public/cisa/exchange/Test-MtCisaMalwareZap.ps1
|
<# .SYNOPSIS Checks state of preset security policies .DESCRIPTION Email scanning SHALL be capable of reviewing emails after delivery. .EXAMPLE Test-MtCisaMalwareZap Returns true if standard and strict protection is on .LINK https://maester.dev/docs/commands/Test-MtCisaMalwareZap #> function Test-MtCisaMalwareZap { [CmdletBinding()] [OutputType([bool])] param() if (!(Test-MtConnection ExchangeOnline)) { Add-MtTestResultDetail -SkippedBecause NotConnectedExchange return $null } $policies = Get-MtExoThreatPolicyMalware $failingPolicies = $policies | Where-Object { $_.IsEnabled -and -not $_.ZapEnabled } $testResult = ($failingPolicies | Measure-Object).Count -eq 0 $portalLink = "https://security.microsoft.com/antimalwarev2" $passResult = "✅ Pass" $failResult = "❌ Fail" $skipResult = "🗄️ Skip" $result = "| Policy name | Enabled | ZapEnabled | Result |`n" $result += "| --- | --- | --- | --- |`n" foreach ($item in $policies) { if (-not $item.IsEnabled) { $result += "| $($item.Identity) | $false | $($item.ZapEnabled) | $($skipResult) |`n" } elseif ($item.ZapEnabled) { $result += "| $($item.Identity) | $true | $($item.ZapEnabled) | $($passResult) |`n" } else { $result += "| $($item.Identity) | $true | $($item.ZapEnabled) | $($failResult) |`n" } } if ($testResult) { $testResultMarkdown = "Well done. All the anti-malware policies in your tenant have the property ZapEnabled set to true ($portalLink).`n`n%TestResult%" } else { $testResultMarkdown = "Your tenant does not have all the anti-malware policies with the property ZapEnabled set to true ($portalLink).`n`n%TestResult%" } $testResultMarkdown = $testResultMarkdown -replace "%TestResult%", $result Add-MtTestResultDetail -Result $testResultMarkdown return $testResult # $policies = Get-MtExo -Request MalwareFilterPolicy # $fileFilter = $policies | Where-Object { ` # $_.ZapEnabled # } # $standard = $policies | Where-Object { ` # $_.RecommendedPolicyType -eq "Standard" # } # $strict = $policies | Where-Object { ` # $_.RecommendedPolicyType -eq "Strict" # } # $testResult = $standard -and $strict -and (($fileFilter|Measure-Object).Count -ge 1) # $portalLink = "https://security.microsoft.com/presetSecurityPolicies" # $passResult = "✅ Pass" # $failResult = "❌ Fail" # if ($testResult) { # $testResultMarkdown = "Well done. Your tenant has [standard and strict preset security policies for the common file filter]($portalLink).`n`n%TestResult%" # } else { # $testResultMarkdown = "Your tenant does not have [standard and strict preset security policies enabled]($portalLink).`n`n%TestResult%" # } # $result = "| Policy | Status |`n" # $result += "| --- | --- |`n" # if ($standard) { # $result += "| Standard | $passResult |`n" # } else { # $result += "| Standard | $failResult |`n" # } # if ($strict) { # $result += "| Strict | $passResult |`n`n" # } else { # $result += "| Strict | $failResult |`n`n" # } # $result += "| Policy Name | Result |`n" # $result += "| --- | --- |`n" # foreach($item in $policies | Sort-Object -Property Identity){ # if($item.ZapEnabled){ # $result += "| $($item.Identity) | $($passResult) |`n" # }else{ # $result += "| $($item.Identity) | $($failResult) |`n" # } # } # $testResultMarkdown = $testResultMarkdown -replace "%TestResult%", $result # Add-MtTestResultDetail -Result $testResultMarkdown # return $testResult } |