From 2c1e925aaead8319b11e41ff7667a7d4c3ce77d1 Mon Sep 17 00:00:00 2001 From: NZLostboy Date: Tue, 15 Oct 2024 16:32:52 +1300 Subject: [PATCH 1/4] Fixed typos --- powershell/public/cis/Test-MtCisSafeAttachment.md | 2 +- powershell/public/cis/Test-MtCisSafeAttachment.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cis/Test-MtCisSafeAttachment.md b/powershell/public/cis/Test-MtCisSafeAttachment.md index c647ec75..a642ab25 100644 --- a/powershell/public/cis/Test-MtCisSafeAttachment.md +++ b/powershell/public/cis/Test-MtCisSafeAttachment.md @@ -1,6 +1,6 @@ 2.1.4 (L2) Ensure Safe Attachments policy is enabled -R**ationale:** +**Rationale:** Enabling Safe Attachments policy helps protect against malware threats in email attachments by analyzing suspicious attachments in a secure, cloud-based environment before they are delivered to the user's inbox. This provides an additional layer of security and can prevent new or unseen types of malware from infiltrating the organization's network. #### Remediation action: diff --git a/powershell/public/cis/Test-MtCisSafeAttachment.ps1 b/powershell/public/cis/Test-MtCisSafeAttachment.ps1 index 2b5605f6..3e9050b8 100644 --- a/powershell/public/cis/Test-MtCisSafeAttachment.ps1 +++ b/powershell/public/cis/Test-MtCisSafeAttachment.ps1 @@ -75,7 +75,7 @@ function Test-MtCisSafeAttachment { $testResultMarkdown = "Well done. Your tenant has the safe attachment policy enabled ($portalLink).`n`n%TestResult%" } else { - $testResultMarkdown = "Your tenant does not have the the safe attachment policy enabled ($portalLink).`n`n%TestResult%" + $testResultMarkdown = "Your tenant does not have the safe attachment policy enabled ($portalLink).`n`n%TestResult%" } From 811ca62ea0cd22285c9393b56acdd3e338ad5f0f Mon Sep 17 00:00:00 2001 From: NZLostboy Date: Tue, 15 Oct 2024 16:33:23 +1300 Subject: [PATCH 2/4] Added CIS Checks Added checks CIS 2.1.5 & CIS 2.1.6 --- powershell/Maester.psd1 | 2 + .../cis/Test-MtCisOutboundSpamFilterPolicy.md | 24 +++++ .../Test-MtCisOutboundSpamFilterPolicy.ps1 | 92 ++++++++++++++++++ .../cis/Test-MtCisSafeAttachmentsAtpPolicy.md | 24 +++++ .../Test-MtCisSafeAttachmentsAtpPolicy.ps1 | 97 +++++++++++++++++++ powershell/public/cisa/exchange/Get-MtExo.ps1 | 42 ++++---- ...st-MtCisOutboundSpamFilterPolicy.Tests.ps1 | 10 ++ tests/cis/Test-MtCisSafeAttachment.Tests.ps1 | 2 +- ...st-MtCisSafeAttachmentsAtpPolicy.Tests.ps1 | 10 ++ website/docs/tests/cis/readme.md | 2 + 10 files changed, 284 insertions(+), 21 deletions(-) create mode 100644 powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.md create mode 100644 powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 create mode 100644 powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.md create mode 100644 powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 create mode 100644 tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 create mode 100644 tests/cis/Test-MtCisSafeAttachmentsAtpPolicy.Tests.ps1 diff --git a/powershell/Maester.psd1 b/powershell/Maester.psd1 index 246fe22d..6191011e 100644 --- a/powershell/Maester.psd1 +++ b/powershell/Maester.psd1 @@ -142,6 +142,8 @@ FunctionsToExport = 'Add-MtTestResultDetail', 'Clear-MtGraphCache', 'Connect-Mae 'Test-MtCisAttachmentFilter', 'Test-MtCisInternalMalwareNotification', 'Test-MtCisSafeAttachment', + 'Test-MtCisSafeAttachmentsAtpPolicy', + "Test-MtCisOutboundSpamFilterPolicy", 'Test-MtConditionalAccessWhatIf', 'Test-MtConnection', 'Test-MtEidscaControl', diff --git a/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.md b/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.md new file mode 100644 index 00000000..e9602d63 --- /dev/null +++ b/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.md @@ -0,0 +1,24 @@ +2.1.6 (L1) Ensure Exchange Online Spam Policies are set to notify administrators + +Description: Configure Exchange Online Spam Policies to copy emails and notify someone when a sender in the organization has been blocked for sending