SHELL/7.2.9.ps1
|
$CheckId = "7.2.9" $Title = "Ensure guest access to a site or OneDrive will expire automatically" $Level = "L1" $BenchmarkType = "Automated" try { $TenantConfig = Get-SPOTenant -ErrorAction Stop $ExternalUserExpirationRequired = [bool]$TenantConfig.ExternalUserExpirationRequired $ExternalUserExpireInDays = [int]$TenantConfig.ExternalUserExpireInDays $Pass = $ExternalUserExpirationRequired -and ($ExternalUserExpireInDays -le 30) $Status = if ($Pass) { "PASS" } else { "FAIL" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ ExternalUserExpirationRequired = $ExternalUserExpirationRequired ExternalUserExpireInDays = $ExternalUserExpireInDays SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "ExternalUserExpirationRequired must be True and ExternalUserExpireInDays must be 30 or less." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |