SHELL/1.2.2.ps1
|
$CheckId = "1.2.2" $Title = "Ensure sign-in to shared mailboxes is blocked" try { $MBX = Get-EXOMailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited $SharedMailboxUsers = $MBX | ForEach-Object { Get-MgUser -UserId $_.ExternalDirectoryObjectId -Property DisplayName,UserPrincipalName,AccountEnabled } | Select-Object DisplayName,UserPrincipalName,AccountEnabled $EnabledShared = $SharedMailboxUsers | Where-Object { $_.AccountEnabled -eq $true } $Pass = @($EnabledShared).Count -eq 0 [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = if ($Pass) { "PASS" } else { "FAIL" } Pass = $Pass Evidence = [pscustomobject]@{ SharedMailboxCount = @($SharedMailboxUsers).Count EnabledSharedMailbox = @($EnabledShared) Mailboxes = @($SharedMailboxUsers) } Error = $null Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = "ERROR" Pass = $null Evidence = $null Error = $_.Exception.Message Timestamp = Get-Date } } |