spam emails. + +#### Remediation action: + +To set the Exchange Online Spam Policies: + +1. Navigate to Microsoft 365 Defender [https://security.microsoft.com](https://security.microsoft.com) +2. Under **Email & collaboration** select **Policies & rules** +3. Select **Threat policies** then **Anti-spam** +4. Click on the **Anti-spam outbound policy (default)** +5. Select **Edit protection settings** then under **Notifications** +6. Check **Send a copy of outbound messages that exceed these limits to these users and groups** then enter the desired email addresses +7. Check **Notify these users and groups if a sender is blocked due to sending outbound spam** then enter the desired email addresses. +8. Click **Save**. + +#### Related links + +* [Microsoft 365 Defender](https://security.microsoft.com) +* [CIS Microsoft 365 Foundations Benchmark v3.1.0 - Page 76](https://www.cisecurity.org/benchmark/microsoft_365) + + +%TestResult% \ No newline at end of file diff --git a/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 b/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 new file mode 100644 index 00000000..d79c988c --- /dev/null +++ b/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 @@ -0,0 +1,92 @@ +<# +.SYNOPSIS +Checks if Exchange Online Spam Policies are set to notify administrators + +.DESCRIPTION +Ensure Exchange Online Spam Policies are set to notify administrators + +.EXAMPLE +Test-MtCisOutboundSpamFilterPolicy + +Returns true if Exchange Online Spam Policies are set to notify administrators + +.LINK +https://maester.dev/docs/commands/Test-MtCisOutboundSpamFilterPolicy +#> +function Test-MtCisOutboundSpamFilterPolicy { + [CmdletBinding()] + [OutputType([bool])] + param() + + if (!(Test-MtConnection ExchangeOnline)) { + Add-MtTestResultDetail -SkippedBecause NotConnectedExchange + return $null + } + elseif (!(Test-MtConnection SecurityCompliance)) { + Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance + return $null + } + elseif ($null -eq (Get-MtLicenseInformation -Product Mdo)) { + Add-MtTestResultDetail -SkippedBecause NotLicensedMdo + return $null + } + + Write-Verbose "Getting Safe Attachment Policy..." + $policy = Get-MtExo -Request HostedOutboundSpamFilterPolicy + + $OutboundSpamFilterPolicyCheckList = @() + + #BccSuspiciousOutboundMail should be True + $OutboundSpamFilterPolicyCheckList += [pscustomobject] @{ + "CheckName" = "BccSuspiciousOutboundMail" + "Value" = "True" + } + + #NotifyOutboundSpam should be True + $OutboundSpamFilterPolicyCheckList += [pscustomobject] @{ + "CheckName" = "NotifyOutboundSpam" + "Value" = "True" + } + + + Write-Verbose "Executing checks" + $failedCheckList = @() + foreach ($check in $OutboundSpamFilterPolicyCheckList) { + + $checkResult = $policy | Where-Object { $_.($check.CheckName) -notmatch $check.Value } + + if ($checkResult) { + #If the check fails, add it to the list so we can report on it later + $failedCheckList += $check.CheckName + } + + } + + $testResult = ($failedCheckList | Measure-Object).Count -eq 0 + + $portalLink = "https://security.microsoft.com/antispam" + + if ($testResult) { + $testResultMarkdown = "Well done. Your tenant has Exchange Online Spam Policies set to notify administrators ($portalLink).`n`n%TestResult%" + } + else { + $testResultMarkdown = "Your tenant does not have Exchange Online Spam Policies set to notify administrators ($portalLink).