Skip to content

Commit

Permalink
Merge pull request #308 from Snozzberries/exoSecurity
Browse files Browse the repository at this point in the history 
Fix to Team* parameters and Service Parameter logic
  • Loading branch information
@merill
merill authored Jul 8, 2024
2 parents ac7d470 + 1cc9b23 commit a526c82
Show file tree
Hide file tree
Showing 18 changed files with 187 additions and 36 deletions.
11 changes: 8 additions & 3 deletions powershell/public/CISA/Entra/Test-MtCisaWeakFactor.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,23 +23,28 @@ Function Test-MtCisaWeakFactor {
"Email"
)

$isMethodsMigrationComplete = Test-MtCisaMethodsMigration

$result = Get-MtAuthenticationMethodPolicyConfig

$weakAuthMethods = $result | Where-Object { $_.id -in $weakFactors }

$enabledWeakMethods = $weakAuthMethods | Where-Object { $_.state -eq "enabled" }

$testResult = ($enabledWeakMethods|Measure-Object).Count -eq 0
$testResult = (($enabledWeakMethods|Measure-Object).Count -eq 0) -and $isMethodsMigrationComplete

if ($testResult) {
$testResultMarkdown = "Well done. All weak authentication methods are disabled in your tenant.`n`n%TestResult%"
} else {
$testResultMarkdown = "One or more weak methods are enabled in your tenant.`n`n%TestResult%"
$testResultMarkdown = "One or more weak methods are enabled in your tenant, or migration to Authentication Methods is incomplete.`n`n%TestResult%"
}

# Auth method does not support deep links.
$authMethodsLink = "https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods"
$result = "| Authentication Method | State | Test Result |`n"
$migrationResult = "❌ Fail"
if($isMethodsMigrationComplete){$migrationResult = "✅ Pass"}
$result = "[Authentication Methods]($authMethodsLink) Migration Complete: $migrationResult`n`n"
$result += "| Authentication Method | State | Test Result |`n"
$result += "| --- | --- | --- |`n"
foreach ($item in $weakAuthMethods) {
$methodResult = "✅ Pass"
Expand Down
26 changes: 23 additions & 3 deletions powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDkim.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ warnings :
#>

Function ConvertFrom-MailAuthenticationRecordDkim {
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')]
[OutputType([DKIMRecord],[System.String])]
[cmdletbinding()]
param(
Expand Down Expand Up @@ -90,9 +91,28 @@ Function ConvertFrom-MailAuthenticationRecordDkim {
ErrorAction = "Stop"
}
try{
$dkimRecord = [DKIMRecord]::new((Resolve-DnsName @dkimSplat | `
Where-Object {$_.Type -eq "TXT"} | `
Where-Object {$_.Strings -match $matchRecord}).Strings)
if($isWindows){
$dkimRecord = [DKIMRecord]::new((Resolve-DnsName @dkimSplat | `
Where-Object {$_.Type -eq "TXT"} | `
Where-Object {$_.Strings -match $matchRecord}).Strings)
}else{
$cmdletCheck = Get-Command "Resolve-Dns"
if($cmdletCheck){
$dkimSplatAlt = @{
Query = $dkimSplat.Name
QueryType = $dkimSplat.Type
NameServer = $dkimSplat.Server
ErrorAction = $dkimSplat.ErrorAction
}
$dkimRecord = [SPFRecord]::new((Resolve-Dns @dkimSplatAlt | `
Where-Object {$_.RecordType -eq "TXT"} | `
Where-Object {$_.Text -imatch $matchRecord}).Text)
}else{
Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module."
Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow
return "Missing dependency, Resolve-Dns not available"
}
}
}catch [System.Management.Automation.CommandNotFoundException]{
Write-Error $_
return "Unsupported platform, Resolve-DnsName not available"
Expand Down
26 changes: 23 additions & 3 deletions powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordDmarc.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ warnings : {sp: No subdomain policy set, adkim: No DKIM alignment se
#>

