Checks/check-ORCA118_1.ps1
|
using module "..\ORCA.psm1" class ORCA118_1 : ORCACheck { <# CONSTRUCTOR with Check Header Data #> ORCA118_1() { $this.Control="ORCA-118-1" $this.Area="Anti-Spam Policies" $this.Name="Domain Whitelisting" $this.PassText="Domains are not being whitelisted in an unsafe manner" $this.FailRecommendation="Remove whitelisting on domains" $this.Importance="Emails coming from whitelisted domains bypass several layers of protection within Exchange Online Protection. If domains are whitelisted, they are open to being spoofed from malicious actors." $this.ExpandResults=$True $this.ItemName="Anti-Spam Policy" $this.DataType="Whitelisted Domain" $this.Links= @{ "Security & Compliance Center - Anti-spam settings"="https://protection.office.com/antispam" "Use Anti-Spam Policy Sender/Domain Allow lists"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365#use-anti-spam-policy-senderdomain-allow-lists" } } <# RESULTS #> GetResults($Config) { ForEach($Policy in $Config["HostedContentFilterPolicy"]) { # Fail if AllowedSenderDomains is not null If(($Policy.AllowedSenderDomains).Count -gt 0) { ForEach($Domain in $Policy.AllowedSenderDomains) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.ConfigItem=$($Policy.Name) $ConfigObject.ConfigData=$($Domain.Domain) $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") $this.AddConfig($ConfigObject) } } else { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.ConfigItem=$($Policy.Name) $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass") $this.AddConfig($ConfigObject) } } } } |