diff --git a/powershell/public/CISA/Entra/Test-MtCisaWeakFactor.ps1 b/powershell/public/CISA/Entra/Test-MtCisaWeakFactor.ps1 index 72a4c1d6..942d2aab 100644 --- a/powershell/public/CISA/Entra/Test-MtCisaWeakFactor.ps1 +++ b/powershell/public/CISA/Entra/Test-MtCisaWeakFactor.ps1 @@ -23,23 +23,28 @@ Function Test-MtCisaWeakFactor { "Email" ) + $isMethodsMigrationComplete = Test-MtCisaMethodsMigration + $result = Get-MtAuthenticationMethodPolicyConfig $weakAuthMethods = $result | Where-Object { $_.id -in $weakFactors } $enabledWeakMethods = $weakAuthMethods | Where-Object { $_.state -eq "enabled" } - $testResult = ($enabledWeakMethods|Measure-Object).Count -eq 0 + $testResult = (($enabledWeakMethods|Measure-Object).Count -eq 0) -and $isMethodsMigrationComplete if ($testResult) { $testResultMarkdown = "Well done. All weak authentication methods are disabled in your tenant.`n`n%TestResult%" } else { - $testResultMarkdown = "One or more weak methods are enabled in your tenant.`n`n%TestResult%" + $testResultMarkdown = "One or more weak methods are enabled in your tenant, or migration to Authentication Methods is incomplete.`n`n%TestResult%" } # Auth method does not support deep links. $authMethodsLink = "https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods" - $result = "| Authentication Method | State | Test Result |`n" + $migrationResult = "❌ Fail" + if($isMethodsMigrationComplete){$migrationResult = "✅ Pass"} + $result = "[Authentication Methods]($authMethodsLink) Migration Complete: $migrationResult`n`n" + $result += "| Authentication Method | State | Test Result |`n" $result += "| --- | --- | --- |`n" foreach ($item in $weakAuthMethods) { $methodResult = "✅ Pass" diff --git a/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 b/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 index fe684430..c899fa28 100644 --- a/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 +++ b/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1 @@ -28,6 +28,7 @@ warnings : #> Function ConvertFrom-MailAuthenticationRecordDkim { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([DKIMRecord],[System.String])] [cmdletbinding()] param( @@ -90,9 +91,28 @@ Function ConvertFrom-MailAuthenticationRecordDkim { ErrorAction = "Stop" } try{ - $dkimRecord = [DKIMRecord]::new((Resolve-DnsName @dkimSplat | ` - Where-Object {$_.Type -eq "TXT"} | ` - Where-Object {$_.Strings -match $matchRecord}).Strings) + if($isWindows){ + $dkimRecord = [DKIMRecord]::new((Resolve-DnsName @dkimSplat | ` + Where-Object {$_.Type -eq "TXT"} | ` + Where-Object {$_.Strings -match $matchRecord}).Strings) + }else{ + $cmdletCheck = Get-Command "Resolve-Dns" + if($cmdletCheck){ + $dkimSplatAlt = @{ + Query = $dkimSplat.Name + QueryType = $dkimSplat.Type + NameServer = $dkimSplat.Server + ErrorAction = $dkimSplat.ErrorAction + } + $dkimRecord = [SPFRecord]::new((Resolve-Dns @dkimSplatAlt | ` + Where-Object {$_.RecordType -eq "TXT"} | ` + Where-Object {$_.Text -imatch $matchRecord}).Text) + }else{ + Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module." + Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow + return "Missing dependency, Resolve-Dns not available" + } + } }catch [System.Management.Automation.CommandNotFoundException]{ Write-Error $_ return "Unsupported platform, Resolve-DnsName not available" diff --git a/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 b/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 index 4e40f1b7..3a22e5c4 100644 --- a/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 +++ b/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1 @@ -33,6 +33,7 @@ warnings : {sp: No subdomain policy set, adkim: No DKIM alignment se #> Function ConvertFrom-MailAuthenticationRecordDmarc { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([DMARCRecord],[System.String])] [cmdletbinding()] param( @@ -221,9 +222,28 @@ Function ConvertFrom-MailAuthenticationRecordDmarc { ErrorAction = "Stop" } try{ - $dmarcRecord = [DMARCRecord]::new((Resolve-DnsName @dmarcSplat | ` - Where-Object {$_.Type -eq "TXT"} | ` - Where-Object {$_.Strings -match $matchRecord}).Strings) + if($IsWindows){ + $dmarcRecord = [DMARCRecord]::new((Resolve-DnsName @dmarcSplat | ` + Where-Object {$_.Type -eq "TXT"} | ` + Where-Object {$_.Strings -match $matchRecord}).Strings) + }else{ + $cmdletCheck = Get-Command "Resolve-Dns" + if($cmdletCheck){ + $dmarcSplatAlt = @{ + Query = $dmarcSplat.Name + QueryType = $dmarcSplat.Type + NameServer = $dmarcSplat.Server + ErrorAction = $dmarcSplat.ErrorAction + } + $dmarcRecord = [DMARCRecord]::new((Resolve-Dns @dmarcSplatAlt | ` + Where-Object {$_.RecordType -eq "TXT"} | ` + Where-Object {$_.Text -imatch $matchRecord}).Text) + }else{ + Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module." + Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow + return "Missing dependency, Resolve-Dns not available" + } + } }catch [System.Management.Automation.CommandNotFoundException]{ Write-Error $_ return "Unsupported platform, Resolve-DnsName not available" diff --git a/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 b/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 index d1488860..7b7f3c43 100644 --- a/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 +++ b/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1 @@ -15,6 +15,7 @@ microsoft.com MX 1731 Answer microsoft-com.m #> Function ConvertFrom-MailAuthenticationRecordMx { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([Microsoft.DnsClient.Commands.DnsRecord_MX],[System.String])] [cmdletbinding()] param( @@ -38,7 +39,33 @@ Function ConvertFrom-MailAuthenticationRecordMx { ErrorAction = "Stop" } try{ - $mxRecords = Resolve-DnsName @mxSplat | Where-Object {$_.Type -eq "MX"} + if($isWindows){ + $mxRecords = Resolve-DnsName @mxSplat | Where-Object {$_.Type -eq "MX"} + }else{ + $cmdletCheck = Get-Command "Resolve-Dns" + if($cmdletCheck){ + $mxSplatAlt = @{ + Query = $mxSplat.Name + QueryType = $mxSplat.Type + NameServer = $mxSplat.Server + ErrorAction = $mxSplat.ErrorAction + } + $answers = (Resolve-Dns @mxSplatAlt | Where-Object {$_.RecordType -eq "MX"}).Answers + $mxRecords = $answers | ForEach-Object { + [PSCustomObject]@{ + Name = $_.DomainName + NameExchange = $_.Exchange + Type = $_.RecordType + TTL = $_.TimeToLive + Preference = $_.Preference + } + } + }else{ + Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module." + Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow + return "Missing dependency, Resolve-Dns not available" + } + } }catch [System.Management.Automation.CommandNotFoundException]{ Write-Error $_ return "Unsupported platform, Resolve-DnsName not available" diff --git a/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 b/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 index bff3b5f8..4a93659c 100644 --- a/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 +++ b/powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1 @@ -22,6 +22,7 @@ warnings : #> Function ConvertFrom-MailAuthenticationRecordSpf { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([SPFRecord],[System.String])] [cmdletbinding()] param( @@ -123,9 +124,28 @@ Function ConvertFrom-MailAuthenticationRecordSpf { ErrorAction = "Stop" } try{ - $spfRecord = [SPFRecord]::new((Resolve-DnsName @spfSplat | ` - Where-Object {$_.Type -eq "TXT"} | ` - Where-Object {$_.Strings -imatch $matchRecord}).Strings) + if($IsWindows){ + $spfRecord = [SPFRecord]::new((Resolve-DnsName @spfSplat | ` + Where-Object {$_.Type -eq "TXT"} | ` + Where-Object {$_.Strings -imatch $matchRecord}).Strings) + }else{ + $cmdletCheck = Get-Command "Resolve-Dns" + if($cmdletCheck){ + $spfSplatAlt = @{ + Query = $spfSplat.Name + QueryType = $spfSplat.Type + NameServer = $spfSplat.Server + ErrorAction = $spfSplat.ErrorAction + } + $spfRecord = [SPFRecord]::new((Resolve-Dns @spfSplatAlt | ` + Where-Object {$_.RecordType -eq "TXT"} | ` + Where-Object {$_.Text -imatch $matchRecord}).Text) + }else{ + Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module." + Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow + return "Missing dependency, Resolve-Dns not available" + } + } }catch [System.Management.Automation.CommandNotFoundException]{ Write-Error $_ return "Unsupported platform, Resolve-DnsName not available" diff --git a/powershell/public/CISA/exchange/Resolve-SPFRecord.ps1 b/powershell/public/CISA/exchange/Resolve-SPFRecord.ps1 index 3d71895b..4397ae22 100644 --- a/powershell/public/CISA/exchange/Resolve-SPFRecord.ps1 +++ b/powershell/public/CISA/exchange/Resolve-SPFRecord.ps1 @@ -12,6 +12,7 @@ #> function Resolve-SPFRecord { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')] [OutputType([spfrecord[]],[System.String])] [CmdletBinding()] param ( @@ -67,7 +68,26 @@ function Resolve-SPFRecord { # https://tools.ietf.org/html/rfc7208#section-4.6.4 # Query DNS Record try{ - $DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type TXT + if($isWindows){ + $DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type TXT + }else{ + $cmdletCheck = Get-Command "Resolve-Dns" + if($cmdletCheck){ + $answers = (Resolve-Dns -NameServer $Server -Query $Name -QueryType TXT).Answers + $DNSRecords = $answers | ForEach-Object { + [PSCustomObject]@{ + Name = $_.DomainName + Type = $_.RecordType + TTL = $_.TimeToLive + Strings = $_.Text + } + } + }else{ + Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module." + Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow + return "Missing dependency, Resolve-Dns not available" + } + } }catch [System.Management.Automation.CommandNotFoundException]{ Write-Error $_ return "Unsupported platform, Resolve-DnsName not available" @@ -138,7 +158,21 @@ function Resolve-SPFRecord { } '^a:.*$' { Write-Verbose "[A]`tSPF entry: $SPFDirective" - $DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type A + if($IsWindows){ + $DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type A + }else{ + $answers = (Resolve-Dns -NameServer $Server -Query $Name -QueryType A).Answers + $DNSRecords = $answers | ForEach-Object { + [PSCustomObject]@{ + Name = $_.DomainName + Type = $_.RecordType + TTL = $_.TimeToLive + DataLength = $_.RawDataLength + Section = "Answer" + IPAddress = $_.Address + } + } + } # Check SPF record foreach ($IPAddress in ($DNSRecords.IPAddress) ) { $SPFObject = [SPFRecord]::New( $IPAddress, ($SPFDirective -replace "^a:"), $Qualifier) @@ -151,10 +185,37 @@ function Resolve-SPFRecord { } '^mx:.