SHELL/8.6.1.ps1
|
$CheckId = "8.6.1" $Title = "Ensure users can report security concerns in Teams" $Level = "L1" $BenchmarkType = "Automated" function Normalize-AddressList { param([AllowNull()]$Value) $RawItems = @($Value) if ($RawItems.Count -eq 1 -and ($RawItems[0] -is [string])) { $RawItems = @($RawItems[0] -split '[,;\s]+' | Where-Object { $_ }) } return @($RawItems | ForEach-Object { [string]$_ } | Where-Object { -not [string]::IsNullOrWhiteSpace($_) }) } try { $TeamsPolicy = Get-CsTeamsMessagingPolicy -Identity Global -ErrorAction Stop $AllowSecurityEndUserReporting = [bool]$TeamsPolicy.AllowSecurityEndUserReporting $ReportPolicies = @(Get-ReportSubmissionPolicy -ErrorAction Stop) if ($ReportPolicies.Count -eq 0) { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "FAIL" Pass = $false Evidence = [pscustomobject]@{ TeamsPolicyIdentity = [string]$TeamsPolicy.Identity AllowSecurityEndUserReporting = $AllowSecurityEndUserReporting ReportSubmissionPolicyCount = 0 SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = "No report submission policy was returned." Timestamp = Get-Date } return } $ReportPolicy = $ReportPolicies | Where-Object { $_.Identity -eq "DefaultReportSubmissionPolicy" } | Select-Object -First 1 if (-not $ReportPolicy) { $ReportPolicy = $ReportPolicies | Select-Object -First 1 } $ReportJunkToCustomizedAddress = [bool]$ReportPolicy.ReportJunkToCustomizedAddress $ReportNotJunkToCustomizedAddress = [bool]$ReportPolicy.ReportNotJunkToCustomizedAddress $ReportPhishToCustomizedAddress = [bool]$ReportPolicy.ReportPhishToCustomizedAddress $ReportJunkAddresses = Normalize-AddressList -Value $ReportPolicy.ReportJunkAddresses $ReportNotJunkAddresses = Normalize-AddressList -Value $ReportPolicy.ReportNotJunkAddresses $ReportPhishAddresses = Normalize-AddressList -Value $ReportPolicy.ReportPhishAddresses $ReportChatMessageEnabled = [bool]$ReportPolicy.ReportChatMessageEnabled $ReportChatMessageToCustomizedAddressEnabled = [bool]$ReportPolicy.ReportChatMessageToCustomizedAddressEnabled $Pass = $AllowSecurityEndUserReporting -and $ReportJunkToCustomizedAddress -and $ReportNotJunkToCustomizedAddress -and $ReportPhishToCustomizedAddress -and ($ReportJunkAddresses.Count -gt 0) -and ($ReportNotJunkAddresses.Count -gt 0) -and ($ReportPhishAddresses.Count -gt 0) -and (-not $ReportChatMessageEnabled) -and $ReportChatMessageToCustomizedAddressEnabled $Status = if ($Pass) { "PASS" } else { "FAIL" } [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = $Status Pass = $Pass Evidence = [pscustomobject]@{ TeamsPolicyIdentity = [string]$TeamsPolicy.Identity AllowSecurityEndUserReporting = $AllowSecurityEndUserReporting ReportSubmissionPolicyIdentity = [string]$ReportPolicy.Identity ReportJunkToCustomizedAddress = $ReportJunkToCustomizedAddress ReportNotJunkToCustomizedAddress = $ReportNotJunkToCustomizedAddress ReportPhishToCustomizedAddress = $ReportPhishToCustomizedAddress ReportJunkAddresses = $ReportJunkAddresses ReportNotJunkAddresses = $ReportNotJunkAddresses ReportPhishAddresses = $ReportPhishAddresses ReportChatMessageEnabled = $ReportChatMessageEnabled ReportChatMessageToCustomizedAddressEnabled = $ReportChatMessageToCustomizedAddressEnabled SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = if ($Pass) { $null } else { "One or more required Teams/Defender reporting settings are not configured to CIS values." } Timestamp = Get-Date } } catch { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = $_.Exception.Message Timestamp = Get-Date } } |