`n`n%TestResult%" + } + + + $resultMd = "| Check Name | Result |`n" + $resultMd += "| --- | --- |`n" + foreach ($item in $OutboundSpamFilterPolicyCheckList) { + $itemResult = "❌ Fail" + if ($item.CheckName -notin $failedCheckList) { + $itemResult = "✅ Pass" + } + $resultMd += "| $($item.CheckName) | $($itemResult) |`n" + } + + $testResultMarkdown = $testResultMarkdown -replace "%TestResult%", $resultMd + + Add-MtTestResultDetail -Result $testResultMarkdown + + return $testResult +} \ No newline at end of file diff --git a/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.md b/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.md new file mode 100644 index 00000000..638029ec --- /dev/null +++ b/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.md @@ -0,0 +1,24 @@ +2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled + +Description: Safe Attachments for SharePoint, OneDrive, and Microsoft Teams scans these services for malicious files. + +#### Remediation action: + +To enable Safe Attachments for SharePoint, OneDrive, and Microsoft Teams: + +1. Navigate to Microsoft 365 Defender [https://security.microsoft.com](https://security.microsoft.com) +2. Under **Email & collaboration** select **Policies & rules** +3. Select **Threat policies** then **Safe Attachments** +4. Click on **Global settings** +5. Click to **Enable Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams** +6. Click to **Enable Turn on Safe Documents for Office clients** +7. Click to **Disable Allow people to click through Protected View even if Safe Documents identified the file as malicious** +8. Click **Save**. + +#### Related links + +* [Microsoft 365 Defender](https://security.microsoft.com) +* [CIS Microsoft 365 Foundations Benchmark v3.1.0 - Page 73](https://www.cisecurity.org/benchmark/microsoft_365) + + +%TestResult% \ No newline at end of file diff --git a/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 b/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 new file mode 100644 index 00000000..68d8279b --- /dev/null +++ b/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 @@ -0,0 +1,97 @@ +<# +.SYNOPSIS +Checks if Safe Attachments for SharePoint, OneDrive, and Microsoft Teams are enabled + +.DESCRIPTION +Safe Attachments for SharePoint, OneDrive, and Microsoft Teams should be enabled + +.EXAMPLE +Test-MtCisSafeAttachmentsAtpPolicy + +Returns true if safe attachments are enabled for SharePoint, OneDrive, and Microsoft Teams + +.LINK +https://maester.dev/docs/commands/Test-MtCisSafeAttachmentsAtpPolicy +#> +function Test-MtCisSafeAttachmentsAtpPolicy { + [CmdletBinding()] + [OutputType([bool])] + param() + + if (!(Test-MtConnection ExchangeOnline)) { + Add-MtTestResultDetail -SkippedBecause NotConnectedExchange + return $null + } + elseif (!(Test-MtConnection SecurityCompliance)) { + Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance + return $null + } + elseif ($null -eq (Get-MtLicenseInformation -Product Mdo)) { + Add-MtTestResultDetail -SkippedBecause NotLicensedMdo + return $null + } + + Write-Verbose "Getting Safe Attachment Policy..." + $policy = Get-MtExo -Request AtpPolicyForO365 + + $atpPolicyCheckList = @() + + #EnableATPForSPOTeamsODB should be True + $atpPolicyCheckList += [pscustomobject] @{ + "CheckName" = "EnableATPForSPOTeamsODB" + "Value" = "True" + } + + #EnableSafeDocs should be True + $atpPolicyCheckList += [pscustomobject] @{ + "CheckName" = "EnableSafeDocs" + "Value" = "True" + } + + #AllowSafeDocsOpen should be False + $atpPolicyCheckList += [pscustomobject] @{ + "CheckName" = "AllowSafeDocsOpen" + "Value" = "False" + } + + Write-Verbose "Executing checks" + $failedCheckList = @() + foreach ($check in $atpPolicyCheckList) { + + $checkResult = $policy | Where-Object { $_.($check.CheckName) -notmatch $check.Value } + + if ($checkResult) { + #If the check fails, add it to the list so we can report on it later + $failedCheckList += $check.CheckName + } + + } + + $testResult = ($failedCheckList | Measure-Object).Count -eq 0 + + $portalLink = "https://security.microsoft.com/safeattachmentv2" + + if ($testResult) { + $testResultMarkdown = "Well done. Your tenant has Safe Attachments for SharePoint, OneDrive, and Microsoft Teams enabled ($portalLink).`n`n%TestResult%" + } + else { + $testResultMarkdown = "Your tenant does not have Safe Attachments for SharePoint, OneDrive, and Microsoft Teams enabled ($portalLink).