Checks/check-ORCA113.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
using module "..\ORCA.psm1"

class ORCA113 : ORCACheck
{
    <#
     
        Check if AllowClickThrough is disabled in the organisation wide SafeLinks policy and if DoNotAllowClickThrough is True in SafeLink policies
     
    #>


    ORCA113()
    {
        $this.Control="ORCA-113"
        $this.Services=[ORCAService]::OATP
        $this.Area="Advanced Threat Protection Policies"
        $this.Name="Do not let users click through safe links"
        $this.PassText="DoNotAllowClickThrough is enabled in Safe Links policies"
        $this.FailRecommendation="Do not let users click through safe links to original URL"
        $this.Importance="Office 365 ATP Safe Links can help protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. It is possible to allow users click through Safe Links to the original URL. It is recommended to configure Safe Links policies to not let users click through safe links."
        $this.ExpandResults=$True
        $this.CheckType=[CheckType]::ObjectPropertyValue
        $this.ObjectType="Policy"
        $this.ItemName="Setting"
        $this.DataType="Current Value"
        $this.ChiValue=[ORCACHI]::High
        $this.Links= @{
            "Security & Compliance Center - Safe links"="https://protection.office.com/safelinksv2"
            "Office 365 ATP Safe Links policies"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-worldwide#step-4-learn-about-atp-safe-links-policy-options"
            "Recommended settings for EOP and Office 365 ATP security"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp?view=o365-worldwide#office-365-advanced-threat-protection-security"
        }
    
    }

    <#
     
        RESULTS
     
    #>


    GetResults($Config)
    {

        # Check objects
        $ConfigObject = [ORCACheckConfig]::new()
        $ConfigObject.Object=$($Config["AtpPolicy"].Name)
        $ConfigObject.ConfigItem="AllowClickThrough"
        $ConfigObject.ConfigData=$($Config["AtpPolicy"].AllowClickThrough)

        If($Config["AtpPolicy"].AllowClickThrough -eq $True)
        {
            # Determine if AllowClickThrough is enabled in the policy applies to the entire organization
            $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
        }
        Else
        {
            $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")         
        }
 
        # Add config to check
        $this.AddConfig($ConfigObject)
        
        ForEach($Policy in $Config["SafeLinksPolicy"]) 
        {
    
            # Check objects
            $ConfigObject = [ORCACheckConfig]::new()
            $ConfigObject.Object=$($Policy.Name)
            $ConfigObject.ConfigItem="DoNotAllowClickThrough"
            $ConfigObject.ConfigData=$($Policy.DoNotAllowClickThrough)

            # Determine if DoNotAllowClickThrough is True in safelinks policies
            If($Policy.DoNotAllowClickThrough -eq $true)
            {
                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")
            }
            Else 
            {
                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")                       
            }

            # Add config to check
            $this.AddConfig($ConfigObject)
            
        }

    }

}