Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New test - M365 Group should be limited to approved users #485

Open
12Knocksinna opened this issue Oct 3, 2024 · 2 comments
Open

New test - M365 Group should be limited to approved users #485

12Knocksinna opened this issue Oct 3, 2024 · 2 comments

Comments

@12Knocksinna
Copy link

Here's a code test contribution.

Describe "RAEntraConfig" -Tag "Privilege", "Office 365 for IT Pros" {
    It "OFF.STD01: Check 'Group creation blocked for non-authorized users" {

	 
	$result = Invoke-MtGraphRequest -RelativeUri 'settings' -ApiVersion beta

	$groupExists = $result |  Where-Object { $_.displayName -eq 'Group.Unified' }

	$testResult = $groupExists -ne $null

	$testResult | Should -Be $true 

    }
}
```
@12Knocksinna
Copy link
Author

Hi Merill,

As it happens, that code isn't correct. Cutting code in a hotel lobby is probably not the best way to proceed. This code is better:

Describe "RAEntraConfig" -Tag "Privilege", "Office 365 for IT Pros" {
It "OFFICE365.Test01: Check 'Group creation should be blocked for non-authorized users" {

# $result = Invoke-MtGraphRequest -RelativeUri 'settings' -ApiVersion beta

$Uri = "https://graph.microsoft.com/beta/settings"
    $Result = Invoke-MgGraphRequest -Method Get -Uri $Uri

$GroupSettings = $Result.Value | Where-Object { $_.displayName -eq 'Group.Unified' }

    $GroupCreationControl = $GroupSettings.values | Where-Object {$_.Name -eq 'EnableGroupCreation'} | Select-Object -ExpandProperty Value

$TestResult = $GroupCreationControl -ne $null

$TestResult | Should -Be $false 

}

}

@12Knocksinna
Copy link
Author

This is the version I eventually settled on. For whatever reason, the test always failed if it evaluated the $GroupCreationControl variable. Using its value to update the $TestResult variable and assessing that variable worked. Is there something about tests that they must have a $true outcome to pass?

Describe "RAEntraConfig" -Tag "Privilege", "Office 365 for IT Pros" {
It "OFFICE365.Test01: Check 'Group creation should be blocked for non-authorized users" {

# $result = Invoke-MtGraphRequest -RelativeUri 'settings' -ApiVersion beta

$Uri = "https://graph.microsoft.com/beta/settings"
    $Result = Invoke-MgGraphRequest -Method Get -Uri $Uri

$GroupSettings = $Result.Value | Where-Object { $_.displayName -eq 'Group.Unified' }

    $GroupCreationControl = $GroupSettings.values | Where-Object {$_.Name -eq 'EnableGroupCreation'} | Select-Object -ExpandProperty Value
    If ($GroupCreationControl -eq $false) {
       $TestResult = $true
    } else {
       $TestResult = $false
    }

If ($null -ne $TestResult) {
        $TestResult | Should -Be $true -Because "User ability to create Microsoft 365 Groups is disabled."
    }

}

}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@12Knocksinna