vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vibecoding:v0.1.18
Branches Tags
vibecoding:main vibecoding:365-4.0.0-Update
vibecoding:v0.1.28 vibecoding:v0.1.27 vibecoding:v0.1.26 vibecoding:v0.1.25 vibecoding:v0.1.24 vibecoding:v0.1.23 vibecoding:v0.1.22 vibecoding:v0.1.21 vibecoding:v0.1.20 vibecoding:v0.1.19 vibecoding:v0.1.18 vibecoding:v0.1.17 vibecoding:v0.1.16 vibecoding:v0.1.15 vibecoding:v0.1.14 vibecoding:v0.1.13 vibecoding:v0.1.12 vibecoding:v0.1.11 vibecoding:v0.1.10 vibecoding:v0.1.9 vibecoding:v0.1.8 vibecoding:v0.1.7 vibecoding:v0.1.6 vibecoding:v0.1.5 vibecoding:v0.1.4 vibecoding:v0.1.3 vibecoding:v0.1.2 vibecoding:v0.1.1 vibecoding:v0.0.1 vibecoding:v0.1.0-preview0001
..
compare: vibecoding:v0.1.20
Branches Tags
vibecoding:365-4.0.0-Update vibecoding:main
vibecoding:v0.1.28 vibecoding:v0.1.27 vibecoding:v0.1.26 vibecoding:v0.1.25 vibecoding:v0.1.24 vibecoding:v0.1.23 vibecoding:v0.1.22 vibecoding:v0.1.21 vibecoding:v0.1.20 vibecoding:v0.1.19 vibecoding:v0.1.18 vibecoding:v0.1.17 vibecoding:v0.1.16 vibecoding:v0.1.15 vibecoding:v0.1.14 vibecoding:v0.1.13 vibecoding:v0.1.12 vibecoding:v0.1.11 vibecoding:v0.1.10 vibecoding:v0.1.9 vibecoding:v0.1.8 vibecoding:v0.1.7 vibecoding:v0.1.6 vibecoding:v0.1.5 vibecoding:v0.1.4 vibecoding:v0.1.3 vibecoding:v0.1.2 vibecoding:v0.1.1 vibecoding:v0.0.1 vibecoding:v0.1.0-preview0001

25 Commits
v0.1.18 ... v0.1.20

Author SHA1 Message Date
Doug Rios
7309925e89 Merge pull request #136 from CriticalSolutionsNetwork/135-add-parameter-validation-to-new-parameters 
135 add parameter validation to new parameters
 2024-06-30 12:55:10 -05:00
DrIOS
5637855c8b docs: Update CHANGELOG 2024-06-30 12:53:21 -05:00
DrIOS
ac98307ed1 fix: parameter validation for new parameters in Invoke-M365SecurityAudit function 2024-06-30 12:53:07 -05:00
Doug Rios
a6121a1273 Merge pull request #134 from CriticalSolutionsNetwork/133-formatting-ms-teams 
133 formatting ms teams
 2024-06-30 12:43:43 -05:00
DrIOS
0da06288f1 docs: Update CHANGELOG 2024-06-30 12:41:15 -05:00
DrIOS
416d387c20 docs: Update WIKI and xml help 2024-06-30 12:39:44 -05:00
DrIOS
6e558ac671 docs: Update WIKI and xml help 2024-06-30 12:38:58 -05:00
DrIOS
eecda359d7 docs: Update README and HTML Help 2024-06-30 12:36:44 -05:00
DrIOS
355c12b450 fix: 8.6.1 simplified output and added object comment 2024-06-30 12:33:20 -05:00
DrIOS
9a6bda9e2e fix: 8.5.7 simplified output and added object comment 2024-06-30 12:27:01 -05:00
DrIOS
e993f186af fix: formatting 2024-06-30 12:24:36 -05:00
DrIOS
5804ca25c1 fix: 8.5.6 simplified output and added object comment 2024-06-30 12:19:49 -05:00
DrIOS
1e106f94ba fix: 8.5.5 simplified output and added object comment 2024-06-30 12:15:58 -05:00
DrIOS
80015c78d5 fix: 8.5.4 simplified output and added object comment 2024-06-30 12:10:43 -05:00
DrIOS
678c287d03 Update CHANGELOG 2024-06-30 11:47:07 -05:00
DrIOS
540fe11ce9 fix: 8.5.3 simplified output and added object comment 2024-06-30 11:46:53 -05:00
DrIOS
1d2fa9ea3a fix: 8.5.1 simplified output and added object comment 2024-06-30 11:40:26 -05:00
DrIOS
ad5ce2db7f add: remediation info and mock object to 8.5.1 2024-06-30 11:36:11 -05:00
DrIOS
97fd8127d3 add: ApprovedFederatedDomains parameter for test 8.2.1-Formatting 2024-06-30 11:34:49 -05:00
DrIOS
83177cccc2 add: ApprovedFederatedDomains parameter for test 8.2.1 2024-06-30 11:27:13 -05:00
DrIOS
bc85fa5fb8 docs: formatting 2024-06-30 10:17:58 -05:00
DrIOS
e77d786535 docs: Update CHANGELOG 2024-06-30 10:17:32 -05:00
DrIOS
20124cdbb5 fix: Add plurality to approved storage providers parameter for 8.1.1 2024-06-30 10:17:10 -05:00
DrIOS
fc9ff57576 fix: Add parameter for approved storage providers for 8.1.1 2024-06-30 10:11:25 -05:00
DrIOS
5125d7f684 fix: Corrected logic for 8.1.1 2024-06-30 09:21:41 -05:00
22 changed files with 497 additions and 173 deletions
Expand all files Collapse all files

19
CHANGELOG.md
View File

@@ -4,6 +4,23 @@ The format is based on and uses the types of changes according to [Keep a Change
## [Unreleased]
### Fixed
- Fixed parameter validation for new parameters in `Invoke-M365SecurityAudit` function.
## [0.1.19] - 2024-06-30
### Added
- Added `ApprovedCloudStorageProviders` parameter to `Invoke-M365SecurityAudit` to allow for testing of approved cloud storage providers for 8.1.1.
- Added `ApprovedFederatedDomains` parameter to `Invoke-M365SecurityAudit` to allow for testing of approved federated domains for 8.5.1.
### Fixed
- Fixed various MSTeams tests to be more accurate and include more properties in the output.
## [0.1.18] - 2024-06-29
### Added
- Added `Get-PhishPolicyDetail` and `Test-PhishPolicyCompliance` private functions to help test for phishing policy compliance.
@@ -16,8 +33,6 @@ The format is based on and uses the types of changes according to [Keep a Change
- Changed main function parameter for Domain to `DomainName`.
## [0.1.17] - 2024-06-28
### Fixed

BIN
README.md
View File

Binary file not shown.

BIN
docs/index.html
View File

Binary file not shown.

57
help/Invoke-M365SecurityAudit.md
View File

@@ -14,47 +14,52 @@ Invokes a security audit for Microsoft 365 environments.