*$' { Write-Verbose "[MX]`tSPF entry: $SPFDirective" - $DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type MX + if($IsWindows){ + $DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type MX + }else{ + $answers = (Resolve-Dns -NameServer $Server -Query $Name -QueryType MX).Answers + $DNSRecords = $answers | ForEach-Object { + [PSCustomObject]@{ + Name = $_.DomainName + Type = $_.RecordType + TTL = $_.TimeToLive + NameExchange = $_.Exchange + Preference = $_.Preference + } + } + } foreach ($MXRecords in ($DNSRecords.NameExchange) ) { # Check SPF record - $DNSRecords = Resolve-DnsName -Server $Server -Name $MXRecords -Type A + if($isWindows){ + $DNSRecords = Resolve-DnsName -Server $Server -Name $MXRecords -Type A + }else{ + $answers = (Resolve-Dns -NameServer $Server -Query $Name -QueryType A).Answers + $DNSRecords = $answers | ForEach-Object { + [PSCustomObject]@{ + Name = $_.DomainName + Type = $_.RecordType + TTL = $_.TimeToLive + DataLength = $_.RawDataLength + Section = "Answer" + IPAddress = $_.Address + } + } + } foreach ($IPAddress in ($DNSRecords.IPAddress) ) { $SPFObject = [SPFRecord]::New( $IPAddress, ($SPFDirective -replace "^mx:"), $Qualifier) if ( $PSBoundParameters.ContainsKey('Referrer') ) { diff --git a/powershell/public/CISA/exchange/Test-MtCisaDkim.ps1 b/powershell/public/CISA/exchange/Test-MtCisaDkim.ps1 index f3fdd866..2f3b99f3 100644 --- a/powershell/public/CISA/exchange/Test-MtCisaDkim.ps1 +++ b/powershell/public/CISA/exchange/Test-MtCisaDkim.ps1 @@ -64,7 +64,7 @@ Function Test-MtCisaDkim { $dkimRecord.pass = "Skipped" $dkimRecord.reason = "Parked domain" } - }elseif($dkimRecord.dkimRecord -eq "Unsupported platform, Resolve-DnsName not available"){ + }elseif($dkimRecord.dkimRecord -like "*not available"){ $dkimRecord.pass = "Skipped" $dkimRecord.reason = $dkimRecord.dkimRecord }else{ diff --git a/powershell/public/CISA/exchange/Test-MtCisaDmarcAggregateCisa.ps1 b/powershell/public/CISA/exchange/Test-MtCisaDmarcAggregateCisa.ps1 index 0dd6f9d3..9edb03fb 100644 --- a/powershell/public/CISA/exchange/Test-MtCisaDmarcAggregateCisa.ps1 +++ b/powershell/public/CISA/exchange/Test-MtCisaDmarcAggregateCisa.ps1 @@ -69,7 +69,7 @@ Function Test-MtCisaDmarcAggregateCisa { $dmarcRecord.pass = "Passed" }elseif($checkType -and -not $checkTarget){ $dmarcRecord.reason = "Missing CISA report target" - }elseif($dmarcRecord.dmarcRecord -eq "Unsupported platform, Resolve-DnsName not available"){ + }elseif($dmarcRecord.dmarcRecord -like "*not available"){ $dmarcRecord.pass = "Skipped" $dmarcRecord.reason = $dmarcRecord.dmarcRecord }else{ @@ -108,7 +108,7 @@ Function Test-MtCisaDmarcAggregateCisa { if($aggregatesCount -ge 3){ $aggregates = "$($aggregates[0]), $($aggregates[1]), " $aggregates += "& ...$aggregatesCount targets" - }elseif(aggregatesCount -gt 1){ + }elseif($aggregatesCount -gt 1){ $aggregates = $aggregates -join ", " } diff --git a/powershell/public/CISA/exchange/Test-MtCisaDmarcRecordExist.ps1 b/powershell/public/CISA/exchange/Test-MtCisaDmarcRecordExist.ps1 index 347d50aa..bb48ed77 100644 --- a/powershell/public/CISA/exchange/Test-MtCisaDmarcRecordExist.ps1 +++ b/powershell/public/CISA/exchange/Test-MtCisaDmarcRecordExist.ps1 @@ -47,7 +47,7 @@ Function Test-MtCisaDmarcRecordExist { if($dmarcRecord.dmarcRecord.GetType().Name -eq "DMARCRecord"){ $dmarcRecord.pass = "Passed" - }elseif($dmarcRecord.dmarcRecord -eq "Unsupported platform, Resolve-DnsName not available"){ + }elseif($dmarcRecord.dmarcRecord -like "*not available"){ $dmarcRecord.pass = "Skipped" $dmarcRecord.reason = $dmarcRecord.dmarcRecord }else{ @@ -86,7 +86,7 @@ Function Test-MtCisaDmarcRecordExist { if($aggregatesCount -ge 3){ $aggregates = "$($aggregates[0]), $($aggregates[1]), " $aggregates += "& ...$aggregatesCount targets" - }elseif(aggregatesCount -gt 1){ + }elseif($aggregatesCount -gt 1){ $aggregates = $aggregates -join ", " } $forensics = $item.dmarcRecord.reportForensic.mailAddress @@ -94,7 +94,7 @@ Function Test-MtCisaDmarcRecordExist { if($forensicsCount -ge 3){ $forensics = "$($forensics[0]), $($forensics[1]), " $forensics += "& ...