SHELL/5.2.4.1.ps1
|
$CheckId = "5.2.4.1" $Title = "Ensure 'Self service password reset enabled' is set to 'All'" $Level = "L1" $BenchmarkType = "Automated" function Get-PropValue { param( [AllowNull()]$Object, [string]$Name ) if ($null -eq $Object) { return $null } if ($Object -is [hashtable]) { foreach ($Key in $Object.Keys) { if ([string]$Key -ieq $Name) { return $Object[$Key] } } } if ($Object.PSObject -and $Object.PSObject.Properties) { foreach ($Property in $Object.PSObject.Properties) { if ([string]$Property.Name -ieq $Name) { return $Property.Value } } } return $null } try { $Policy = Get-MgPolicyAuthorizationPolicy -ErrorAction Stop $AllowedToUseSSPR = Get-PropValue -Object $Policy -Name "AllowedToUseSSPR" $Pass = $false $Status = "FAIL" if ($AllowedToUseSSPR -eq $true) { $Pass = $true $Status = "PASS" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ SelfServicePasswordResetEnabled = $AllowedToUseSSPR ExpectedValue = "All" SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "Self Service Password Reset is not enabled for all users." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |