From b75bc57ae1d6e85545c26b4e0bd289686f671839 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 20:25:24 +0100 Subject: [PATCH 01/35] SettingsApiAvailable variable should explicitly be available in Test-MtCisaAppGroupOwnerConsent --- .../public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 b/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 index 695b35f6..a69f55c9 100644 --- a/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaAppGroupOwnerConsent.ps1 @@ -23,6 +23,8 @@ function Test-MtCisaAppGroupOwnerConsent { return $null } + $SettingsApiAvailable = (Invoke-MtGraphRequest -RelativeUri 'settings' -ApiVersion beta).values.name + if ( $SettingsApiAvailable -notcontains 'EnableGroupSpecificConsent' ) { Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recently created tenants.' return $null From 8de5e176fdd78565d7a7f68738fa6b244eb471c5 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 20:41:26 +0100 Subject: [PATCH 02/35] Get-MtExo should throw exception if command fails --- powershell/public/cisa/exchange/Get-MtExo.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powershell/public/cisa/exchange/Get-MtExo.ps1 b/powershell/public/cisa/exchange/Get-MtExo.ps1 index a3d90f3c..ef0499d3 100644 --- a/powershell/public/cisa/exchange/Get-MtExo.ps1 +++ b/powershell/public/cisa/exchange/Get-MtExo.ps1 @@ -87,7 +87,7 @@ function Get-MtExo { if ($null -eq $__MtSession.ExoCache.$Request) { Write-Verbose "$request not in cache, requesting." - $response = Invoke-Expression $commands.$Request + $response = Invoke-Expression $commands.$Request -ErrorAction Stop $__MtSession.ExoCache.$Request = $response } else { From 970278a3ca3a0123858a8138cabbdbeb59c6ab17 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 20:44:38 +0100 Subject: [PATCH 03/35] Improve logic of MdoV2 in Get-MtLicenseInformation --- powershell/public/Get-MtLicenseInformation.ps1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/powershell/public/Get-MtLicenseInformation.ps1 b/powershell/public/Get-MtLicenseInformation.ps1 index 8f37898a..06062a55 100644 --- a/powershell/public/Get-MtLicenseInformation.ps1 +++ b/powershell/public/Get-MtLicenseInformation.ps1 @@ -121,12 +121,12 @@ function Get-MtLicenseInformation { "MdoV2" { Write-Verbose "Retrieving license SKU for MDO" $skus = Invoke-MtGraphRequest -RelativeUri "subscribedSkus" | Select-Object -ExpandProperty servicePlans | Select-Object -ExpandProperty servicePlanId - if ("f20fedf3-f3c3-43c3-8267-2bfdd51c0939" -in $skus -or "493ff600-6a2b-4db6-ad37-a7d4eb214516" -in $skus) { - $LicenseType = "P1" # Microsoft Defender for Office 365 (Plan 1) / ATP_ENTERPRISE - # Microsoft Defender for Office 365 (Plan 1) for Government / ATP_ENTERPRISE_GOV - } elseif ("8e0c0a52-6a6c-4d40-8370-dd62790dcd70" -in $skus -or "900018f1-0cdb-4ecb-94d4-90281760fdc6" -in $skus) { - $LicenseType = "P2" # Microsoft Defender for Office 365 (Plan 2) / THREAT_INTELLIGENCE - # Microsoft Defender for Office 365 (Plan 2) for Government / THREAT_INTELLIGENCE_GOV + if ("8e0c0a52-6a6c-4d40-8370-dd62790dcd70" -in $skus -or "900018f1-0cdb-4ecb-94d4-90281760fdc6" -in $skus) { + $LicenseType = "P2","P1","EOP" # Microsoft Defender for Office 365 (Plan 2) / THREAT_INTELLIGENCE + # Microsoft Defender for Office 365 (Plan 2) for Government / THREAT_INTELLIGENCE_GOV + } elseif ("f20fedf3-f3c3-43c3-8267-2bfdd51c0939" -in $skus -or "493ff600-6a2b-4db6-ad37-a7d4eb214516" -in $skus) { + $LicenseType = "P1","EOP" # Microsoft Defender for Office 365 (Plan 1) / ATP_ENTERPRISE + # Microsoft Defender for Office 365 (Plan 1) for Government / ATP_ENTERPRISE_GOV } else { $LicenseType = "EOP" # Exchange Online Protection / EOP_ENTERPRISE (326e2b78-9d27-42c9-8509-46c827743a17) } From 8192f2e0df5b1b7a33c3514e90bd9fd7f43e0ff2 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 20:45:28 +0100 Subject: [PATCH 04/35] P1 is required for these impersonation checks, updated to use improved logic of Get-MtLicenseInformation MdoV2 --- .../public/cisa/exchange/Test-MtCisaImpersonationTip.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaImpersonationTip.ps1 b/powershell/public/cisa/exchange/Test-MtCisaImpersonationTip.ps1 index 926110ab..f47f893a 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaImpersonationTip.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaImpersonationTip.ps1 @@ -24,8 +24,8 @@ function Test-MtCisaImpersonationTip { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop + } elseif ("P1" -notin (Get-MtLicenseInformation -Product MdoV2)) { + Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } From 6b1439e44e9cb44d9ca8fb75b9c42f394fe5e8c6 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 20:46:38 +0100 Subject: [PATCH 05/35] P1 is required for these impersonation checks, updated to use improved logic of Get-MtLicenseInformation MdoV2 --- powershell/public/cisa/exchange/Test-MtCisaImpersonation.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaImpersonation.ps1 b/powershell/public/cisa/exchange/Test-MtCisaImpersonation.ps1 index 1d051375..afbab928 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaImpersonation.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaImpersonation.ps1 @@ -24,8 +24,8 @@ function Test-MtCisaImpersonation { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop + } elseif ("P1" -notin (Get-MtLicenseInformation -Product MdoV2)) { + Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } From 632f138e2c7174cdace49cdd51ad98ac5e35662e Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 20:48:04 +0100 Subject: [PATCH 06/35] P1 is required for safe link checks, updated to use improved logic of Get-MtLicenseInformation MdoV2 --- powershell/public/cis/Test-MtCisSafeLink.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powershell/public/cis/Test-MtCisSafeLink.ps1 b/powershell/public/cis/Test-MtCisSafeLink.ps1 index 8a865de2..b8bef647 100644 --- a/powershell/public/cis/Test-MtCisSafeLink.ps1 +++ b/powershell/public/cis/Test-MtCisSafeLink.ps1 @@ -26,7 +26,7 @@ function Test-MtCisSafeLink { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null } - elseif ( ( Get-MtLicenseInformation -Product MdoV2 ) -eq "EOP") { + elseif ("P1" -notin (Get-MtLicenseInformation -Product MdoV2)) { Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } From a2541f9dca14147534bcf714a553d99d4c474035 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 20:49:12 +0100 Subject: [PATCH 07/35] P1 is required for safe attachment checks, updated to use improved logic of Get-MtLicenseInformation MdoV2 --- powershell/public/cis/Test-MtCisSafeAttachment.ps1 | 6 +----- .../public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/powershell/public/cis/Test-MtCisSafeAttachment.ps1 b/powershell/public/cis/Test-MtCisSafeAttachment.ps1 index 84cca8b2..26a84bcc 100644 --- a/powershell/public/cis/Test-MtCisSafeAttachment.ps1 +++ b/powershell/public/cis/Test-MtCisSafeAttachment.ps1 @@ -26,11 +26,7 @@ function Test-MtCisSafeAttachment { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null } - #elseif ($null -eq (Get-MtLicenseInformation -Product Mdo)) { - # Add-MtTestResultDetail -SkippedBecause NotLicensedMdo - # return $null - #} - elseif ( ( Get-MtLicenseInformation -Product MdoV2 ) -eq "EOP") { + elseif ("P1" -notin (Get-MtLicenseInformation -Product MdoV2)) { Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } diff --git a/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 b/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 index 67b0e07a..6b2356c9 100644 --- a/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 +++ b/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 @@ -26,7 +26,7 @@ function Test-MtCisSafeAttachmentsAtpPolicy { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null } - elseif ( ( Get-MtLicenseInformation -Product MdoV2 ) -eq "EOP") { + elseif ("P1" -notin (Get-MtLicenseInformation -Product MdoV2)) { Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } From 96a3b8d4d192c06c744cfe8d720baf86da8e82d2 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 20:51:37 +0100 Subject: [PATCH 08/35] Can be 'null' in new tenants that never had legacy settings to migrate from --- powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 b/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 index 6085b214..3c54982a 100644 --- a/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaMethodsMigration.ps1 @@ -34,7 +34,7 @@ function Test-MtCisaMethodsMigration { $migrationState = $result.policyMigrationState - $testResult = $migrationState -eq "migrationComplete" + $testResult = $migrationState -eq "migrationComplete" -or $null -eq $migrationState # Can be 'null' in new tenants that never had legacy settings to migrate from. if ($testResult) { $testResultMarkdown = "Well done. Your tenant has completed the migration to Authentication Methods." From 993ca7c4eafd13a6791a79ecc3cbf2da99e771ed Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:00:23 +0100 Subject: [PATCH 09/35] Updated to improved Get-MtLicenseInformation MdoV2 logic in Test-MtCisaExoAlert --- .../cisa/exchange/Test-MtCisaExoAlert.ps1 | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 b/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 index af4791d2..3ab28cbe 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 @@ -24,25 +24,23 @@ function Test-MtCisaExoAlert { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo + } elseif ("P1" -notin (Get-MtLicenseInformation -Product MdoV2)) { + Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } $alerts = Get-MtExo -Request ProtectionAlert - $cisaAlerts = @( - "be215649-fba8-4339-9ddd-05991a43b948", #Suspicious email sending patterns detected - "8bb9c6c8-dc12-40e1-5bb8-08da05b13393", #Suspicious connector activity - "bfd48f06-0865-41a6-85ff-adb746423ebf", #Suspicious Email Forwarding Activity - "37a4e852-e711-45ca-b0f4-b076bae3adfd", #Messages have been delayed - "5ed2d687-9bd3-49e7-9b56-b7dc0d9af5cb", #Tenant restricted from sending unprovisioned email - "a7032ff5-7eee-412b-805b-d1295c7e0932", #Tenant restricted from sending email - "a74bb32a-541b-47fb-adfd-f8c62ce3d59b" #A potentially malicious URL click was detected - ) - - $filterAlerts = $alerts | Where-Object { ` - $_.ExchangeObjectId -in $cisaAlerts + $cisaAlerts = @{ + 'be215649-fba8-4339-9ddd-05991a43b948' = 'Suspicious email sending patterns detected' + '8bb9c6c8-dc12-40e1-5bb8-08da05b13393' = 'Suspicious connector activity' + 'bfd48f06-0865-41a6-85ff-adb746423ebf' = 'Suspicious Email Forwarding Activity' + '37a4e852-e711-45ca-b0f4-b076bae3adfd' = 'Messages have been delayed' + '5ed2d687-9bd3-49e7-9b56-b7dc0d9af5cb' = 'Tenant restricted from sending unprovisioned email' + 'a7032ff5-7eee-412b-805b-d1295c7e0932' = 'Tenant restricted from sending email' + } + if ("P2" -in (Get-MtLicenseInformation -Product MdoV2)) { + $cisaAlerts['a74bb32a-541b-47fb-adfd-f8c62ce3d59b'] = 'A potentially malicious URL click was detected' } $resultAlerts = $alerts | Where-Object { ` From f08fbf7234ac79cd4718d312fde117228fdcb540 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:02:04 +0100 Subject: [PATCH 10/35] Bugfix for Test-MtCisaExoAlert alerts compare --- powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 b/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 index 3ab28cbe..7e4bbb8b 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 @@ -44,7 +44,7 @@ function Test-MtCisaExoAlert { } $resultAlerts = $alerts | Where-Object { ` - $_.ExchangeObjectId -in $cisaAlerts -and ` + $_.ExchangeObjectId -in $cisaAlerts.Keys -and ` $_.NotificationEnabled } From 3dabeae5200005452f0463635bd866549fa9e274 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:08:48 +0100 Subject: [PATCH 11/35] Bugfix for Test-MtCisaExoAlert markdown output --- .../cisa/exchange/Test-MtCisaExoAlert.ps1 | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 b/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 index 7e4bbb8b..c3e65f51 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaExoAlert.ps1 @@ -48,29 +48,29 @@ function Test-MtCisaExoAlert { $_.NotificationEnabled } - $testResult = (($resultAlerts|Measure-Object).Count -eq ($cisaAlerts|Measure-Object).Count) + $testResult = ($resultAlerts.Count -eq $cisaAlerts.Count) - $portalLink = "https://security.microsoft.com/alertpoliciesv2" - $passResult = "✅ Pass" - $failResult = "❌ Fail" + $portalLink = 'https://security.microsoft.com/alertpoliciesv2' + $passResult = '✅ Pass' + $failResult = '❌ Fail' if ($testResult) { $testResultMarkdown = "Well done. Your tenant has [alerts configured]($portalLink).`n`n%TestResult%" } else { - $testResultMarkdown = "Your tenant does not have [alerts configured]($portalLink).`n`n%TestResult%" + $testResultMarkdown = "Your tenant does not have all [alerts configured]($portalLink).`n`n%TestResult%" } $result = "| Alert Name | Alert Result |`n" $result += "| --- | --- |`n" - foreach($item in $filterAlerts | Sort-Object -Property Identity){ - if($item.Guid -in $resultAlerts.Guid){ - $result += "| $($item.Identity) | $passResult |`n" - }else{ - $result += "| $($item.Identity) | $failResult |`n" + foreach ($item in $cisaAlerts.GetEnumerator()) { + if ($item.Key -in $resultAlerts.Guid) { + $result += "| $($item.Value) | $passResult |`n" + } else { + $result += "| $($item.Value) | $failResult |`n" } } - $testResultMarkdown = $testResultMarkdown -replace "%TestResult%", $result + $testResultMarkdown = $testResultMarkdown -replace '%TestResult%', $result Add-MtTestResultDetail -Result $testResultMarkdown From e6f386eb355f47d539e9e46df011d0f9030b4afd Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:10:39 +0100 Subject: [PATCH 12/35] Spelling mistake in Test-MtCisaEmailFilterAlternative and EOP is included by default --- .../cisa/exchange/Test-MtCisaEmailFilterAlternative.ps1 | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaEmailFilterAlternative.ps1 b/powershell/public/cisa/exchange/Test-MtCisaEmailFilterAlternative.ps1 index bf79038a..391bbfe9 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaEmailFilterAlternative.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaEmailFilterAlternative.ps1 @@ -8,7 +8,7 @@ .EXAMPLE Test-MtCisaEmailFilterAlternative - Allways returns null + Always returns null .LINK https://maester.dev/docs/commands/Test-MtCisaEmailFilterAlternative @@ -24,9 +24,6 @@ function Test-MtCisaEmailFilterAlternative { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop - return $null } else { Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Only testing of MDO is supported" return $null From 5347df85853ba72559e4b236a8befa1477cc2cdd Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:13:30 +0100 Subject: [PATCH 13/35] DNS server should not be predefined with no obvious way to change it when invoking Maester, as external DNS is most likely denied --- .../public/cisa/exchange/Get-MailAuthenticationRecord.ps1 | 2 +- powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 b/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 index 954fcb49..a8df32d0 100644 --- a/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 +++ b/powershell/public/cisa/exchange/Get-MailAuthenticationRecord.ps1 @@ -28,7 +28,7 @@ function Get-MailAuthenticationRecord { [string]$DomainName, # DNS-server to use for lookup. - [ipaddress]$DnsServerIpAddress = "1.1.1.1", + [ipaddress]$DnsServerIpAddress, # Selector-name for the DKIM record to retrieve. [string]$DkimSelector = "selector1", diff --git