MCCA.psm1
|
#Requires -Version 5.1 <# .SYNOPSIS MCCA - Microsoft Compliance Configuration Analyzer (MCCA) .DESCRIPTION .NOTES Neha Pandey Senior Software Engineer - Microsoft Kritika Mishra Software Engineer - Microsoft Output report uses open source components for HTML formatting - bootstrap - MIT License - https://getbootstrap.com/docs/4.0/about/license/ - fontawesome - CC BY 4.0 License - https://fontawesome.com/license/free ############################################################################ This sample script is not supported under any Microsoft standard support program or service. This sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample script and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script or documentation, even if Microsoft has been advised of the possibility of such damages. ############################################################################ .LINK about_functions_advanced #> [bool] $global:ErrorOccurred = $false # TelemetryEnabled [bool] $global:TelemetryEnabled = $false [string] $global:EnvironmentName = "" function Get-MCCADirectory { <# Gets or creates the MCCA directory in AppData #> If ($IsWindows) { $Directory = "$($env:LOCALAPPDATA)\Microsoft\MCCA" } elseif ($IsLinux -or $IsMac) { $Directory = "$($env:HOME)/MCCA" } else { $Directory = "$($env:LOCALAPPDATA)\Microsoft\MCCA" } If (Test-Path $Directory) { Return $Directory } else { mkdir $Directory | out-null Return $Directory } } Function Invoke-MCCAConnections { Param ( [String]$ExchangeEnvironmentName, [String]$LogFile ) try { try { $ExchangeVersion = (Get-InstalledModule -name "ExchangeOnlineManagement" -ErrorAction:SilentlyContinue | Sort-Object Version -Desc)[0].Version } catch { $ExchangeVersion = "Error" write-host "$(Get-Date) Exchange Online Management module is not installed. Installing.." Write-Verbose "Installing ExchangeOnlineManagement" Install-Module -Name "ExchangeOnlineManagement" -force } if ($ExchangeVersion -eq "Error") { $ExchangeVersion = (Get-InstalledModule -name "ExchangeOnlineManagement" -ErrorAction:SilentlyContinue | Sort-Object Version -Desc)[0].Version } if ("$ExchangeVersion" -lt "2.0.3") { write-host "$(Get-Date) Your Exchange Online Management module is not updated. Updating.." Update-Module -Name "ExchangeOnlineManagement" -RequiredVersion 2.0.3 } $userName = Read-Host -Prompt 'Input the user name' -ErrorAction:SilentlyContinue $InfoMessage = "Connecting to Exchange Online (Modern Module).." Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue Connect-ExchangeOnline -Prefix EXOP -UserPrincipalName $userName -ExchangeEnvironmentName $ExchangeEnvironmentName -ShowBanner:$false -ErrorAction:SilentlyContinue -WarningAction:SilentlyContinue } catch { Write-Host "Error:$(Get-Date) There was an issue in connecting to Exchange Online. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } try { switch ($ExchangeEnvironmentName) { #O365China { } #O365GermanyCloud { $ConnectionUri = 'https://ps.compliance.protection.outlook.de/' } O365USGovDoD { $ConnectionUri = 'https://l5.ps.compliance.protection.office365.us/powershell-liveid/' } O365USGovGCCHigh { $ConnectionUri = 'https://ps.compliance.protection.office365.us/powershell-liveid/' } Default { $ConnectionUri = '' } } $InfoMessage = "Connecting to Security & Compliance Center" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue if ($ConnectionUri -eq '') { Connect-IPPSSession -UserPrincipalName $userName -ErrorAction:SilentlyContinue -WarningAction:SilentlyContinue } else { Connect-IPPSSession -UserPrincipalName $userName -ConnectionUri $ConnectionUri -ErrorAction:SilentlyContinue -WarningAction:SilentlyContinue } try { $statusCode = wget http://aka.ms/mcca-execution -Method head | % { $_.StatusCode } }catch {} } catch { Write-Host "Error:$(Get-Date) There was an issue in connecting to Security & Compliance Center. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue throw 'There was an issue in connecting to Security & Compliance Center. Please try running the tool again after some time.' } } enum CheckType { ObjectPropertyValue PropertyValue } [Flags()] enum MCCAService { DLP = 1 OATP = 2 } enum MCCAConfigLevel { None = 0 Recommendation = 4 Ok = 5 Informational = 10 TooStrict = 15 } enum MCCAResult { Pass = 1 Recommendation = 2 Fail = 3 } Class MCCACheckConfig { MCCACheckConfig() { # Constructor $this.Results += New-Object -TypeName MCCACheckConfigResult -Property @{ Level = [MCCAConfigLevel]::Recommendation } $this.Results += New-Object -TypeName MCCACheckConfigResult -Property @{ Level = [MCCAConfigLevel]::Ok } $this.Results += New-Object -TypeName MCCACheckConfigResult -Property @{ Level = [MCCAConfigLevel]::Informational } $this.Results += New-Object -TypeName MCCACheckConfigResult -Property @{ Level = [MCCAConfigLevel]::TooStrict } } # Set the result for this mode SetResult([MCCAConfigLevel]$Level, $Result) { ($this.Results | Where-Object { $_.Level -eq $Level }).Value = $Result # The level of this configuration should be its strongest result (e.g if its currently Ok and we have a Informational pass, we should make the level Informational) if ($Result -eq "Pass" -and ($this.Level -lt $Level -or $this.Level -eq [MCCAConfigLevel]::None)) { $this.Level = $Level } elseif ($Result -eq "Fail" -and ($Level -eq [MCCAConfigLevel]::Recommendation -and $this.Level -eq [MCCAConfigLevel]::None)) { $this.Level = $Level } } $Check $Object $ConfigItem $ConfigData $InfoText [string]$RemediationAction = "" [array]$Results [MCCAConfigLevel]$Level } Class MCCACheckConfigResult { [MCCAConfigLevel]$Level = [MCCAConfigLevel]::Ok $Value } Class MCCARemediationInfo { [bool]$RemediationAvailable = $false [string]$RemediationText = "" } Class MCCACheck { <# Check definition The checks defined below allow contextual information to be added in to the report HTML document. - Control : A unique identifier that can be used to index the results back to the check - Area : The area that this check should appear within the report - PassText : The text that should appear in the report when this 'control' passes - FailRecommendation : The text that appears as a title when the 'control' fails. Short, descriptive. E.g "Do this" - Importance : Why this is important - ExpandResults : If we should create a table in the callout which points out which items fail and where - ObjectType : When ExpandResults is set to, For Object, Property Value checks - what is the name of the Object, e.g a Spam Policy - ItemName : When ExpandResults is set to, what does the check return as ConfigItem, for instance, is it a Transport Rule? - DataType : When ExpandResults is set to, what type of data is returned in ConfigData, for instance, is it a Domain? #> [Array] $Config = @() [string] $Control [string] $ParentArea [String] $Area [String] $Name [String] $PassText [String] $FailRecommendation [Boolean] $ExpandResults = $false [String] $ObjectType [String] $ItemName [String] $DataType [String] $Importance [MCCAService]$Services = [MCCAService]::DLP [CheckType] $CheckType = [CheckType]::PropertyValue [MCCARemediationInfo] $MCCARemediationInfo [string] $LogFile [string] $ExchangeEnvironmentNameForCheck = $global:EnvironmentName $Links $MCCAParams [MCCAResult] $Result = [MCCAResult]::Pass [int] $FailCount = 0 [int] $PassCount = 0 [int] $InfoCount = 0 [Boolean] $Completed = $false # Overridden by check GetResults($Config) { } AddConfig([MCCACheckConfig]$Config) { $this.Config += $Config $this.FailCount = @($this.Config | Where-Object { $_.Level -eq [MCCAConfigLevel]::None }).Count $this.PassCount = @($this.Config | Where-Object { $_.Level -eq [MCCAConfigLevel]::Ok -or $_.Level -eq [MCCAConfigLevel]::Informational }).Count $this.InfoCount = @($this.Config | Where-Object { $_.Level -eq [MCCAConfigLevel]::Recommendation }).Count If ($this.FailCount -eq 0 -and $this.InfoCount -eq 0) { $this.Result = [MCCAResult]::Pass } elseif ($this.FailCount -eq 0 -and $this.InfoCount -gt 0) { $this.Result = [MCCAResult]::Recommendation } else { $this.Result = [MCCAResult]::Fail } } # Run Run($Config) { Write-Host "$(Get-Date) Analysis - $($this.Area) - $($this.Name)" $this.GetResults($Config) # If there is no results to expand, turn off ExpandResults if ($this.Config.Count -eq 0) { $this.ExpandResults = $false } } } Class MCCAOutput { [String] $Name [Boolean] $Completed = $False $VersionCheck $DefaultOutputDirectory $Result # Function overridden RunOutput($Checks, $Collection) { } Run($Checks, $Collection) { $this.RunOutput($Checks, $Collection) $this.Completed = $True } } Class RemediationAction { [String] $Name [Boolean] $Completed = $False $VersionCheck $DefaultOutputDirectory $Result # Function overridden RunOutput($Checks, $Collection) { } Run($Checks, $Collection) { $this.RunOutput($Checks, $Collection) $this.Completed = $True } } Function Get-MCCACheckDefs { Param ( [string]$LogFile, $MCCAParams, $Collection ) $Checks = @() # Load individual check definitions $CheckFiles = Get-ChildItem "$PSScriptRoot\Checks" # DLP check file full name $DLPCheckFileName = $null #Setting DLP check file name ForEach ($CheckFile in $CheckFiles) { if (($CheckFile.BaseName -match '^check-(.*)$') -and ($matches[1] -like "DLP")) { $DLPCheckFileName = $CheckFile.FullName } } #Creating DLP check objects for each improvement actions #read xml doc if ($($Collection["GetRequiredSolution"]) -icontains "DLP") { [xml]$CheckData = Get-Content "$PSScriptRoot\DLPImprovementActions\ActionsInformation.xml" if ($null -eq $CheckData -or $CheckData -eq "") { Write-Host "$(Get-Date) ActionsInformation.xml file does not exist/is corrupt in $PSScriptRoot\DLPImprovementActions\ActionsInformation.xml." -ForegroundColor Orange } if ($null -ne $DLPCheckFileName -or $DLPCheckFileName -ne "") { Write-Verbose "Importing DLP" . $DLPCheckFileName foreach ($Item in $CheckData.ImprovementActions.ActionItem) { #List of SIT $ListOfSIT = @() $AllSITS = $Item.SITs.SIT #Adding custom SITS <# if($($Collection["GetDLPCustomSIT"]) -ne "Error") { $CustomSIT = $($Collection["GetDLPCustomSIT"]).Name foreach ($sit in $CustomSIT) { $ListOfSIT += $sit } } #> if ($($Collection["GetOrganisationRegion"]) -eq "Error") { foreach ($sit in $AllSITS) { $ListOfSIT += $sit.InnerText } } else { foreach ($sit in $AllSITS) { if ($($Collection["GetOrganisationRegion"]) -contains $($sit.Geo)) { $ListOfSIT += $sit.InnerText } } } #Hash table of links $LinksInfo = @{} if ($global:EnvironmentName -ieq "O365USGovGCCHigh") { $AllLinks = $Item.GCCLinks.Link } elseif ($global:EnvironmentName -ieq "O365USGovDoD") { $AllLinks = $Item.DODLinks.Link } else { $AllLinks = $Item.Links.Link } foreach ($url in $AllLinks) { $LinksInfo[$url.LinkText] = $url.ActualURL } $InfoParams = @{} $InfoParams["Control"] = $Item.CheckName $InfoParams["ParentArea"] = $Item.ParentArea $InfoParams["Area"] = $Item.Area $InfoParams["Name"] = $Item.Name $InfoParams["RemediationPolicyName"] = $Item.RemediationPolicyName $InfoParams["PassText"] = $Item.PassText $InfoParams["FailRecommendation"] = $Item.FailRecommendation $InfoParams["Importance"] = $Item.Importance $InfoParams["SIT"] = $ListOfSIT $InfoParams["Links"] = $LinksInfo $Check = New-Object -TypeName "DLP" -ArgumentList $InfoParams # Set the MCCAParams $Check.MCCAParams = $MCCAParams $Check.LogFile = $LogFile $Checks += $Check } } } # Creating Non-DLP check objects for each improvement actions ForEach ($CheckFile in $CheckFiles) { if ($CheckFile.BaseName -match '^check-(.*)$' -and ($matches[1] -notlike "DLP")) { $solutioname = $matches[1] $length = $solutioname.length $solutioname = $solutioname.substring(0, $length - 3) if (($null -ne $($Collection["GetRequiredSolution"])) -and ($($Collection["GetRequiredSolution"]) -icontains "$solutioname")) { Write-Verbose "Importing $($matches[1])" . $CheckFile.FullName $Check = New-Object -TypeName $matches[1] # Set the MCCAParams $Check.MCCAParams = $MCCAParams $Check.LogFile = $LogFile $Checks += $Check } } } ForEach ($CheckFile in $CheckFiles) { if ($CheckFile.BaseName -match '^check-(.*)$' -and ($matches[1] -like "ComplianceManager")) { #write-host "abc" Write-Verbose "Importing $($matches[1])" . $CheckFile.FullName $Check = New-Object -TypeName $matches[1] # Set the MCCAParams $Check.MCCAParams = $MCCAParams $Check.LogFile = $LogFile $Checks += $Check } } $Checks = $Checks | Sort-Object -Property @{ expression = 'ParentArea' ; descending = $true }, @{expression = 'Area' ; descending = $false } Return $Checks } Function Get-MCCARemediationAction { Param ( $VersionCheck ) $RemediationActions = @() # Load individual check definitions $RemediationActionOutputFiles = Get-ChildItem "$PSScriptRoot\Remediation" ForEach ($RemediationActionOutputFile in $RemediationActionOutputFiles) { if ($RemediationActionOutputFile.BaseName -match '^remediation(.*)$') { Write-Verbose "Importing $($matches[1])" . $RemediationActionOutputFile.FullName $RemediationAction = New-Object -TypeName $matches[1] # For default output directory $RemediationAction.DefaultOutputDirectory = Get-MCCADirectory # Provide versioncheck $RemediationAction.VersionCheck = $VersionCheck $RemediationActions += $RemediationAction } } Return $RemediationActions } Function Get-MCCAOutputs { Param ( $VersionCheck, $Modules, $Options ) $Outputs = @() # Load individual check definitions $OutputFiles = Get-ChildItem "$PSScriptRoot\Outputs" ForEach ($OutputFile in $OutputFiles) { if ($OutputFile.BaseName -match '^output-(.*)$') { # Determine if this type should be loaded If ($Modules -contains $matches[1]) { Write-Verbose "Importing $($matches[1])" . $OutputFile.FullName $Output = New-Object -TypeName $matches[1] # Load any of the options in to the module If ($Options) { If ($Options[$matches[1]].Keys) { ForEach ($Opt in $Options[$matches[1]].Keys) { # Ensure this property exists before we try set it and get a null ref error $ModProperties = $($Output | Get-Member | Where-Object { $_.MemberType -eq "Property" }).Name If ($ModProperties -contains $Opt) { $Output.$Opt = $Options[$matches[1]][$Opt] } else { Throw("There is no option $($Opt) on output module $($matches[1])") } } } } # For default output directory $Output.DefaultOutputDirectory = Get-MCCADirectory # Provide versioncheck $Output.VersionCheck = $VersionCheck $Outputs += $Output } } } Return $Outputs } # Get DLP settings Function Get-DataLossPreventionSettings { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetDlpComplianceRule"] = Get-DlpComplianceRule -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage $Collection["GetDLPCustomSIT"] = Get-DlpSensitiveInformationType -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage | Where-Object { $_.Publisher -ne "Microsoft Corporation" } $Collection["GetDlpCompliancePolicy"] = Get-DlpCompliancePolicy -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetDlpComplianceRule"] = "Error" $Collection["GetDLPCustomSIT"] = "Error" $Collection["GetDlpCompliancePolicy"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching Data Loss Prevention information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } # Get Information Protection settings Function Get-InformationProtectionSettings { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetLabel"] = Get-Label -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage try { $Collection["GetLabelPolicy"] = Get-LabelPolicy -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage } catch { $Collection["GetLabelPolicy"] = "Error" } Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetLabel"] = "Error" $Collection["GetLabelPolicy"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching Information Protection information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetAutoSensitivityLabelPolicy"] = Get-AutoSensitivityLabelPolicy -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetAutoSensitivityLabelPolicy"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching AutoSensitivity Label Policy information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetIRMConfiguration"] = Get-EXOPIRMConfiguration -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetIRMConfiguration"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching IRM Configuration information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } # Get Communication Compliance settings Function Get-CommunicationComplianceSettings { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetSupervisoryReviewPolicyV2"] = Get-SupervisoryReviewPolicyV2 -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage try { $Collection["GetSupervisoryReviewOverallProgressReport"] = Get-SupervisoryReviewOverallProgressReport -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage } catch { $Collection["GetSupervisoryReviewOverallProgressReport"] = "Error" } Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetSupervisoryReviewPolicyV2"] = "Error" $Collection["GetSupervisoryReviewOverallProgressReport"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching Communication Compliance information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } # Get Information Governance settings Function Get-InformationGovernanceSettings { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetRetentionCompliancePolicy"] = Get-RetentionCompliancePolicy -DistributionDetail -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage $Collection["GetRetentionComplianceRule"] = Get-RetentionComplianceRule -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage $Collection["GetComplianceTag"] = Get-ComplianceTag -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetRetentionCompliancePolicy"] = "Error" $Collection["GetRetentionComplianceRule"] = "Error" $Collection["GetComplianceTag"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching Retention Compliance information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } # Get Audit settings Function Get-AuditSettings { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetAdminAuditLogConfig"] = Get-EXOPAdminAuditLogConfig -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetAdminAuditLogConfig"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching Audit Configuration information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } #get eDiscovery Function Get-eDiscoverySettings { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetComplianceCase"] = Get-ComplianceCase -CaseType AdvancedEdiscovery -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage $Collection["GetComplianceCaseCore"] = Get-ComplianceCase -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetComplianceCase"] = "Error" $Collection["GetComplianceCaseCore"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching Audit Configuration information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } #Get Insider Risk Management Settings Function Get-InsiderRiskManagementSettings { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetInsiderRiskPolicy"] = Get-InsiderRiskPolicy -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetInsiderRiskPolicy"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching Insider Risk Management information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } # Get Accepted Domains Function Get-AcceptedDomains { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["AcceptedDomains"] = Get-EXOPAcceptedDomain -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["AcceptedDomains"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching tenant name information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } #Get Alert Policies Function Get-AlertPolicies { Param( $Collection, [string]$LogFile ) try { [System.Collections.ArrayList]$WarnMessage = @() $Collection["GetProtectionAlert"] = Get-ProtectionAlert | Where-Object { $_.Severity -eq "High" } -ErrorAction:SilentlyContinue -WarningVariable +WarnMessage Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetProtectionAlert"] = "Error" Write-Host "Error:$(Get-Date) There was an issue in fetching Alert Policies Configuration information. Please try running the tool again after some time." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } #Get Organisation Region Function Get-OrganisationRegion { Param( $Collection, [string]$LogFile, [System.Collections.ArrayList] $GeoList ) try { [System.Collections.ArrayList]$WarnMessage = @() [System.Collections.ArrayList] $RegionNamesList = @() $Collection["GetOrganisationConfig"] = Get-EXOPOrganizationConfig -ErrorAction:SilentlyContinue if ($($GeoList.Count) -gt 0) { $Collection["GetOrganisationRegion"] = $GeoList $Collection["GetOrganisationRegion"].add("INTL") | out-null } else { $RegionsList = $Collection["GetOrganisationConfig"].AllowedMailboxRegions foreach ($region in $RegionsList) { $RegionName = $($region.Split("="))[0] $RegionName = $RegionName.ToUpper() $RegionNamesList.add($RegionName) | Out-Null } $Collection["GetOrganisationRegion"] = $RegionNamesList $Collection["GetOrganisationRegion"].add("INTL") | out-null } Write-Log -IsWarn -WarnMessage $WarnMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { $Collection["GetOrganisationConfig"] = "Error" if ($($GeoList.Count) -gt 0) { $Collection["GetOrganisationRegion"] = $GeoList $Collection["GetOrganisationRegion"].add("INTL") | out-null } else { $Collection["GetOrganisationRegion"] = "Error" Write-Host "Warning:$(Get-Date) There was an issue in fetching your tenant's geolocation. The generated report will have recommendations for all geos across the globe." -ForegroundColor:Yellow } $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Return $Collection } #Get Solution Config Function Get-PersonalizedSolution { Param( $Collection, [string]$LogFile, [System.Collections.ArrayList] $SolutionList ) [System.Collections.ArrayList] $SolutionsList = @() if ($($SolutionList.Count) -gt 0) { $Collection["GetRequiredSolution"] = $SolutionList $Collection["GetRequiredSolution"].add("INTL") | out-null } else { $SolutionTable = Get-SolutionTable [int] $count = 1 while ($count -le 8) { $SolutionList.add($($($SolutionTable[$count]).Code)) | out-null $count = $count + 1 } $Collection["GetRequiredSolution"] = $SolutionsList $Collection["GetRequiredSolution"].add("INTL") | out-null } Return $Collection } # Get user configurations Function Get-MCCACollection { Param ( [String]$LogFile, [System.Collections.ArrayList] $GeoList, [System.Collections.ArrayList] $SolutionList ) $Collection = @{} [MCCAService]$Collection["Services"] = [MCCAService]::DLP try { Write-EXOPAdminAuditLog -Comment "MCCA Started at- $(Get-Date)" } catch { $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } if ($SolutionList -icontains "DLP") { $InfoMessage = "Getting DLP Settings" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-DataLossPreventionSettings -Collection $Collection -LogFile $LogFile } if ($SolutionList -icontains "IP") { $InfoMessage = "Getting Information Protection Settings" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-InformationProtectionSettings -Collection $Collection -LogFile $LogFile } if ($SolutionList -icontains "CC") { $InfoMessage = "Getting Communication Compliance Settings" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-CommunicationComplianceSettings -Collection $Collection -LogFile $LogFile } if (($SolutionList -icontains "IG") -or ($SolutionList -icontains "RM")) { $InfoMessage = "Getting Information Governance Settings" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-InformationGovernanceSettings -Collection $Collection -LogFile $LogFile } if ($SolutionList -icontains "Audit" ) { $InfoMessage = "Getting Audit Settings" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-AuditSettings -Collection $Collection -LogFile $LogFile } if ($SolutionList -icontains "eDiscovery") { $InfoMessage = "Getting eDiscovery Settings" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-eDiscoverySettings -Collection $Collection -LogFile $LogFile } if ($SolutionList -icontains "IRM") { $InfoMessage = "Getting Insider Risk Management Settings" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-InsiderRiskManagementSettings -Collection $Collection -LogFile $LogFile } $InfoMessage = "Getting Accepted Domains" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-AcceptedDomains -Collection $Collection -LogFile $LogFile $InfoMessage = "Getting Alert Policies Settings" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-AlertPolicies -Collection $Collection -LogFile $LogFile $InfoMessage = "Getting Organization's region information" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-OrganisationRegion -GeoList $GeoList -Collection $Collection -LogFile $LogFile $InfoMessage = "Getting Organization's solution preference information" Write-Host "$(Get-Date) $InfoMessage" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-PersonalizedSolution -SolutionList $SolutionList -Collection $Collection -LogFile $LogFile Return $Collection } Function Get-MCCAReport { <# .SYNOPSIS The Microsoft Compliance Configuration Analyzer (MCCA) .DESCRIPTION Microsoft Compliance Configuration Analyzer (MCCA) The Get-MCCAReport command generates a HTML report highlighting known issues in your compliance configurations in achieving data protection guidelines and recommends best practices to follow. Output report uses open source components for HTML formatting: - Bootstrap - MIT License https://getbootstrap.com/docs/4.0/about/license/ - Fontawesome - CC BY 4.0 License - https://fontawesome.com/license/free .PARAMETER NoVersionCheck Prevents MCCA from determining if it's running the latest version. It's always very important to be running the latest version of MCCA. We will change guidelines as the product and the recommended practices article changes. Not running the latest version might provide recommendations that are no longer valid. .PARAMETER TurnOffDataCollection Disables data collection. It can be used by users who wish to turn off data collection by Microsoft. Turning it off will delete the UserConsent file present in the output Report folder and ultimately will not consider acceptance in further running instance of the tool. .PARAMETER Geo This will generate a report based on the geolocations entered by you.You need to input appropriate numbers from the following list corresponding to the regions. Input Region 1 Asia-Pacific 2 Australia 3 Canada 4 Europe (excl. France) / Middle East / Africa 5 France 6 India 7 Japan 8 Korea 9 North America (excl. Canada) 10 South America 11 South Africa 12 Switzerland 13 United Arab Emirates 14 United Kingdom .PARAMETER Solution This will generate a report only for the solutions entered by you. You need to input appropriate numbers from the following list corresponding to the solution. Input Solution 1 Data Loss Prevention 2 Information Protection 3 Information Governance 4 Records Management 5 Communication Compliance 6 Insider Risk Management 7 Audit 8 eDiscovery .PARAMETER ExchangeEnvironmentName This will generate MCCA report for Security & Compliance Center PowerShell in a Microsoft 365 DoD organization or Microsoft GCC High organization O365USGovDoD This will generate MCCA report for Security & Compliance Center PowerShell in a Microsoft 365 DoD organization. O365USGovGCCHigh This will generate MCCA report for Security & Compliance Center PowerShell in a Microsoft GCC High organization. .PARAMETER Collection Internal only. .EXAMPLE Get-MCCAReport This will generate a customized report based on the geolocation of your tenant. If an error occurs while fetching your tenant's geolocation, you will get a report covering all supported geolocations. .EXAMPLE Get-MCCAReport -Geo @(1,7) This will generate a customized report based on the geolocations entered by you. .EXAMPLE Get-MCCAReport -Solution @(1,7) This will generate a customized report for the solutions entered by you. .EXAMPLE Get-MCCAReport -Solution @(1,7) -Geo @(9) This will generate a report only on for the solutions entered by you and based on the regions you have selected. #> Param( [CmdletBinding()] [Switch]$NoVersionCheck, [Switch]$TurnOffDataCollection, [System.Collections.ArrayList] $Geo = @(), [System.Collections.ArrayList] $Solution = @(), [string][validateset('O365Default', 'O365USGovDoD', 'O365USGovGCCHigh')] $ExchangeEnvironmentName = 'O365Default', $Collection ) $OutputDirectoryName = Get-MCCADirectory if(($TurnOffDataCollection -eq $true) -and ($(Test-Path -Path "$OutputDirectoryName\UserConsent.txt" -PathType Leaf) -eq $true)) { Remove-Item "$OutputDirectoryName\UserConsent.txt" } if ((Test-Path -Path "$OutputDirectoryName\UserConsent.txt" -PathType Leaf) -and ($(Get-Content "$OutputDirectoryName\UserConsent.txt") -ieq "Yes")) { $global:TelemetryEnabled = $true } else { $cntOfIterations = 1 Write-Host "Data Collection: The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices." -ForegroundColor Yellow while ($cntOfIterations -lt 3) { Write-Host "Do you accept(Y/N):" -NoNewline -ForegroundColor Yellow $telemetryConsent = Read-Host -ErrorAction:SilentlyContinue $telemetryConsent = $telemetryConsent.Trim() if (($telemetryConsent -ieq "y") -or ($telemetryConsent -ieq "yes")) { if (Test-Path -Path "$OutputDirectoryName\UserConsent.txt" -PathType Leaf) { Remove-Item "$OutputDirectoryName\UserConsent.txt" } New-Item "$OutputDirectoryName\UserConsent.txt" | Out-Null Set-Content "$OutputDirectoryName\UserConsent.txt" 'Yes' $global:TelemetryEnabled = $true break } elseif (($telemetryConsent -ieq "n") -or ($telemetryConsent -ieq "no")) { break } Write-Host "Invalid input! Please try again." -ForegroundColor Red $cntOfIterations += 1 } if ($cntOfIterations -eq 3) { return } } $global:EnvironmentName = $ExchangeEnvironmentName $LogDirectory = "$OutputDirectoryName\Logs" $FileName = "MCCA-$(Get-Date -Format 'yyyyMMddHHmmss').log" $LogFile = "$LogDirectory\$FileName" #Creating the logfiles folder if not present if ($(Test-Path -Path $LogDirectory) -eq $false) { New-Item -Path $LogDirectory -ItemType Directory -ErrorAction:SilentlyContinue | Out-Null #Creating the logfile