Skip to content

Commit 3e4421b

Browse files
authored
Merge pull request #982 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents ccf8fe6 + 518855c commit 3e4421b

33 files changed

Lines changed: 322 additions & 284 deletions

Modules/CIPPTests/Public/Tests/CIS/Identity/Invoke-CippTestCIS_1_2_2.ps1

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,19 @@ function Invoke-CippTestCIS_1_2_2 {
2121
return
2222
}
2323

24-
$EnabledShared = @()
24+
$UsersById = @{}
25+
$UsersByUpn = @{}
26+
foreach ($U in $Users) {
27+
if ($U.id) { $UsersById[$U.id] = $U }
28+
if ($U.userPrincipalName) { $UsersByUpn[$U.userPrincipalName] = $U }
29+
}
30+
$EnabledShared = [System.Collections.Generic.List[object]]::new()
2531
foreach ($SM in $SharedMailboxes) {
26-
$User = $Users | Where-Object { $_.userPrincipalName -eq $SM.UserPrincipalName -or $_.id -eq $SM.ExternalDirectoryObjectId } | Select-Object -First 1
32+
$User = $null
33+
if ($SM.UserPrincipalName -and $UsersByUpn.ContainsKey($SM.UserPrincipalName)) { $User = $UsersByUpn[$SM.UserPrincipalName] }
34+
elseif ($SM.ExternalDirectoryObjectId -and $UsersById.ContainsKey($SM.ExternalDirectoryObjectId)) { $User = $UsersById[$SM.ExternalDirectoryObjectId] }
2735
if ($User -and $User.accountEnabled -eq $true) {
28-
$EnabledShared += $User
36+
$EnabledShared.Add($User)
2937
}
3038
}
3139

Modules/CIPPTests/Public/Tests/CIS/Identity/Invoke-CippTestCIS_2_1_5.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,10 @@ function Invoke-CippTestCIS_2_1_5 {
2020
EnableSafeDocs = $true
2121
AllowSafeDocsOpen = $false
2222
}
23-
$Failures = @()
23+
$Failures = [System.Collections.Generic.List[string]]::new()
2424
foreach ($key in $Required.Keys) {
2525
if ($Cfg.$key -ne $Required[$key]) {
26-
$Failures += "$key = $($Cfg.$key) (expected $($Required[$key]))"
26+
$Failures.Add("$key = $($Cfg.$key) (expected $($Required[$key]))")
2727
}
2828
}
2929

Modules/CIPPTests/Public/Tests/CIS/Identity/Invoke-CippTestCIS_2_1_9.ps1

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,14 @@ function Invoke-CippTestCIS_2_1_9 {
1414
return
1515
}
1616

17-
$Sending = $Accepted | Where-Object { -not $_.SendingFromDomainDisabled -and $_.DomainName -notlike '*onmicrosoft.com' }
18-
$Failed = @()
17+
$Sending = $Accepted.Where({ -not $_.SendingFromDomainDisabled -and $_.DomainName -notlike '*onmicrosoft.com' })
18+
$DkimByDomain = $Dkim | Group-Object Domain -AsHashTable -AsString
19+
$Failed = [System.Collections.Generic.List[object]]::new()
1920
foreach ($D in $Sending) {
20-
$Cfg = $Dkim | Where-Object { $_.Domain -eq $D.DomainName } | Select-Object -First 1
21+
$Cfg = $null
22+
if ($DkimByDomain.ContainsKey($D.DomainName)) { $Cfg = @($DkimByDomain[$D.DomainName])[0] }
2123
if (-not $Cfg -or $Cfg.Enabled -ne $true) {
22-
$Failed += [PSCustomObject]@{ Domain = $D.DomainName; Enabled = $Cfg.Enabled }
24+
$Failed.Add([PSCustomObject]@{ Domain = $D.DomainName; Enabled = $Cfg.Enabled })
2325
}
2426
}
2527

