SubscriptionSecurity/SecurityCenter.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
Set-StrictMode -Version Latest

function Set-AzSKAzureSecurityCenterPolicies 
{
    <#
 .SYNOPSIS
 This command would help in setting up the Security Center policies for a Subscription
 
 .DESCRIPTION
 This command would help in setting up the Security Center policies for a Subscription
 
 .PARAMETER SubscriptionId
  Subscription id for which the security evaluation has to be performed.
 .PARAMETER SecurityContactEmails
   Provide a security contact email address or addresses separated by a comma. Recommended a mail enabled Security Group with receiving of external emails option turned ON.
 .PARAMETER DoNotOpenOutputFolder
   Switch to specify whether to open output folder containing all security evaluation report or not.
 .PARAMETER SecurityPhoneNumber
   Provide a security contact international information phone number including the country code (for example, +1-425-1234567)
 .PARAMETER EnableOptionalPolicies
   Switch to specify whether to set the optional ASC policies.
 
 .LINK
 https://aka.ms/azskossdocs
 #>


    [OutputType([String])]
    Param
    (
        [string]
        [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("sid", "HostSubscriptionId", "hsid","s")]
        $SubscriptionId,

        [string]
        [Parameter(Mandatory = $false, HelpMessage = "Provide a security contact email address or addresses separated by a comma. Recommended a mail enabled Security Group with receiving of external emails option turned ON.")]
        [Alias("scemail")]
        $SecurityContactEmails,

        [string]
        [Parameter(Mandatory = $false, HelpMessage = "Provide a security contact international information phone number including the country code (for example, +1-425-1234567)")]
        [Alias("scphone")]
        $SecurityPhoneNumber,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")]
        [Alias("dnof")]
        $DoNotOpenOutputFolder,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to set the optional ASC policies.")]
        [Alias("eop","OptionalPolicies")]
        $EnableOptionalPolicies
    )

    Begin
    {
        [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation);
        [AzListenerHelper]::RegisterListeners();
    }

    Process
    {
        try 
        {
            $secCenter = [SecurityCenterStatus]::new($SubscriptionId, $PSCmdlet.MyInvocation);
            if ($secCenter) 
            {
                $secCenter.SecurityContactEmails = $SecurityContactEmails;
                $secCenter.SecurityPhoneNumber = $SecurityPhoneNumber;
                $setOptionalPolicy = $false;

                if ($EnableOptionalPolicies){
                    $setOptionalPolicy = $true;
                }
                return $secCenter.SetPolicies($setOptionalPolicy);
            }
        }
        catch 
        {
            [EventBase]::PublishGenericException($_);
        }  
    }

    End
    {
        [AzListenerHelper]::UnregisterListeners();
    }
}