forked from cammurray/orca
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck-ORCA158.ps1
66 lines (50 loc) · 1.99 KB
/
check-ORCA158.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<#
158 Checks to determine if MDO is enabled for SharePoint, Teams, and OD4B as per 'tickbox' in the MDO configuration.
#>
using module "..\ORCA.psm1"
class ORCA158 : ORCACheck
{
<#
CONSTRUCTOR with Check Header Data
#>
ORCA158()
{
$this.Control=158
$this.Services=[ORCAService]::MDO
$this.Area="Microsoft Defender for Office 365 Policies"
$this.Name="Safe Attachments SharePoint and Teams"
$this.PassText="Safe Attachments is enabled for SharePoint and Teams"
$this.FailRecommendation="Enable Safe Attachments for SharePoint and Teams"
$this.Importance="Safe Attachments can assist by scanning for zero day malware by using behavioural analysis and sandboxing techniques. These checks suppliment signature definitions."
$this.ExpandResults=$True
$this.CheckType=[CheckType]::ObjectPropertyValue
$this.ObjectType="Safe Attachments Policy"
$this.ItemName="Setting"
$this.DataType="Current Value"
$this.ChiValue=[ORCACHI]::High
$this.Links= @{
"Microsoft 365 Defender Portal - Safe attachments"="https://security.microsoft.com/safeattachmentv2"
"Recommended settings for EOP and Microsoft Defender for Office 365"="https://aka.ms/orca-atpp-docs-7"
}
}
<#
RESULTS
#>
GetResults($Config)
{
$ConfigObject = [ORCACheckConfig]::new()
$ConfigObject.Object=$Config["AtpPolicy"].Name
$ConfigObject.ConfigItem="EnableATPForSPOTeamsODB"
$ConfigObject.ConfigData=$Config["AtpPolicy"].EnableATPForSPOTeamsODB
# Determine if MDO is enabled or not
If($Config["AtpPolicy"].EnableATPForSPOTeamsODB -eq $false)
{
$ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
}
Else
{
$ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")
}
$this.AddConfig($ConfigObject)
}
}