Function ConvertFrom-MailAuthenticationRecordDmarc {
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')]
[OutputType([DMARCRecord],[System.String])]
[cmdletbinding()]
param(
Expand Down Expand Up @@ -221,9 +222,28 @@ Function ConvertFrom-MailAuthenticationRecordDmarc {
ErrorAction = "Stop"
}
try{
$dmarcRecord = [DMARCRecord]::new((Resolve-DnsName @dmarcSplat | `
Where-Object {$_.Type -eq "TXT"} | `
Where-Object {$_.Strings -match $matchRecord}).Strings)
if($IsWindows){
$dmarcRecord = [DMARCRecord]::new((Resolve-DnsName @dmarcSplat | `
Where-Object {$_.Type -eq "TXT"} | `
Where-Object {$_.Strings -match $matchRecord}).Strings)
}else{
$cmdletCheck = Get-Command "Resolve-Dns"
if($cmdletCheck){
$dmarcSplatAlt = @{
Query = $dmarcSplat.Name
QueryType = $dmarcSplat.Type
NameServer = $dmarcSplat.Server
ErrorAction = $dmarcSplat.ErrorAction
}
$dmarcRecord = [DMARCRecord]::new((Resolve-Dns @dmarcSplatAlt | `
Where-Object {$_.RecordType -eq "TXT"} | `
Where-Object {$_.Text -imatch $matchRecord}).Text)
}else{
Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module."
Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow
return "Missing dependency, Resolve-Dns not available"
}
}
}catch [System.Management.Automation.CommandNotFoundException]{
Write-Error $_
return "Unsupported platform, Resolve-DnsName not available"
Expand Down
29 changes: 28 additions & 1 deletion powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordMx.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ microsoft.com MX 1731 Answer microsoft-com.m
#>

Function ConvertFrom-MailAuthenticationRecordMx {
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')]
[OutputType([Microsoft.DnsClient.Commands.DnsRecord_MX],[System.String])]
[cmdletbinding()]
param(
Expand All @@ -38,7 +39,33 @@ Function ConvertFrom-MailAuthenticationRecordMx {
ErrorAction = "Stop"
}
try{
$mxRecords = Resolve-DnsName @mxSplat | Where-Object {$_.Type -eq "MX"}
if($isWindows){
$mxRecords = Resolve-DnsName @mxSplat | Where-Object {$_.Type -eq "MX"}
}else{
$cmdletCheck = Get-Command "Resolve-Dns"
if($cmdletCheck){
$mxSplatAlt = @{
Query = $mxSplat.Name
QueryType = $mxSplat.Type
NameServer = $mxSplat.Server
ErrorAction = $mxSplat.ErrorAction
}
$answers = (Resolve-Dns @mxSplatAlt | Where-Object {$_.RecordType -eq "MX"}).Answers
$mxRecords = $answers | ForEach-Object {
[PSCustomObject]@{
Name = $_.DomainName
NameExchange = $_.Exchange
Type = $_.RecordType
TTL = $_.TimeToLive
Preference = $_.Preference
}
}
}else{
Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module."
Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow
return "Missing dependency, Resolve-Dns not available"
}
}
}catch [System.Management.Automation.CommandNotFoundException]{
Write-Error $_
return "Unsupported platform, Resolve-DnsName not available"
Expand Down
26 changes: 23 additions & 3 deletions powershell/public/CISA/exchange/ConvertFrom-MailAuthenticationRecordSpf.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ warnings :
#>

Function ConvertFrom-MailAuthenticationRecordSpf {
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')]
[OutputType([SPFRecord],[System.String])]
[cmdletbinding()]
param(
Expand Down Expand Up @@ -123,9 +124,28 @@ Function ConvertFrom-MailAuthenticationRecordSpf {
ErrorAction = "Stop"
}
try{
$spfRecord = [SPFRecord]::new((Resolve-DnsName @spfSplat | `
Where-Object {$_.Type -eq "TXT"} | `
Where-Object {$_.Strings -imatch $matchRecord}).Strings)
if($IsWindows){
$spfRecord = [SPFRecord]::new((Resolve-DnsName @spfSplat | `
Where-Object {$_.Type -eq "TXT"} | `
Where-Object {$_.Strings -imatch $matchRecord}).Strings)
}else{
$cmdletCheck = Get-Command "Resolve-Dns"
if($cmdletCheck){
$spfSplatAlt = @{
Query = $spfSplat.Name
QueryType = $spfSplat.Type
NameServer = $spfSplat.Server
ErrorAction = $spfSplat.ErrorAction
}
$spfRecord = [SPFRecord]::new((Resolve-Dns @spfSplatAlt | `
Where-Object {$_.RecordType -eq "TXT"} | `
Where-Object {$_.Text -imatch $matchRecord}).Text)
}else{
Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module."
Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow
return "Missing dependency, Resolve-Dns not available"
}
}
}catch [System.Management.Automation.CommandNotFoundException]{
Write-Error $_
return "Unsupported platform, Resolve-DnsName not available"
Expand Down
69 changes: 65 additions & 4 deletions powershell/public/CISA/exchange/Resolve-SPFRecord.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
#>