Modules/CIPPTests/Public/Tests/CIS/Identity/Invoke-CippTestCIS_4_2.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,11 @@ function Invoke-CippTestCIS_4_2 {
2121
return
2222
}
2323

24-
$Failures = @()
24+
$Failures = [System.Collections.Generic.List[string]]::new()
2525
foreach ($P in @('androidForWorkRestriction', 'androidRestriction', 'iosRestriction', 'macOSRestriction', 'windowsRestriction')) {
2626
$r = $DefaultPlatform.$P
2727
if ($r -and $r.personalDeviceEnrollmentBlocked -ne $true -and $r.platformBlocked -ne $true) {
28-
$Failures += "$P : personal enrollment NOT blocked"
28+
$Failures.Add("$P : personal enrollment NOT blocked")
2929
}
3030
}
3131

Modules/CIPPTests/Public/Tests/CIS/Identity/Invoke-CippTestCIS_5_2_3_4.ps1

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,20 @@ function Invoke-CippTestCIS_5_2_3_4 {
1414
return
1515
}
1616

17-
$Members = $Users | Where-Object { $_.userType -eq 'Member' -and $_.accountEnabled -eq $true }
18-
$NotCapable = @()
17+
$Members = $Users.Where({ $_.userType -eq 'Member' -and $_.accountEnabled -eq $true })
18+
$RegById = @{}
19+
$RegByUpn = @{}
20+
foreach ($R in $Reg) {
21+
if ($R.id) { $RegById[$R.id] = $R }
22+
if ($R.userPrincipalName) { $RegByUpn[$R.userPrincipalName] = $R }
23+
}
24+
$NotCapable = [System.Collections.Generic.List[object]]::new()
1925
foreach ($U in $Members) {
20-
$R = $Reg | Where-Object { $_.id -eq $U.id -or $_.userPrincipalName -eq $U.userPrincipalName } | Select-Object -First 1
26+
$R = $null
27+
if ($U.id -and $RegById.ContainsKey($U.id)) { $R = $RegById[$U.id] }
28+
elseif ($U.userPrincipalName -and $RegByUpn.ContainsKey($U.userPrincipalName)) { $R = $RegByUpn[$U.userPrincipalName] }
2129
if (-not $R -or $R.isMfaCapable -ne $true) {
22-
$NotCapable += $U
30+
$NotCapable.Add($U)
2331
}
2432
}
2533

Modules/CIPPTests/Public/Tests/CIS/Identity/Invoke-CippTestCIS_8_1_1.ps1

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,12 @@ function Invoke-CippTestCIS_8_1_1 {
1414
}
1515

1616
$Cfg = $Client | Select-Object -First 1
17-
$Enabled = @()
18-
if ($Cfg.AllowDropbox) { $Enabled += 'Dropbox' }
19-
if ($Cfg.AllowBox) { $Enabled += 'Box' }
20-
if ($Cfg.AllowGoogleDrive) { $Enabled += 'GoogleDrive' }
21-
if ($Cfg.AllowShareFile) { $Enabled += 'ShareFile' }
22-
if ($Cfg.AllowEgnyte) { $Enabled += 'Egnyte' }
17+
$Enabled = [System.Collections.Generic.List[string]]::new()
18+
if ($Cfg.AllowDropbox) { $Enabled.Add('Dropbox') }
19+
if ($Cfg.AllowBox) { $Enabled.Add('Box') }
20+
if ($Cfg.AllowGoogleDrive) { $Enabled.Add('GoogleDrive') }
21+
if ($Cfg.AllowShareFile) { $Enabled.Add('ShareFile') }
22+
if ($Cfg.AllowEgnyte) { $Enabled.Add('Egnyte') }
2323

2424
if ($Enabled.Count -eq 0) {
2525
$Status = 'Passed'

Modules/CIPPTests/Public/Tests/CISA/Identity/Invoke-CippTestCISAMSEXO111.ps1

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,10 @@ function Invoke-CippTestCISAMSEXO111 {
2828

