SHELL/2.1.13.ps1
|
$CheckId = "2.1.13" $Title = "Ensure the connection filter safe list is off" $Level = "L1" $BenchmarkType = "Automated" try { # CIS audit command: # Get-HostedConnectionFilterPolicy -Identity Default | fl EnableSafeList $Policy = Get-HostedConnectionFilterPolicy -Identity Default $EnableSafeListRaw = $Policy.EnableSafeList $EnableSafeList = $null if ($null -ne $EnableSafeListRaw) { $EnableSafeList = [bool]$EnableSafeListRaw } # Benchmark pass condition: EnableSafeList is False. $Pass = ($EnableSafeList -eq $false) [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = if ($Pass) { "PASS" } else { "FAIL" } Pass = $Pass Evidence = [pscustomobject]@{ PolicyIdentity = $Policy.Identity EnableSafeList = $EnableSafeList Recommended = "EnableSafeList = False" SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" AuditCommand = "Get-HostedConnectionFilterPolicy -Identity Default | fl EnableSafeList" } Error = if ($Pass) { $null } else { "EnableSafeList is enabled. Recommended state is False." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" AuditCommand = "Get-HostedConnectionFilterPolicy -Identity Default | fl EnableSafeList" } Error = $_.Exception.Message Timestamp = Get-Date } } |