SHELL/8.2.2.ps1
|
$CheckId = "8.2.2" $Title = "Ensure communication with unmanaged Teams users is disabled" $Level = "L1" $BenchmarkType = "Automated" try { $GlobalPolicy = Get-CsExternalAccessPolicy -Identity Global -ErrorAction Stop $TenantFederation = Get-CsTenantFederationConfiguration -ErrorAction Stop $EnableTeamsConsumerAccess = [bool]$GlobalPolicy.EnableTeamsConsumerAccess $AllowTeamsConsumer = [bool]$TenantFederation.AllowTeamsConsumer $Pass = (-not $EnableTeamsConsumerAccess) -or (-not $AllowTeamsConsumer) $Status = if ($Pass) { "PASS" } else { "FAIL" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ GlobalPolicy_EnableTeamsConsumerAccess = $EnableTeamsConsumerAccess TenantFederation_AllowTeamsConsumer = $AllowTeamsConsumer SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "Both global policy and organization setting allow unmanaged Teams users. At least one must block communication." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |