forked from cammurray/orca
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck-ORCA118_1.ps1
91 lines (69 loc) · 3.31 KB
/
check-ORCA118_1.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
using module "..\ORCA.psm1"
class ORCA118_1 : ORCACheck
{
<#
CONSTRUCTOR with Check Header Data
#>
ORCA118_1()
{
$this.Control="ORCA-118-1"
$this.Area="Anti-Spam Policies"
$this.Name="Domain Allowlisting"
$this.PassText="Domains are not being allow listed in an unsafe manner"
$this.FailRecommendation="Remove allow listing on domains"
$this.Importance="Emails coming from allow listed domains bypass several layers of protection within Exchange Online Protection. If domains are allow listed, they are open to being spoofed from malicious actors."
$this.ExpandResults=$True
$this.ItemName="Anti-Spam Policy"
$this.DataType="Allowlisted Domain"
$this.ChiValue=[ORCACHI]::High
$this.Links= @{
"Microsoft 365 Defender Portal - Anti-spam settings"="https://security.microsoft.com/antispam"
"Use Anti-Spam Policy Sender/Domain Allow lists"="https://aka.ms/orca-antispam-docs-4"
}
}
<#
RESULTS
#>
GetResults($Config)
{
#$CountOfPolicies = ($Config["HostedContentFilterPolicy"] ).Count
$CountOfPolicies = ($global:HostedContentPolicyStatus| Where-Object {$_.IsEnabled -eq $True}).Count
ForEach($Policy in $Config["HostedContentFilterPolicy"]) {
$IsPolicyDisabled = !$Config["PolicyStates"][$Policy.Guid.ToString()].Applies
$IsBuiltIn = $false
$policyname = $Config["PolicyStates"][$Policy.Guid.ToString()].Name
$AllowedSenderDomains = @($Policy.AllowedSenderDomains)
<#
Important! Do not apply read-only here for preset/default policies a this can be modified
#>
# Fail if AllowedSenderDomains is not null
If(($AllowedSenderDomains).Count -gt 0)
{
ForEach($Domain in $AllowedSenderDomains)
{
# Check objects
$ConfigObject = [ORCACheckConfig]::new()
$ConfigObject.ConfigItem=$policyname
$ConfigObject.ConfigData=$($Domain.Domain)
$ConfigObject.ConfigDisabled = $Config["PolicyStates"][$Policy.Guid.ToString()].Disabled
$ConfigObject.ConfigWontApply = !$Config["PolicyStates"][$Policy.Guid.ToString()].Applies
$ConfigObject.ConfigPolicyGuid=$Policy.Guid.ToString()
$ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
$this.AddConfig($ConfigObject)
}
}
else
{
# Check objects
$ConfigObject = [ORCACheckConfig]::new()
$ConfigObject.ConfigItem=$policyname
$ConfigObject.ConfigDisabled = $Config["PolicyStates"][$Policy.Guid.ToString()].Disabled
$ConfigObject.ConfigWontApply = !$Config["PolicyStates"][$Policy.Guid.ToString()].Applies
$ConfigObject.ConfigPolicyGuid=$Policy.Guid.ToString()
$ConfigObject.ConfigData="No domain available"
$ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")
$this.AddConfig($ConfigObject)
}
}
}
}