SHELL/6.1.3.ps1
|
$CheckId = "6.1.3" $Title = "Ensure 'AuditBypassEnabled' is not enabled on mailboxes" $Level = "L1" $BenchmarkType = "Automated" try { $MailboxBypassData = @(Get-MailboxAuditBypassAssociation -ResultSize Unlimited -ErrorAction Stop) $BypassEnabled = @($MailboxBypassData | Where-Object { $_.AuditBypassEnabled -eq $true }) $Pass = $BypassEnabled.Count -eq 0 $Status = if ($Pass) { "PASS" } else { "FAIL" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ AuditBypassEnabledCount = $BypassEnabled.Count MailboxesWithAuditBypassEnabled = @( $BypassEnabled | Select-Object Name, AuditBypassEnabled ) SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "One or more accounts have AuditBypassEnabled set to True." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |