Utilities/IGValidationUtility.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
using module "..\MCCA.psm1"
$ExchangePresent = "Exchange"
$SharePointPresent = "SharePoint"
$OneDrivePresent = "OneDrive"


Function Get-RetentionPolicyValidation {
    param (
        $LogFile,
        $Mode
    )
    $ConfigObjectList = @()
    try {

            $ConfigObjectList=@()
            $LabelPolicy =$false
            $PolicyDisabled = $false
            $AnyPolicyEnabled = $false
            $RetentionComplianceRules = $Config["GetRetentionComplianceRule"]
            $RetentionCompliancePolicies = $Config["GetRetentionCompliancePolicy"]
            $GetComplianceTag = $Config["GetComplianceTag"]
            
            $PartialWorkloadsStatus = @{}
            $PartialWorkloadsStatus[$ExchangePresent] = $false
            $PartialWorkloadsStatus[$SharePointPresent] = $false
            $PartialWorkloadsStatus[$OneDrivePresent] = $false
           
            foreach ( $RetentionCompliancePolicy in $RetentionCompliancePolicies) {
                    
                    $PolicyName = $($RetentionCompliancePolicy.Name)
                    $ConfigObject = [MCCACheckConfig]::new()
                    $ConfigObject.Object = "$PolicyName"
                    $PolicyConfigData = $null

                    if($Mode -eq "Publish")
                    {
                    $RetentionCompliancePolicyRules = $RetentionComplianceRules | Where-Object {($_.Policy -ieq $($RetentionCompliancePolicy.ExchangeObjectId)) -and ($_.Disabled -eq $false) -and($_.PublishComplianceTag -ne "")}
                    foreach( $RetentionCompliancePolicyRule in $RetentionCompliancePolicyRules )
                    {   $PublishComplianceTag = $RetentionCompliancePolicyRule.PublishComplianceTag   
                        $PublishComplianceTag = $($PublishComplianceTag.Split(","))[1] 
                      
                        $GetLabel= $GetComplianceTag | Where-Object{ ($_.Name -eq $PublishComplianceTag) }
                        if( -not (($GetLabel.HasRetentionAction -eq $true) -and ($GetLabel.RetentionDuration -eq "Unlimited")))
                        {if($null -ne $GetLabel)
                        {
                            $LabelPolicy =$true
                            if ($null -eq $PolicyConfigData ) {
                                $PolicyConfigData += "<B>Labels : </B>$($GetLabel.Name)"
                                }
                                else {
                                $PolicyConfigData += ", $($GetLabel.Name)"
                                }
                        }  }  
                    }
                }
                elseif($Mode -eq "Auto")
                {
                    $RetentionCompliancePolicyRules = $RetentionComplianceRules | Where-Object {($_.Policy -ieq $($RetentionCompliancePolicy.ExchangeObjectId)) -and ($_.Disabled -eq $false) -and($_.ApplyComplianceTag -ne "")}
                    foreach( $RetentionCompliancePolicyRule in $RetentionCompliancePolicyRules )
                    {
                        $ApplyComplianceTag = $RetentionCompliancePolicyRule.ApplyComplianceTag   
                         
                      
                        $GetLabel= $GetComplianceTag | Where-Object{ ($_.ExchangeObjectId -eq $ApplyComplianceTag)}
                        if( -not (($GetLabel.HasRetentionAction -eq $true) -and ($GetLabel.RetentionDuration -eq "Unlimited")))
                        {if($null -ne $GetLabel)
                        {

                            $LabelPolicy =$true
                            if ($null -eq $PolicyConfigData ) {
                                $PolicyConfigData += "<B>Labels : </B>$($GetLabel.Name)"
                                }
                                else {
                                $PolicyConfigData += ", $($GetLabel.Name)"
                                }
                        } }   
                    }  
                }
                    $ExchangeLocation = $RetentionCompliancePolicy.ExchangeLocation
                    $SharePointLocation = $RetentionCompliancePolicy.SharePointLocation
                    $OneDriveLocation = $RetentionCompliancePolicy.OneDriveLocation
                    $ModernGroupLocation = $RetentionCompliancePolicy.ModernGroupLocation
                    $PublicFolderLocation = $RetentionCompliancePolicy.PublicFolderLocation
                    $SkypeLocation = $RetentionCompliancePolicy.SkypeLocation
    
