SHELL/6.2.3.ps1
|
$CheckId = "6.2.3" $Title = "Ensure email from external senders is identified" $Level = "L1" $BenchmarkType = "Automated" try { $ExternalTagSettings = @() $LastException = $null $MaxAttempts = 3 for ($Attempt = 1; $Attempt -le $MaxAttempts; $Attempt++) { try { $ExternalTagSettings = @(Get-ExternalInOutlook ) $LastException = $null break } catch { $LastException = $_.Exception if ($Attempt -lt $MaxAttempts) { Start-Sleep -Seconds 3 } } } if ($null -ne $LastException) { # Fallback to organization config if the dedicated cmdlet is transiently unavailable. if (Get-Command -Name Get-OrganizationConfig -ErrorAction SilentlyContinue) { try { $OrgConfig = Get-OrganizationConfig -ErrorAction Stop $ExternalInOutlook = $OrgConfig.ExternalInOutlook if ($null -ne $ExternalInOutlook) { $Enabled = [bool]$ExternalInOutlook [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = if ($Enabled) { "PASS" } else { "FAIL" } Pass = $Enabled Evidence = [pscustomobject]@{ FallbackSource = "Get-OrganizationConfig.ExternalInOutlook" ExternalInOutlook = $ExternalInOutlook SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Enabled) { $null } else { "External sender identification appears disabled in organization configuration." } Timestamp = Get-Date } return } } catch { } } throw $LastException } if ($ExternalTagSettings.Count -eq 0) { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SettingsCount = 0 SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = "Get-ExternalInOutlook returned no results." Timestamp = Get-Date } return } $NonCompliant = @($ExternalTagSettings | Where-Object { $_.Enabled -ne $true }) $Pass = $NonCompliant.Count -eq 0 $Status = if ($Pass) { "PASS" } else { "FAIL" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ SettingsCount = $ExternalTagSettings.Count Settings = @($ExternalTagSettings | Select-Object Identity, Enabled, AllowList) NonCompliantSettings = @($NonCompliant | Select-Object Identity, Enabled, AllowList) SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "One or more ExternalInOutlook identities have Enabled set to False." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |