SHELL/1.3.7.ps1
|
$CheckId = "1.3.7" $Title = "Ensure third-party storage services are restricted in Microsoft 365 on the web" try { $SP = Get-MgServicePrincipal -Filter "appId eq 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e'" $Restricted = (-not $SP) -or (-not [bool]$SP.AccountEnabled) [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = if ($Restricted) { "PASS" } else { "FAIL" } Pass = $Restricted Evidence = [pscustomobject]@{ ServicePrincipalFound = [bool]$SP AccountEnabled = if ($SP) { $SP.AccountEnabled } else { $null } } Error = $null Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = "ERROR" Pass = $null Evidence = $null Error = $_.Exception.Message Timestamp = Get-Date } } |