New-Item -Path $LogFile -ItemType File -ErrorAction:SilentlyContinue | Out-Null } else { New-Item -Path $LogFile -ItemType File -ErrorAction:SilentlyContinue | Out-Null } #Check if log file exists if ($(Test-Path -Path $LogFile) -eq $False) { Write-Host "$(Get-Date) Log file cannot be created." -ForegroundColor:Red } Write-Log -MachineInfo -LogFile $LogFile -ErrorAction:SilentlyContinue if (($(Get-GeoAcceptance -Geo $Geo) -eq $false ) -and ($(Get-SolutionAcceptance -Solution $Solution) -eq $false)) { Show-GeoOptions Show-SolutionOptions return } #Get actual region names [System.Collections.ArrayList] $GeoList = @() if (($(Get-GeoAcceptance -Geo $Geo) -eq $false )) { Show-GeoOptions return } else { #Number To Region Mapping $NumberToRegionMapping = Get-NumberRegionMappingHashTable #Mapping numbers to the actual region foreach ($RegionNumber in $Geo) { [string] $RegionName = $NumberToRegionMapping[$RegionNumber].Code $GeoList.add($RegionName) | out-null } } #Get actual region names [System.Collections.ArrayList] $SolutionList = @() if ($(Get-SolutionAcceptance -Solution $Solution) -eq $false) { Show-SolutionOptions return } else { $ShowSolutionList = "" $SolutionTable = Get-SolutionTable if ($Solution.count -gt 0) { foreach ($count in $Solution) { [string] $Name = "$($($SolutionTable[$count]).Code)" #write-host "$Name" $SolutionList.add($Name) | out-null $ShowSolutionList += "$($($SolutionTable[$count]).FullName), " } $ShowSolutionList = $ShowSolutionList.TrimEnd(", ") } else { [int] $count = 1 while ($count -le 8) { $SolutionList.add($($($SolutionTable[$count]).Code)) | out-null $count = $count + 1 } $ShowSolutionList += "All Solutions" } } # Easy to use for quick MCCA report to HTML If ($NoVersionCheck) { $PerformVersionCheck = $False } Else { $PerformVersionCheck = $True } try { $Result = Invoke-MCCA -PerformVersionCheck $PerformVersionCheck -Collection $Collection -Output @("HTML") -GeoList $GeoList -SolutionList $SolutionList -LogFile $LogFile -ExchangeEnvironmentName $ExchangeEnvironmentName-ErrorAction:SilentlyContinue $InfoMessage = "Complete! Output is in $($Result.Result)" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue Write-Host "$(Get-Date) $InfoMessage" try { Write-EXOPAdminAuditLog -Comment "MCCA Completed at - $(Get-Date)" } catch { $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } Write-Log -StopInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } catch { Write-Host "Error:$(Get-Date) There was an issue in running the tool. Please try running the tool again after some time." -ForegroundColor:Red Write-Host "Please refer documentation for more details. If the issue persists, please write to us at MCCAhelp@microsoft.com." -ForegroundColor:Red $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } try { Disconnect-ExchangeOnline -Confirm:$false -ErrorAction:SilentlyContinue } catch { } } Function Invoke-MCCA { Param( [CmdletBinding()] [Boolean]$PerformVersionCheck = $True, $Output, $OutputOptions, $Collection, [System.Collections.ArrayList] $GeoList = @(), [System.Collections.ArrayList] $SolutionList = @(), [String]$LogFile ) $InfoMessage = "MCCA Started" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue # Version check If ($PerformVersionCheck) { $InfoMessage = "Version Check Started" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $VersionCheck = Invoke-MCCAVersionCheck $InfoMessage = "Version Check Completed" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } $InfoMessage = "Establishing Connections" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue Invoke-MCCAConnections -LogFile $LogFile -ExchangeEnvironmentName $ExchangeEnvironmentName $InfoMessage = "Connections Established" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue # Get the collection in to memory. For testing purposes, we support passing the collection as an object If ($Null -eq $Collection) { $InfoMessage = "Fetching User Configurations" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Collection = Get-MCCACollection -GeoList $GeoList -SolutionList $SolutionList -LogFile $LogFile $InfoMessage = "User Configurations Fetched" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue } # Get the output modules $InfoMessage = "Creating Output Objects" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $OutputModules = Get-MCCAOutputs -VersionCheck $VersionCheck -Modules $Output -Options $OutputOptions $InfoMessage = "Output Objects Created" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue # Get the object of MCCA checks $InfoMessage = "Creating Check Objects" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $Checks = Get-MCCACheckDefs -MCCAParams $MCCAParams -Collection $Collection -LogFile $LogFile $InfoMessage = "Check Objects Created" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue # Perform checks inside classes/modules ForEach ($Check in ($Checks | Sort-Object Area)) { # Run DLP checks by default if ($check.Services -band [MCCAService]::DLP) { $Check.Run($Collection) } } # Get the Remedition Steps $InfoMessage = "Creating Remediation Objects" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $RemediationActionModules = Get-MCCARemediationAction -VersionCheck $VersionCheck $InfoMessage = "Remediation Objects Created" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue ForEach ($a in $RemediationActionModules) { $a.Run($Checks, $Collection) } $TenantGeoLocations = $Collection["GetOrganisationRegion"] | Where-Object { $_ -ne "INTL" } if ($TenantGeoLocations -ne "Error") { $RegionString = "" $NumberToRegionMapping = Get-NumberRegionMappingHashTable foreach ($Region in $TenantGeoLocations) { foreach ($Numbers in $($NumberToRegionMapping.Keys)) { if ($($NumberToRegionMapping[$Numbers].Code) -eq $Region) { if ($RegionString -eq "") { $RegionString += "$($NumberToRegionMapping[$Numbers].Description)" } else { $RegionString += ", $($NumberToRegionMapping[$Numbers].Description)" } } } } } else { $RegionString = "" $RegionString += "All Geolocations" } $InfoMessage = "The following report is generated for following solutions:$ShowSolutionList" Write-Host "$(Get-Date) $InfoMessage" -ForegroundColor Yellow $InfoMessage = "The following report is for following geolocations:$RegionString" Write-Host "$(Get-Date) $InfoMessage" -ForegroundColor Yellow $OutputResults = @() $InfoMessage = "Generating Output" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue Write-Host "$(Get-Date) $InfoMessage" -ForegroundColor Green # Perform required outputs ForEach ($o in $OutputModules) { $o.Run($Checks, $Collection) $OutputResults += New-Object -TypeName PSObject -Property @{ Name = $o.name Completed = $o.completed Result = $o.Result } } # If Telemetry is enabled (For Customers), then collect telemetry if ($($global:TelemetryEnabled) -eq $true) { $InfoMessage = "Collecting Telemetry" Write-Log -IsInfo -InfoMessage $InfoMessage -LogFile $LogFile -ErrorAction:SilentlyContinue $MCCAVersion = $VersionCheck.Version.ToString() # Setting tenant name if ($Collection["AcceptedDomains"] -eq "Error") { $DomainName = "Error" } else { $DomainName = ($Collection["AcceptedDomains"] | Where-Object { $_.InitialDomain -eq $True }).DomainName } # Setting organization name if ($Collection["GetOrganisationConfig"] -eq "Error") { $OrganizationName = "Error" } else { $OrganizationName = $Collection["GetOrganisationConfig"].DisplayName } $SolutionSummaryResult = @{} ForEach ($Area in ($Checks | Where-Object { $_.Completed -eq $true } | Group-Object