Skip to content

Commit d817b6d

Browse files
committed
fix: cis test 1_3_5
use correct forms settings
1 parent ee1884f commit d817b6d

2 files changed

Lines changed: 55 additions & 11 deletions

File tree

Modules/CIPPDB/Public/DBCache/Set-CIPPDBCacheSettings.ps1

Lines changed: 50 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,20 +19,66 @@ function Set-CIPPDBCacheSettings {
1919
try {
2020
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Caching directory settings' -sev Debug
2121

22-
$Settings = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/settings?$top=999' -tenantid $TenantFilter
22+
$BulkRequests = @(
23+
[PSCustomObject]@{
24+
id = 'settings'
25+
method = 'GET'
26+
url = '/settings?$top=999'
27+
}
28+
[PSCustomObject]@{
29+
id = 'appsAndServices'
30+
method = 'GET'
31+
url = '/admin/appsAndServices'
32+
}
33+
[PSCustomObject]@{
34+
id = 'formsSettings'
35+
method = 'GET'
36+
url = '/admin/forms/settings'
37+
}
38+
)
39+
40+
$BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter
41+
42+
$SettingsResponse = $BulkResults | Where-Object { $_.id -eq 'settings' } | Select-Object -First 1
43+
$Settings = @()
44+
if ($SettingsResponse -and $SettingsResponse.status -eq 200) {
45+
$Settings = @($SettingsResponse.body.value)
46+
} else {
47+
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "Settings request failed in bulk response (status: $($SettingsResponse.status))" -sev Warning
48+
}
2349
if (!$Settings) { $Settings = @() }
2450
Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'Settings' -Data $Settings -AddCount
2551
$Settings = $null
2652

2753
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Caching apps and services settings' -sev Debug
28-
$AppsAndServices = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/admin/appsAndServices' -tenantid $TenantFilter
29-
if ($AppsAndServices -and $AppsAndServices.PSObject.Properties.Name -contains 'settings') {
30-
$AppsAndServices = $AppsAndServices.settings
54+
$AppsAndServicesResponse = $BulkResults | Where-Object { $_.id -eq 'appsAndServices' } | Select-Object -First 1
55+
$AppsAndServices = @()
56+
if ($AppsAndServicesResponse -and $AppsAndServicesResponse.status -eq 200) {
57+
$AppsAndServices = $AppsAndServicesResponse.body
58+
if ($AppsAndServices -and $AppsAndServices.PSObject.Properties.Name -contains 'settings') {
59+
$AppsAndServices = $AppsAndServices.settings
60+
}
61+
} else {
62+
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "AppsAndServices request failed in bulk response (status: $($AppsAndServicesResponse.status))" -sev Warning
3163
}
3264
if (!$AppsAndServices) { $AppsAndServices = @() }
3365
Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AppsAndServices' -Data $AppsAndServices -AddCount
3466
$AppsAndServices = $null
3567

68+
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Caching Forms settings' -sev Debug
69+
$FormsSettingsResponse = $BulkResults | Where-Object { $_.id -eq 'formsSettings' } | Select-Object -First 1
70+
$FormsSettings = @()
71+
if ($FormsSettingsResponse -and $FormsSettingsResponse.status -eq 200) {
72+
$FormsSettings = $FormsSettingsResponse.body
73+
} else {
74+
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "FormsSettings request failed in bulk response (status: $($FormsSettingsResponse.status))" -sev Warning
75+
}
76+
if (!$FormsSettings) { $FormsSettings = @() }
77+
Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'FormsSettings' -Data $FormsSettings -AddCount
78+
$FormsSettings = $null
79+
80+
$BulkResults = $null
81+
3682
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Cached directory settings successfully' -sev Debug
3783

3884
} catch {

Modules/CIPPTests/Public/Tests/CIS/Identity/Invoke-CippTestCIS_1_3_5.ps1

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,17 +6,15 @@ function Invoke-CippTestCIS_1_3_5 {
66
param($Tenant)
77

88
try {
9-
$Settings = Get-CIPPTestData -TenantFilter $Tenant -Type 'Settings'
9+
$Forms = Get-CIPPTestData -TenantFilter $Tenant -Type 'FormsSettings'
1010

11-
if (-not $Settings) {
12-
Add-CippTestResult -TenantFilter $Tenant -TestId 'CIS_1_3_5' -TestType 'Identity' -Status 'Skipped' -ResultMarkdown 'Settings cache not found. Please refresh the cache for this tenant.' -Risk 'Medium' -Name 'Internal phishing protection for Forms is enabled' -UserImpact 'Low' -ImplementationEffort 'Low' -Category 'Phishing Protection'
13-
return
11+
if (-not $Forms) {
12+
$Settings = Get-CIPPTestData -TenantFilter $Tenant -Type 'Settings'
13+
$Forms = $Settings | Where-Object { $_.PSObject.Properties.Name -contains 'isInOrgFormsPhishingScanEnabled' } | Select-Object -First 1
1414
}
1515

16-
$Forms = $Settings | Where-Object { $_.PSObject.Properties.Name -contains 'isInOrgFormsPhishingScanEnabled' } | Select-Object -First 1
17-
1816
if (-not $Forms) {
19-
Add-CippTestResult -TenantFilter $Tenant -TestId 'CIS_1_3_5' -TestType 'Identity' -Status 'Skipped' -ResultMarkdown 'Forms phishing scan setting not in cache.' -Risk 'Medium' -Name 'Internal phishing protection for Forms is enabled' -UserImpact 'Low' -ImplementationEffort 'Low' -Category 'Phishing Protection'
17+
Add-CippTestResult -TenantFilter $Tenant -TestId 'CIS_1_3_5' -TestType 'Identity' -Status 'Skipped' -ResultMarkdown 'Forms phishing scan setting not in cache. Please refresh FormsSettings cache for this tenant.' -Risk 'Medium' -Name 'Internal phishing protection for Forms is enabled' -UserImpact 'Low' -ImplementationEffort 'Low' -Category 'Phishing Protection'
2018
return
2119
}
2220

0 commit comments

Comments
 (0)