diff --git a/PowerShell/ScubaGear/Modules/Providers/ExportDefenderProvider.psm1 b/PowerShell/ScubaGear/Modules/Providers/ExportDefenderProvider.psm1 index e47b6c2ea3..5b37cde610 100644 --- a/PowerShell/ScubaGear/Modules/Providers/ExportDefenderProvider.psm1 +++ b/PowerShell/ScubaGear/Modules/Providers/ExportDefenderProvider.psm1 @@ -100,19 +100,36 @@ function Export-DefenderProvider { $Tracker.AddUnSuccessfulCommand("Get-ProtectionAlert") } if ($IPPSConnected) { - $DLPCompliancePolicy = ConvertTo-Json @($Tracker.TryCommand("Get-DlpCompliancePolicy")) - $ProtectionAlert = ConvertTo-Json @($Tracker.TryCommand("Get-ProtectionAlert")) - $DLPComplianceRules = @($Tracker.TryCommand("Get-DlpComplianceRule")) + if (Get-Command Get-DlpCompliancePolicy -ErrorAction SilentlyContinue) { + $DLPCompliancePolicy = ConvertTo-Json @($Tracker.TryCommand("Get-DlpCompliancePolicy")) + $ProtectionAlert = ConvertTo-Json @($Tracker.TryCommand("Get-ProtectionAlert")) + $DLPComplianceRules = @($Tracker.TryCommand("Get-DlpComplianceRule")) + $DLPLicense = ConvertTo-Json $true # Powershell is inconsistent with how it saves lists to json. # This loop ensures that the format of ContentContainsSensitiveInformation # will *always* be a list. - foreach($Rule in $DLPComplianceRules) { - if ($Rule.Count -gt 0) { - $Rule.ContentContainsSensitiveInformation = @($Rule.ContentContainsSensitiveInformation) + foreach($Rule in $DLPComplianceRules) { + if ($Rule.Count -gt 0) { + $Rule.ContentContainsSensitiveInformation = @($Rule.ContentContainsSensitiveInformation) + } } } + else { + Write-Warning "Defender for DLP license not available in tenant. Omitting the following commands: Get-DlpCompliancePolicy, Get-DlpComplianceRule, and Get-ProtectionAlert." + $DLPCompliancePolicy = ConvertTo-Json @() + $DLPComplianceRules = ConvertTo-Json @() + $ProtectionAlert = ConvertTo-Json @() + $DLPComplianceRules = ConvertTo-Json @() + $Tracker.AddUnSuccessfulCommand("Get-DlpCompliancePolicy") + $Tracker.AddUnSuccessfulCommand("Get-DlpComplianceRule") + $Tracker.AddUnSuccessfulCommand("Get-ProtectionAlert") + $Tracker.AddSuccessfulCommand("Get-DlpCompliancePolicy") + $Tracker.AddSuccessfulCommand("Get-DlpComplianceRule") + $Tracker.AddSuccessfulCommand("Get-ProtectionAlert") + $DLPLicense = ConvertTo-Json $false + } # We need to specify the depth because the data contains some # nested tables. @@ -139,6 +156,7 @@ function Export-DefenderProvider { "admin_audit_log_config": $AdminAuditLogConfig, "atp_policy_for_o365": $ATPPolicy, "defender_license": $DefenderLicense, + "defender_dlp_license": $DLPLicense, "defender_successful_commands": $SuccessfulCommands, "defender_unsuccessful_commands": $UnSuccessfulCommands, "@ diff --git a/PowerShell/ScubaGear/Rego/DefenderConfig.rego b/PowerShell/ScubaGear/Rego/DefenderConfig.rego index 44d2125276..df713d04ea 100644 --- a/PowerShell/ScubaGear/Rego/DefenderConfig.rego +++ b/PowerShell/ScubaGear/Rego/DefenderConfig.rego @@ -1,18 +1,20 @@ package defender -import rego.v1 -import data.utils.report.NotCheckedDetails -import data.utils.report.ReportDetailsBoolean -import data.utils.report.ReportDetailsString -import data.utils.report.ReportDetailsArray -import data.utils.key.PASS -import data.utils.key.FilterArray + +import data.utils.defender.ApplyLicenseWarning +import data.utils.defender.ApplyLicenseWarningString +import data.utils.defender.DLPLicenseWarningString +import data.utils.defender.ImpersonationProtection +import data.utils.defender.ImpersonationProtectionConfig import data.utils.defender.SensitiveAccounts import data.utils.defender.SensitiveAccountsConfig import data.utils.defender.SensitiveAccountsSetting -import data.utils.defender.ImpersonationProtection -import data.utils.defender.ImpersonationProtectionConfig -import data.utils.defender.ApplyLicenseWarning - +import data.utils.key.FilterArray +import data.utils.key.PASS +import data.utils.report.NotCheckedDetails +import