### Default (Default)
```
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-DoNotConnect] [-DoNotDisconnect]
[-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### ELevelFilter
```
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -ELevel <String>
-ProfileLevel <String> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections]
[-WhatIf] [-Confirm] [<CommonParameters>]
-ProfileLevel <String> [-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>]
[-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm]
[<CommonParameters>]
```
### IG1Filter
```
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG1] [-DoNotConnect]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG1]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### IG2Filter
```
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG2] [-DoNotConnect]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG2]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### IG3Filter
```
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG3] [-DoNotConnect]
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] [-IncludeIG3]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### RecFilter
```
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -IncludeRecommendation <String[]>
[-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm]
[<CommonParameters>]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
```
### SkipRecFilter
```
Invoke-M365SecurityAudit [-TenantAdminUrl <String>] [-DomainName <String>] -SkipRecommendation <String[]>
[-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm]
[<CommonParameters>]
[-ApprovedCloudStorageProviders <String[]>] [-ApprovedFederatedDomains <String[]>] [-DoNotConnect]
[-DoNotDisconnect] [-NoModuleCheck] [-DoNotConfirmConnections] [-WhatIf] [-Confirm] [<CommonParameters>]
```
## DESCRIPTION
@@ -300,6 +305,36 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -ApprovedCloudStorageProviders
Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
```yaml
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: @()
Accept pipeline input: False
Accept wildcard characters: False
```
### -ApprovedFederatedDomains
Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
```yaml
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -DoNotConnect
If specified, the cmdlet will not establish a connection to Microsoft 365 services.

14
help/M365FoundationsCISReport.md
View File

@@ -11,24 +11,24 @@ Locale: en-US
The `M365FoundationsCISReport` module provides a set of cmdlets to audit and report on the security compliance of Microsoft 365 environments based on CIS (Center for Internet Security) benchmarks. It enables administrators to generate detailed reports, sync data with CIS Excel sheets, and perform security audits to ensure compliance.
## M365FoundationsCISReport Cmdlets
### [Export-M365SecurityAuditTable](Export-M365SecurityAuditTable.md)
### [Export-M365SecurityAuditTable](Export-M365SecurityAuditTable)
Exports M365 security audit results to a CSV file or outputs a specific test result as an object.
### [Get-AdminRoleUserLicense](Get-AdminRoleUserLicense.md)
### [Get-AdminRoleUserLicense](Get-AdminRoleUserLicense)
Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API.
### [Get-MFAStatus](Get-MFAStatus.md)
### [Get-MFAStatus](Get-MFAStatus)
Retrieves the MFA (Multi-Factor Authentication) status for Azure Active Directory users.
### [Grant-M365SecurityAuditConsent](Grant-M365SecurityAuditConsent.md)
### [Grant-M365SecurityAuditConsent](Grant-M365SecurityAuditConsent)
Grants Microsoft Graph permissions for an auditor.
### [Invoke-M365SecurityAudit](Invoke-M365SecurityAudit.md)
### [Invoke-M365SecurityAudit](Invoke-M365SecurityAudit)
Invokes a security audit for Microsoft 365 environments.
### [Remove-RowsWithEmptyCSVStatus](Remove-RowsWithEmptyCSVStatus.md)
### [Remove-RowsWithEmptyCSVStatus](Remove-RowsWithEmptyCSVStatus)
Removes rows from an Excel worksheet where the 'CSV_Status' column is empty and saves the result to a new file.
### [Sync-CISExcelAndCsvData](Sync-CISExcelAndCsvData.md)
### [Sync-CISExcelAndCsvData](Sync-CISExcelAndCsvData)
Synchronizes and updates data in an Excel worksheet with new information from a CSV file, including audit dates.

2
helpers/Build-Help.ps1
View File

@@ -4,7 +4,7 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1
<#
$ver = "v0.1.16"
$ver = "v0.1.18"
git checkout main
git pull origin main
git tag -a $ver -m "Release version $ver refactor Update"

13
source/Private/Get-CISExoOutput.ps1
View File

@@ -513,6 +513,19 @@ function Get-CISExoOutput {
# Retrieve the necessary settings for Teams and Exchange Online
# Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
# Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
# $ReportSubmissionPolicy Mock Object
<#
$ReportSubmissionPolicy = [PSCustomObject]@{
ReportJunkToCustomizedAddress = $true
ReportNotJunkToCustomizedAddress = $true
ReportPhishToCustomizedAddress = $true
ReportJunkAddresses = @('security@example.com')
ReportNotJunkAddresses = @('security@example.com')
ReportPhishAddresses = @('security@example.com')
ReportChatMessageEnabled = $false
ReportChatMessageToCustomizedAddressEnabled = $false
}
#>
$ReportSubmissionPolicy = Get-ReportSubmissionPolicy | Select-Object -Property ReportJunkToCustomizedAddress, ReportNotJunkToCustomizedAddress, ReportPhishToCustomizedAddress, ReportJunkAddresses, ReportNotJunkAddresses, ReportPhishAddresses, ReportChatMessageEnabled, ReportChatMessageToCustomizedAddressEnabled
return $ReportSubmissionPolicy
}

84
source/Private/Get-CISMSTeamsOutput.ps1
View File

@@ -49,6 +49,7 @@ function Get-CISMSTeamsOutput {
# Assuming that 'approvedProviders' is a list of approved cloud storage service names
# This list must be defined according to your organization's approved cloud storage services
# Add option for approved providers.
$clientConfig = Get-CsTeamsClientConfiguration
return $clientConfig
}
@@ -91,9 +92,29 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `AllowTeamsConsumer` setting is not `False`.
# - Condition B: The `AllowPublicUsers` setting is not `False`.
# - Condition C: The `AllowFederatedUsers` setting is `True` and the `AllowedDomains` contains unauthorized domain names or is not configured correctly.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# $externalAccessConfig Mock Object
<#
$externalAccessConfig = [PSCustomObject]@{
Identity = 'Global'
AllowedDomains = 'AllowAllKnownDomains'
BlockedDomains = @()
AllowFederatedUsers = $true
AllowPublicUsers = $true
AllowTeamsConsumer = $true
AllowTeamsConsumerInbound = $true
}
$ApprovedFederatedDomains = @('msn.com', 'google.com')
$externalAccessConfig = [PSCustomObject]@{
Identity = 'Global'
AllowedDomains = @('msn.com', 'google.com')
BlockedDomains = @()
AllowFederatedUsers = $true
AllowPublicUsers = $false
AllowTeamsConsumer = $false
AllowTeamsConsumerInbound = $true
}
#>
$externalAccessConfig = Get-CsTenantFederationConfiguration
return $externalAccessConfig
}
@@ -114,9 +135,13 @@ function Get-CISMSTeamsOutput {
# - Condition A: `AllowAnonymousUsersToJoinMeeting` is not set to `False`.
# - Condition B: Verification using the UI shows that `Anonymous users can join a meeting` is not set to `Off` in the Global meeting policy.
# - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# $teamsMeetingPolicy Mock Object
<#
$teamsMeetingPolicy = [PSCustomObject]@{
AllowAnonymousUsersToJoinMeeting = $true
}
#>
$teamsMeetingPolicy = Get-CsTeamsMeetingPolicy -Identity Global
return $teamsMeetingPolicy
}
@@ -137,9 +162,13 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `AllowAnonymousUsersToStartMeeting` setting in the Teams admin center is not set to `False`.
# - Condition B: The setting for anonymous users and dial-in callers starting a meeting allows them to bypass the lobby.
# - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# $CsTeamsMeetingPolicyAnonymous Mock Object
<#
$CsTeamsMeetingPolicyAnonymous = [PSCustomObject]@{
AllowAnonymousUsersToStartMeeting = $true
}
#>
# Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings
$CsTeamsMeetingPolicyAnonymous = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowAnonymousUsersToStartMeeting
return $CsTeamsMeetingPolicyAnonymous
@@ -161,10 +190,14 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
# - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI.
# - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for lobby bypass settings
# $CsTeamsMeetingPolicyLobby Mock Object
<#
$CsTeamsMeetingPolicyLobby = [PSCustomObject]@{
AutoAdmittedUsers = "OrganizerOnly"
}
#>
$CsTeamsMeetingPolicyLobby = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AutoAdmittedUsers
return $CsTeamsMeetingPolicyLobby
}
@@ -185,8 +218,13 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `AllowPSTNUsersToBypassLobby` setting in the Global Teams meeting policy is not set to `False`.
# - Condition B: Verification using the UI in the Microsoft Teams admin center shows that "People dialing in can't bypass the lobby" is not set to `Off`.
# - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby.
# Retrieve Teams meeting policy for PSTN users
# $CsTeamsMeetingPolicyPSTN Mock Object
<#
$CsTeamsMeetingPolicyPSTN = [PSCustomObject]@{
AllowPSTNUsersToBypassLobby = $true
}
#>
$CsTeamsMeetingPolicyPSTN = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowPSTNUsersToBypassLobby
return $CsTeamsMeetingPolicyPSTN
}
@@ -207,8 +245,13 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `MeetingChatEnabledType` setting in Teams is not set to `EnabledExceptAnonymous`.
# - Condition B: The setting for meeting chat allows chat for anonymous users.
# - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended.
# Retrieve the Teams meeting policy for meeting chat
# $CsTeamsMeetingPolicyChat Mock Object
<#
$CsTeamsMeetingPolicyChat = [PSCustomObject]@{
MeetingChatEnabledType = "Enabled"
}
#>
$CsTeamsMeetingPolicyChat = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property MeetingChatEnabledType
return $CsTeamsMeetingPolicyChat
}
@@ -229,8 +272,13 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is not set to `OrganizerOnlyUserOverride`.
# - Condition B: Verification using the Teams admin center indicates that the setting "Who can present" is not configured to "Only organizers and co-organizers".
# - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`.
# Retrieve the Teams meeting policy for presenters
# $CsTeamsMeetingPolicyPresenters Mock Object
<#
$CsTeamsMeetingPolicyPresenters = [PSCustomObject]@{
DesignatedPresenterRoleMode = "Enabled"
}
#>
$CsTeamsMeetingPolicyPresenters = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property DesignatedPresenterRoleMode
return $CsTeamsMeetingPolicyPresenters
}
@@ -251,17 +299,27 @@ function Get-CISMSTeamsOutput {
# - Condition A: The `AllowExternalParticipantGiveRequestControl` setting in Teams is not set to `False`.
# - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
# - Condition C: Verification using the UI indicates that external participants can give or request control.
# Retrieve Teams meeting policy for external participant control
# $CsTeamsMeetingPolicyControl Mock Object
<#
$CsTeamsMeetingPolicyControl = [PSCustomObject]@{
AllowExternalParticipantGiveRequestControl = $true
}
#>
$CsTeamsMeetingPolicyControl = Get-CsTeamsMeetingPolicy -Identity Global | Select-Object -Property AllowExternalParticipantGiveRequestControl
return $CsTeamsMeetingPolicyControl
}
'8.6.1' {
# Test-ReportSecurityInTeams.ps1
# 8.6.1 (L1) Ensure users can report security concerns in Teams
# Retrieve the necessary settings for Teams and Exchange Online
# Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
# $CsTeamsMessagingPolicy Mock Object
<#
$CsTeamsMessagingPolicy = [PSCustomObject]@{
AllowSecurityEndUserReporting = $true
}
#>
$CsTeamsMessagingPolicy = Get-CsTeamsMessagingPolicy -Identity Global | Select-Object -Property AllowSecurityEndUserReporting
return $CsTeamsMessagingPolicy
}

14
source/Private/Invoke-TestFunction.ps1
View File

@@ -3,9 +3,12 @@ function Invoke-TestFunction {
param (
[Parameter(Mandatory = $true)]
[PSObject]$FunctionFile,
[Parameter(Mandatory = $false)]
[string]$DomainName
[string]$DomainName,
[Parameter(Mandatory = $false)]
[string[]]$ApprovedCloudStorageProviders,
[Parameter(Mandatory = $false)]
[string[]]$ApprovedFederatedDomains
)
$functionName = $FunctionFile.BaseName
@@ -16,7 +19,12 @@ function Invoke-TestFunction {
if ('DomainName' -in $functionCmd.Parameters.Keys) {
$paramList.DomainName = $DomainName
}
if ('ApprovedCloudStorageProviders' -in $functionCmd.Parameters.Keys) {
$paramList.ApprovedCloudStorageProviders = $ApprovedCloudStorageProviders
}
if ('ApprovedFederatedDomains' -in $functionCmd.Parameters.Keys) {
$paramList.ApprovedFederatedDomains = $ApprovedFederatedDomains
}
# Use splatting to pass parameters
Write-Verbose "Running $functionName..."
try {

60
source/Public/Invoke-M365SecurityAudit.ps1
View File

@@ -21,6 +21,10 @@
Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.
.PARAMETER SkipRecommendation
Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.
.PARAMETER ApprovedCloudStorageProviders
Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.
.PARAMETER ApprovedFederatedDomains
Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.
.PARAMETER DoNotConnect
If specified, the cmdlet will not establish a connection to Microsoft 365 services.
.PARAMETER DoNotDisconnect
@@ -128,32 +132,25 @@ function Invoke-M365SecurityAudit {
[Parameter(Mandatory = $false, HelpMessage = "The SharePoint tenant admin URL, which should end with '-admin.sharepoint.com'. If not specified none of the Sharepoint Online tests will run.")]
[ValidatePattern('^https://[a-zA-Z0-9-]+-admin\.sharepoint\.com$')]
[string]$TenantAdminUrl,
[Parameter(Mandatory = $false, HelpMessage = "Specify this to test only the default domain for password expiration policy when '1.3.1' is included in the tests to be run. The domain name of your organization, e.g., 'example.com'.")]
