SHELL/2.1.14.ps1
|
$CheckId = "2.1.14" $Title = "Ensure inbound anti-spam policies do not contain allowed domains" $Level = "L1" $BenchmarkType = "Automated" try { # CIS audit command: # Get-HostedContentFilterPolicy | ft Identity,AllowedSenderDomains $Policies = @(Get-HostedContentFilterPolicy) $PolicyReport = foreach ($Policy in $Policies) { $AllowedDomains = @() foreach ($Domain in @($Policy.AllowedSenderDomains)) { $DomainText = [string]$Domain if (-not [string]::IsNullOrWhiteSpace($DomainText) -and $DomainText.Trim() -ne "{}") { $AllowedDomains += $DomainText.Trim() } } [pscustomobject]@{ PolicyName = $Policy.Identity AllowedSenderDomains = @($AllowedDomains) AllowedDomainCount = @($AllowedDomains).Count IsCompliant = @($AllowedDomains).Count -eq 0 } } # CIS note: each inbound policy must pass. $NonCompliantPolicies = @($PolicyReport | Where-Object { $_.IsCompliant -eq $false }) $Pass = @($NonCompliantPolicies).Count -eq 0 [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = if ($Pass) { "PASS" } else { "FAIL" } Pass = $Pass Evidence = [pscustomobject]@{ PolicyCount = @($Policies).Count NonCompliantCount = @($NonCompliantPolicies).Count PolicyReport = @($PolicyReport) Recommended = "AllowedSenderDomains undefined/empty ({}) for all inbound anti-spam policies." SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" AuditCommand = "Get-HostedContentFilterPolicy | ft Identity,AllowedSenderDomains" } Error = if ($Pass) { $null } else { "One or more inbound anti-spam policies contain AllowedSenderDomains entries." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" AuditCommand = "Get-HostedContentFilterPolicy | ft Identity,AllowedSenderDomains" } Error = $_.Exception.Message Timestamp = Get-Date } } |