calendars with publishing enabled (from 1.3.3b) $failureRemediation = @'
# $calendarDetails Mock Object # Get all mailboxes
<# $mailboxes = Get-Mailbox -ResultSize Unlimited
$calendarDetails = @(
[PSCustomObject]@{ # Initialize a hashtable to store calendar folder names
Calendar = "SMBuser1@domain.com" $calendarFolders = @{}
URL = "https://example.com/calendar/smbuser1" # Get the default calendar folder names for all mailboxes
}, $mailboxes | ForEach-Object {
[PSCustomObject]@{ $calendarFolderName = [string](Get-EXOMailboxFolderStatistics $_.PrimarySmtpAddress -FolderScope Calendar | Where-Object { $_.FolderType -eq `'Calendar`' }).Name
Calendar = "SMBuser2@domain.com" $calendarFolders[$_.PrimarySmtpAddress] = $calendarFolderName
URL = "https://example.com/calendar/smbuser2"
},
[PSCustomObject]@{
Calendar = "SMBuser4@domain.com"
URL = "https://example.com/calendar/smbuser3"
} }
) # Get the calendar folder settings for each mailbox
#> foreach ($mailbox in $mailboxes) {
$calendarDetails = Get-CISExoOutput -Rec "$("$recnum" + "b")" $primarySmtpAddress = $mailbox.PrimarySmtpAddress
# Build the failure reason string $calendarFolder = $calendarFolders[$primarySmtpAddress]
# Get users calendar folder settings for their default Calendar folder
$calendar = Get-MailboxCalendarFolder -Identity "$primarySmtpAddress:\$calendarFolder"
# Check if calendar publishing is enabled and display a message
if ($calendar.PublishEnabled) {
Write-Host -ForegroundColor Yellow "Calendar publishing is enabled for $primarySmtpAddress on $($calendar.PublishedCalendarUrl)"
}
}
'@
# Step: Prepare failure reasons and details based on compliance (Condition A & B: Fail)
$failureReasons = if (-not $isExternalSharingDisabled) { $failureReasons = if (-not $isExternalSharingDisabled) {
$baseMessage = "Calendar sharing with external users is enabled in one or more policies." "Calendar sharing with external users is enabled in one or more policies.`n`n" + `
if ($calendarDetails.Count -gt 0) { "Use the following command to verify which users are sharing calendars prior to disabling:`n`n" + `
$baseMessage += "`nPrior to remediating, check the following mailboxes that have calendar publishing enabled: `n$($calendarDetails -join '`n')" $failureRemediation
}
$baseMessage
} }
else { else {
"N/A" "N/A"
} }
# Step: Prepare details for the audit result (Condition A & B: Pass/Fail) # Step: Prepare details for the audit result (Condition A & B: Pass/Fail)
$details = if ($isExternalSharingDisabled) { $details = if ($isExternalSharingDisabled) {
"Calendar sharing with external users is disabled." "Calendar sharing with external users is disabled."
} }
else { else {
"Enabled Sharing Policies:`n$($sharingPolicyDetails -join ', ')" "Enabled Sharing Policies: $($sharingPolicyDetails -join ', ')"
} }
# Step: Create and populate the CISAuditResult object # Step: Create and populate the CISAuditResult object
$params = @{ $params = @{
Rec = $recnum Rec = $recnum
@@ -99,6 +98,7 @@ function Test-ExternalSharingCalendars {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum $auditResult = Get-TestError -LastError $LastError -recnum $recnum
} }
} }
end { end {
# Return the audit result # Return the audit result
return $auditResult return $auditResult