[Parameter(Mandatory = $false, HelpMessage = "Specify this to test only the default domain for password expiration and DKIM Config for tests '1.3.1' and 2.1.9. The domain name of your organization, e.g., 'example.com'.")]
[ValidatePattern('^[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$')]
[string]$DomainName,
# E-Level with optional ProfileLevel selection
[Parameter(Mandatory = $true, ParameterSetName = 'ELevelFilter')]
[Parameter(Mandatory = $true, ParameterSetName = 'ELevelFilter', HelpMessage = "Specifies the E-Level (E3 or E5) for the audit.")]
[ValidateSet('E3', 'E5')]
[string]$ELevel,
[Parameter(Mandatory = $true, ParameterSetName = 'ELevelFilter')]
[Parameter(Mandatory = $true, ParameterSetName = 'ELevelFilter', HelpMessage = "Specifies the profile level (L1 or L2) for the audit.")]
[ValidateSet('L1', 'L2')]
[string]$ProfileLevel,
# IG Filters, one at a time
[Parameter(Mandatory = $true, ParameterSetName = 'IG1Filter')]
[Parameter(Mandatory = $true, ParameterSetName = 'IG1Filter', HelpMessage = "Includes tests where IG1 is true.")]
[switch]$IncludeIG1,
[Parameter(Mandatory = $true, ParameterSetName = 'IG2Filter')]
[Parameter(Mandatory = $true, ParameterSetName = 'IG2Filter', HelpMessage = "Includes tests where IG2 is true.")]
[switch]$IncludeIG2,
[Parameter(Mandatory = $true, ParameterSetName = 'IG3Filter')]
[Parameter(Mandatory = $true, ParameterSetName = 'IG3Filter', HelpMessage = "Includes tests where IG3 is true.")]
[switch]$IncludeIG3,
# Inclusion of specific recommendation numbers
[Parameter(Mandatory = $true, ParameterSetName = 'RecFilter')]
[Parameter(Mandatory = $true, ParameterSetName = 'RecFilter', HelpMessage = "Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.")]
[ValidateSet(
'1.1.1', '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
'2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', `
@@ -164,9 +161,8 @@ function Invoke-M365SecurityAudit {
'8.5.7', '8.6.1'
)]
[string[]]$IncludeRecommendation,
# Exclusion of specific recommendation numbers
[Parameter(Mandatory = $true, ParameterSetName = 'SkipRecFilter')]
[Parameter(Mandatory = $true, ParameterSetName = 'SkipRecFilter', HelpMessage = "Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.")]
[ValidateSet(
'1.1.1', '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
'2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', `
@@ -177,24 +173,32 @@ function Invoke-M365SecurityAudit {
'8.5.7', '8.6.1'
)]
[string[]]$SkipRecommendation,
# Common parameters for all parameter sets
[Parameter(Mandatory = $false, HelpMessage = "Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.")]
[ValidateSet(
'GoogleDrive', 'ShareFile', 'Box', 'DropBox', 'Egnyte'
)]
[string[]]$ApprovedCloudStorageProviders = @(),
[Parameter(Mandatory = $false, HelpMessage = "Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.")]
[ValidatePattern('^[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$')]
[string[]]$ApprovedFederatedDomains,
[Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not establish a connection to Microsoft 365 services.")]
[switch]$DoNotConnect,
[Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not disconnect from Microsoft 365 services after execution.")]
[switch]$DoNotDisconnect,
[Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not check for the presence of required modules.")]
[switch]$NoModuleCheck,
[Parameter(Mandatory = $false, HelpMessage = "Specifies that the cmdlet will not prompt for confirmation before proceeding with established connections and will disconnect from all of them.")]
[switch]$DoNotConfirmConnections
)
Begin {
if ($script:MaximumFunctionCount -lt 8192) {
$script:MaximumFunctionCount = 8192
}
# Ensure required modules are installed
$requiredModules = Get-RequiredModule -AuditFunction
# Format the required modules list
$requiredModulesFormatted = Format-RequiredModuleList -RequiredModules $requiredModules
# Check and install required modules if necessary
if (!($NoModuleCheck) -and $PSCmdlet.ShouldProcess("Check for required modules: $requiredModulesFormatted", "Check")) {
Write-Host "Checking for and installing required modules..." -ForegroundColor DarkMagenta
@@ -202,13 +206,11 @@ function Invoke-M365SecurityAudit {
Assert-ModuleAvailability -ModuleName $module.ModuleName -RequiredVersion $module.RequiredVersion -SubModules $module.SubModules
}
}
# Load test definitions from CSV
$testDefinitionsPath = Join-Path -Path $PSScriptRoot -ChildPath "helper\TestDefinitions.csv"
$testDefinitions = Import-Csv -Path $testDefinitionsPath
# Load the Test Definitions into the script scope for use in other functions
$script:TestDefinitionsObject = $testDefinitions
# Apply filters based on parameter sets
$params = @{
TestDefinitions = $testDefinitions
@@ -237,17 +239,14 @@ function Invoke-M365SecurityAudit {
# Initialize a collection to hold failed test details
$script:FailedTests = [System.Collections.ArrayList]::new()
} # End Begin
Process {
$allAuditResults = [System.Collections.ArrayList]::new() # Initialize a collection to hold all results
# Dynamically dot-source the test scripts
$testsFolderPath = Join-Path -Path $PSScriptRoot -ChildPath "tests"
$testFiles = Get-ChildItem -Path $testsFolderPath -Filter "Test-*.ps1" |
Where-Object { $testsToLoad -contains $_.BaseName }
$totalTests = $testFiles.Count
$currentTestIndex = 0
# Establishing connections if required
try {
$actualUniqueConnections = Get-UniqueConnection -Connections $requiredConnections
@@ -260,8 +259,6 @@ function Invoke-M365SecurityAudit {
Write-Host "Connection execution aborted: $_" -ForegroundColor Red
break
}
try {
Write-Host "A total of $($totalTests) tests were selected to run..." -ForegroundColor DarkMagenta
# Import the test functions
@@ -278,7 +275,6 @@ function Invoke-M365SecurityAudit {
$script:FailedTests.Add([PSCustomObject]@{ Test = $_.Name; Error = $_ })
}
}
$currentTestIndex = 0
# Execute each test function from the prepared list
foreach ($testFunction in $testFiles) {
@@ -286,7 +282,7 @@ function Invoke-M365SecurityAudit {
Write-Progress -Activity "Executing Tests" -Status "Executing $($currentTestIndex) of $($totalTests): $($testFunction.Name)" -PercentComplete (($currentTestIndex / $totalTests) * 100)
$functionName = $testFunction.BaseName
if ($PSCmdlet.ShouldProcess($functionName, "Execute test")) {
$auditResult = Invoke-TestFunction -FunctionFile $testFunction -DomainName $DomainName
$auditResult = Invoke-TestFunction -FunctionFile $testFunction -DomainName $DomainName -ApprovedCloudStorageProviders $ApprovedCloudStorageProviders -ApprovedFederatedDomains $ApprovedFederatedDomains
# Add the result to the collection
[void]$allAuditResults.Add($auditResult)
}
@@ -311,7 +307,6 @@ function Invoke-M365SecurityAudit {
# Return all collected audit results
# Define the test numbers to check
$TestNumbersToCheck = "1.1.1", "1.3.1", "6.1.2", "6.1.3", "7.3.4"
# Check for large details in the audit results
$exceedingTests = Get-ExceededLengthResultDetail -AuditResults $allAuditResults -TestNumbersToCheck $TestNumbersToCheck -ReturnExceedingTestsOnly -DetailsLengthLimit 30000
