SHELL/5.2.3.5.ps1
|
$CheckId = "5.2.3.5" $Title = "Ensure weak authentication methods are disabled" $Level = "L1" $BenchmarkType = "Automated" function Get-ConfigState { param( [AllowNull()]$Config ) if ($null -eq $Config) { return $null } if ($Config.PSObject.Properties.Match("State").Count -gt 0) { return [string]$Config.State } if ($Config.PSObject.Properties.Match("state").Count -gt 0) { return [string]$Config.state } if ($Config.PSObject.Properties.Match("AdditionalProperties").Count -gt 0 -and $Config.AdditionalProperties) { foreach ($Key in $Config.AdditionalProperties.Keys) { if ([string]$Key -ieq "state") { return [string]$Config.AdditionalProperties[$Key] } } } return $null } try { $Policy = Get-MgPolicyAuthenticationMethodPolicy -ErrorAction Stop $Configurations = @($Policy.AuthenticationMethodConfigurations) $SmsConfig = $Configurations | Where-Object { $_.Id -eq "Sms" } | Select-Object -First 1 $VoiceConfig = $Configurations | Where-Object { $_.Id -eq "Voice" } | Select-Object -First 1 $SmsState = Get-ConfigState -Config $SmsConfig $VoiceState = Get-ConfigState -Config $VoiceConfig $SmsDisabled = ($SmsState -match '^(?i:disabled)$') $VoiceDisabled = ($VoiceState -match '^(?i:disabled)$') $Pass = $SmsDisabled -and $VoiceDisabled $Status = if ($Pass) { "PASS" } else { "FAIL" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ SmsState = $SmsState VoiceState = $VoiceState SmsDisabled = $SmsDisabled VoiceDisabled = $VoiceDisabled SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "SMS and Voice authentication methods must both be disabled." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |