MCCAPreview

1.3

Checks/check-DLP.ps1

                                using module "..\MCCA.psm1"

class DLP : MCCACheck {

    <#

    #>

    $SIT = $null

    $RemediationPolicyName = $null

    DLP($InfoParams) {

        $this.Control = $InfoParams["Control"]

        $this.ParentArea = $InfoParams["ParentArea"]

        $this.Area = $InfoParams["Area"]

        $this.Name = $InfoParams["Name"]

        $this.RemediationPolicyName = $InfoParams["RemediationPolicyName"]

        $this.PassText = $InfoParams["PassText"]

        $this.FailRecommendation = $InfoParams["FailRecommendation"]

        $this.Importance = $InfoParams["Importance"]

        $this.CheckType = [CheckType]::ObjectPropertyValue

        $this.ObjectType = "DLP Policy"

        $this.ItemName = "Sensitive Information Type"

        $this.DataType = "Remarks"

        $this.SIT = $InfoParams["SIT"]

        $this.Links = $InfoParams["Links"]

    }

    <#

        RESULTS

    #>

    GetResults($Config) {

        if (($Config["GetDlpComplianceRule"] -eq "Error") -or ($Config["GetDlpCompliancePolicy"] -eq "Error")) {

            $this.Completed = $false

        }

        else {

            if(($null -eq $($this.SIT)) -or ($($this.SIT) -eq ""))

            {

                $this.ExpandResults = $false

                $CheckNameDisplay = $this.RemediationPolicyName

                $CheckNameDisplayString = $CheckNameDisplay.Substring(5)     

                $this.Importance += "<div><span style='color:#cc9900;'>Note&nbsp;:&nbsp;</span>We currently do not support SITs for DLP policies for $CheckNameDisplayString for the geolocations for which this report is generated. Please review your DLP policies to ensure you are protected.</div>"

                $ConfigObject = [MCCACheckConfig]::new()

                $ConfigObject.SetResult([MCCAConfigLevel]::Recommendation, "Pass")   

                $this.AddConfig($ConfigObject)

            }

            else

            {

            $SensitiveTypes = @{}

            foreach ($SIT in $this.SIT) {

                $SensitiveTypes[$SIT] = $null

            }

            $UtilityFiles = Get-ChildItem "$PSScriptRoot\..\Utilities"

            ForEach ($UtilityFile in $UtilityFiles) {

                . $UtilityFile.FullName

            }

            $Name = "$($this.RemediationPolicyName)"

            if ($Name.length -gt 60) { $Name = $Name.substring(0, 60) }

            $LogFile = $this.LogFile

            $ConfigObjectList = Get-DLPPolicyValidation -SensitiveTypes $SensitiveTypes -Config $Config -Name $Name -LogFile $LogFile

            Foreach ($ConfigObject in $ConfigObjectList) {

                $this.AddConfig($ConfigObject)

            }

            $hasRemediation = $this.Config | Where-Object { $_.RemediationAction -ne ''}

            if ($($hasremediation.count) -gt 0)

            {

                $this.MCCARemediationInfo = New-Object -TypeName MCCARemediationInfo -Property @{

                    RemediationAvailable = $True

                    RemediationText      = "You need to connect to Security & Compliance Center PowerShell to execute the below commands. Please follow steps defined in <a href = 'https://docs.microsoft.com/en-us/powershell/exchange/connect-to-scc-powershell?view=exchange-ps'> Connect to Security & Compliance Center PowerShell</a>."

                }

            }

            $this.ExpandResults = $True

        }

        $this.Completed = $True

    }

    }

}