`n`n%TestResult%" + } + + + $resultMd = "| Check Name | Result |`n" + $resultMd += "| --- | --- |`n" + foreach ($item in $atpPolicyCheckList) { + $itemResult = "❌ Fail" + if ($item.CheckName -notin $failedCheckList) { + $itemResult = "✅ Pass" + } + $resultMd += "| $($item.CheckName) | $($itemResult) |`n" + } + + $testResultMarkdown = $testResultMarkdown -replace "%TestResult%", $resultMd + + Add-MtTestResultDetail -Result $testResultMarkdown + + return $testResult +} \ No newline at end of file diff --git a/powershell/public/cisa/exchange/Get-MtExo.ps1 b/powershell/public/cisa/exchange/Get-MtExo.ps1 index 5885414d..0aa4ace9 100644 --- a/powershell/public/cisa/exchange/Get-MtExo.ps1 +++ b/powershell/public/cisa/exchange/Get-MtExo.ps1 @@ -41,26 +41,28 @@ function Get-MtExo { ### - add them to the hashtable below ### - confirm the command's return type is in OutputType (e.g. (Get-AcceptedDomain).GetType().Name) $commands = @{ - "AcceptedDomain" = "Get-AcceptedDomain" - "RemoteDomain" = "Get-RemoteDomain" - "TransportConfig" = "Get-TransportConfig" - "TransportRule" = "Get-TransportRule" - "OrganizationConfig" = "Get-OrganizationConfig" - "DkimSigningConfig" = "Get-DkimSigningConfig" - "SharingPolicy" = "Get-SharingPolicy" - "DlpComplianceRule" = "Get-DlpComplianceRule" - "DlpCompliancePolicy" = "Get-DlpCompliancePolicy" - "MalwareFilterPolicy" = "Get-MalwareFilterPolicy" - "HostedContentFilterPolicy" = "Get-HostedContentFilterPolicy" - "HostedConnectionFilterPolicy" = "Get-HostedConnectionFilterPolicy" - "AntiPhishPolicy" = "Get-AntiPhishPolicy" - "SafeAttachmentPolicy" = "Get-SafeAttachmentPolicy" - "SafeLinksPolicy" = "Get-SafeLinksPolicy" - "ATPBuiltInProtectionRule" = "Get-ATPBuiltInProtectionRule" - "EOPProtectionPolicyRule" = "Get-EOPProtectionPolicyRule" - "ATPProtectionPolicyRule" = "Get-ATPProtectionPolicyRule" - "ProtectionAlert" = "Get-ProtectionAlert" - "EXOMailbox" = "Get-EXOMailbox" + "AcceptedDomain" = "Get-AcceptedDomain" + "RemoteDomain" = "Get-RemoteDomain" + "TransportConfig" = "Get-TransportConfig" + "TransportRule" = "Get-TransportRule" + "OrganizationConfig" = "Get-OrganizationConfig" + "DkimSigningConfig" = "Get-DkimSigningConfig" + "SharingPolicy" = "Get-SharingPolicy" + "DlpComplianceRule" = "Get-DlpComplianceRule" + "DlpCompliancePolicy" = "Get-DlpCompliancePolicy" + "MalwareFilterPolicy" = "Get-MalwareFilterPolicy" + "HostedContentFilterPolicy" = "Get-HostedContentFilterPolicy" + "HostedConnectionFilterPolicy" = "Get-HostedConnectionFilterPolicy" + "AntiPhishPolicy" = "Get-AntiPhishPolicy" + "SafeAttachmentPolicy" = "Get-SafeAttachmentPolicy" + "SafeLinksPolicy" = "Get-SafeLinksPolicy" + "HostedOutboundSpamFilterPolicy" = "Get-HostedOutboundSpamFilterPolicy" + "AtpPolicyForO365" = "Get-AtpPolicyForO365" + "ATPBuiltInProtectionRule" = "Get-ATPBuiltInProtectionRule" + "EOPProtectionPolicyRule" = "Get-EOPProtectionPolicyRule" + "ATPProtectionPolicyRule" = "Get-ATPProtectionPolicyRule" + "ProtectionAlert" = "Get-ProtectionAlert" + "EXOMailbox" = "Get-EXOMailbox" } diff --git a/tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 b/tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 new file mode 100644 index 00000000..2a898c0a --- /dev/null +++ b/tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 @@ -0,0 +1,10 @@ +Describe "CIS" -Tag "CIS 2.1.6", "L2", "CIS E3 Level 1", "CIS E5", "CIS", "Security", "All", "CIS M365 v3.1.0" { + It "2.1.6 (L1) Ensure Exchange Online Spam Policies are set to notify administrators" { + + $result = Test-MtCisOutboundSpamFilterPolicy + + if ($null -ne $result) { + $result | Should -Be $true -Because "the Exchange Online Spam Policies are set to notify administrators." + } + } +} \ No newline at end of file diff --git a/tests/cis/Test-MtCisSafeAttachment.Tests.ps1 b/tests/cis/Test-MtCisSafeAttachment.Tests.ps1 index b480e5ec..81b837da 100644 --- a/tests/cis/Test-MtCisSafeAttachment.Tests.ps1 +++ b/tests/cis/Test-MtCisSafeAttachment.Tests.ps1 @@ -1,4 +1,4 @@ -Describe "CIS" -Tag "CIS 2.1.4", "L2", "CIS E5 Level 5", "CIS E5", "CIS", "Security", "All", "CIS M365 v3.1.0" { +Describe "CIS" -Tag "CIS 