a/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 b/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 index 550691f6..e448ff67 100644 --- a/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 +++ b/powershell/public/cisa/exchange/Resolve-SPFRecord.ps1 @@ -27,7 +27,7 @@ function Resolve-SPFRecord { [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 2)] - [string]$Server = "1.1.1.1", + [string]$Server, # If called nested provide a referrer to build valid objects [Parameter(Mandatory = $false)] @@ -69,7 +69,11 @@ function Resolve-SPFRecord { # Query DNS Record try { if ($isWindows -or $PSVersionTable.PSEdition -eq "Desktop") { - $DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type TXT + if ($Server) { + $DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type TXT -ErrorAction Stop + } else { + $DNSRecords = Resolve-DnsName -Name $Name -Type TXT -ErrorAction Stop + } } else { $cmdletCheck = Get-Command "Resolve-Dns" -ErrorAction SilentlyContinue if ($cmdletCheck) { From f1613e911583427ffbcc7e525e2f7cb837c9a947 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:14:59 +0100 Subject: [PATCH 14/35] Removed license check from Test-MtCisaAttachmentFilter as EOP is included by default --- .../public/cisa/exchange/Test-MtCisaAttachmentFilter.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaAttachmentFilter.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAttachmentFilter.ps1 index 77aae716..d7b47b8a 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAttachmentFilter.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAttachmentFilter.ps1 @@ -25,9 +25,6 @@ function Test-MtCisaAttachmentFilter { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop - return $null } $policies = Get-MtExo -Request MalwareFilterPolicy From 6d181ad3d30113cd55f3a4e430adee9feba4c684 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:15:53 +0100 Subject: [PATCH 15/35] Removed license check from Test-MtCisaAttachmentFileType as EOP is included by default --- .../public/cisa/exchange/Test-MtCisaAttachmentFileType.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaAttachmentFileType.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAttachmentFileType.ps1 index 02eeaa9e..f6f59c8f 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAttachmentFileType.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAttachmentFileType.ps1 @@ -24,9 +24,6 @@ function Test-MtCisaAttachmentFileType { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop - return $null } $policies = Get-MtExo -Request MalwareFilterPolicy From 2e2d36a8052657729d8a42e723a3ad64f92a348a Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:17:53 +0100 Subject: [PATCH 16/35] Bugfix for tests attempting to specify Get-MtSkippedReason NotLicensedAdvAudit --- powershell/internal/Get-MtSkippedReason.ps1 | 2 +- powershell/public/Add-MtTestResultDetail.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/internal/Get-MtSkippedReason.ps1 b/powershell/internal/Get-MtSkippedReason.ps1 index 93d79d0c..8d329776 100644 --- a/powershell/internal/Get-MtSkippedReason.ps1 +++ b/powershell/internal/Get-MtSkippedReason.ps1 @@ -23,7 +23,7 @@ function Get-MtSkippedReason { "NotLicensedExoDlp" { "This test is for tenants that are licensed for Exchange Online DLP. See [Microsoft Purview Data Loss Prevention: Data Loss Prevention (DLP) for Exchange Online, SharePoint Online, and OneDrive for Business](https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#which-licenses-provide-the-rights-for-a-user-to-benefit-from-the-service-7)"; break} "NotLicensedMdo" { "This test is for tenants that are licensed for Defender for Office 365 Plan 2. See [Microsoft Defender for Office 365 service description](https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description)"; break} "NotLicensedMdoP1" { "This test is for tenants that are licensed for Defender for Office 365 Plan 1. See [Microsoft Defender for Office 365 service description](https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description)"; break} - "AdvAudit" { "This test is for tenants that are licensed for Advanced Audit. See [Learn about auditing solutions in Microsoft Purview](https://learn.microsoft.com/en-us/purview/audit-solutions-overview#licensing-requirements)"; break} + "NotLicensedAdvAudit" { "This test is for tenants that are licensed for Advanced Audit. See [Learn about auditing solutions in Microsoft Purview](https://learn.microsoft.com/en-us/purview/audit-solutions-overview#licensing-requirements)"; break} "LicensedEntraIDPremium" { "This test is for tenants that are not licensed for any Entra ID Premium license. See [Entra ID licensing](https://learn.microsoft.com/entra/fundamentals/licensing)"; break} "NotSupported" { "This test relies on capabilities not currently available (e.g., cmdlets that are not available on all platforms, Resolve-DnsName)"; break} default { $SkippedBecause; break} diff --git a/powershell/public/Add-MtTestResultDetail.ps1 b/powershell/public/Add-MtTestResultDetail.ps1 index 7f7038b7..76d14973 100644 --- a/powershell/public/Add-MtTestResultDetail.ps1 +++ b/powershell/public/Add-MtTestResultDetail.ps1 @@ -66,7 +66,7 @@ function Add-MtTestResultDetail { [Parameter(Mandatory = $false)] [ValidateSet('NotConnectedAzure', 'NotConnectedExchange', 'NotConnectedGraph', 'NotDotGovDomain', 'NotLicensedEntraIDP1', 'NotConnectedSecurityCompliance', 'NotConnectedTeams', 'NotLicensedEntraIDP2', 'NotLicensedEntraIDGovernance', 'NotLicensedEntraWorkloadID', 'NotLicensedExoDlp', "LicensedEntraIDPremium", 'NotSupported', 'Custom', - 'NotLicensedMdo','NotLicensedMdoP1', 'AdvAudit', 'NotLicensedEop' + 'NotLicensedMdo','NotLicensedMdoP1', 'NotLicensedAdvAudit', 'NotLicensedEop' )] # Common reasons for why the test was skipped. [string] $SkippedBecause, From db89f671c6238e34979ed5447592226f9c0b3507 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:18:54 +0100 Subject: [PATCH 17/35] Removed license check from Test-MtCisaBlockExecutable as EOP is included by default --- powershell/public/cisa/exchange/Test-MtCisaBlockExecutable.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaBlockExecutable.ps1 b/powershell/public/cisa/exchange/Test-MtCisaBlockExecutable.ps1 index ad947a2c..33f16cbd 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaBlockExecutable.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaBlockExecutable.ps1 @@ -24,9 +24,6 @@ function Test-MtCisaBlockExecutable { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop - return $null } $policies = Get-MtExo -Request MalwareFilterPolicy From 777190224207ce13559bcb05e0e6db9456a2e00f Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:20:39 +0100 Subject: [PATCH 18/35] Only output markdown table if there is something to show in Test-MtCisaDlpPii --- .../cisa/exchange/Test-MtCisaDlpPii.ps1 | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaDlpPii.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDlpPii.ps1 index 57e72edf..3a156a2e 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDlpPii.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDlpPii.ps1 @@ -61,16 +61,18 @@ function Test-MtCisaDlpPii { $testResultMarkdown = "Your tenant does not have [Purview Data Loss Prevention Policies]($portalLink) enabled with the Sensitive Info Type of All Full Names.`n`n%TestResult%" } - $passResult = "✅ Pass" - $failResult = "❌ Fail" - $result = "| Status | Policy | Rule |`n" - $result += "| --- | --- | --- |`n" - foreach ($item in ($rules | Sort-Object -Property ParentPolicyName,Name)) { - $itemResult = $failResult - if($item.Guid -in $resultRules.Guid){ - $itemResult = $passResult + if ($rules) { + $passResult = "✅ Pass" + $failResult = "❌ Fail" + $result = "| Status | Policy | Rule |`n" + $result += "| --- | --- | --- |`n" + foreach ($item in ($rules | Sort-Object -Property ParentPolicyName,Name)) { + $itemResult = $failResult + if($item.Guid -in $resultRules.Guid){ + $itemResult = $passResult + } + $result += "| $($itemResult) | $($item.ParentPolicyName) | $($item.Name) |`n" } - $result += "| $($itemResult) | $($item.ParentPolicyName) | $($item.Name) |`n" } $testResultMarkdown = $testResultMarkdown -replace "%TestResult%", $result From fed1d6db9ab981c69e5d3bc364fee85f1e99d59e Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:24:09 +0100 Subject: [PATCH 19/35] Updated to improved Get-MtLicenseInformation MdoV2 logic in Test-MtCisaExoAlertSiem --- powershell/public/cisa/exchange/Test-MtCisaExoAlertSiem.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaExoAlertSiem.ps1 b/powershell/public/cisa/exchange/Test-MtCisaExoAlertSiem.ps1 index 6f94daa3..f0aa8d2a 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaExoAlertSiem.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaExoAlertSiem.ps1 @@ -24,8 +24,8 @@ function Test-MtCisaExoAlertSiem { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo + }elseif("P1" -notin (Get-MtLicenseInformation -Product MdoV2)) { + Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null }else{ Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Not available for API validation." From 76bc00d60cf95c07615da9b87d74e07d135949cb Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:25:40 +0100 Subject: [PATCH 20/35] Add additional instructions of installing required module in Test-MtCisaExternalSenderWarning.md --- .../public/cisa/exchange/Test-MtCisaExternalSenderWarning.md | 1 + 1 file changed, 1 insertion(+) diff --git a/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.md b/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.md index 450467ad..061d7a6d 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.md +++ b/powershell/public/cisa/exchange/Test-MtCisaExternalSenderWarning.md @@ -14,6 +14,7 @@ This feature is only available for Outlook, Outlook for Mac, Outlook on the web, 2. Enable the feature with the cmdlet `Set-ExternalInOutlook` ```powershell +Install-Module -Name ExchangeOnlineManagement Connect-ExchangeOnline Set-ExternalInOutlook -Enabled $true ``` From 1183636c22c8fd06f85f99462a8b6b0ee5a14aee Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:28:32 +0100 Subject: [PATCH 21/35] P1 is required for these mailbox intelligence checks, updated to use improved logic of Get-MtLicenseInformation MdoV2 --- .../public/cisa/exchange/Test-MtCisaMailboxIntelligence.