86 lines
4.4 KiB
PowerShell
86 lines
4.4 KiB
PowerShell
function Test-SafeLinksOfficeApps {
|
|
[CmdletBinding()]
|
|
[OutputType([CISAuditResult])]
|
|
param (
|
|
# Aligned
|
|
# Define your parameters here if needed
|
|
)
|
|
begin {
|
|
# Dot source the class script if necessary
|
|
#. .\source\Classes\CISAuditResult.ps1
|
|
# Initialization code, if needed
|
|
$RecNum = "2.1.1"
|
|
Write-Verbose "Running Test-SafeLinksOfficeApps for $RecNum..."
|
|
<#
|
|
Conditions for 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
|
Validate test for a pass:
|
|
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
|
- Specific conditions to check:
|
|
- Condition A: In the Microsoft 365 security center, Safe Links policy for Office applications is enabled and the following protection settings are set:
|
|
- Office 365 Apps: On
|
|
- Teams: On
|
|
- Email: On
|
|
- Click protection settings: On
|
|
- Do not track when users click safe links: Off
|
|
- Condition B: Using the Exchange Online PowerShell Module, Safe Links policies are retrieved, and the relevant policy shows Safe Links for Office applications is enabled.
|
|
Validate test for a fail:
|
|
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
|
- Specific conditions to check:
|
|
- Condition A: In the Microsoft 365 security center, Safe Links policy for Office applications is not enabled or one or more of the required protection settings are not set correctly.
|
|
- Office 365 Apps: Off
|
|
- Teams: Off
|
|
- Email: Off
|
|
- Click protection settings: Off
|
|
- Do not track when users click safe links: On
|
|
- Condition B: Using the Exchange Online PowerShell Module, Safe Links policies are retrieved, and the relevant policy shows Safe Links for Office applications is not enabled.
|
|
#>
|
|
}
|
|
process {
|
|
# 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
|
|
# Retrieve all Safe Links policies
|
|
$misconfiguredDetails = Get-CISExoOutput -Rec $RecNum
|
|
# Misconfigured details returns 1 if EXO Commands needed for the test are not available
|
|
if ($misconfiguredDetails -ne 1) {
|
|
try {
|
|
# Prepare the final result
|
|
# Condition B: Ensuring no misconfigurations
|
|
$result = $misconfiguredDetails.Count -eq 0
|
|
$details = if ($result) { "All Safe Links policies are correctly configured." } else { $misconfiguredDetails -join '`n' }
|
|
$failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" }
|
|
# Create and populate the CISAuditResult object
|
|
$params = @{
|
|
Rec = $RecNum
|
|
Result = $result
|
|
Status = if ($result) { "Pass" } else { "Fail" }
|
|
Details = $details
|
|
FailureReason = $failureReasons
|
|
}
|
|
$auditResult = Initialize-CISAuditResult @params
|
|
}
|
|
catch {
|
|
Write-Error "An error occurred during the test $RecNum`:: $_"
|
|
# Retrieve the description from the test definitions
|
|
$testDefinition = $script:TestDefinitionsObject | Where-Object { $_.Rec -eq $RecNum }
|
|
$description = if ($testDefinition) { $testDefinition.RecDescription } else { "Description not found" }
|
|
$script:FailedTests.Add([PSCustomObject]@{ Rec = $RecNum; Description = $description; Error = $_ })
|
|
# Call Initialize-CISAuditResult with error parameters
|
|
$auditResult = Initialize-CISAuditResult -Rec $RecNum -Failure
|
|
}
|
|
}
|
|
else {
|
|
$params = @{
|
|
Rec = $RecNum
|
|
Result = $false
|
|
Status = "Fail"
|
|
Details = "No M365 E5 licenses found."
|
|
FailureReason = "The audit is for M365 E5 licenses and the required EXO commands will not be available otherwise."
|
|
}
|
|
$auditResult = Initialize-CISAuditResult @params
|
|
}
|
|
}
|
|
end {
|
|
# Return the audit result
|
|
return $auditResult
|
|
}
|
|
}
|