tests/Test-TeamsExternalAccess.ps1
|
function Test-TeamsExternalAccess { [CmdletBinding()] param ( # Aligned # Parameters can be defined here if needed ) begin { # Dot source the class script if necessary #. .\source\Classes\CISAuditResult.ps1 # Initialization code, if needed $auditResult = [CISAuditResult]::new() } process { # 8.2.1 (L1) Ensure 'external access' is restricted in the Teams admin center # Connect to Teams PowerShell using Connect-MicrosoftTeams $externalAccessConfig = Get-CsTenantFederationConfiguration $allowedDomainsLimited = $false if ($externalAccessConfig.AllowFederatedUsers -and $externalAccessConfig.AllowedDomains -and $externalAccessConfig.AllowedDomains.AllowedDomain.Count -gt 0) { $allowedDomainsLimited = $true } # Check if the configurations are as recommended $isCompliant = -not $externalAccessConfig.AllowTeamsConsumer -and -not $externalAccessConfig.AllowPublicUsers -and (-not $externalAccessConfig.AllowFederatedUsers -or $allowedDomainsLimited) # Create an instance of CISAuditResult and populate it $params = @{ Rec = "8.2.1" Result = $isCompliant Status = if ($isCompliant) { "Pass" } else { "Fail" } Details = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited" FailureReason = if (-not $isCompliant) { "One or more external access configurations are not compliant." } else { "N/A" } } $auditResult = Initialize-CISAuditResult @params } end { # Return auditResult return $auditResult } } |