M365FoundationsCISReport/source/tests/Test-NotifyMalwareInternal.ps1

function Test-NotifyMalwareInternal {
    [CmdletBinding()]
    param (
        # Aligned
        # Parameters can be added if needed
    )

    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
    }

    process {
        # 2.1.3 Ensure notifications for internal users sending malware is Enabled

        # Retrieve all 'Custom' malware filter policies and check notification settings
        $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' }
        $policiesToReport = @()

        foreach ($policy in $malwareNotifications) {
            if ($policy.EnableInternalSenderAdminNotifications -ne $true) {
                $policiesToReport += "$($policy.Identity): Notifications Disabled"
            }
        }

        # Determine the result based on the presence of custom policies without notifications
        $result = $policiesToReport.Count -eq 0

        # Prepare failure reasons and details based on compliance
        $failureReasons = if ($result) {
            "N/A"
        }
        else {
            "Some custom policies do not have notifications for internal users sending malware enabled."
        }

        $details = if ($result) {
            "All custom malware policies have notifications enabled."
        }
        else {
            "Misconfigured Policies: $($policiesToReport -join ', ')"
        }

        # Create and populate the CISAuditResult object
        $auditResult = [CISAuditResult]::new()
        $auditResult.Status = if ($result) { "Pass" } else { "Fail" }
        $auditResult.ELevel = "E3"
        $auditResult.ProfileLevel = "L1"
        $auditResult.Rec = "2.1.3"
        $auditResult.RecDescription = "Ensure notifications for internal users sending malware is Enabled"
        $auditResult.CISControlVer = "v8"
        $auditResult.CISControl = "17.5"
        $auditResult.CISDescription = "Assign Key Roles and Responsibilities"
        $auditResult.IG1 = $false
        $auditResult.IG2 = $true
        $auditResult.IG3 = $true
        $auditResult.Result = $result
        $auditResult.Details = $details
        $auditResult.FailureReason = $failureReasons
    }

    end {
        # Return the audit result
        return $auditResult
    }
}