if ($exceedingTests.Count -gt 0) {
@@ -322,7 +317,4 @@ function Invoke-M365SecurityAudit {
return $allAuditResults.ToArray() | Sort-Object -Property Rec
}
}
}
}

168
source/en-US/M365FoundationsCISReport-help.xml
View File

@@ -908,6 +908,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedCloudStorageProviders</maml:name>
<maml:description>
<maml:para>Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>@()</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedFederatedDomains</maml:name>
<maml:description>
<maml:para>Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DoNotConnect</maml:name>
<maml:description>
@@ -1012,6 +1036,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedCloudStorageProviders</maml:name>
<maml:description>
<maml:para>Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>@()</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedFederatedDomains</maml:name>
<maml:description>
<maml:para>Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DoNotConnect</maml:name>
<maml:description>
@@ -1116,6 +1164,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedCloudStorageProviders</maml:name>
<maml:description>
<maml:para>Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>@()</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedFederatedDomains</maml:name>
<maml:description>
<maml:para>Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DoNotConnect</maml:name>
<maml:description>
@@ -1220,6 +1292,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedCloudStorageProviders</maml:name>
<maml:description>
<maml:para>Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>@()</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedFederatedDomains</maml:name>
<maml:description>
<maml:para>Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DoNotConnect</maml:name>
<maml:description>
@@ -1325,6 +1421,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedCloudStorageProviders</maml:name>
<maml:description>
<maml:para>Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>@()</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedFederatedDomains</maml:name>
<maml:description>
<maml:para>Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DoNotConnect</maml:name>
<maml:description>
@@ -1430,6 +1550,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedCloudStorageProviders</maml:name>
<maml:description>
<maml:para>Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>@()</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedFederatedDomains</maml:name>
<maml:description>
<maml:para>Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DoNotConnect</maml:name>
<maml:description>
@@ -1607,6 +1751,30 @@ Retrieves the MFA status for the specified user with the UPN "example@domain.com
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedCloudStorageProviders</maml:name>
<maml:description>
<maml:para>Specifies the approved cloud storage providers for the audit. Accepts an array of cloud storage provider names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>@()</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ApprovedFederatedDomains</maml:name>
<maml:description>
<maml:para>Specifies the approved federated domains for the audit test 8.2.1. Accepts an array of allowed domain names.</maml:para>
</maml:description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DoNotConnect</maml:name>
<maml:description>

9
source/tests/Test-BlockChannelEmails.ps1
View File

@@ -5,16 +5,14 @@ function Test-BlockChannelEmails {
# Aligned
# Parameters can be added here if needed
)
begin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.1.2"
Write-Verbose "Running Test-BlockChannelEmails for $recnum..."
}
process {
try {
# 8.1.2 (L1) Ensure users can't send emails to a channel email address
#
@@ -31,11 +29,9 @@ function Test-BlockChannelEmails {
# - Condition A: The `AllowEmailIntoChannel` setting in Teams is not set to `False`.
# - Condition B: The setting `Users can send emails to a channel email address` is not set to `Off` in the Teams admin center.
# - Condition C: Verification using PowerShell indicates that the `AllowEmailIntoChannel` setting is enabled.
# Retrieve Teams client configuration
$teamsClientConfig = Get-CISMSTeamsOutput -Rec $recnum
$allowEmailIntoChannel = $teamsClientConfig.AllowEmailIntoChannel
# Prepare failure reasons and details based on compliance
$failureReasons = if ($allowEmailIntoChannel) {
"Emails can be sent to a channel email address" # Condition A Fail: AllowEmailIntoChannel is True
@@ -43,14 +39,12 @@ function Test-BlockChannelEmails {
else {
"N/A" # Condition A Pass: AllowEmailIntoChannel is False
}
$details = if ($allowEmailIntoChannel) {
"AllowEmailIntoChannel is set to True" # Condition B Fail: Emails are allowed
}
else {
"AllowEmailIntoChannel is set to False" # Condition B Pass: Emails are blocked
}
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
@@ -66,7 +60,6 @@ function Test-BlockChannelEmails {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return the audit result
return $auditResult

15
source/tests/Test-DialInBypassLobby.ps1
View File

@@ -5,16 +5,14 @@ function Test-DialInBypassLobby {
# Aligned
# Parameters can be defined here if needed
)
begin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.4"
Write-Verbose "Running Test-DialInBypassLobby for $recnum..."
}
process {
try {
# 8.5.4 (L1) Ensure users dialing in can't bypass the lobby
#
@@ -31,11 +29,15 @@ function Test-DialInBypassLobby {
# - Condition A: The `AllowPSTNUsersToBypassLobby` setting in the Global Teams meeting policy is not set to `False`.
# - Condition B: Verification using the UI in the Microsoft Teams admin center shows that "People dialing in can't bypass the lobby" is not set to `Off`.
# - Condition C: Individuals who dial in by phone are able to join the meeting directly without waiting in the lobby.
# Retrieve Teams meeting policy for PSTN users
# $CsTeamsMeetingPolicyPSTN Mock Object
<#
$CsTeamsMeetingPolicyPSTN = [PSCustomObject]@{
AllowPSTNUsersToBypassLobby = $true
}
#>
$CsTeamsMeetingPolicyPSTN = Get-CISMSTeamsOutput -Rec $recnum
$PSTNBypassDisabled = -not $CsTeamsMeetingPolicyPSTN.AllowPSTNUsersToBypassLobby
# Prepare failure reasons and details based on compliance
$failureReasons = if (-not $PSTNBypassDisabled) {
"Users dialing in can bypass the lobby"
@@ -43,14 +45,12 @@ function Test-DialInBypassLobby {
else {
"N/A"
}
$details = if ($PSTNBypassDisabled) {
"AllowPSTNUsersToBypassLobby is set to False"
}
else {
"AllowPSTNUsersToBypassLobby is set to True"
}
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
@@ -66,7 +66,6 @@ function Test-DialInBypassLobby {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return the audit result
return $auditResult

16
source/tests/Test-ExternalNoControl.ps1
View File

@@ -5,17 +5,14 @@ function Test-ExternalNoControl {
# Aligned
# Parameters can be defined here if needed
)
begin {
# Dot source the class script if necessary
# . .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.7"
Write-Verbose "Running Test-ExternalNoControl for $recnum..."