                    $WorkloadsStatus= ""
                    if(($RetentionCompliancePolicy.Enabled -eq $true) -and ($null -ne $PolicyConfigData )) 
                    {
                    if(($ExchangeLocation -ne "") )
                    {
                        $WorkloadsStatus+= "Exchange, "
                        $PartialWorkloadsStatus[$ExchangePresent] = $true
                    }
                    if(($SharePointLocation -ne "") )
                    {
                        $WorkloadsStatus += "SharePoint, "
                        $PartialWorkloadsStatus[$SharePointPresent] = $true
                    }
                    if(($OneDriveLocation -ne "") )
                    {
                        $WorkloadsStatus+= "OneDrive, "
                        $PartialWorkloadsStatus[$OneDrivePresent] = $true
                    }
                    if(($ModernGroupLocation -ne "") )
                    {
                        $WorkloadsStatus += "ModernGroup, "
                    }
                    if(($PublicFolderLocation -ne "") )
                    {
                        $WorkloadsStatus += "ExchangePublicFolders, "
                    }
                    if(($SkypeLocation -ne "") )
                    {
                        $WorkloadsStatus += "Skype, "
                    }
                    
                }                
                    $workloadpresent ="<B>Workloads: </B>$WorkloadsStatus"
                    $workloadpresent=$workloadpresent.TrimEnd(", ")
                           
                if (($WorkloadsStatus -ne "")  -and  ($null -ne $PolicyConfigData ) -and ($RetentionCompliancePolicy.Enabled -eq $true)  ) {
                    if ( ($LabelPolicy -eq $true) ) { 
                            $AnyPolicyEnabled =$true
                            $Workload= $workloadpresent
                            $ConfigObject.ConfigData = "$Workload"                                          
                            $ConfigObject.ConfigItem = "$PolicyConfigData"   
                            $ConfigObject.SetResult([MCCAConfigLevel]::Ok, "Pass") 
                            $ConfigObjectList += $ConfigObject                              
                        }
                    }
                    elseif(($null -ne $PolicyConfigData) -and ($RetentionCompliancePolicy.Enabled -eq $true) ) {
                        $AnyPolicyEnabled =$true
                        $ConfigObject.ConfigData = "No workload covered"                                                      
                        $ConfigObject.ConfigItem = "$PolicyConfigData"   
                        $ConfigObject.SetResult([MCCAConfigLevel]::Informational, "Pass")
                        $ConfigObjectList += $ConfigObject   
                }
                elseif(($null -ne $PolicyConfigData) -and ($RetentionCompliancePolicy.Enabled -ne $true) ) {
                    $PolicyDisabled =$true
                    $ConfigObject.ConfigData = "Policy is not enabled"                                                      
                    $ConfigObject.ConfigItem = "$PolicyConfigData"   
                    $ConfigObject.SetResult([MCCAConfigLevel]::Informational, "Pass")
                    $ConfigObjectList += $ConfigObject   
            } 
            }
            
            if (($LabelPolicy -eq $false)-and ($PolicyDisabled -eq $false)) {
                $ConfigObject = [MCCACheckConfig]::new()
                $ConfigObject.Object = "<B>No active policy or label defined<B>"
                $ConfigObject.ConfigItem = ""
                $ConfigObject.ConfigData = "<B>Affected workloads: </B>Exchange, SharePoint, OneDrive"
                $ConfigObject.SetResult([MCCAConfigLevel]::Ok, "Fail")            
                $ConfigObjectList += $ConfigObject 
           
            }
        
            $PartialLocation=""
            foreach ($Workload in ($PartialWorkloadsStatus.Keys | Sort-Object -CaseSensitive) ) {
          
                if ($PartialWorkloadsStatus[$Workload] -eq $false) {
                    if ( $PartialLocation -eq "") {
                        $PartialLocation += "$($Workload)"
                    }else {
                        $PartialLocation += ", $($Workload)"
                    }
                }
            }
           
            if(($PartialLocation -ne "")  -and (($PolicyDisabled -eq $true) -or ($AnyPolicyEnabled -eq $true)))
            {
                $ConfigObject = [MCCACheckConfig]::new()
                $ConfigObject.Object = "<B>No policy defined for 1 or more workloads<B>"
                $ConfigObject.ConfigItem = ""
                $ConfigObject.ConfigData = "<B>Affected workloads: </B>$PartialLocation"
                $ConfigObject.SetResult([MCCAConfigLevel]::Ok, "Fail")            
                $ConfigObjectList += $ConfigObject
            }
        }
        catch {
            Write-Host "Error:$(Get-Date) There was an issue while running MCCA. Please try running the tool again after some time." -ForegroundColor:Red
            $ErrorMessage = $_.ToString()
            $StackTraceInfo = $_.ScriptStackTrace
            Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue
        }
        return $ConfigObjectList
    }