Area)) { if($($Area.Name) -eq "Compliance Manager") { continue } $Pass = @($Area.Group | Where-Object { $_.Result -eq "Pass" }).Count $Fail = @($Area.Group | Where-Object { $_.Result -eq "Fail" }).Count $Info = @($Area.Group | Where-Object { $_.Result -eq "Recommendation" }).Count $SolutionSummaryResult[$($Area.Name)] = New-Object -TypeName PSObject -Property @{ Pass = $Pass Info = $Info Fail = $Fail } } # Set the parameter for the URI $Parameters = @{ MCCAVersion = $MCCAVersion Domain = $DomainName Organization = $OrganizationName } $AllSolutions = Get-SolutionTable foreach ($solution in $($AllSolutions.Values.FullName)) { $solutionName = $solution -replace '\s', '' if ($SolutionSummaryResult.ContainsKey($solution)) { $Parameters.Add($($solutionName + "_Pass"), $SolutionSummaryResult[$solution].Pass) $Parameters.Add($($solutionName + "_Info"), $SolutionSummaryResult[$solution].Info) $Parameters.Add($($solutionName + "_Fail"), $SolutionSummaryResult[$solution].Fail) } else { $Parameters.Add($($solutionName + "_Pass"), 0) $Parameters.Add($($solutionName + "_Info"), 0) $Parameters.Add($($solutionName + "_Fail"), 0) } } $Parameters = $Parameters | ConvertTo-Json try { # URI and Function Key to trigger the Azure Function $URI = "https://mccatelemetryapp.azurewebsites.net/api/MCCATelemetryFunction " $FunctionKey = "LHHxbAAGfr/PN5yazKbRaBdz9QAYi4R5okyGN3AXRJzqJrV60HnxHQ==" try { # Set the header for the URI $Headers = @{ 'x-functions-key' = $FunctionKey } # Call the URI $ResponseMessage = Invoke-WebRequest -Uri $URI -Headers $Headers -ContentType "application/json" -Method POST -Body $Parameters -ErrorAction:SilentlyContinue Write-Log -IsInfo -InfoMessage $ResponseMessage -LogFile $LogFile -ErrorAction:SilentlyContinue Write-Host "$(Get-Date) $ResponseMessage" -ForegroundColor Yellow } catch { $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } } catch { $ErrorMessage = $_.ToString() $StackTraceInfo = $_.ScriptStackTrace Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue } } Return $OutputResults } function Invoke-MCCAVersionCheck { Param ( $Terminate ) Write-Host "$(Get-Date) Performing MCCA Version check... " # When detected we are running the preview release $Preview = $False try { $MCCAVersion = (Get-InstalledModule MCCA -ErrorAction:SilentlyContinue -WarningAction:SilentlyContinue | Sort-Object Version -Desc)[0].Version } catch { $MCCAVersion = (Get-InstalledModule MCCAPreview | Sort-Object Version -Desc)[0].Version if ($MCCAVersion) { $Preview = $True } } if ($Preview -eq $False) { $PSGalleryVersion = (Find-Module MCCA -Repository PSGallery -ErrorAction:SilentlyContinue -WarningAction:SilentlyContinue).Version } else { $PSGalleryVersion = (Find-Module MCCAPreview -Repository PSGallery -ErrorAction:SilentlyContinue -WarningAction:SilentlyContinue).Version } If ($PSGalleryVersion -gt $MCCAVersion) { $Updated = $False If ($Terminate) { Throw "MCCA is out of date. Your version is $MCCAVersion and the published version is $PSGalleryVersion. Run Update-Module MCCA ." } else { Write-Host "$(Get-Date) MCCA is out of date. Your version: $($MCCAVersion) published version is $($PSGalleryVersion)" } } else { $Updated = $True } Return New-Object -TypeName PSObject -Property @{ Updated = $Updated Version = $MCCAVersion GalleryVersion = $PSGalleryVersion Preview = $Preview } } #Creating log file and directory #Writing in log file function Write-Log { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [Switch]$IsError = $false, [Parameter(Mandatory = $false)] [Switch]$IsWarn = $false, [Parameter(Mandatory = $false)] [Switch]$IsInfo = $false, [Parameter(Mandatory = $false)] [Switch]$MachineInfo = $false, [Parameter(Mandatory = $false)] [Switch]$StopInfo = $false, [Parameter(Mandatory = $false)] [string]$ErrorMessage, [Parameter(Mandatory = $false)] [System.Collections.ArrayList]$WarnMessage, [Parameter(Mandatory = $false)] [string]$InfoMessage, [Parameter(Mandatory = $false)] [string]$StackTraceInfo, [String]$LogFile ) if ($MachineInfo) { $ComputerInfoObj = Get-ComputerInfo $CompName = $ComputerInfoObj.CsName $OSName = $ComputerInfoObj.OsName $OSVersion = $ComputerInfoObj.OsVersion $PowerShellVersion = $PSVersionTable.PSVersion try { "********************************************************************************************" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "Logging Started" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "Start time: $(Get-Date)" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "Computer Name: $CompName" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "Operating System Name: $OSName" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "Operating System Version: $OSVersion" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "PowerShell Version: $PowerShellVersion" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "********************************************************************************************" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue } catch { Write-Host "$(Get-Date) The local machine information cannot be logged." -ForegroundColor:Yellow } } if ($StopInfo) { try { "********************************************************************************************" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "Logging Ended" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "End time: $(Get-Date)" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "********************************************************************************************" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue if ($($global:ErrorOccurred) -eq $true) { Write-Host "Warning:$(Get-Date) The report generated may have reduced information due to errors in running the tool. These errors may occur due to multiple reasons. Please refer documentation for more details." -ForegroundColor:Yellow } } catch { Write-Host "$(Get-Date) The finishing time information cannot be logged." -ForegroundColor:Yellow } } #Error if ($IsError) { if ($($global:ErrorOccurred) -eq $false) { $global:ErrorOccurred = $true } $Log_content = "$(Get-Date) ERROR: $ErrorMessage" try { $Log_content | Out-File $LogFile -Append -ErrorAction:SilentlyContinue "TRACE: $StackTraceInfo" | Out-File $LogFile -Append -ErrorAction:SilentlyContinue } catch { Write-Host "$(Get-Date) An error event cannot be logged." -ForegroundColor:Yellow } } #Warning if ($IsWarn) { foreach ($Warnmsg in $WarnMessage) { $Log_content = "$(Get-Date) WARN: $Warnmsg" try { $Log_content | Out-File $LogFile -Append -ErrorAction:SilentlyContinue } catch { Write-Host "$(Get-Date) A warning event cannot be logged." -ForegroundColor:Yellow } } } #General if ($IsInfo) { $Log_content = "$(Get-Date) INFO: $InfoMessage" try { $Log_content | Out-File $LogFile -Append -ErrorAction:SilentlyContinue } catch { Write-Host "$(Get-Date) A general event cannot be logged." -ForegroundColor:Yellow } } } # Get the Number Region Mapping HashTable function Get-NumberRegionMappingHashTable { #Number To Region Mapping $NumberToRegionMapping = @{} $NumberToRegionMapping[1] = New-Object -TypeName PSObject -Property @{ Code = "APC" Description = "Asia-Pacific" } $NumberToRegionMapping[2] = New-Object -TypeName PSObject -Property @{ Code = "AUS" Description = "Australia" } $NumberToRegionMapping[3] = New-Object -TypeName PSObject -Property @{ Code = "CAN" Description = "Canada" } $NumberToRegionMapping[4] = New-Object -TypeName PSObject -Property @{ Code = "EUR" Description = "Europe (excl. France) / Middle East / Africa" } $NumberToRegionMapping[5] = New-Object -TypeName PSObject -Property @{ Code = "FRA" Description = "France" } $NumberToRegionMapping[6] = New-Object -TypeName PSObject -Property @{ Code = "IND" Description = "India" } $NumberToRegionMapping[7] = New-Object -TypeName PSObject -Property @{ Code = "JPN" Description = "Japan" } $NumberToRegionMapping[8] = New-Object -TypeName PSObject -Property @{ Code = "KOR" Description = "Korea" } $NumberToRegionMapping[9] = New-Object -TypeName PSObject -Property @{ Code = "NAM" Description = "North America (excl. Canada)" } $NumberToRegionMapping[10] = New-Object -TypeName PSObject -Property @{ Code = "LAM" Description = "South America" } $NumberToRegionMapping[11] = New-Object -TypeName PSObject -Property @{ Code = "ZAF" Description = "South Africa" } $NumberToRegionMapping[12] = New-Object -TypeName PSObject -Property @{ Code = "CHE" Description = "Switzerland" } $NumberToRegionMapping[13] = New-Object -TypeName PSObject -Property @{ Code = "ARE" Description = "United Arab Emirates" } $NumberToRegionMapping[14] = New-Object -TypeName PSObject -Property @{ Code = "GBR" Description = "United Kingdom" } return $NumberToRegionMapping } #Check if the geo param is in right format function Get-GeoAcceptance { param ( $Geo ) $LegitimateGeo = $Geo | Where-Object { ($_ -ge 1) -and ($_ -le 14) } return ($($LegitimateGeo.Count) -eq $($Geo.Count)) } # Display options for the user to choose function Show-GeoOptions { Write-Host "Error:$(Get-Date) Please input appropriate numbers from the following list corresponding to the regions for which you wish to customize the report & run the tool again." -ForegroundColor:Red #Number To Region Mapping $NumberToRegionMapping = Get-NumberRegionMappingHashTable Write-Host "*******************************************************************************" write-host "For Geo Location" Write-Host "*******************************************************************************" [int] $count = 1 while ($count -le 14) { Write-Host "$count--->$($($NumberToRegionMapping[$count]).Description)" $count = $count + 1 } Write-Host "*******************************************************************************" Write-Host "Example: Get-MCCAReport -Geo @(1,7) -Solution @(1,7)" Write-Host "or" Write-Host "Get-MCCAReport -Geo @(1,7)" Write-Host "" Write-Host "" } function Get-SolutionTable { #Number To Region Mapping $SolutionTable = @{} $SolutionTable[1] = New-Object -TypeName PSObject -Property @{ Code = "DLP" FullName = "Data Loss Prevention" } $SolutionTable[2] = New-Object -TypeName PSObject -Property @{ Code = "IP" FullName = "Information Protection" } $SolutionTable[3] = New-Object -TypeName PSObject -Property @{ Code = "IG" FullName = "Information Governance" } $SolutionTable[4] = New-Object -TypeName PSObject -Property @{ Code = "RM" FullName = "Records Management" } $SolutionTable[5] = New-Object -TypeName PSObject -Property @{ Code = "CC" FullName = "Communication Compliance" } $SolutionTable[6] = New-Object -TypeName PSObject -Property @{ Code = "IRM" FullName = "Insider Risk Management" } $SolutionTable[7] = New-Object -TypeName PSObject -Property @{ Code = "Audit" FullName = "Audit" } $SolutionTable[8] = New-Object -TypeName PSObject -Property @{ Code = "eDiscovery" FullName = "eDiscovery" } return $SolutionTable } #Check if the geo param is in right format function Get-SolutionAcceptance { Param ( $Solution ) $ValidSolution = $Solution | Where-Object { ($_ -ge 1) -and ($_ -le 8) } return ($($ValidSolution.Count) -eq $($Solution.Count)) } function Show-SolutionOptions { Write-Host "Error:$(Get-Date) Please input appropriate numbers from the following list corresponding to solution for which you wish to customize the report & run the tool again." -ForegroundColor:Red $SolutionTable = Get-SolutionTable Write-Host "*******************************************************************************" write-host "Solution" Write-Host "*******************************************************************************" [int] $count = 1 while ($count -le 8) { Write-Host "$count--->$($($SolutionTable[$count]).FullName)" $count = $count + 1 } Write-Host "*******************************************************************************" Write-Host "Example: Get-MCCAReport -Geo @(1,7) -Solution @(1,7)" Write-Host "or" Write-Host "Get-MCCAReport -Solution @(1,7)" Write-Host "" Write-Host "" } # SIG # Begin signature block # MIIhnwYJKoZIhvcNAQcCoIIhkDCCIYwCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCADspU+jpvc+Rd+ # 6TM0//bUoCOWTOPozhBtyA2AnibRe6CCC4QwggUAMIID6KADAgECAhMzAAAEU+We # zhfpk+4QAAAAAARTMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xIzAhBgNVBAMTGk1pY3Jvc29mdCBUZXN0aW5nIFBD # QSAyMDEwMB4XDTIwMTIxNTE5NDMyN1oXDTIxMTIwMjE5NDMyN1owfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdQ29kZSBTaWdu # IFRlc3QgKERPIE5PVCBUUlVTVCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK # AoIBAQDIbLqmXHPCGqCpfikwr9Gwu7mmwKaRk2l2c7HiFdxA4N/5QBm3ZfoonyX/ # oaX3WbsvBD3MoCMZJCYGVJeCkW0Iy0ahCtcxjmCmy9T7g0Du1vR29P+TTghXQ4ZP # fVj+XDxo82IsqpD7uxaa/VujruYpxvYfwRZB11kf0SpaRLae1TvONYQZ/eNifGSx # zUridwIkDPogu1vzsehp1O+SMhv3foM6Rz95ajbWOJMxgooE+LoAapjHe8jDciok # 4jPC/5F5HGbf50i6Wj/QLN3VKLQFsSBzBC1RFqUITmcRP4ngQeDvLpvTluC8KFmy # IlZunmBqGx2ynTmebwVysIa+qV/NAgMBAAGjggF8MIIBeDATBgNVHSUEDDAKBggr # BgEFBQcDAzAdBgNVHQ4EFgQUrvqOOBCgPTy+cAoXZUhGw1P2yF4wUAYDVR0RBEkw # R6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNv # MRYwFAYDVQQFEw0yMzAwNzIrNDYzMDE4MB8GA1UdIwQYMBaAFN3WR4sjFC/YOGhC # oz5tw/CQ9yzQMFkGA1UdHwRSMFAwTqBMoEqGSGh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEw # LmNybDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGVzdGluZyUyMFBD # QSUyMDIwMTAuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBACnT # 9Iwyq9Jk/Ee6QBrLTjw5+p0XjjxX7Oocz1R/iNdfx7iJtSf4VHWcDGXr92BPQLgl # MOdq6PCrIRstWMg1aBQ4eH9Q6VfiWZq3FyaQNpDG4g/+Z6Zo5A6LgbtEnZB5tboP # ZsE4o0wDlIXX5pGCsCTIiVMtJqbCZPn5hLG5V7wMlLae9A4xOW+JyBy8vA/FpE+A # QQoHSJ4LrC22bwpn2+cQRF5SlFRIqZVx+wclji96Nerfosz2ZPLfydHvs8jH65dA # 2WFAMvN8/KxdX7fp98Bzk+vhCPYc4/CKyPdscD7yJvOxveEAzDiLyyWrnbFU9qP7 # aI/JTxrVA5IGS7wIJKwwggZ8MIIEZKADAgECAgphEYRvAAAAAAADMA0GCSqGSIb3 # DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G # A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTow # OAYDVQQDEzFNaWNyb3NvZnQgVGVzdGluZyBSb290IENlcnRpZmljYXRlIEF1dGhv # cml0eSAyMDEwMB4XDTEwMDcwMTIxMjMwMVoXDTI1MDcwMTIxMzMwMVoweTELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEjMCEGA1UEAxMaTWljcm9z # b2Z0IFRlc3RpbmcgUENBIDIwMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK # AoIBAQDBvSHVS2YGAJIwORjKy3NCWbHvmyeo4OhVvSmw+SQfOtHow1mJ7ZG2wegz # Y/ZaZBniLnwMkIAFOL8cproNai/vJ5er3vbvUPOD59fDRTciPxi1wpYRto0Sg1mL # J1EGVnW5YGoTDtUmPy2WqgXMoYc/vk807wxMb8wE1KHmZ80KJzOf46+bb2h8vLQM # czSMWoH5h/tUHMVHbOqfV7RZ/c4ZqXd8h0KftXmUvMt2ktuWl6FfBCQ5/qGV4Z+G # 417ZXFbfQ5CfyRTq0fWgW6vzCATdKK8b4qouE6AK7dKZRCr1mUT7K6RP8bthwh0t # 9SUnAqh475M59F51ge7S4HYMWyPvAgMBAAGjggHsMIIB6DAQBgkrBgEEAYI3FQEE # AwIBADAdBgNVHQ4EFgQU3dZHiyMUL9g4aEKjPm3D8JD3LNAwGQYJKwYBBAGCNxQC # BAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYD # VR0jBBgwFoAUowEEfjCIM+u5MZzK64V2Z/xltNEwWQYDVR0fBFIwUDBOoEygSoZI # aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljVGVz # Um9vQ2VyQXV0XzIwMTAtMDYtMTcuY3JsMF0GCCsGAQUFBwEBBFEwTzBNBggrBgEF # BQcwAoZBaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNUZXNS # b29DZXJBdXRfMjAxMC0wNi0xNy5jcnQwgaAGA1UdIAEB/wSBlTCBkjCBjwYJKwYB # BAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v # UEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBn # AGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqG # SIb3DQEBCwUAA4ICAQBAYQU+N90ze1LCSGuA92ADFrbJLol+vdlYHGPT9ZLS9loE # DQjuh7/rmDQ6ZXxQ5MgbKVB5VXsYOZG1QSbzF3+YlWd8TN1y5B21BM3DSPb6r+3b # rl50kW2t1JqACtiLbZnmhmh5hkdJi8HYUfLQ7xKcP0g1CIJP9CyKil7UJv/HnMXK # igTGiBaHjfVtVwG5k8roymrEirpBDcOMVB0OZiTXxYIHDbM4v7LItZYIISdPs6+L # wxwzwdroMdpj42+3dWQBumpRGQAgqJ9i5UiBQtUM+9vLpKIRnujnWfQxbaIuIt2H # RLFpHUYKGOXRlf148o+71dX3YWap88+ocaxkM8rkavgDNkcWSe9Dpoq8a3tS2P9B # pxewDV+iSzF0JRo9UOZeciaSQDZvrkQskxJjtdO725L6E5Fu1Ti+lGl6exRCnhPb # ooxCqHEGLRdiwXkrmLp+huTGAK8zmfEt0d1JFrrDdu5kqoG3OVT2dN4JVFNpOFvC # U/LNiVDCyCIcG0cSRVtDjyNckMhu1PcPtberjr1mcL8RkTzvonoH4pIvQk1k4IOL # pdxslOj2oigApZjqCBJA3mIEZHlnwRuglg4Er74nSmL6953C0r1Vwl7T0vXnQO8i # zb+incAb1r6Y+45N5aVXww+PqHJBRjvhjyBKG+1aDLVM3ixjV9P6OZkOvp4uozGC # FXEwghVtAgEBMIGQMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xIzAhBgNVBAMTGk1pY3Jvc29mdCBUZXN0aW5nIFBDQSAyMDEwAhMzAAAEU+We # zhfpk+4QAAAAAARTMA0GCWCGSAFlAwQCAQUAoIGwMBkGCSqGSIb3DQEJAzEMBgor # BgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3 # DQEJBDEiBCCYTq8JzLFZmecZ4aWYGH3+B0/HCyktCvfIpKaJKeq9SjBEBgorBgEE # AYI3AgEMMTYwNKAUgBIATQBpAGMAcgBvAHMAbwBmAHShHIAaaHR0cHM6Ly93d3cu # bWljcm9zb2Z0LmNvbSAwDQYJKoZIhvcNAQEBBQAEggEAV9goUJzPuKEY5zZikYrY # VxuiKg0hFNrXl5+JEvAmnYZSRKU13ztTK6pJRcbAc8Ar/0dc7QkXQBMS/oZQtpHM # uxrzPMhA+aUcHqAXTDJwrm1z7i9UBHPG1YeFcXGHmaNCX8P1xur6KTEdh2MrPw8u # QSIx3RHRbF6NtcC4mo0+LQg1K2he2eik2NLMDGeQh92VOwcZMq+ubZK6q5KjtSpH # 7dshb7PmiQREUln7fzsGHWeFwM91CcuMHJhZ7wKvIj8/eeRzl5lgZgf9dNs+ChHm # 2HkaVRPx+hz8w40uzDGP9EV66+C+hc1QbOUUABbeNSx1o32LPfDyLjqKTlLi0VPm # AqGCEv4wghL6BgorBgEEAYI3AwMBMYIS6jCCEuYGCSqGSIb3DQEHAqCCEtcwghLT # AgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIB # QAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCAcYzE54gosU7gjb/P/ # 13SRRLzpZ8w0rVY2ysCudmy9TgIGYLDoqUTbGBMyMDIxMDYxODEwMDgzNS4wMjZa # MASAAgH0oIHYpIHVMIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0 # ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjA4NDItNEJFNi1DMjlBMSUwIwYD # VQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIOTTCCBPkwggPhoAMC # AQICEzMAAAE5zOjoQ4vwNOEAAAAAATkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjAxMDE1MTcyODIxWhcNMjIwMTEyMTcy # ODIxWjCB0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsG # A1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYD # VQQLEx1UaGFsZXMgVFNTIEVTTjowODQyLTRCRTYtQzI5QTElMCMGA1UEAxMcTWlj # cm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCCASIwDQYJKoZIhvcNAQEBBQADggEP # ADCCAQoCggEBANoT+YzjJZMloY6zKgb8onj4Wh+YN09/UMHbuh6gJ1nC5c/f2SqA # v0Bc+OYG9GndeCL6hWhZtieqPr4YW3+KECThw03I2VwSkE20E/8Oiwlr3Ql5xUJd # mvJxHeNhJhO68UVZirpmx6BClfkMGHRnO9KuTvDNmJKif0rXKxYRbZoRcXL1WfoI # OGs87xPO/rKCM2Fes6jNiljv00svWXqIuV+EKG1egCrsCR9PMkmdpUAV853fK8A8 # 8uvgWKiV4pvm/lfuxN++NW+nEPX5jjQKRy4ZBqqNO/wdeDZBqqjve/IQI17VaEKS # oyrussV87LKUJ49K5X7Ffx8klv5fos8eyk8CAwEAAaOCARswggEXMB0GA1UdDgQW # BBSZnpuGclTCmdqSirGfRvZQLQYM6TAfBgNVHSMEGDAWgBTVYzpcijGQ80N7fEYb # xTNoWoVtVTBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5j # b20vcGtpL2NybC9wcm9kdWN0cy9NaWNUaW1TdGFQQ0FfMjAxMC0wNy0wMS5jcmww # WgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpL2NlcnRzL01pY1RpbVN0YVBDQV8yMDEwLTA3LTAxLmNydDAMBgNV # HRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IB # AQBYXChq8/83GoXNwVrtQ4KIvxANsSb7uvYRiJOhbSDx11jIrlZrUUB3/KckPWrJ # z9nHH0c/3TKpcpP6vPiDXAixBJaUoJvdcbghWGxYQISybaKM39/Gh+a2NmcVjfW7 # gxJJyX4hoiukPvJJAjVpm1o9g8UcBBfCHwcIxexD4WA4HYpSs+POrsIYKLKK9Rrg # 1opWIxqDDat5a8AyJGP/NylKSYaK5aYgXZCDRLFZAn88hC5nvQt7WpmbTEl8a1Gc # F+lq393UmBAKst+jyWSa4sE8Ib84yHqg/His1FId7nxNvxIxAG2mwYQqNvrVKMp0 # +kwCbY3Yr2uIOz+9/1UK0nDHMIIGcTCCBFmgAwIBAgIKYQmBKgAAAAAAAjANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTAwHhcNMTAwNzAxMjEzNjU1WhcNMjUwNzAxMjE0NjU1WjB8MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg # VGltZS1TdGFtcCBQQ0EgMjAxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC # ggEBAKkdDbx3EYo6IOz8E5f1+n9plGt0VBDVpQoAgoX77XxoSyxfxcPlYcJ2tz5m # K1vwFVMnBDEfQRsalR3OCROOfGEwWbEwRA/xYIiEVEMM1024OAizQt2TrNZzMFcm # gqNFDdDq9UeBzb8kYDJYYEbyWEeGMoQedGFnkV+BVLHPk0ySwcSmXdFhE24oxhr5 # hoC732H8RsEnHSRnEnIaIYqvS2SJUGKxXf13Hz3wV3WsvYpCTUBR0Q+cBj5nf/Vm # wAOWRH7v0Ev9buWayrGo8noqCjHw2k4GkbaICDXoeByw6ZnNPOcvRLqn9NxkvaQB # wSAJk3jN/LzAyURdXhacAQVPIk0CAwEAAaOCAeYwggHiMBAGCSsGAQQBgjcVAQQD # AgEAMB0GA1UdDgQWBBTVYzpcijGQ80N7fEYbxTNoWoVtVTAZBgkrBgEEAYI3FAIE # DB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNV # HSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVo # dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29D # ZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAC # hj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1 # dF8yMDEwLTA2LTIzLmNydDCBoAYDVR0gAQH/BIGVMIGSMIGPBgkrBgEEAYI3LgMw # gYEwPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9QS0kvZG9j # cy9DUFMvZGVmYXVsdC5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8A # UABvAGwAaQBjAHkAXwBTAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQEL # BQADggIBAAfmiFEN4sbgmD+BcQM9naOhIW+z66bM9TG+zwXiqf76V20ZMLPCxWbJ # at/15/B4vceoniXj+bzta1RXCCtRgkQS+7lTjMz0YBKKdsxAQEGb3FwX/1z5Xhc1 # mCRWS3TvQhDIr79/xn/yN31aPxzymXlKkVIArzgPF/UveYFl2am1a+THzvbKegBv # SzBEJCI8z+0DpZaPWSm8tv0E4XCfMkon/VWvL/625Y4zu2JfmttXQOnxzplmkIz/ # amJ/3cVKC5Em4jnsGUpxY517IW3DnKOiPPp/fZZqkHimbdLhnPkd/DjYlPTGpQqW # hqS9nhquBEKDuLWAmyI4ILUl5WTs9/S/fmNZJQ96LjlXdqJxqgaKD4kWumGnEcua # 2A5HmoDF0M2n0O99g/DhO3EJ3110mCIIYdqwUB5vvfHhAN/nMQekkzr3ZUd46Pio # SKv33nJ+YWtvd6mBy6cJrDm77MbL2IK0cs0d9LiFAR6A+xuJKlQ5slvayA1VmXqH # czsI5pgt6o3gMy4SKfXAL1QnIffIrE7aKLixqduWsqdCosnPGUFN4Ib5KpqjEWYw # 07t0MkvfY3v1mYovG8chr1m1rtxEPJdQcdeh0sVV42neV8HR3jDA/czmTfsNv11P # 6Z0eGTgvvM9YBS7vDaBQNdrvCScc1bN+NR4Iuto229Nfj950iEkSoYIC1zCCAkAC # AQEwggEAoYHYpIHVMIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0 # ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjA4NDItNEJFNi1DMjlBMSUwIwYD # VQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoD # FQANTZT+G96WhI10Px3uSgTGs2WMB6CBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBBQUAAgUA5HZs4zAiGA8yMDIxMDYxODA4 # NTI1MVoYDzIwMjEwNjE5MDg1MjUxWjB3MD0GCisGAQQBhFkKBAExLzAtMAoCBQDk # dmzjAgEAMAoCAQACAh/rAgH/MAcCAQACAhFZMAoCBQDkd75jAgEAMDYGCisGAQQB # hFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAw # DQYJKoZIhvcNAQEFBQADgYEACIVhLSOjs/sQcS8iUFb5uNQodXalIrWrTMpMjZn0 # OCAa45kaOYfRjCiPAgd4myVCbCLD/sFi6+derAfPETKqxzOpB3IlgJi1076GeY8D # Bfmu6oHY2Lyyjua8Gy83r7JPl6ghgdgt179uRHcivEM1hAardk80+fwQIDLAa0iu # SRUxggMNMIIDCQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAIT # MwAAATnM6OhDi/A04QAAAAABOTANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcN # AQkDMQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCB1oaRHDmM0XsGl4Mqe # pZXCFM0BuHAkwz8PfkGb/YHH2jCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0E # IDyhjuQ4o9ckezFCseKBBa58alUn85p6nyam1KAHD/yfMIGYMIGApH4wfDELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9z # b2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAE5zOjoQ4vwNOEAAAAAATkwIgQg # DbaxpGmzIFnBw3nkFhKyxYRUWFFtcWkYLuVKx2aBRzAwDQYJKoZIhvcNAQELBQAE # ggEAdgokTR/U3lG0TwxIyV8G8x0Lni6vwX11qieqlXtiLu2lt9kcLB3pDs+7ragP # EHbvlkhvDK4sMX5Yc+vb2ddVwUlTgZ0wk1c1/VqVlRtEwCX7O2IlIPJ07iBAHjlI # D26ViEbgM+VJo/qHf//z6E4C6Ij45nq1Kx4XJ7txbdi/k08pJBlcrB2ak34eA7/z # QcEun/bdI3lWu6jR2WYAO8zawpjdgV1eCz3M+RVg5NDVMBkTTKCJdQxJKSE7H0CC # UccvVS3TOY8UUn0kwyqE1Rg9HaVBsFAHZYG6sXosuC0/V25sOVqHv86bH3R96QOw # kE9/jqwTxMq0IbUY6sypHuKmIw== # SIG # End signature block |