}
process {
try {
# 8.5.7 (L1) Ensure external participants can't give or request control
#
@@ -32,12 +29,16 @@ function Test-ExternalNoControl {
# - Condition A: The `AllowExternalParticipantGiveRequestControl` setting in Teams is not set to `False`.
# - Condition B: The setting is verified through the Microsoft Teams admin center or via PowerShell command.
# - Condition C: Verification using the UI indicates that external participants can give or request control.
# Retrieve Teams meeting policy for external participant control
# $CsTeamsMeetingPolicyControl Mock Object
<#
$CsTeamsMeetingPolicyControl = [PSCustomObject]@{
AllowExternalParticipantGiveRequestControl = $true
}
#>
$CsTeamsMeetingPolicyControl = Get-CISMSTeamsOutput -Rec $recnum
# Check if external participants can give or request control
$externalControlRestricted = -not $CsTeamsMeetingPolicyControl.AllowExternalParticipantGiveRequestControl
# Prepare failure reasons and details based on compliance
$failureReasons = if (-not $externalControlRestricted) {
"External participants can give or request control"
@@ -45,14 +46,12 @@ function Test-ExternalNoControl {
else {
"N/A"
}
$details = if ($externalControlRestricted) {
"AllowExternalParticipantGiveRequestControl is set to False"
}
else {
"AllowExternalParticipantGiveRequestControl is set to True"
}
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
@@ -68,7 +67,6 @@ function Test-ExternalNoControl {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return the audit result
return $auditResult

16
source/tests/Test-MeetingChatNoAnonymous.ps1
View File

@@ -5,14 +5,13 @@ function Test-MeetingChatNoAnonymous {
# Aligned
# Parameters can be defined here if needed
)
begin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.5"
Write-Verbose "Running Test-MeetingChatNoAnonymous for $recnum..."
}
process {
try {
# 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
@@ -30,22 +29,24 @@ function Test-MeetingChatNoAnonymous {
# - Condition A: The `MeetingChatEnabledType` setting in Teams is not set to `EnabledExceptAnonymous`.
# - Condition B: The setting for meeting chat allows chat for anonymous users.
# - Condition C: Verification using the Teams Admin Center indicates that the meeting chat settings are not configured as recommended.
# Retrieve the Teams meeting policy for meeting chat
# $CsTeamsMeetingPolicyChat Mock Object
<#
$CsTeamsMeetingPolicyChat = [PSCustomObject]@{
MeetingChatEnabledType = "Enabled"
}
#>
$CsTeamsMeetingPolicyChat = Get-CISMSTeamsOutput -Rec $recnum
# Condition A: Check if the MeetingChatEnabledType is set to 'EnabledExceptAnonymous'
$chatAnonDisabled = $CsTeamsMeetingPolicyChat.MeetingChatEnabledType -eq 'EnabledExceptAnonymous'
# Prepare failure reasons and details based on compliance
$failureReasons = if ($chatAnonDisabled) {
"N/A"
}
else {
"Meeting chat allows anonymous users"
"Meeting chat allows anonymous users. User the following command to remediate:`nSet-CsTeamsMeetingPolicy -Identity Global -MeetingChatEnabledType `"EnabledExceptAnonymous`""
}
$details = "MeetingChatEnabledType is set to $($CsTeamsMeetingPolicyChat.MeetingChatEnabledType)"
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
@@ -61,7 +62,6 @@ function Test-MeetingChatNoAnonymous {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return the audit result
return $auditResult

17
source/tests/Test-NoAnonymousMeetingJoin.ps1
View File

@@ -5,14 +5,13 @@ function Test-NoAnonymousMeetingJoin {
# Aligned
# Parameters can be defined here if needed
)
begin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.1"
Write-Verbose "Running Test-NoAnonymousMeetingJoin for $recnum..."
}
process {
try {
# 8.5.1 (L2) Ensure anonymous users can't join a meeting
@@ -30,22 +29,23 @@ function Test-NoAnonymousMeetingJoin {
# - Condition A: `AllowAnonymousUsersToJoinMeeting` is not set to `False`.
# - Condition B: Verification using the UI shows that `Anonymous users can join a meeting` is not set to `Off` in the Global meeting policy.
# - Condition C: PowerShell command output indicates that anonymous users are allowed to join meetings.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# $teamsMeetingPolicy Mock Object
<#
$teamsMeetingPolicy = [PSCustomObject]@{
AllowAnonymousUsersToJoinMeeting = $true
}
#>
$teamsMeetingPolicy = Get-CISMSTeamsOutput -Rec $recnum
$allowAnonymousUsersToJoinMeeting = $teamsMeetingPolicy.AllowAnonymousUsersToJoinMeeting
# Prepare failure reasons and details based on compliance
$failureReasons = if ($allowAnonymousUsersToJoinMeeting) {
"Anonymous users are allowed to join meetings"
"Anonymous users are allowed to join meetings, remediate with the following command if needed:`nSet-CsTeamsMeetingPolicy -Identity Global -AllowAnonymousUsersToJoinMeeting `$false"
}
else {
"N/A"
}
$details = "AllowAnonymousUsersToJoinMeeting is set to $allowAnonymousUsersToJoinMeeting"
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
@@ -61,7 +61,6 @@ function Test-NoAnonymousMeetingJoin {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return the audit result
return $auditResult

9
source/tests/Test-NoAnonymousMeetingStart.ps1
View File

@@ -5,14 +5,13 @@ function Test-NoAnonymousMeetingStart {
# Aligned
# Parameters can be defined here if needed
)
begin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.2"
Write-Verbose "Running Test-NoAnonymousMeetingStart for $recnum..."
}
process {
try {
# 8.5.2 (L1) Ensure anonymous users and dial-in callers can't start a meeting
@@ -30,13 +29,10 @@ function Test-NoAnonymousMeetingStart {
# - Condition A: The `AllowAnonymousUsersToStartMeeting` setting in the Teams admin center is not set to `False`.
# - Condition B: The setting for anonymous users and dial-in callers starting a meeting allows them to bypass the lobby.
# - Condition C: Verification using the UI indicates that the setting `Anonymous users and dial-in callers can start a meeting` is not set to `Off`.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for the global scope and check if anonymous users can start meetings
$CsTeamsMeetingPolicyAnonymous = Get-CISMSTeamsOutput -Rec $recnum
$anonymousStartDisabled = -not $CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting
# Prepare failure reasons and details based on compliance
$failureReasons = if ($anonymousStartDisabled) {
"N/A"
@@ -44,9 +40,7 @@ function Test-NoAnonymousMeetingStart {
else {
"Anonymous users and dial-in callers can start a meeting" # Condition A and B
}
$details = "AllowAnonymousUsersToStartMeeting is set to $($CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting)" # Condition C
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
@@ -62,7 +56,6 @@ function Test-NoAnonymousMeetingStart {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return the audit result
return $auditResult

11
source/tests/Test-OrgOnlyBypassLobby.ps1
View File

@@ -5,14 +5,13 @@ function Test-OrgOnlyBypassLobby {
# Aligned
# Parameters can be defined here if needed
)
begin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.3"
Write-Verbose "Running Test-OrgOnlyBypassLobby for $recnum..."
