SHELL/8.2.3.ps1
|
$CheckId = "8.2.3" $Title = "Ensure external Teams users cannot initiate conversations" $Level = "L1" $BenchmarkType = "Automated" try { $GlobalPolicy = Get-CsExternalAccessPolicy -Identity Global -ErrorAction Stop $TenantFederation = Get-CsTenantFederationConfiguration -ErrorAction Stop $EnableTeamsConsumerInbound = [bool]$GlobalPolicy.EnableTeamsConsumerInbound $AllowTeamsConsumerInbound = [bool]$TenantFederation.AllowTeamsConsumerInbound $Pass = (-not $EnableTeamsConsumerInbound) -or (-not $AllowTeamsConsumerInbound) $Status = if ($Pass) { "PASS" } else { "FAIL" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ GlobalPolicy_EnableTeamsConsumerInbound = $EnableTeamsConsumerInbound TenantFederation_AllowTeamsConsumerInbound = $AllowTeamsConsumerInbound SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "Both global policy and organization setting allow inbound communication from unmanaged Teams users. At least one must block inbound initiation." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |