Checks/check-eDiscovery102.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
using module "..\MCCA.psm1"

class eDiscovery102 : MCCACheck {
    <#
     
 
    #>


    eDiscovery102() {
        $this.Control = "eDiscovery-102"
        $this.ParentArea = "Discovery & Response"
        $this.Area = "eDiscovery"
        $this.Name = "Use Advanced eDiscovery Cases to Support Legal Investigations"
        $this.PassText = "Your organization is using Advanced eDiscovery cases to support legal investigations"
        $this.FailRecommendation = "Your organization needs to review (or set up) Advanced eDiscovery cases"
        $this.Importance = "Your organization should use Advanced eDiscovery to manage the end-to-end workflow to preserve, collect, review, analyze, and export content that's responsive to your organization's internal and external investigations."
        $this.ExpandResults = $True
        $this.ItemName = "Case Name"
        $this.DataType = "Case Status"
        if($this.ExchangeEnvironmentNameForCheck -ieq "O365USGovGCCHigh")
        {
            $this.Links = @{
                "Get started with Advanced eDiscovery" = "https://aka.ms/mcca-aed-docs-action"
                "Compliance Center - Advanced eDiscovery"  = "https://aka.ms/mcca-gcch-aed-compliance-center"
                "eDiscovery in Microsoft 365" = "https://aka.ms/mcca-aed-docs-learn-more"
                "Compliance Manager - eDiscovery" = "https://aka.ms/mcca-gcch-aed-compliance-manager"
            }
        }elseif ($this.ExchangeEnvironmentNameForCheck -ieq "O365USGovDoD") 
        {
            $this.Links = @{
                "Get started with Advanced eDiscovery" = "https://aka.ms/mcca-aed-docs-action"
                "Compliance Center - Advanced eDiscovery"  = "https://aka.ms/mcca-dod-aed-compliance-center"
                "eDiscovery in Microsoft 365" = "https://aka.ms/mcca-aed-docs-learn-more"
                "Compliance Manager - eDiscovery" = "https://aka.ms/mcca-dod-aed-compliance-manager"
            }
        }else
        {
        $this.Links = @{
            "Get started with Advanced eDiscovery"     = "https://aka.ms/mcca-aed-docs-action"
            "Compliance Center - Advanced eDiscovery"   = "https://aka.ms/mcca-aed-compliance-center"
            "eDiscovery in Microsoft 365" = "https://aka.ms/mcca-aed-docs-learn-more"
        }
        }
    }

    <#
     
        RESULTS
     
    #>


    GetResults($Config) {   
        if ($Config["GetComplianceCase"] -eq "Error") {
            $this.Completed = $false
        }
        else {
            $ConfigObjectList = @()
            
            $CasesPresent= $false
            $activecasepresent = $false
            ForEach ($CasesDefined in $Config["GetComplianceCase"]|Where-Object{$_.CaseType -eq "AdvancedEdiscovery"}) { 
                $Cases = $CasesDefined 
                $CasesPresent= $true
                
                if($($Cases.Status) -eq "Active")
                {
                    $ConfigObject = [MCCACheckConfig]::new()
                    $ConfigObject.ConfigItem = "$($Cases.Name)"
                    $ConfigObject.ConfigData = "$($Cases.Status)"
                    $ConfigObject.SetResult([MCCAConfigLevel]::Ok, "Fail")
                    $this.AddConfig($ConfigObject)
                    $ConfigObjectList += $ConfigObject
                    $activecasepresent= $true
                }
                $CasesPresent= $true
            }
            if(($activecasepresent -eq $false)  -and ($CasesPresent -eq $true))
            {
                $ConfigObject = [MCCACheckConfig]::new()
                    $ConfigObject.ConfigItem = "No active case"
                    $ConfigObject.ConfigData = ""
                    $ConfigObject.SetResult([MCCAConfigLevel]::Ok, "Pass")
                    $this.AddConfig($ConfigObject)
                    $ConfigObjectList += $ConfigObject
            }
            elseif($CasesPresent -eq $false)
            {
                $ConfigObject = [MCCACheckConfig]::new()
                $ConfigObject.ConfigItem = "No eDiscovery cases found"
                $ConfigObject.ConfigData = ""
                $ConfigObject.SetResult([MCCAConfigLevel]::Ok, "Fail")
                $this.AddConfig($ConfigObject)
                $ConfigObjectList += $ConfigObject
            }
                    
            $hasRemediation = $this.Config | Where-Object { $_.RemediationAction -ne ''}
            if ($($hasremediation.count) -gt 0)
            {
                $this.MCCARemediationInfo = New-Object -TypeName MCCARemediationInfo -Property @{
                    RemediationAvailable = $True
                    RemediationText      = "You need to connect to Security & Compliance Center PowerShell to execute the below commands. Please follow steps defined in <a href = 'https://docs.microsoft.com/en-us/powershell/exchange/connect-to-scc-powershell?view=exchange-ps'> Connect to Security & Compliance Center PowerShell</a>."
                }        
            } 
            $this.Completed = $True
        }
    }}