SHELL/1.3.2.PS1
|
$CheckId = "1.3.2"
$Title = "Ensure idle session timeout is 3 hours or less for unmanaged devices" try { $Config = Get-OrganizationConfig | Select-Object ActivityBasedAuthenticationTimeoutEnabled,ActivityBasedAuthenticationTimeoutInterval $TimeoutHours = $null if ($Config.ActivityBasedAuthenticationTimeoutInterval -is [timespan]) { $TimeoutHours = [math]::Round($Config.ActivityBasedAuthenticationTimeoutInterval.TotalHours, 2) } $Pass = ($Config.ActivityBasedAuthenticationTimeoutEnabled -and $TimeoutHours -ne $null -and $TimeoutHours -le 3) [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = if ($Pass) { "PASS" } else { "FAIL" } Pass = $Pass Evidence = [pscustomobject]@{ ActivityBasedAuthenticationTimeoutEnabled = $Config.ActivityBasedAuthenticationTimeoutEnabled ActivityBasedAuthenticationTimeoutInterval = $Config.ActivityBasedAuthenticationTimeoutInterval TimeoutHours = $TimeoutHours } Error = $null Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = "ERROR" Pass = $null Evidence = $null Error = $_.Exception.Message Timestamp = Get-Date } } |