Add license check

powershell/internal/Get-MtSkippedReason.ps1

@@ -18,6 +18,7 @@ function Get-MtSkippedReason {
         "NotLicensedEntraIDP2" { "This test is for tenants that are licensed for Entra ID P2. See [Entra ID licensing](https://learn.microsoft.com/entra/fundamentals/licensing)"; break}
         "NotLicensedEntraIDGovernance" { "This test is for tenants that are licensed for Entra ID Governance. See [Entra ID Governance licensing](https://learn.microsoft.com/entra/fundamentals/licensing#microsoft-entra-id-governance)"; break}
         "NotLicensedEntraWorkloadID" { "This test is for tenants that are licensed for Entra Workload ID. See [Entra Workload ID licensing](https://learn.microsoft.com/entra/workload-id/workload-identities-faqs)"; break}
+        "NotLicensedExoDlp" { "This test is for tenants that are licensed for Exchange Online DLP. See [Microsoft Purview Data Loss Prevention: Data Loss Prevention (DLP) for Exchange Online, SharePoint Online, and OneDrive for Business](https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#which-licenses-provide-the-rights-for-a-user-to-benefit-from-the-service-7)"; break}
         "LicensedEntraIDPremium" { "This test is for tenants that are not licensed for any Entra ID Premium license. See [Entra ID licensing](https://learn.microsoft.com/entra/fundamentals/licensing)"; break}
         "NotSupported" { "This test relies on capabilities not currently available (e.g., cmdlets that are not available on all platforms, Resolve-DnsName)"; break}
         default { $SkippedBecause; break}

powershell/public/Add-MtTestResultDetail.ps1

@@ -65,7 +65,7 @@ function Add-MtTestResultDetail {
 
         [Parameter(Mandatory = $false)]
         [ValidateSet('NotConnectedAzure', 'NotConnectedExchange', 'NotDotGovDomain', 'NotLicensedEntraIDP1', 'NotConnectedSecurityCompliance',
-            'NotLicensedEntraIDP2', 'NotLicensedEntraIDGovernance', 'NotLicensedEntraWorkloadID', "LicensedEntraIDPremium", 'NotSupported', 'Custom'
+            'NotLicensedEntraIDP2', 'NotLicensedEntraIDGovernance', 'NotLicensedEntraWorkloadID', 'NotLicensedExoDlp', "LicensedEntraIDPremium", 'NotSupported', 'Custom'
         )]
         # Common reasons for why the test was skipped.
         [string] $SkippedBecause,

powershell/public/Get-MtLicenseInformation.ps1

@@ -19,7 +19,7 @@ function Get-MtLicenseInformation {
     [CmdletBinding()]
     param (
         [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Position = 0, Mandatory)]
-        [ValidateSet('EntraID', 'EntraWorkloadID')]
+        [ValidateSet('EntraID', 'EntraWorkloadID', 'ExoDlp')]
         [string] $Product
     )
 
@@ -55,6 +55,28 @@ function Get-MtLicenseInformation {
                 return $LicenseType
                 Break
             }
+            "ExoDlp" {
+                Write-Verbose "Retrieving license SKU for ExoDlp"
+                $skus = Invoke-MtGraphRequest -RelativeUri "subscribedSkus"
+                $requiredSkus = @(
+                    #skuId
+                    "cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46", #Microsoft 365 Business Premium
+                    "a3f586b6-8cce-4d9b-99d6-55238397f77a", #Microsoft 365 Business Premium EEA (no Teams)
+                    #servicePlanId
+                    "efb87545-963c-4e0d-99df-69c6916d9eb0" #Exchange Online (Plan 2)
+                )
+                $LicenseType = $null
+                foreach($sku in $requiredSkus){
+                    $skuId = $sku -in $skus.skuId
+                    $servicePlanId = $sku -in $skus.servicePlans.servicePlanId
+                    if($skuId -or $servicePlanId){
+                        $LicenseType = "ExoDlp"
+                    }
+                }
+                Write-Information "The license type for Entra ID is $LicenseType"
+                return $LicenseType
+                Break
+            }
 
             Default {}
         }

powershell/public/cisa/exchange/Test-MtCisaDlp.ps1

@@ -18,13 +18,15 @@ function Test-MtCisaDlp {
     [OutputType([bool])]
     param()
 
-    #Add License Check
     if(!(Test-MtConnection ExchangeOnline)){
         Add-MtTestResultDetail -SkippedBecause NotConnectedExchange
         return $null
     }elseif(!(Test-MtConnection SecurityCompliance)){
         Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance
         return $null
+    }elseif($null -eq (Get-MtLicenseInformation -Product ExoDlp)){
+        Add-MtTestResultDetail -SkippedBecause NotLicensedExoDlp
+        return $null
     }
 
     $policies = Get-DlpCompliancePolicy

powershell/public/cisa/exchange/Test-MtCisaDlpBaselineRule.ps1

@@ -18,13 +18,15 @@ function Test-MtCisaDlpBaselineRule {
     [OutputType([bool])]
     param()
 
-    #Add License Check
     if(!(Test-MtConnection ExchangeOnline)){
         Add-MtTestResultDetail -SkippedBecause NotConnectedExchange
         return $null
     }elseif(!(Test-MtConnection SecurityCompliance)){
         Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance
         return $null
+    }elseif($null -eq (Get-MtLicenseInformation -Product ExoDlp)){
+        Add-MtTestResultDetail -SkippedBecause NotLicensedExoDlp
+        return $null
     }
 
     $policies = Get-DlpCompliancePolicy

powershell/public/cisa/exchange/Test-MtCisaDlpPii.ps1

@@ -18,13 +18,15 @@ function Test-MtCisaDlpPii {
     [OutputType([bool])]
     param()
 
-    #Add License Check
     if(!(Test-MtConnection ExchangeOnline)){
         Add-MtTestResultDetail -SkippedBecause NotConnectedExchange
         return $null
     }elseif(!(Test-MtConnection SecurityCompliance)){
         Add-MtTestResultDetail -SkippedBecause NotConnectedSecurityCompliance
         return $null
+    }elseif($null -eq (Get-MtLicenseInformation -Product ExoDlp)){
+        Add-MtTestResultDetail -SkippedBecause NotLicensedExoDlp
+        return $null
     }
 
     $policies = Get-DlpCompliancePolicy