function Resolve-SPFRecord {
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Colors are beautiful')]
[OutputType([spfrecord[]],[System.String])]
[CmdletBinding()]
param (
Expand Down Expand Up @@ -67,7 +68,26 @@ function Resolve-SPFRecord {
# https://tools.ietf.org/html/rfc7208#section-4.6.4
# Query DNS Record
try{
$DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type TXT
if($isWindows){
$DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type TXT
}else{
$cmdletCheck = Get-Command "Resolve-Dns"
if($cmdletCheck){
$answers = (Resolve-Dns -NameServer $Server -Query $Name -QueryType TXT).Answers
$DNSRecords = $answers | ForEach-Object {
[PSCustomObject]@{
Name = $_.DomainName
Type = $_.RecordType
TTL = $_.TimeToLive
Strings = $_.Text
}
}
}else{
Write-Error "`nFor non-Windows platforms, please install DnsClient-PS module."
Write-Host "`n Install-Module DnsClient-PS -Scope CurrentUser`n" -ForegroundColor Yellow
return "Missing dependency, Resolve-Dns not available"
}
}
}catch [System.Management.Automation.CommandNotFoundException]{
Write-Error $_
return "Unsupported platform, Resolve-DnsName not available"
Expand Down Expand Up @@ -138,7 +158,21 @@ function Resolve-SPFRecord {
}
'^a:.*$' {
Write-Verbose "[A]`tSPF entry: $SPFDirective"
$DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type A
if($IsWindows){
$DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type A
}else{
$answers = (Resolve-Dns -NameServer $Server -Query $Name -QueryType A).Answers
$DNSRecords = $answers | ForEach-Object {
[PSCustomObject]@{
Name = $_.DomainName
Type = $_.RecordType
TTL = $_.TimeToLive
DataLength = $_.RawDataLength
Section = "Answer"
IPAddress = $_.Address
}
}
}
# Check SPF record
foreach ($IPAddress in ($DNSRecords.IPAddress) ) {
$SPFObject = [SPFRecord]::New( $IPAddress, ($SPFDirective -replace "^a:"), $Qualifier)
Expand All @@ -151,10 +185,37 @@ function Resolve-SPFRecord {
}
'^mx:.*$' {
Write-Verbose "[MX]`tSPF entry: $SPFDirective"
$DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type MX
if($IsWindows){
$DNSRecords = Resolve-DnsName -Server $Server -Name $Name -Type MX
}else{
$answers = (Resolve-Dns -NameServer $Server -Query $Name -QueryType MX).Answers
$DNSRecords = $answers | ForEach-Object {
[PSCustomObject]@{
Name = $_.DomainName
Type = $_.RecordType
TTL = $_.TimeToLive
NameExchange = $_.Exchange
Preference = $_.Preference
}
}
}
foreach ($MXRecords in ($DNSRecords.NameExchange) ) {
# Check SPF record
$DNSRecords = Resolve-DnsName -Server $Server -Name $MXRecords -Type A
if($isWindows){
$DNSRecords = Resolve-DnsName -Server $Server -Name $MXRecords -Type A
}else{
$answers = (Resolve-Dns -NameServer $Server -Query $Name -QueryType A).Answers
$DNSRecords = $answers | ForEach-Object {
[PSCustomObject]@{
Name = $_.DomainName
Type = $_.RecordType
TTL = $_.TimeToLive
DataLength = $_.RawDataLength
Section = "Answer"
IPAddress = $_.Address
}
}
}
foreach ($IPAddress in ($DNSRecords.IPAddress) ) {
$SPFObject = [SPFRecord]::New( $IPAddress, ($SPFDirective -replace "^mx:"), $Qualifier)
if ( $PSBoundParameters.ContainsKey('Referrer') ) {
Expand Down
2 changes: 1 addition & 1 deletion powershell/public/CISA/exchange/Test-MtCisaDkim.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ Function Test-MtCisaDkim {
$dkimRecord.pass = "Skipped"
$dkimRecord.reason = "Parked domain"
}
}elseif($dkimRecord.dkimRecord -eq "Unsupported platform, Resolve-DnsName not available"){
}elseif($dkimRecord.dkimRecord -like "*not available"){
$dkimRecord.pass = "Skipped"
$dkimRecord.reason = $dkimRecord.dkimRecord
}else{
Expand Down
4 changes: 2 additions & 2 deletions powershell/public/CISA/exchange/Test-MtCisaDmarcAggregateCisa.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ Function Test-MtCisaDmarcAggregateCisa {
$dmarcRecord.pass = "Passed"
}elseif($checkType -and -not $checkTarget){
$dmarcRecord.reason = "Missing CISA report target"
}elseif($dmarcRecord.dmarcRecord -eq "Unsupported platform, Resolve-DnsName not available"){
}elseif($dmarcRecord.dmarcRecord -like "*not available"){
$dmarcRecord.pass = "Skipped"
$dmarcRecord.reason = $dmarcRecord.dmarcRecord
}else{
Expand Down Expand Up @@ -108,7 +108,7 @@ Function Test-MtCisaDmarcAggregateCisa {
if($aggregatesCount -ge 3){
$aggregates = "$($aggregates[0]), $($aggregates[1]), "
$aggregates += "& ...$aggregatesCount targets"
}elseif(aggregatesCount -gt 1){
}elseif($aggregatesCount -gt 1){
$aggregates = $aggregates -join ", "
}

