fix: Add parameter for approved storage providers for 8.1.1
This commit is contained in:
DrIOS
@@ -2,17 +2,15 @@ function Test-TeamsExternalFileSharing {
|
||||
[CmdletBinding()]
|
||||
[OutputType([CISAuditResult])]
|
||||
param (
|
||||
# Aligned
|
||||
# Parameters can be added here if needed
|
||||
[Parameter(Mandatory = $false)]
|
||||
[string[]]$ApprovedCloudStorageProvider
|
||||
)
|
||||
|
||||
begin {
|
||||
# Dot source the class script if necessary
|
||||
# . .\source\Classes\CISAuditResult.ps1
|
||||
# Initialization code, if needed
|
||||
$recnum = "8.1.1"
|
||||
}
|
||||
|
||||
process {
|
||||
try {
|
||||
# 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
|
||||
@@ -26,25 +24,44 @@ function Test-TeamsExternalFileSharing {
|
||||
|
||||
# Assuming that 'approvedProviders' is a list of approved cloud storage service names
|
||||
# This list must be defined according to your organization's approved cloud storage services
|
||||
# Retrieve the current Teams client configuration
|
||||
$clientConfig = Get-CISMSTeamsOutput -Rec $recnum
|
||||
$unapprovedProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte")
|
||||
# Testing
|
||||
#$clientconfig.AllowGoogleDrive = $false
|
||||
#$clientconfig.AllowBox = $false
|
||||
#$clientconfig.AllowShareFile = $false
|
||||
#$clientconfig.AllowEgnyte = $false
|
||||
#$clientconfig.AllowDropBox = $false
|
||||
# Define all possible cloud storage providers
|
||||
$allProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte")
|
||||
# If ApprovedCloudStorageProvider is provided, map it to the corresponding settings
|
||||
if ($PSBoundParameters.ContainsKey('ApprovedCloudStorageProvider')) {
|
||||
$approvedProviders = @()
|
||||
foreach ($provider in $ApprovedCloudStorageProvider) {
|
||||
$approvedProviders += "Allow$provider"
|
||||
}
|
||||
} else {
|
||||
# Default approved providers
|
||||
$approvedProviders = @()
|
||||
}
|
||||
$isCompliant = $true
|
||||
$nonCompliantProviders = @()
|
||||
|
||||
foreach ($provider in $unapprovedProviders) {
|
||||
if ($clientConfig.$provider) {
|
||||
foreach ($provider in $allProviders) {
|
||||
if ($clientConfig.$provider -and -not $approvedProviders.Contains($provider)) {
|
||||
$isCompliant = $false
|
||||
$nonCompliantProviders += $provider
|
||||
}
|
||||
}
|
||||
|
||||
# Create an instance of CISAuditResult and populate it
|
||||
$basePassDetails = "All cloud storage services are approved providers"
|
||||
if ($ApprovedCloudStorageProvider) {
|
||||
$basePassDetails = "Approved cloud storage services: $($ApprovedCloudStorageProvider -join ', ')"
|
||||
}
|
||||
# Create an instance of CISAuditResult and populate it
|
||||
$params = @{
|
||||
Rec = $recnum
|
||||
Result = $isCompliant
|
||||
Status = if ($isCompliant) { "Pass" } else { "Fail" }
|
||||
Details = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { "All cloud storage services are approved providers" }
|
||||
Details = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { $basePassDetails }
|
||||
FailureReason = if (-not $isCompliant) { "The following non-approved providers are enabled: $($nonCompliantProviders -join ', ')" } else { "N/A" }
|
||||
}
|
||||
$auditResult = Initialize-CISAuditResult @params
|
||||
@@ -54,7 +71,6 @@ function Test-TeamsExternalFileSharing {
|
||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||
}
|
||||
}
|
||||
|
||||
end {
|
||||
# Return auditResult
|
||||
return $auditResult
|
||||
|
||||
Reference in New Issue
Block a user