tests/Test-ReauthWithCode.ps1
|
function Test-ReauthWithCode { [CmdletBinding()] param ( # Define your parameters here ) begin { # Initialization code $auditResult = [CISAuditResult]::new() } process { # 7.2.10 (L1) Ensure reauthentication with verification code is restricted $SPOTenantReauthentication = Get-SPOTenant | Select-Object EmailAttestationRequired, EmailAttestationReAuthDays $isReauthenticationRestricted = $SPOTenantReauthentication.EmailAttestationRequired -and $SPOTenantReauthentication.EmailAttestationReAuthDays -le 15 # Populate the auditResult object with the required properties $auditResult.CISControlVer = "v8" $auditResult.CISControl = "0.0" $auditResult.CISDescription = "Explicitly Not Mapped" $auditResult.Rec = "7.2.10" $auditResult.ELevel = "E3" $auditResult.ProfileLevel = "L1" $auditResult.IG1 = $false $auditResult.IG2 = $false $auditResult.IG3 = $false $auditResult.RecDescription = "Ensure reauthentication with verification code is restricted" $auditResult.Result = $isReauthenticationRestricted $auditResult.Details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)" $auditResult.FailureReason = if (-not $isReauthenticationRestricted) { "Reauthentication with verification code does not require reauthentication within 15 days or less." } else { "N/A" } $auditResult.Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" } } end { # Return auditResult return $auditResult } } |