SHELL/7.2.4.ps1
|
$CheckId = "7.2.4" $Title = "Ensure OneDrive content sharing is restricted" try { $TenantSettings = Get-SPOTenant $TenantOneDriveSharingCapability = $TenantSettings.OneDriveSharingCapability $EvaluatedWith = "TenantSetting" $ObservedValue = $TenantOneDriveSharingCapability $Pass = $false if (-not [string]::IsNullOrWhiteSpace([string]$TenantOneDriveSharingCapability)) { $Pass = ([string]$TenantOneDriveSharingCapability).Trim().ToLowerInvariant() -eq "disabled" } else { $EvaluatedWith = "OneDriveSite" $OneDriveSites = @(Get-SPOSite -Limit ALL -Filter { Url -like "*-my.sharepoint.com/" }) if (@($OneDriveSites).Count -gt 0) { $OneDriveSite = $OneDriveSites | Select-Object -First 1 $SiteDetails = Get-SPOSite -Identity $OneDriveSite.Url $ObservedValue = $SiteDetails.SharingCapability $Pass = ([string]$ObservedValue).Trim().ToLowerInvariant() -eq "disabled" } else { $ObservedValue = $null } } if ($null -eq $ObservedValue) { [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = "MANUAL_REVIEW" Pass = $null Evidence = [pscustomobject]@{ EvaluatedWith = $EvaluatedWith ObservedValue = $null ReviewAction = "Verify OneDrive sharing is set to Only people in your organization (Disabled in PowerShell)." } Error = "OneDrive sharing capability could not be determined from tenant or OneDrive site settings." Timestamp = Get-Date } } else { [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = if ($Pass) { "PASS" } else { "FAIL" } Pass = $Pass Evidence = [pscustomobject]@{ EvaluatedWith = $EvaluatedWith TenantSettingValue = $TenantOneDriveSharingCapability ObservedValue = $ObservedValue RecommendedValue = "Disabled" } Error = $null Timestamp = Get-Date } } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Status = "ERROR" Pass = $null Evidence = $null Error = $_.Exception.Message Timestamp = Get-Date } } |