$forensicsCount targets" - }elseif(aggregatesCount -gt 1){ + }elseif($aggregatesCount -gt 1){ $forensics = $forensics -join ", " } diff --git a/powershell/public/CISA/exchange/Test-MtCisaDmarcRecordReject.ps1 b/powershell/public/CISA/exchange/Test-MtCisaDmarcRecordReject.ps1 index 88119c53..d432b5c3 100644 --- a/powershell/public/CISA/exchange/Test-MtCisaDmarcRecordReject.ps1 +++ b/powershell/public/CISA/exchange/Test-MtCisaDmarcRecordReject.ps1 @@ -58,7 +58,7 @@ Function Test-MtCisaDmarcRecordReject { $dmarcRecord.reason = "Policy is not reject" }elseif($checkType -and $dmarcRecord.dmarcRecord.policySubdomain -in @("none","quarantine")){ $dmarcRecord.reason = "Subdomain policy is not reject" - }elseif($dmarcRecord.dmarcRecord -eq "Unsupported platform, Resolve-DnsName not available"){ + }elseif($dmarcRecord.dmarcRecord -like "*not available"){ $dmarcRecord.pass = "Skipped" $dmarcRecord.reason = $dmarcRecord.dmarcRecord }else{ diff --git a/powershell/public/CISA/exchange/Test-MtCisaDmarcReport.ps1 b/powershell/public/CISA/exchange/Test-MtCisaDmarcReport.ps1 index f13c65b6..a08d2507 100644 --- a/powershell/public/CISA/exchange/Test-MtCisaDmarcReport.ps1 +++ b/powershell/public/CISA/exchange/Test-MtCisaDmarcReport.ps1 @@ -58,7 +58,7 @@ Function Test-MtCisaDmarcReport { $dmarcRecord.pass = "Passed" }elseif($checkType){ $dmarcRecord.reason = "No target in domain" - }elseif($dmarcRecord.dmarcRecord -eq "Unsupported platform, Resolve-DnsName not available"){ + }elseif($dmarcRecord.dmarcRecord -like "*not available"){ $dmarcRecord.pass = "Skipped" $dmarcRecord.reason = $dmarcRecord.dmarcRecord }else{ diff --git a/powershell/public/CISA/exchange/Test-MtCisaSpfDirective.ps1 b/powershell/public/CISA/exchange/Test-MtCisaSpfDirective.ps1 index 05010f07..03753d6e 100644 --- a/powershell/public/CISA/exchange/Test-MtCisaSpfDirective.ps1 +++ b/powershell/public/CISA/exchange/Test-MtCisaSpfDirective.ps1 @@ -44,7 +44,7 @@ Function Test-MtCisaSpfDirective { $spfRecord.reason = "1+ mechanism targets" }elseif(($directives|Measure-Object).Count -ge 1 -and -not $check){ $spfRecord.reason = "No EXO directive" - }elseif($spfRecord.spfRecord -eq "Unsupported platform, Resolve-DnsName not available"){ + }elseif($spfRecord.spfRecord -like "*not available"){ $spfRecord.pass = "Skipped" $spfRecord.reason = $spfRecord.spfRecord }elseif($spfRecord.spfRecord.GetType().Name -eq "SPFRecord"){ diff --git a/powershell/public/CISA/exchange/Test-MtCisaSpfRestriction.ps1 b/powershell/public/CISA/exchange/Test-MtCisaSpfRestriction.ps1 index ac492130..8c093285 100644 --- a/powershell/public/CISA/exchange/Test-MtCisaSpfRestriction.ps1 +++ b/powershell/public/CISA/exchange/Test-MtCisaSpfRestriction.ps1 @@ -43,7 +43,7 @@ Function Test-MtCisaSpfRestriction { $spfRecord.pass = "Skipped" $spfRecord.reason = "Redirect modifier" } - }elseif($spfRecord.spfRecord -eq "Unsupported platform, Resolve-DnsName not available"){ + }elseif($spfRecord.spfRecord -like "*not available"){ $spfRecord.pass = "Skipped" $spfRecord.reason = $spfRecord.spfRecord }else{ diff --git a/powershell/public/Connect-Maester.ps1 b/powershell/public/Connect-Maester.ps1 index 9ad6ac7f..90e55c65 100644 --- a/powershell/public/Connect-Maester.ps1 +++ b/powershell/public/Connect-Maester.ps1 @@ -140,7 +140,7 @@ Function Connect-Maester { } } Write-Verbose "Connecting to Microsoft Security & Complaince PowerShell" - if ($Service -notcontains "ExchangeOnline"){ + if ($Service -notcontains "ExchangeOnline" -or $Service -notcontains "All"){ Write-Host "`nThe Security & Complaince module is dependent on the Exchange Online module. Please include ExchangeOnline when specifying the services.