}
process {
try {
# 8.5.3 (L1) Ensure only people in my org can bypass the lobby
@@ -30,28 +29,23 @@ function Test-OrgOnlyBypassLobby {
# - Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
# - Condition B: The setting for "Who can bypass the lobby" is not configured to "People in my org" using the UI.
# - Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# Retrieve the Teams meeting policy for lobby bypass settings
$CsTeamsMeetingPolicyLobby = Get-CISMSTeamsOutput -Rec $recnum
$lobbyBypassRestricted = $CsTeamsMeetingPolicyLobby.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests'
# Prepare failure reasons and details based on compliance
$failureReasons = if (-not $lobbyBypassRestricted) {
# Condition C: Verification using the Microsoft Teams admin center indicates that the meeting join & lobby settings are not configured as recommended.
"AutoAdmittedUsers is set to $($CsTeamsMeetingPolicyLobby.AutoAdmittedUsers)"
}else {
"N/A"
}
$details = if ($lobbyBypassRestricted) {
# Condition B: The setting for "Who can bypass the lobby" is configured to "People in my org" using the UI.
"Only people in the organization can bypass the lobby."
}else {
# Condition A: The `AutoAdmittedUsers` setting in the Teams meeting policy is not set to `EveryoneInCompanyExcludingGuests`.
"External participants can bypass the lobby"
"AutoAdmittedUsers is not set to EveryoneInCompanyExcludingGuests"
}
# Create and populate the CISAuditResult object
$params = @{
@@ -68,7 +62,6 @@ function Test-OrgOnlyBypassLobby {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return the audit result
return $auditResult

16
source/tests/Test-OrganizersPresent.ps1
View File

@@ -5,14 +5,13 @@ function Test-OrganizersPresent {
# Aligned
# Parameters can be defined here if needed
)
begin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.5.6"
Write-Verbose "Running Test-OrganizersPresent for $recnum..."
}
process {
try {
# 8.5.6 (L2) Ensure only organizers and co-organizers can present
@@ -30,26 +29,28 @@ function Test-OrganizersPresent {
# - Condition A: The `DesignatedPresenterRoleMode` setting in the Teams meeting policy is not set to `OrganizerOnlyUserOverride`.
# - Condition B: Verification using the Teams admin center indicates that the setting "Who can present" is not configured to "Only organizers and co-organizers".
# - Condition C: Verification using PowerShell indicates that the `DesignatedPresenterRoleMode` is not set to `OrganizerOnlyUserOverride`.
# Retrieve the Teams meeting policy for presenters
# $CsTeamsMeetingPolicyPresenters Mock Object
<#
$CsTeamsMeetingPolicyPresenters = [PSCustomObject]@{
DesignatedPresenterRoleMode = "Enabled"
}
#>
$CsTeamsMeetingPolicyPresenters = Get-CISMSTeamsOutput -Rec $recnum
$presenterRoleRestricted = $CsTeamsMeetingPolicyPresenters.DesignatedPresenterRoleMode -eq 'OrganizerOnlyUserOverride'
# Prepare failure reasons and details based on compliance
$failureReasons = if (-not $presenterRoleRestricted) {
"Others besides organizers and co-organizers can present"
"Others besides organizers and co-organizers can present. Use the following command to remediate:`nSet-CsTeamsMeetingPolicy -Identity Global -DesignatedPresenterRoleMode `"OrganizerOnlyUserOverride`""
}
else {
"N/A"
}
$details = if ($presenterRoleRestricted) {
"Only organizers and co-organizers can present."
}
else {
"DesignatedPresenterRoleMode is set to $($CsTeamsMeetingPolicyPresenters.DesignatedPresenterRoleMode)"
}
# Create and populate the CISAuditResult object
$params = @{
Rec = $recnum
@@ -65,7 +66,6 @@ function Test-OrganizersPresent {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return the audit result
return $auditResult

19
source/tests/Test-ReportSecurityInTeams.ps1
View File

@@ -18,9 +18,28 @@ function Test-ReportSecurityInTeams {
# 8.6.1 (L1) Ensure users can report security concerns in Teams
# Retrieve the necessary settings for Teams and Exchange Online
# Condition A: Ensure the 'Report a security concern' setting in the Teams admin center is set to 'On'.
# $CsTeamsMessagingPolicy Mock Object
<#
$CsTeamsMessagingPolicy = [PSCustomObject]@{
AllowSecurityEndUserReporting = $true
}
#>
$CsTeamsMessagingPolicy = Get-CISMSTeamsOutput -Rec $recnum
# Condition B: Verify that 'Monitor reported messages in Microsoft Teams' is checked in the Microsoft 365 Defender portal.
# Condition C: Ensure the 'Send reported messages to' setting in the Microsoft 365 Defender portal is set to 'My reporting mailbox only' with the correct report email addresses.
# $ReportSubmissionPolicy Mock Object
<#
$ReportSubmissionPolicy = [PSCustomObject]@{
ReportJunkToCustomizedAddress = $true
ReportNotJunkToCustomizedAddress = $true
ReportPhishToCustomizedAddress = $true
ReportJunkAddresses = @('security@example.com')
ReportNotJunkAddresses = @('security@example.com')
ReportPhishAddresses = @('security@example.com')
ReportChatMessageEnabled = $false
ReportChatMessageToCustomizedAddressEnabled = $false
}
#>
$ReportSubmissionPolicy = Get-CISExoOutput -Rec $recnum
# Check if all the required settings are enabled
$securityReportEnabled = $CsTeamsMessagingPolicy.AllowSecurityEndUserReporting -and

69
source/tests/Test-TeamsExternalAccess.ps1
View File

@@ -2,17 +2,16 @@ function Test-TeamsExternalAccess {
[CmdletBinding()]
[OutputType([CISAuditResult])]
param (
# Aligned
# Parameters can be defined here if needed
[Parameter(Mandatory = $false, HelpMessage = "Specifies the approved federated domains for the audit. Accepts an array of allowed domain names.")]
[string[]]$ApprovedFederatedDomains
)
begin {
# Dot source the class script if necessary
# . .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.2.1"
Write-Verbose "Running Test-TeamsExternalAccess for $recnum..."
}
process {
try {
# 8.2.1 (L1) Ensure 'external access' is restricted in the Teams admin center
@@ -23,33 +22,60 @@ function Test-TeamsExternalAccess {
# - Condition A: The `AllowTeamsConsumer` setting is `False`.
# - Condition B: The `AllowPublicUsers` setting is `False`.
# - Condition C: The `AllowFederatedUsers` setting is `False` or, if `True`, the `AllowedDomains` contains only authorized domain names.
