SHELL/9.1.11.ps1
|
$CheckId = "9.1.11" $Title = "Ensure service principals cannot create and use profiles" $Level = "L1" $BenchmarkType = "Automated" $SettingName = "AllowServicePrincipalsCreateAndUseProfiles" $SettingTitle = "Allow service principals to create and use profiles" $HelperPath = Join-Path $PSScriptRoot "helpers\fabric_settings_helpers.ps1" $AuditCommands = @( "Invoke-RestMethod -Uri 'https://api.fabric.microsoft.com/v1/admin/tenantsettings' -Method Get", "Find setting by settingName 'AllowServicePrincipalsCreateAndUseProfiles' or title 'Allow service principals to create and use profiles'" ) if (-not (Test-Path $HelperPath)) { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ AuditCommands = $AuditCommands HelperPath = $HelperPath SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = "Required helper file not found: $HelperPath" Timestamp = Get-Date } return } . $HelperPath Invoke-Root365FabricControl ` -CheckId $CheckId ` -Title $Title ` -Level $Level ` -BenchmarkType $BenchmarkType ` -SettingName $SettingName ` -SettingTitle $SettingTitle ` -Mode "Disable" ` -MissingSettingBehavior "Pass" ` -AuditCommands $AuditCommands ` -ExpectedStateDescription "Disabled or not configured (default disabled)." |