vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change: Test-ExternalSharingCalendars reverted to simple test

Browse Source
This commit is contained in:
DrIOS
2024-07-07 10:24:32 -05:00
parent 904e36c376
commit f91af6e725
2 changed files with 72 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
source/Private/Get-Action.ps1
View File

@@ -75,39 +75,48 @@ function Get-Action {
return $Dictionary return $Dictionary
} }
"ConvertActions" { "ConvertActions" {
$actionDictionary = switch ($ActionType) { try {
"Admin" { $Dictionary.AdminActions } $actionDictionary = switch ($ActionType) {
"Delegate" { $Dictionary.DelegateActions } "Admin" { $Dictionary.AdminActions }
"Owner" { $Dictionary.OwnerActions } "Delegate" { $Dictionary.DelegateActions }
"Owner" { $Dictionary.OwnerActions }
}
$abbreviatedActions = @()
foreach ($action in $Actions) {
if ($actionDictionary.ContainsKey($action)) {
$abbreviatedActions += $actionDictionary[$action]
}
}
return $abbreviatedActions
}
catch {
throw $_
} }
$abbreviatedActions = @()
foreach ($action in $Actions) {
if ($actionDictionary.ContainsKey($action)) {
$abbreviatedActions += $actionDictionary[$action]
}
}
return $abbreviatedActions
} }
"ReverseActions" { "ReverseActions" {
$reverseDictionary = @{} try {
$originalDictionary = switch ($ReverseActionType) { $reverseDictionary = @{}
"Admin" { $Dictionary.AdminActions } $originalDictionary = switch ($ReverseActionType) {
"Delegate" { $Dictionary.DelegateActions } "Admin" { $Dictionary.AdminActions }
"Owner" { $Dictionary.OwnerActions } "Delegate" { $Dictionary.DelegateActions }
} "Owner" { $Dictionary.OwnerActions }
foreach ($key in $originalDictionary.Keys) {
$reverseDictionary[$originalDictionary[$key]] = $key
}
$fullNames = @()
foreach ($abbrAction in $AbbreviatedActions) {
if ($reverseDictionary.ContainsKey($abbrAction)) {
$fullNames += $reverseDictionary[$abbrAction]
} }
foreach ($key in $originalDictionary.Keys) {
$reverseDictionary[$originalDictionary[$key]] = $key
}
$fullNames = @()
foreach ($abbrAction in $AbbreviatedActions) {
if ($reverseDictionary.ContainsKey($abbrAction)) {
$fullNames += $reverseDictionary[$abbrAction]
}
}
return $fullNames
}
catch {
throw $_
} }
return $fullNames
} }
} }
} }