Expand Down
6 changes: 3 additions & 3 deletions powershell/public/CISA/exchange/Test-MtCisaDmarcRecordExist.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ Function Test-MtCisaDmarcRecordExist {

if($dmarcRecord.dmarcRecord.GetType().Name -eq "DMARCRecord"){
$dmarcRecord.pass = "Passed"
}elseif($dmarcRecord.dmarcRecord -eq "Unsupported platform, Resolve-DnsName not available"){
}elseif($dmarcRecord.dmarcRecord -like "*not available"){
$dmarcRecord.pass = "Skipped"
$dmarcRecord.reason = $dmarcRecord.dmarcRecord
}else{
Expand Down Expand Up @@ -86,15 +86,15 @@ Function Test-MtCisaDmarcRecordExist {
if($aggregatesCount -ge 3){
$aggregates = "$($aggregates[0]), $($aggregates[1]), "
$aggregates += "& ...$aggregatesCount targets"
}elseif(aggregatesCount -gt 1){
}elseif($aggregatesCount -gt 1){
$aggregates = $aggregates -join ", "
}
$forensics = $item.dmarcRecord.reportForensic.mailAddress
$forensicsCount = ($forensics|Measure-Object).Count
if($forensicsCount -ge 3){
$forensics = "$($forensics[0]), $($forensics[1]), "
$forensics += "& ...$forensicsCount targets"
}elseif(aggregatesCount -gt 1){
}elseif($aggregatesCount -gt 1){
$forensics = $forensics -join ", "
}

Expand Down
2 changes: 1 addition & 1 deletion powershell/public/CISA/exchange/Test-MtCisaDmarcRecordReject.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ Function Test-MtCisaDmarcRecordReject {
$dmarcRecord.reason = "Policy is not reject"
}elseif($checkType -and $dmarcRecord.dmarcRecord.policySubdomain -in @("none","quarantine")){
$dmarcRecord.reason = "Subdomain policy is not reject"
}elseif($dmarcRecord.dmarcRecord -eq "Unsupported platform, Resolve-DnsName not available"){
}elseif($dmarcRecord.dmarcRecord -like "*not available"){
$dmarcRecord.pass = "Skipped"
$dmarcRecord.reason = $dmarcRecord.dmarcRecord
}else{
Expand Down
2 changes: 1 addition & 1 deletion powershell/public/CISA/exchange/Test-MtCisaDmarcReport.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ Function Test-MtCisaDmarcReport {
$dmarcRecord.pass = "Passed"
}elseif($checkType){
$dmarcRecord.reason = "No target in domain"
}elseif($dmarcRecord.dmarcRecord -eq "Unsupported platform, Resolve-DnsName not available"){
}elseif($dmarcRecord.dmarcRecord -like "*not available"){
$dmarcRecord.pass = "Skipped"
$dmarcRecord.reason = $dmarcRecord.dmarcRecord
}else{
Expand Down
2 changes: 1 addition & 1 deletion powershell/public/CISA/exchange/Test-MtCisaSpfDirective.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Function Test-MtCisaSpfDirective {
$spfRecord.reason = "1+ mechanism targets"
}elseif(($directives|Measure-Object).Count -ge 1 -and -not $check){
$spfRecord.reason = "No EXO directive"
}elseif($spfRecord.spfRecord -eq "Unsupported platform, Resolve-DnsName not available"){
}elseif($spfRecord.spfRecord -like "*not available"){
$spfRecord.pass = "Skipped"
$spfRecord.reason = $spfRecord.spfRecord
}elseif($spfRecord.spfRecord.GetType().Name -eq "SPFRecord"){
Expand Down
2 changes: 1 addition & 1 deletion powershell/public/CISA/exchange/Test-MtCisaSpfRestriction.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ Function Test-MtCisaSpfRestriction {
$spfRecord.pass = "Skipped"
$spfRecord.reason = "Redirect modifier"
}
}elseif($spfRecord.spfRecord -eq "Unsupported platform, Resolve-DnsName not available"){
}elseif($spfRecord.spfRecord -like "*not available"){
$spfRecord.pass = "Skipped"
$spfRecord.reason = $spfRecord.spfRecord
}else{
Expand Down
Loading

0 comments on commit a526c82

Please sign in to comment.