2929
$StandardATP = $PresetPolicies | Where-Object { $_.Identity -like '*Preset Security Policy*' -and $_.ImpersonationProtectionState -eq 'Enabled' }
3030

31-
$EnabledPolicies = @()
32-
if ($StandardEOP) { $EnabledPolicies += 'Standard EOP' }
33-
if ($StrictEOP) { $EnabledPolicies += 'Strict EOP' }
34-
if ($StandardATP) { $EnabledPolicies += "$($StandardATP.Count) ATP policy/policies with impersonation protection" }
31+
$EnabledPolicies = [System.Collections.Generic.List[string]]::new()
32+
if ($StandardEOP) { $EnabledPolicies.Add('Standard EOP') }
33+
if ($StrictEOP) { $EnabledPolicies.Add('Strict EOP') }
34+
if ($StandardATP) { $EnabledPolicies.Add("$($StandardATP.Count) ATP policy/policies with impersonation protection") }
3535

3636
if ($EnabledPolicies.Count -gt 0) {
3737
$Result = "✅ **Pass**: Preset security policies with impersonation protection are enabled:`n`n"

Modules/CIPPTests/Public/Tests/CopilotReadiness/Identity/Invoke-CippTestCopilotReady015.ps1

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,7 @@ function Invoke-CippTestCopilotReady015 {
2020
$ActiveUsers = @($UsageData | Where-Object { $_.userPrincipalName -and $_.userPrincipalName -ne 'Not applicable' })
2121

2222
if ($ActiveUsers.Count -eq 0) {
23-
$Result = "No Microsoft 365 Copilot usage was detected in the past 30 days.`n`n"
24-
$Result += 'This tenant either has no Copilot licenses assigned, or users have not yet started using Copilot features. '
25-
$Result += 'See tests CopilotReady001 and CopilotReady002 to check licensing status.'
23+
$Result = "No Microsoft 365 Copilot usage was detected in the past 30 days.`n`nThis tenant either has no Copilot licenses assigned, or users have not yet started using Copilot features. See tests CopilotReady001 and CopilotReady002 to check licensing status."
2624
Add-CippTestResult -TenantFilter $Tenant -TestId 'CopilotReady015' -TestType 'Identity' -Status 'Informational' -ResultMarkdown $Result -Risk 'Informational' -Name 'Microsoft 365 Copilot usage per user' -UserImpact 'Low' -ImplementationEffort 'Low' -Category 'Copilot Readiness'
2725
return
2826
}
@@ -33,12 +31,13 @@ function Invoke-CippTestCopilotReady015 {
3331
$_ -notin @('userPrincipalName', 'displayName', 'lastActivityDate', 'reportRefreshDate', 'reportPeriod', 'id')
3432
}
3533

36-
$Result = "**$($ActiveUsers.Count) users** had Copilot activity in the past 30 days.`n`n"
34+
$sb = [System.Text.StringBuilder]::new()
35+
$null = $sb.Append("**$($ActiveUsers.Count) users** had Copilot activity in the past 30 days.`n`n")
3736

3837
# Build table header from available columns
3938
$Headers = @('User', 'Last Active') + $AppColumns
40-
$Result += '| ' + ($Headers -join ' | ') + " |`n"
41-
$Result += '| ' + (($Headers | ForEach-Object { '---' }) -join ' | ') + " |`n"
39+
$null = $sb.Append('| ' + ($Headers -join ' | ') + " |`n")
40+
$null = $sb.Append('| ' + (($Headers | ForEach-Object { '---' }) -join ' | ') + " |`n")
4241

4342
$DisplayUsers = $ActiveUsers | Sort-Object lastActivityDate -Descending | Select-Object -First 50
4443
foreach ($User in $DisplayUsers) {
@@ -48,12 +47,13 @@ function Invoke-CippTestCopilotReady015 {
4847
$Val = $User.$Col
4948
$null = $Row.Append(" $Val |")
5049
}
51-
$Result += "$Row`n"
50+
$null = $sb.Append("$Row`n")
5251
}
5352