72
source/tests/Test-ExternalSharingCalendars.ps1
View File

@@ -5,12 +5,14 @@ function Test-ExternalSharingCalendars {
# Aligned # Aligned
# Parameters can be added if needed # Parameters can be added if needed
) )
begin { begin {
# Dot source the class script if necessary # Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1 #. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed # Initialization code, if needed
$recnum = "1.3.3" $recnum = "1.3.3"
Write-Verbose "Running Test-ExternalSharingCalendars for $recnum..."
# Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated) # Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated)
# #
# Validate test for a pass: # Validate test for a pass:
@@ -25,19 +27,12 @@ function Test-ExternalSharingCalendars {
# - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled. # - Condition A: In the Microsoft 365 admin center, external calendar sharing is enabled.
# - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`. # - Condition B: Using the Exchange Online PowerShell Module, the `OrganizationConfig` property `ExternalSharingEnabled` is set to `True`.
} }
process { process {
try { try {
# Step: Retrieve sharing policies related to calendar sharing # Step: Retrieve sharing policies related to calendar sharing
# $sharingPolicies Mock Object
<#
$sharingPolicies = [PSCustomObject]@{
Name = "Default Sharing Policy"
Domains = @("Anonymous:CalendarSharingFreeBusySimple")
Enabled = $true
Default = $true
}
#>
$sharingPolicies = Get-CISExoOutput -Rec $recnum $sharingPolicies = Get-CISExoOutput -Rec $recnum
# Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies # Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies
$isExternalSharingDisabled = $true $isExternalSharingDisabled = $true
$sharingPolicyDetails = @() $sharingPolicyDetails = @()
@@ -47,43 +42,47 @@ function Test-ExternalSharingCalendars {
$sharingPolicyDetails += "$($policy.Name): Enabled" $sharingPolicyDetails += "$($policy.Name): Enabled"
} }
} }
# Retrieve calendars with publishing enabled (from 1.3.3b) $failureRemediation = @'
# $calendarDetails Mock Object # Get all mailboxes
<# $mailboxes = Get-Mailbox -ResultSize Unlimited
$calendarDetails = @(
[PSCustomObject]@{ # Initialize a hashtable to store calendar folder names
Calendar = "SMBuser1@domain.com" $calendarFolders = @{}
URL = "https://example.com/calendar/smbuser1" # Get the default calendar folder names for all mailboxes
}, $mailboxes | ForEach-Object {
[PSCustomObject]@{ $calendarFolderName = [string](Get-EXOMailboxFolderStatistics $_.PrimarySmtpAddress -FolderScope Calendar | Where-Object { $_.FolderType -eq `'Calendar`' }).Name
Calendar = "SMBuser2@domain.com" $calendarFolders[$_.PrimarySmtpAddress] = $calendarFolderName
URL = "https://example.com/calendar/smbuser2" }
}, # Get the calendar folder settings for each mailbox
[PSCustomObject]@{ foreach ($mailbox in $mailboxes) {
Calendar = "SMBuser4@domain.com" $primarySmtpAddress = $mailbox.PrimarySmtpAddress
URL = "https://example.com/calendar/smbuser3" $calendarFolder = $calendarFolders[$primarySmtpAddress]
} # Get users calendar folder settings for their default Calendar folder
) $calendar = Get-MailboxCalendarFolder -Identity "$primarySmtpAddress:\$calendarFolder"
#> # Check if calendar publishing is enabled and display a message
$calendarDetails = Get-CISExoOutput -Rec "$("$recnum" + "b")" if ($calendar.PublishEnabled) {
# Build the failure reason string Write-Host -ForegroundColor Yellow "Calendar publishing is enabled for $primarySmtpAddress on $($calendar.PublishedCalendarUrl)"
}
}
'@
# Step: Prepare failure reasons and details based on compliance (Condition A & B: Fail)
$failureReasons = if (-not $isExternalSharingDisabled) { $failureReasons = if (-not $isExternalSharingDisabled) {
$baseMessage = "Calendar sharing with external users is enabled in one or more policies." "Calendar sharing with external users is enabled in one or more policies.`n`n" + `
if ($calendarDetails.Count -gt 0) { "Use the following command to verify which users are sharing calendars prior to disabling:`n`n" + `
$baseMessage += "`nPrior to remediating, check the following mailboxes that have calendar publishing enabled: `n$($calendarDetails -join '`n')" $failureRemediation
}
$baseMessage
} }
else { else {
"N/A" "N/A"
} }
# Step: Prepare details for the audit result (Condition A & B: Pass/Fail) # Step: Prepare details for the audit result (Condition A & B: Pass/Fail)
$details = if ($isExternalSharingDisabled) { $details = if ($isExternalSharingDisabled) {
"Calendar sharing with external users is disabled." "Calendar sharing with external users is disabled."
} }
else { else {
"Enabled Sharing Policies:`n$($sharingPolicyDetails -join ', ')" "Enabled Sharing Policies: $($sharingPolicyDetails -join ', ')"
} }
# Step: Create and populate the CISAuditResult object # Step: Create and populate the CISAuditResult object
$params = @{ $params = @{
Rec = $recnum Rec = $recnum
@@ -99,6 +98,7 @@ function Test-ExternalSharingCalendars {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum $auditResult = Get-TestError -LastError $LastError -recnum $recnum
} }
} }
end { end {
# Return the audit result # Return the audit result
return $auditResult return $auditResult