#
# Validate test for a fail:
# - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
# - Specific conditions to check:
# - Condition A: The `AllowTeamsConsumer` setting is not `False`.
# - Condition B: The `AllowPublicUsers` setting is not `False`.
# - Condition C: The `AllowFederatedUsers` setting is `True` and the `AllowedDomains` contains unauthorized domain names or is not configured correctly.
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# $externalAccessConfig Mock Object
<#
$externalAccessConfig = [PSCustomObject]@{
Identity = 'Global'
AllowedDomains = 'AllowAllKnownDomains'
BlockedDomains = @()
AllowFederatedUsers = $true
AllowPublicUsers = $true
AllowTeamsConsumer = $true
AllowTeamsConsumerInbound = $true
}
$ApprovedFederatedDomains = @('msn.com', 'google.com')
$externalAccessConfig = [PSCustomObject]@{
Identity = 'Global'
AllowedDomains = @('msn.com', 'google.com')
BlockedDomains = @()
AllowFederatedUsers = $true
AllowPublicUsers = $false
AllowTeamsConsumer = $false
AllowTeamsConsumerInbound = $true
}
#>
$externalAccessConfig = Get-CISMSTeamsOutput -Rec $recnum
# Testing
#$externalAccessConfig.AllowedDomains = @("msn.com", "google.com")
#$externalAccessConfig.AllowTeamsConsumer = $false
#$externalAccessConfig.AllowPublicUsers = $false
#$externalAccessConfig.AllowFederatedUsers = $true
# The above is for testing and will be replaced with the actual values from the Teams PowerShell output in production.
$allowedDomainsLimited = $false
if ($externalAccessConfig.AllowFederatedUsers -and $externalAccessConfig.AllowedDomains -and $externalAccessConfig.AllowedDomains.AllowedDomain.Count -gt 0) {
$allowedDomainsLimited = $true
$allowedDomainsMatch = $false
$invalidDomains = @()
if ($externalAccessConfig.AllowFederatedUsers) {
if ($externalAccessConfig.AllowedDomains -ne 'AllowAllKnownDomains' -and $externalAccessConfig.AllowedDomains.Count -gt 0) {
$allowedDomainsLimited = $true
if ($ApprovedFederatedDomains) {
$invalidDomains = $externalAccessConfig.AllowedDomains | Where-Object { $_ -notin $ApprovedFederatedDomains }
if ($invalidDomains.Count -eq 0) {
$invalidDomains = "None"
}
$allowedDomainsMatch = $invalidDomains.Count -eq 0
}
}
}
# Check if the configurations are as recommended
$isCompliant = -not $externalAccessConfig.AllowTeamsConsumer -and -not $externalAccessConfig.AllowPublicUsers -and (-not $externalAccessConfig.AllowFederatedUsers -or $allowedDomainsLimited)
$isCompliant = -not $externalAccessConfig.AllowTeamsConsumer -and -not $externalAccessConfig.AllowPublicUsers -and (-not $externalAccessConfig.AllowFederatedUsers -or ($allowedDomainsLimited -and $allowedDomainsMatch))
# Create an instance of CISAuditResult and populate it
$params = @{
Rec = $recnum
Result = $isCompliant
Status = if ($isCompliant) { "Pass" } else { "Fail" }
Details = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited"
FailureReason = if (-not $isCompliant) { "One or more external access configurations are not compliant." } else { "N/A" }
Details = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited; AllowedDomains match: $allowedDomainsMatch; Invalid Domains: $($invalidDomains -join ', ')"
FailureReason = if (-not $isCompliant) { "One or more external access configurations are not compliant. Invalid domains found: $($invalidDomains -join ', ')" } else { "N/A" }
}
$auditResult = Initialize-CISAuditResult @params
}
@@ -58,7 +84,6 @@ function Test-TeamsExternalAccess {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return auditResult
return $auditResult

42
source/tests/Test-TeamsExternalFileSharing.ps1
View File

@@ -2,48 +2,65 @@ function Test-TeamsExternalFileSharing {
[CmdletBinding()]
[OutputType([CISAuditResult])]
param (
# Aligned
# Parameters can be added here if needed
[Parameter(Mandatory = $false)]
[string[]]$ApprovedCloudStorageProviders
)
begin {
# Dot source the class script if necessary
# . .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "8.1.1"
Write-Verbose "Running Test-TeamsExternalFileSharing for $recnum..."
}
process {
try {
# 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
# Connect to Teams PowerShell using Connect-MicrosoftTeams
# Condition A: The `AllowDropbox` setting is set to `False`.
# Condition B: The `AllowBox` setting is set to `False`.
# Condition C: The `AllowGoogleDrive` setting is set to `False`.
# Condition D: The `AllowShareFile` setting is set to `False`.
# Condition E: The `AllowEgnyte` setting is set to `False`.
# Assuming that 'approvedProviders' is a list of approved cloud storage service names
# This list must be defined according to your organization's approved cloud storage services
# Retrieve the current Teams client configuration
$clientConfig = Get-CISMSTeamsOutput -Rec $recnum
$approvedProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte")
# Testing
#$clientconfig.AllowGoogleDrive = $false
#$clientconfig.AllowBox = $false
#$clientconfig.AllowShareFile = $false
#$clientconfig.AllowEgnyte = $false
#$clientconfig.AllowDropBox = $false
# Define all possible cloud storage providers
$allProviders = @("AllowDropBox", "AllowBox", "AllowGoogleDrive", "AllowShareFile", "AllowEgnyte")
# If ApprovedCloudStorageProviders is provided, map it to the corresponding settings
if ($PSBoundParameters.ContainsKey('ApprovedCloudStorageProviders')) {
$approvedProviders = @()
foreach ($provider in $ApprovedCloudStorageProviders) {
$approvedProviders += "Allow$provider"
}
} else {
# Default approved providers
$approvedProviders = @()
}
$isCompliant = $true
$nonCompliantProviders = @()
foreach ($provider in $approvedProviders) {
if (-not $clientConfig.$provider) {
foreach ($provider in $allProviders) {
if ($clientConfig.$provider -and -not $approvedProviders.Contains($provider)) {
$isCompliant = $false
$nonCompliantProviders += $provider
}
}
$basePassDetails = "All cloud storage services are approved providers"
if ($ApprovedCloudStorageProviders) {
$basePassDetails = "Approved cloud storage services: $($ApprovedCloudStorageProviders -join ', ')"
}
# Create an instance of CISAuditResult and populate it
$params = @{
Rec = $recnum
Result = $isCompliant
Status = if ($isCompliant) { "Pass" } else { "Fail" }
Details = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { "All cloud storage services are approved providers" }
Details = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { $basePassDetails }
FailureReason = if (-not $isCompliant) { "The following non-approved providers are enabled: $($nonCompliantProviders -join ', ')" } else { "N/A" }
}
$auditResult = Initialize-CISAuditResult @params
@@ -53,7 +70,6 @@ function Test-TeamsExternalFileSharing {
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
}
}
end {
# Return auditResult
return $auditResult