5453
if ($ActiveUsers.Count -gt 50) {
55-
$Result += "`n*Showing 50 of $($ActiveUsers.Count) active users.*"
54+
$null = $sb.Append("`n*Showing 50 of $($ActiveUsers.Count) active users.*")
5655
}
56+
$Result = $sb.ToString()
5757

5858
Add-CippTestResult -TenantFilter $Tenant -TestId 'CopilotReady015' -TestType 'Identity' -Status 'Informational' -ResultMarkdown $Result -Risk 'Informational' -Name 'Microsoft 365 Copilot usage per user' -UserImpact 'Low' -ImplementationEffort 'Low' -Category 'Copilot Readiness'
5959

Modules/CIPPTests/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCAAS04.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,11 +20,11 @@ function Invoke-CippTestEIDSCAAS04 {
2020
return
2121
}
2222

23-
$InvalidTargets = @()
23+
$InvalidTargets = [System.Collections.Generic.List[string]]::new()
2424
if ($SmsConfig.includeTargets) {
2525
foreach ($target in $SmsConfig.includeTargets) {
2626
if ($target.isUsableForSignIn -ne $false) {
27-
$InvalidTargets += $target.id
27+
$InvalidTargets.Add($target.id)
2828
}
2929
}
3030
}

Modules/CIPPTests/Public/Tests/GenericTests/Identity/Invoke-CippTestGenericTest004.ps1

Lines changed: 19 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,13 +20,25 @@ function Invoke-CippTestGenericTest004 {
2020
}
2121

2222
$TotalUsers = $Users.Count
23-
$MFARegistered = @($Users | Where-Object { $_.MFARegistration -eq $true }).Count
24-
$MFACapable = @($Users | Where-Object { $_.MFACapable -eq $true }).Count
25-
$CoveredByCA = @($Users | Where-Object { $_.CoveredByCA -like 'Enforced*' }).Count
26-
$CoveredBySD = @($Users | Where-Object { $_.CoveredBySD -eq $true }).Count
27-
$PerUserMFA = @($Users | Where-Object { $_.PerUser -in @('Enforced', 'Enabled') }).Count
28-
$NotProtected = @($Users | Where-Object { $_.CoveredByCA -notlike 'Enforced*' -and $_.CoveredBySD -ne $true -and $_.PerUser -notin @('Enforced', 'Enabled') }).Count
29-
$AdminCount = @($Users | Where-Object { $_.IsAdmin -eq $true }).Count
23+
$MFARegistered = 0
24+
$MFACapable = 0
25+
$CoveredByCA = 0
26+
$CoveredBySD = 0
27+
$PerUserMFA = 0
28+
$NotProtected = 0
29+
$AdminCount = 0
30+
foreach ($u in $Users) {
31+
if ($u.MFARegistration -eq $true) { $MFARegistered++ }
32+
if ($u.MFACapable -eq $true) { $MFACapable++ }
33+
$isCA = $u.CoveredByCA -like 'Enforced*'
34+
$isSD = $u.CoveredBySD -eq $true
35+
$isPerUser = $u.PerUser -in @('Enforced', 'Enabled')
36+
if ($isCA) { $CoveredByCA++ }
37+
if ($isSD) { $CoveredBySD++ }
38+
if ($isPerUser) { $PerUserMFA++ }
39+
if (-not $isCA -and -not $isSD -and -not $isPerUser) { $NotProtected++ }
40+
if ($u.IsAdmin -eq $true) { $AdminCount++ }
41+
}
3042
$MFARegPct = if ($TotalUsers -gt 0) { [math]::Round(($MFARegistered / $TotalUsers) * 100, 1) } else { 0 }
3143

3244
$Result = [System.Text.StringBuilder]::new("### Summary`n`n")

0 commit comments

Comments
 (0)