tests/Test-EnableDKIM.ps1
|
function Test-EnableDKIM { [CmdletBinding()] param ( # Parameters can be added if needed ) begin { # Dot source the class script $auditResults = @() } process { # 2.1.9 (L1) Ensure DKIM is enabled for all Exchange Online Domains # Pass if Enabled is True for all domains. Fail if any domain has Enabled set to False. $dkimConfig = Get-DkimSigningConfig | Select-Object Domain, Enabled $dkimResult = ($dkimConfig | ForEach-Object { $_.Enabled }) -notcontains $false $dkimFailedDomains = $dkimConfig | Where-Object { -not $_.Enabled } | ForEach-Object { $_.Domain } # Create an instance of CISAuditResult and populate it $auditResult = [CISAuditResult]::new() $auditResult.Status = if ($dkimResult) { "Pass" } else { "Fail" } $auditResult.ELevel = "E3" $auditResult.ProfileLevel = "L1" $auditResult.Rec = "2.1.9" $auditResult.RecDescription = "Ensure that DKIM is enabled for all Exchange Online Domains" $auditResult.CISControlVer = "v8" $auditResult.CISControl = "9.5" $auditResult.CISDescription = "Implement DMARC" $auditResult.IG1 = $false $auditResult.IG2 = $true $auditResult.IG3 = $true $auditResult.Result = $dkimResult $auditResult.Details = if (-not $dkimResult) { "DKIM not enabled for: $($dkimFailedDomains -join ', ')" } else { "All domains have DKIM enabled" } $auditResult.FailureReason = if (-not $dkimResult) { "DKIM is not enabled for some domains" } else { "N/A" } $auditResults += $auditResult } end { # Return auditResults return $auditResults } } |