`nFor more information see https://learn.microsoft.com/en-us/powershell/exchange/connect-to-scc-powershell" -ForegroundColor Red }else{ if ($UseDeviceCode){ diff --git a/powershell/public/Invoke-Maester.ps1 b/powershell/public/Invoke-Maester.ps1 index 192ccbf9..1c46c90b 100644 --- a/powershell/public/Invoke-Maester.ps1 +++ b/powershell/public/Invoke-Maester.ps1 @@ -136,11 +136,11 @@ Function Invoke-Maester { # Optional. The Teams team where the test results should be posted. # To get the TeamId, right-click on the channel in Teams and select 'Get link to channel'. Use the value of groupId. e.g. ?groupId= - [string] $TeamId, + [string] $TeamId = $null, # Optional. The channel where the message should be posted. e.g. 19%3A00000000000000000000000000000000%40thread.tacv2 # To get the TeamChannelId, right-click on the channel in Teams and select 'Get link to channel'. Use the value found between channel and the channel name. e.g. /channel//my%20channel - [string] $TeamChannelId, + [string] $TeamChannelId = $null, # Skip the graph connection check. # This is used for running tests that does not require a graph connection. @@ -232,7 +232,7 @@ Function Invoke-Maester { $isMail = $null -ne $MailRecipient - $isTeamsChannelMessage = $null -ne $TeamId -and $null -ne $TeamChannelId + $isTeamsChannelMessage = (($null -ne $TeamId) -or ($null -ne $TeamChannelId)) if ($SkipGraphConnect) { Write-Host "🔥 Skipping graph connection check" -ForegroundColor Yellow diff --git a/tests/CISA/Entra/Test-MtCisaWeakFactor.Tests.ps1 b/tests/CISA/Entra/Test-MtCisaWeakFactor.Tests.ps1 index 35f145ae..71925501 100644 --- a/tests/CISA/Entra/Test-MtCisaWeakFactor.Tests.ps1 +++ b/tests/CISA/Entra/Test-MtCisaWeakFactor.Tests.ps1 @@ -5,10 +5,8 @@ BeforeDiscovery { Describe "CISA SCuBA" -Tag "MS.AAD", "MS.AAD.3.5", "CISA", "Security", "All" -Skip:( $EntraIDPlan -eq "Free" ) { It "MS.AAD.3.5: The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled." { - $isMethodsMigrationComplete = Test-MtCisaMethodsMigration - $isWeakFactorDisabled = Test-MtCisaWeakFactor - $isWeakFactorDisabled -and $isMethodsMigrationComplete | Should -Be $true -Because "all weak authentication methods are disabled." + $isWeakFactorDisabled | Should -Be $true -Because "all weak authentication methods are disabled." } } \ No newline at end of file diff --git a/tests/CISA/exchange/Test-MtCisaCalendarSharing.Tests.ps1 b/tests/CISA/exchange/Test-MtCisaCalendarSharing.Tests.ps1 index 67f98148..e6859a38 100644 --- a/tests/CISA/exchange/Test-MtCisaCalendarSharing.Tests.ps1 +++ b/tests/CISA/exchange/Test-MtCisaCalendarSharing.Tests.ps1 @@ -3,7 +3,7 @@ Describe "CISA SCuBA" -Tag "MS.EXO", "MS.EXO.6.2", "CISA", "Security", "All" { $cisaCalendarSharing = Test-MtCisaCalendarSharing - if($null -eq $cisaCalendarSharing) { + if($null -ne $cisaCalendarSharing) { $cisaCalendarSharing | Should -Be $true -Because "calendar sharing is disabled." } } diff --git a/tests/CISA/exchange/Test-MtCisaContactSharing.Tests.ps1 b/tests/CISA/exchange/Test-MtCisaContactSharing.Tests.ps1 index 27e9c234..9c87be21 100644 --- a/tests/CISA/exchange/Test-MtCisaContactSharing.Tests.ps1 +++ b/tests/CISA/exchange/Test-MtCisaContactSharing.Tests.ps1 @@ -3,7 +3,7 @@ Describe "CISA SCuBA" -Tag "MS.EXO", "MS.EXO.6.1", "CISA", "Security", "All" { $cisaContactSharing = Test-MtCisaContactSharing - if($null -eq $cisaContactSharing) { + if($null -ne $cisaContactSharing) { $cisaContactSharing | Should -Be $true -Because "contact sharing is disabled." } }