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaMailboxIntelligence.ps1 b/powershell/public/cisa/exchange/Test-MtCisaMailboxIntelligence.ps1 index b070b89e..21412baf 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaMailboxIntelligence.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaMailboxIntelligence.ps1 @@ -24,8 +24,8 @@ function Test-MtCisaMailboxIntelligence { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop + } elseif ("P1" -notin (Get-MtLicenseInformation -Product MdoV2)) { + Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } From 964de6c709ee432276c2f19df7de0a2c5904f259 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:29:15 +0100 Subject: [PATCH 22/35] Removed license check fromTest-MtCisaMalwareAction as EOP is included by default --- powershell/public/cisa/exchange/Test-MtCisaMalwareAction.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaMalwareAction.ps1 b/powershell/public/cisa/exchange/Test-MtCisaMalwareAction.ps1 index 06253d35..ebac3c36 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaMalwareAction.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaMalwareAction.ps1 @@ -24,9 +24,6 @@ function Test-MtCisaMalwareAction { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop - return $null } $policies = Get-MtExo -Request MalwareFilterPolicy From 43ea84a6c74c136e4651fd80f0597d46b952ce63 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:29:48 +0100 Subject: [PATCH 23/35] Removed license check from Test-MtCisaMalwareZap as EOP is included by default --- powershell/public/cisa/exchange/Test-MtCisaMalwareZap.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaMalwareZap.ps1 b/powershell/public/cisa/exchange/Test-MtCisaMalwareZap.ps1 index 844e8673..14c18220 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaMalwareZap.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaMalwareZap.ps1 @@ -24,9 +24,6 @@ function Test-MtCisaMalwareZap { } elseif (!(Test-MtConnection SecurityCompliance)) { Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - } elseif ($null -eq (Get-MtLicenseInformation -Product Eop)) { - Add-MtTestResultDetail -SkippedBecause NotLicensedEop - return $null } $policies = Get-MtExo -Request MalwareFilterPolicy From 3b49ba182d5802fd664244b0b4c0ab1f68ffe124 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:35:46 +0100 Subject: [PATCH 24/35] P1 is required for safe link checks, updated to use improved logic of Get-MtLicenseInformation MdoV2 --- powershell/public/cisa/exchange/Test-MtCisaSafeLink.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaSafeLink.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSafeLink.ps1 index b51bedf0..6bbfd859 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSafeLink.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSafeLink.ps1 @@ -24,8 +24,8 @@ function Test-MtCisaSafeLink { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo + }elseif("P1" -notin (Get-MtLicenseInformation -Product MdoV2)){ + Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } From 2e3c6996fbfc413630dace378411235f95885a69 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:36:13 +0100 Subject: [PATCH 25/35] P1 is required for safe link checks, updated to use improved logic of Get-MtLicenseInformation MdoV2 --- .../public/cisa/exchange/Test-MtCisaSafeLinkClickTracking.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaSafeLinkClickTracking.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSafeLinkClickTracking.ps1 index 0aad4c0f..53b1eb43 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSafeLinkClickTracking.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSafeLinkClickTracking.ps1 @@ -24,8 +24,8 @@ function Test-MtCisaSafeLinkClickTracking { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo + }elseif("P1" -notin (Get-MtLicenseInformation -Product MdoV2)){ + Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } From 9aa5e1224f7eb79b4c6037c56bbe600c4cc4023b Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:36:56 +0100 Subject: [PATCH 26/35] P1 is required for safe link checks, updated to use improved logic of Get-MtLicenseInformation MdoV2 --- .../public/cisa/exchange/Test-MtCisaSafeLinkDownloadScan.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaSafeLinkDownloadScan.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSafeLinkDownloadScan.ps1 index 1a172747..52137342 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSafeLinkDownloadScan.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSafeLinkDownloadScan.ps1 @@ -24,8 +24,8 @@ function Test-MtCisaSafeLinkDownloadScan { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo + }elseif("P1" -notin (Get-MtLicenseInformation -Product MdoV2)){ + Add-MtTestResultDetail -SkippedBecause NotLicensedMdoP1 return $null } From 062d396ae5deecc68e293ba6e2620babc274d2eb Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:38:05 +0100 Subject: [PATCH 27/35] Removed license check from Test-MtCisaSpamAction as EOP is included by default --- powershell/public/cisa/exchange/Test-MtCisaSpamAction.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaSpamAction.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSpamAction.ps1 index b176f441..9807da7a 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSpamAction.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSpamAction.ps1 @@ -24,9 +24,6 @@ function Test-MtCisaSpamAction { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo - return $null } $policies = Get-MtExo -Request HostedContentFilterPolicy From f46fb42515774f2e5d1a2d32fae82c06a95049c9 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:38:39 +0100 Subject: [PATCH 28/35] Removed license check from Test-MtCisaSpamAlternative as EOP is included by default --- powershell/public/cisa/exchange/Test-MtCisaSpamAlternative.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaSpamAlternative.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSpamAlternative.ps1 index 44d4162b..fda7ec47 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSpamAlternative.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSpamAlternative.ps1 @@ -24,9 +24,6 @@ function Test-MtCisaSpamAlternative { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo - return $null }else{ Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Unable to validate 3rd party solutions." return $null From 52a970f2d9f3c14bda96449f6faef56875f40fc5 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:40:57 +0100 Subject: [PATCH 29/35] Removed license check from Test-MtCisaSpamBypass as EOP is included by default --- powershell/public/cisa/exchange/Test-MtCisaSpamBypass.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaSpamBypass.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSpamBypass.ps1 index 530efc07..f6422630 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSpamBypass.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSpamBypass.ps1 @@ -24,9 +24,6 @@ function Test-MtCisaSpamBypass { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo - return $null } $policies = Get-MtExo -Request HostedContentFilterPolicy From de60e11330af229abfcb9aa90e97631bc741a4c2 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:41:47 +0100 Subject: [PATCH 30/35] Removed license check from Test-MtCisaSpamFilter as EOP is included by default --- powershell/public/cisa/exchange/Test-MtCisaSpamFilter.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaSpamFilter.ps1 b/powershell/public/cisa/exchange/Test-MtCisaSpamFilter.ps1 index 1ed5a0ed..73616b21 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaSpamFilter.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaSpamFilter.ps1 @@ -24,9 +24,6 @@ function Test-MtCisaSpamFilter { }elseif(!(Test-MtConnection SecurityCompliance)){ Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance return $null - }elseif($null -eq (Get-MtLicenseInformation -Product Mdo)){ - Add-MtTestResultDetail -SkippedBecause NotLicensedMdo - return $null } $policies = Get-MtExo -Request HostedContentFilterPolicy From cf764c946c090991d7abe649c6e9ab27bb06675a Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:46:20 +0100 Subject: [PATCH 31/35] Only show table output if there is something to show in Test-MtCisaDlp --- .../public/cisa/exchange/Test-MtCisaDlp.ps1 | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 index e20e73f0..f6e200a2 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDlp.ps1 @@ -29,10 +29,9 @@ function Test-MtCisaDlp { return $null } - $policies = Get-MtExo -Request DlpCompliancePolicy + $policies = Get-MtExo -Request DlpCompliancePolicy | Where-Object { $_.ExchangeLocation.DisplayName -contains "All" } $resultPolicies = $policies | Where-Object {` - $_.ExchangeLocation.DisplayName -contains "All" -and ` $_.Workload -like "*Exchange*" -and ` -not $_.IsSimulationPolicy -and ` $_.Enabled @@ -48,16 +47,18 @@ function Test-MtCisaDlp { $testResultMarkdown = "Your tenant does not have [Purview Data Loss Prevention Policies]($portalLink) enabled.`n`n%TestResult%" } - $passResult = "✅ Pass" - $failResult = "❌ Fail" - $result = "| Name | Status | Description |`n" - $result += "| --- | --- | --- |`n" - foreach ($item in ($policies | Where-Object {$_.ExchangeLocation.DisplayName -contains "All"}) | Sort-Object -Property name) { - $itemResult = $failResult - if($item.Guid -in $resultPolicies.Guid){ - $itemResult = $passResult + if ($policies) { + $passResult = "✅ Pass" + $failResult = "❌ Fail" + $result = "| Name | Status | Description |`n" + $result += "| --- | --- | --- |`n" + foreach ($item in ($policies | Sort-Object -Property name)) { + $itemResult = $failResult + if($item.Guid -in $resultPolicies.Guid){ + $itemResult = $passResult + } + $result += "| $($item.name) | $($itemResult) | $($item.comment) |`n" } - $result += "| $($item.name) | $($itemResult) | $($item.comment) |`n" } $testResultMarkdown = $testResultMarkdown -replace "%TestResult%", $result From 53aa2308bbdb777e44ba9f6607033eec3bdd804f Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:49:52 +0100 Subject: [PATCH 32/35] Bugfix for Test-MtCisaDlpBaselineRule --- .../public/cisa/exchange/Test-MtCisaDlpBaselineRule.ps1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaDlpBaselineRule.ps1 b/powershell/public/cisa/exchange/Test-MtCisaDlpBaselineRule.ps1 index 90168d70..61d5323c 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaDlpBaselineRule.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaDlpBaselineRule.ps1 @@ -66,8 +66,6 @@ function Test-MtCisaDlpBaselineRule { $resultComposite = $resultCcn -and $resultSsn -and $resultItin - $testResult = ($resultComposite | Measure-Object).Count -ge 1 - $portalLink = "https://purview.microsoft.com/datalossprevention/policies" if ($resultComposite) { @@ -97,5 +95,5 @@ function Test-MtCisaDlpBaselineRule { Add-MtTestResultDetail -Result $testResultMarkdown - return $testResult + return $resultComposite } \ No newline at end of file From 64a66d34f7ae4e99e521760838f21a90abe4bdc9 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:51:41 +0100 Subject: [PATCH 33/35] Improve markdown output in Test-MtCisaAuditLog --- powershell/public/cisa/exchange/Test-MtCisaAuditLog.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaAuditLog.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAuditLog.ps1 index ed45fbe7..79f7263a 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAuditLog.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAuditLog.ps1 @@ -33,9 +33,9 @@ function Test-MtCisaAuditLog { $portalLink = "https://purview.microsoft.com/audit/auditsearch" if ($testResult) { - $testResultMarkdown = "Well done. Your tenant has [unified audit log enabled]($portalLink).`n`n%TestResult%" + $testResultMarkdown = "Well done. Your tenant has [unified audit log enabled]($portalLink)." } else { - $testResultMarkdown = "Your tenant does not have [unified audit log enabled]($portalLink).`n`n%TestResult%" + $testResultMarkdown = "Your tenant does not have [unified audit log enabled]($portalLink)." } Add-MtTestResultDetail -Result $testResultMarkdown From ef606c3bc77df3c6569b73def470df5918b99f0d Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Mon, 3 Mar 2025 21:53:57 +0100 Subject: [PATCH 34/35] Improve markdown output in Test-MtCisaAuditLogRetention as the looped variable is never set --- .../exchange/Test-MtCisaAuditLogRetention.ps1 | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/powershell/public/cisa/exchange/Test-MtCisaAuditLogRetention.ps1 b/powershell/public/cisa/exchange/Test-MtCisaAuditLogRetention.ps1 index 20589306..c69f9a02 100644 --- a/powershell/public/cisa/exchange/Test-MtCisaAuditLogRetention.ps1 +++ b/powershell/public/cisa/exchange/Test-MtCisaAuditLogRetention.ps1 @@ -45,27 +45,13 @@ function Test-MtCisaAuditLogRetention { $testResult = ($resultPolicies|Measure-Object).Count -ge 1 $portalLink = "https://purview.microsoft.com/audit/auditpolicies" - $passResult = "✅ Pass" - $failResult = "❌ Fail" if ($testResult) { - $testResultMarkdown = "Well done. Your tenant has [Exchange Online audit retention enabled]($portalLink).`n`n%TestResult%" + $testResultMarkdown = "Well done. Your tenant has [Exchange Online audit retention enabled]($portalLink)." } else { - $testResultMarkdown = "Your tenant does not have [Exchange Online audit retention enabled]($portalLink).`n`n%TestResult%" + $testResultMarkdown = "Your tenant does not have [Exchange Online audit retention enabled]($portalLink)." } - $result = "| Policy Result | Policy Name | Record Types | Retention Duration |`n" - $result += "| --- | --- | --- | --- |`n" - foreach($item in $mailboxes | Sort-Object -Property Name){ - if($item.Guid -in $resultMailboxes.Guid){ - $result += "| $passResult | $($item.Name) | $($item.RecordTypes -join ", ") | $($item.RetentionDuration) |`n" - }else{ - $result += "| $failResult | $($item.Name) | $($item.RecordTypes -join ", ") | $($item.RetentionDuration) |`n" - } - } - - $testResultMarkdown = $testResultMarkdown -replace "%TestResult%", $result - Add-MtTestResultDetail -Result $testResultMarkdown return $testResult From b0dbb83000236cc0537fdc20e76df25e80d69de6 Mon Sep 17 00:00:00 2001 From: "Thomas S. Schmidt" Date: Wed, 5 Mar 2025 10:57:23 +0100 Subject: [PATCH 35/35] Added additional comments to Get-MtLicenseInformation MdoV2 --- powershell/public/Get-MtLicenseInformation.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/powershell/public/Get-MtLicenseInformation.ps1 b/powershell/public/Get-MtLicenseInformation.ps1 index 06062a55..176e74d5 100644 --- a/powershell/public/Get-MtLicenseInformation.ps1 +++ b/powershell/public/Get-MtLicenseInformation.ps1 @@ -124,9 +124,11 @@ function Get-MtLicenseInformation { if ("8e0c0a52-6a6c-4d40-8370-dd62790dcd70" -in $skus -or "900018f1-0cdb-4ecb-94d4-90281760fdc6" -in $skus) { $LicenseType = "P2","P1","EOP" # Microsoft Defender for Office 365 (Plan 2) / THREAT_INTELLIGENCE # Microsoft Defender for Office 365 (Plan 2) for Government / THREAT_INTELLIGENCE_GOV + # Includes P1 and EOP capabilities } elseif ("f20fedf3-f3c3-43c3-8267-2bfdd51c0939" -in $skus -or "493ff600-6a2b-4db6-ad37-a7d4eb214516" -in $skus) { $LicenseType = "P1","EOP" # Microsoft Defender for Office 365 (Plan 1) / ATP_ENTERPRISE # Microsoft Defender for Office 365 (Plan 1) for Government / ATP_ENTERPRISE_GOV + # Includes EOP capabilities } else { $LicenseType = "EOP" # Exchange Online Protection / EOP_ENTERPRISE (326e2b78-9d27-42c9-8509-46c827743a17) }