2.1.4", "L2", "CIS E5 Level 2", "CIS E5", "CIS", "Security", "All", "CIS M365 v3.1.0" { It "2.1.4 (L2) Ensure Safe Attachments policy is enabled" { $result = Test-MtCisSafeAttachment diff --git a/tests/cis/Test-MtCisSafeAttachmentsAtpPolicy.Tests.ps1 b/tests/cis/Test-MtCisSafeAttachmentsAtpPolicy.Tests.ps1 new file mode 100644 index 00000000..61a274e0 --- /dev/null +++ b/tests/cis/Test-MtCisSafeAttachmentsAtpPolicy.Tests.ps1 @@ -0,0 +1,10 @@ +Describe "CIS" -Tag "CIS 2.1.5", "L2", "CIS E5 Level 2", "CIS E5", "CIS", "Security", "All", "CIS M365 v3.1.0" { + It "2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled" { + + $result = Test-MtCisSafeAttachmentsAtpPolicy + + if ($null -ne $result) { + $result | Should -Be $true -Because "the Safe Attachement policies for SharePoint, OneDrive, and Microsoft Teams are Enabled." + } + } +} \ No newline at end of file diff --git a/website/docs/tests/cis/readme.md b/website/docs/tests/cis/readme.md index 4e23a5fa..0f576d96 100644 --- a/website/docs/tests/cis/readme.md +++ b/website/docs/tests/cis/readme.md @@ -41,5 +41,7 @@ See the [Installation guide](/docs/installation#optional-modules-and-permissions | Test-MtCisAttachmentFilter | 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled | | Test-MtCisInternalMalwareNotification | 2.1.3 (L1) Ensure notifications for internal users sending malware is Enabled | | Test-MtCisSafeAttachment | 2.1.4 (L2) Ensure Safe Attachments policy is enabled | +| Test-MtCisSafeAttachmentsAtpPolicy | 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled | +| Test-MtCisOutboundSpamFilterPolicy | 2.1.6 (L1) Ensure Exchange Online Spam Policies are set to notify administrators | TBD in this case refers to CIS "manual" checks. It might be possible to automate these, but skipping for now to focus on automated checks. \ No newline at end of file From d559e19379a79601c1b0fbe83e21f0e1392ffebe Mon Sep 17 00:00:00 2001 From: NZLostboy Date: Tue, 15 Oct 2024 16:41:49 +1300 Subject: [PATCH 3/4] Fixed tag --- tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 b/tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 index 2a898c0a..278a48cd 100644 --- a/tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 +++ b/tests/cis/Test-MtCisOutboundSpamFilterPolicy.Tests.ps1 @@ -1,4 +1,4 @@ -Describe "CIS" -Tag "CIS 2.1.6", "L2", "CIS E3 Level 1", "CIS E5", "CIS", "Security", "All", "CIS M365 v3.1.0" { +Describe "CIS" -Tag "CIS 2.1.6", "L1", "CIS E3 Level 1", "CIS E3", "CIS", "Security", "All", "CIS M365 v3.1.0" { It "2.1.6 (L1) Ensure Exchange Online Spam Policies are set to notify administrators" { $result = Test-MtCisOutboundSpamFilterPolicy From 3054309dc8aaffaed6cc15d77f841d84ab00a159 Mon Sep 17 00:00:00 2001 From: NZLostboy Date: Tue, 15 Oct 2024 16:46:27 +1300 Subject: [PATCH 4/4] Fixed output messages --- powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 | 2 +- powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 b/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 index d79c988c..49b452e0 100644 --- a/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 +++ b/powershell/public/cis/Test-MtCisOutboundSpamFilterPolicy.ps1 @@ -31,7 +31,7 @@ function Test-MtCisOutboundSpamFilterPolicy { return $null } - Write-Verbose "Getting Safe Attachment Policy..." + Write-Verbose "Getting Outbound Spam Filter Policy..." $policy = Get-MtExo -Request HostedOutboundSpamFilterPolicy $OutboundSpamFilterPolicyCheckList = @() diff --git a/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 b/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 index 68d8279b..5f33c2f2 100644 --- a/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 +++ b/powershell/public/cis/Test-MtCisSafeAttachmentsAtpPolicy.ps1 @@ -31,7 +31,7 @@ function Test-MtCisSafeAttachmentsAtpPolicy { return $null } - Write-Verbose "Getting Safe Attachment Policy..." + Write-Verbose "Getting 365 Atp Policy..." $policy = Get-MtExo -Request AtpPolicyForO365 $atpPolicyCheckList = @()