M365FoundationsCISReport/source/tests/Test-ModernAuthExchangeOnline.ps1

function Test-ModernAuthExchangeOnline {
    [CmdletBinding()]
    param (
        # Aligned
        # Define your parameters here
    )

    begin {
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
    }

    process {
        try {
            # Ensuring the ExchangeOnlineManagement module is available

            # 6.5.1 (L1) Ensure modern authentication for Exchange Online is enabled
            $orgConfig = Get-OrganizationConfig | Select-Object -Property Name, OAuth2ClientProfileEnabled

            # Prepare failure reasons and details based on compliance
            $failureReasons = if (-not $orgConfig.OAuth2ClientProfileEnabled) {
                "Modern authentication is disabled"
            }
            else {
                "N/A"
            }

            $details = "OAuth2ClientProfileEnabled: $($orgConfig.OAuth2ClientProfileEnabled) for Organization: $($orgConfig.Name)"

            # Create and populate the CISAuditResult object
            $auditResult = [CISAuditResult]::new()
            $auditResult.CISControlVer = "v8"
            $auditResult.CISControl = "3.10"
            $auditResult.CISDescription = "Encrypt Sensitive Data in Transit"
            $auditResult.IG1 = $false # As per CIS Control v8 mapping for IG1
            $auditResult.IG2 = $true # As per CIS Control v8 mapping for IG2
            $auditResult.IG3 = $true # As per CIS Control v8 mapping for IG3
            $auditResult.ELevel = "E3" # Based on your environment (E3, E5, etc.)
            $auditResult.ProfileLevel = "L1"
            $auditResult.Rec = "6.5.1"
            $auditResult.RecDescription = "Ensure modern authentication for Exchange Online is enabled (Automated)"
            $auditResult.Result = $orgConfig.OAuth2ClientProfileEnabled
            $auditResult.Details = $details
            $auditResult.FailureReason = $failureReasons
            $auditResult.Status = if ($orgConfig.OAuth2ClientProfileEnabled) { "Pass" } else { "Fail" }

        }
        catch {
            Write-Error "An error occurred while testing modern authentication for Exchange Online: $_"
        }
    }

    end {
        # Return the audit result
        return $auditResult
    }
}