SHELL/2.1.12.ps1
|
$CheckId = "2.1.12" $Title = "Ensure the connection filter IP allow list is not used" $Level = "L1" $BenchmarkType = "Automated" try { # CIS audit command: # Get-HostedConnectionFilterPolicy -Identity Default | fl IPAllowList $Policy = Get-HostedConnectionFilterPolicy -Identity Default $RawAllowList = $Policy.IPAllowList $AllowEntries = @() if ($null -ne $RawAllowList) { foreach ($Item in @($RawAllowList)) { $AsText = [string]$Item if (-not [string]::IsNullOrWhiteSpace($AsText) -and $AsText.Trim() -ne "{}") { $AllowEntries += $AsText.Trim() } } } # Benchmark pass condition: IPAllowList is empty/undefined. $Pass = @($AllowEntries).Count -eq 0 [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = if ($Pass) { "PASS" } else { "FAIL" } Pass = $Pass Evidence = [pscustomobject]@{ PolicyIdentity = $Policy.Identity IPAllowListRaw = @($RawAllowList) IPAllowListUsed = @($AllowEntries) EntryCount = @($AllowEntries).Count Recommended = "IPAllowList empty or undefined ({})." SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" AuditCommand = "Get-HostedConnectionFilterPolicy -Identity Default | fl IPAllowList" } Error = if ($Pass) { $null } else { "IPAllowList contains one or more entries." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" AuditCommand = "Get-HostedConnectionFilterPolicy -Identity Default | fl IPAllowList" } Error = $_.Exception.Message Timestamp = Get-Date } } |