SHELL/7.2.6.ps1
|
$CheckId = "7.2.6" $Title = "Ensure SharePoint external sharing is restricted" $Level = "L2" $BenchmarkType = "Automated" try { $TenantConfig = Get-SPOTenant -ErrorAction Stop $RestrictionMode = [string]$TenantConfig.SharingDomainRestrictionMode $AllowedDomainListRaw = [string]$TenantConfig.SharingAllowedDomainList $AllowedDomains = @($AllowedDomainListRaw -split '[,;\s]+' | ForEach-Object { $_.Trim() } | Where-Object { $_ }) $ModePass = $RestrictionMode -eq "AllowList" $DomainListPass = $AllowedDomains.Count -gt 0 $Pass = $ModePass -and $DomainListPass $Status = if ($Pass) { "PASS" } else { "FAIL" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ SharingDomainRestrictionMode = $RestrictionMode SharingAllowedDomainList = $AllowedDomainListRaw SharingAllowedDomainCount = $AllowedDomains.Count SharingAllowedDomains = $AllowedDomains SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "SharingDomainRestrictionMode must be AllowList and SharingAllowedDomainList must contain approved domains." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |