SHELL/9.1.12.ps1
|
$CheckId = "9.1.12" $Title = "Ensure service principals ability to create workspaces, connections and deployment pipelines is restricted" $Level = "L1" $BenchmarkType = "Automated" $SettingName = "ServicePrincipalCreateWorkspace" $SettingTitle = "Service principals can create workspaces, connections, and deployment pipelines" $HelperPath = Join-Path $PSScriptRoot "helpers\fabric_settings_helpers.ps1" $AuditCommands = @( "Invoke-RestMethod -Uri 'https://api.fabric.microsoft.com/v1/admin/tenantsettings' -Method Get", "Find setting by settingName 'ServicePrincipalCreateWorkspace' or title 'Service principals can create workspaces, connections, and deployment pipelines'" ) if (-not (Test-Path $HelperPath)) { [pscustomobject]@{ CheckId = $CheckId Title = $Title Level = $Level BenchmarkType = $BenchmarkType Status = "ERROR" Pass = $null Evidence = [pscustomobject]@{ AuditCommands = $AuditCommands HelperPath = $HelperPath SourceDocument = "CIS_Microsoft_365_Foundations_Benchmark_v6.0.1" } Error = "Required helper file not found: $HelperPath" Timestamp = Get-Date } return } . $HelperPath Invoke-Root365FabricControl ` -CheckId $CheckId ` -Title $Title ` -Level $Level ` -BenchmarkType $BenchmarkType ` -SettingName $SettingName ` -SettingTitle $SettingTitle ` -Mode "RestrictOrDisable" ` -MissingSettingBehavior "Pass" ` -AuditCommands $AuditCommands ` -ExpectedStateDescription "Disabled, or enabled only for specific security groups." |