Checks/check-ORCA119.ps1
<#
119 - Check ATP anti-phishing policy EnableSimilarDomainsSafetyTips #> using module "..\ORCA.psm1" class ORCA119 : ORCACheck { <# CONSTRUCTOR with Check Header Data #> ORCA119() { $this.Control=119 $this.Services=[ORCAService]::OATP $this.Area="Advanced Threat Protection Policies" $this.Name="Similar Domains Safety Tips" $this.PassText="Similar Domains Safety Tips is enabled" $this.FailRecommendation="Enable Similar Domains Safety Tips so that users can receive visible indication on incoming messages." $this.Importance="Office 365 ATP can show a warning tip to recipients in messages that might be from an impersonated domain." $this.ExpandResults=$True $this.CheckType=[CheckType]::ObjectPropertyValue $this.ObjectType="Antiphishing Policy" $this.ItemName="Setting" $this.DataType="Current Value" $this.Links= @{ "Recommended settings for EOP and Office 365 ATP security"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp#office-365-advanced-threat-protection-security" } } <# RESULTS #> GetResults($Config) { $PolicyExists = $False ForEach($Policy in ($Config["AntiPhishPolicy"] | Where-Object {$_.Enabled -eq $True})) { $PolicyExists = $True # Determine if tips for domain impersonation is on $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($Policy.Name) $ConfigObject.ConfigItem="EnableSimilarDomainsSafetyTips" $ConfigObject.ConfigData=$Policy.EnableSimilarDomainsSafetyTips If($Policy.EnableSimilarDomainsSafetyTips -eq $false) { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") } Else { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass") } $this.AddConfig($ConfigObject) } If($PolicyExists -eq $False) { $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object="No Policies" $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") $this.AddConfig($ConfigObject) } } } |