function Test-ReauthWithCode { [CmdletBinding()] param ( # Aligned # Define your parameters here ) begin { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed } process { # 7.2.10 (L1) Ensure reauthentication with verification code is restricted # Retrieve reauthentication settings for SharePoint Online $SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays $isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15 # Prepare failure reasons and details based on compliance $failureReasons = if (-not $isReauthenticationRestricted) { "Reauthentication with verification code does not require reauthentication within 15 days or less." } else { "N/A" } $details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)" # Create and populate the CISAuditResult object $auditResult = [CISAuditResult]::new() $auditResult.Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" } $auditResult.ELevel = "E3" $auditResult.ProfileLevel = "L1" $auditResult.Rec = "7.2.10" $auditResult.RecDescription = "Ensure reauthentication with verification code is restricted" $auditResult.CISControlVer = "v8" $auditResult.CISControl = "0.0" $auditResult.CISDescription = "Explicitly Not Mapped" $auditResult.IG1 = $false $auditResult.IG2 = $false $auditResult.IG3 = $false $auditResult.Result = $isReauthenticationRestricted $auditResult.Details = $details $auditResult.FailureReason = $failureReasons } end { # Return auditResult return $auditResult } }