ROOTM365

1.0.1

SHELL/8.1.1.ps1

                                $CheckId = "8.1.1"

$Title = "Ensure external file sharing in Teams is enabled for only approved cloud storage services"

$Level = "L2"

$BenchmarkType = "Automated"

try {

    $Config = Get-CsTeamsClientConfiguration -Identity Global -ErrorAction Stop

    $ProviderState = [ordered]@{

        AllowDropbox = [bool]$Config.AllowDropbox

        AllowBox = [bool]$Config.AllowBox

        AllowGoogleDrive = [bool]$Config.AllowGoogleDrive

        AllowShareFile = [bool]$Config.AllowShareFile

        AllowEgnyte = [bool]$Config.AllowEgnyte

    }

    $EnabledProviders = @($ProviderState.GetEnumerator() | Where-Object { $_.Value } | ForEach-Object { $_.Key })

    $ApprovedProviders = @()

    $ApprovedProvidersRaw = [string]$env:ROOT365_APPROVED_TEAMS_STORAGE

    if (-not [string]::IsNullOrWhiteSpace($ApprovedProvidersRaw)) {

        $ApprovedProviders = @($ApprovedProvidersRaw -split '[,; ]+' | ForEach-Object { $_.Trim() } | Where-Object { $_ })

    }

    if ($EnabledProviders.Count -eq 0) {

        $Status = "PASS"

        $Pass = $true

        $ErrorMessage = $null

    }

    else {

        $NotApproved = @($EnabledProviders | Where-Object { $_ -notin $ApprovedProviders })

        if ($NotApproved.Count -eq 0 -and $ApprovedProviders.Count -gt 0) {

            $Status = "PASS"

            $Pass = $true

            $ErrorMessage = $null

        }

        else {

            $Status = "FAIL"

            $Pass = $false

            if ($ApprovedProviders.Count -eq 0) {

                $ErrorMessage = "External providers are enabled but no approved allowlist is defined. Set ROOT365_APPROVED_TEAMS_STORAGE to approved provider keys."

            }

            else {

                $ErrorMessage = "Enabled providers are not fully covered by the approved allowlist: $($NotApproved -join ', ')."

            }

        }

    }

    [pscustomobject]@{

        CheckId = $CheckId

        Title = $Title

        Level = $Level

        BenchmarkType = $BenchmarkType

        Status = $Status

        Pass = $Pass

        Evidence = [pscustomobject]@{

            ProviderState = $ProviderState

            EnabledProviders = $EnabledProviders

            ApprovedProviders = $ApprovedProviders

            ApprovedProvidersSource = "Environment variable ROOT365_APPROVED_TEAMS_STORAGE"

            SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1"

        }

        Error = $ErrorMessage

        Timestamp = Get-Date

    }

}

catch {

    [pscustomobject]@{

        CheckId = $CheckId

        Title = $Title

        Level = $Level

        BenchmarkType = $BenchmarkType

        Status = "ERROR"

        Pass = $null

        Evidence = [pscustomobject]@{

            SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1"

        }

        Error = $_.Exception.Message

        Timestamp = Get-Date

    }

}