data.utils.report.ReportDetailsArray +import data.utils.report.ReportDetailsBoolean +import data.utils.report.ReportDetailsString +import rego.v1 ################# # MS.DEFENDER.1 # @@ -33,13 +35,13 @@ ReportDetails1_1(false, false) := "Standard and Strict preset policies are both # Parse through all items in Policies, if item identity is the one # we want & state is enabled, save item. Return number of items saved. -GetEnabledPolicies(Policies, Identity) := true if +GetEnabledPolicies(Policies, Identity) := true if { count([Policy | some Policy in Policies Policy.Identity == Identity Policy.State == "Enabled" ]) > 0 -else := false +} else := false # For this one you need to check both: # - Get-EOPProtectionPolicyRule @@ -98,14 +100,15 @@ tests contains { # Parse through all items in Policies, if item identity is the one # we want & Users (SentTo) + Groups (SentToMemberOf) + Domains (RecipientDomainIs) are null, # save item. Return number of items saved. -AllRecipient(Policies, Identity) := true if count([Policy | - some Policy in Policies - Policy.Identity == Identity - Policy.SentTo == null - Policy.SentToMemberOf == null - Policy.RecipientDomainIs == null - ]) > 0 -else := false +AllRecipient(Policies, Identity) := true if { + count([Policy | + some Policy in Policies + Policy.Identity == Identity + Policy.SentTo == null + Policy.SentToMemberOf == null + Policy.RecipientDomainIs == null + ]) > 0 +} else := false # If "Apply protection to" is set to "All recipients": # - The policy will be included in the list output by @@ -216,7 +219,6 @@ tests contains { } #-- - ################# # MS.DEFENDER.2 # ################# @@ -257,7 +259,7 @@ tests contains { "Criticality": "Should", "Commandlet": ["Get-AntiPhishPolicy"], "ActualValue": [StrictIP.Policy, StandardIP.Policy], - "ReportDetails": ReportDetailsString(Status, ErrorMessage), + "ReportDetails": ApplyLicenseWarningString(Status, ErrorMessage), "RequirementMet": Status } if { Policies := input.anti_phish_policies @@ -289,7 +291,7 @@ tests contains { "Criticality": "Should", "Commandlet": ["Get-AntiPhishPolicy"], "ActualValue": [StrictIP.Policy, StandardIP.Policy], - "ReportDetails": ReportDetailsString(Status, ErrorMessage), + "ReportDetails": ApplyLicenseWarningString(Status, ErrorMessage), "RequirementMet": Status } if { Policies := input.anti_phish_policies @@ -326,7 +328,7 @@ tests contains { "Criticality": "Should", "Commandlet": ["Get-AntiPhishPolicy"], "ActualValue": [StrictIP.Policy, StandardIP.Policy], - "ReportDetails": ReportDetailsString(Status, ErrorMessage), + "ReportDetails": ApplyLicenseWarningString(Status, ErrorMessage), "RequirementMet": Status } if { Policies := input.anti_phish_policies @@ -347,7 +349,6 @@ tests contains { } #-- - ################# # MS.DEFENDER.3 # ################# @@ -379,7 +380,6 @@ tests contains { } #-- - ################# # MS.DEFENDER.4 # ################# @@ -454,7 +454,8 @@ SensitiveRules contains { # Each policy that protects SSN, ITIN, & credit cards is saved in # PoliciesWithFullProtection. PoliciesWithFullProtection := [ - SensitiveRule | some SensitiveRule in SensitiveRules; +SensitiveRule | + some SensitiveRule in SensitiveRules count({Item | some Item in SensitiveContent} - SensitiveRule.ContentNames) == 0 ] @@ -480,7 +481,7 @@ tests contains { "Criticality": "Shall", "Commandlet": ["Get-DlpComplianceRule"], "ActualValue": Rules, - "ReportDetails": ReportDetailsString(Status, ErrorMessage), + "ReportDetails": DLPLicenseWarningString(Status, ErrorMessage), "RequirementMet": Status } if { error_rule := "No matching rules found for:" @@ -498,14 +499,15 @@ tests contains { # If policy also indicates all for the M365 Product & is in the workload, return # policy info, else an empty set. ProductEnableSensitiveProtection(Name, Location) := { - { - "Name": Policy.Name, - "Locations": Policy[Location], - "Workload": Policy.Workload - } | some Policy in input.dlp_compliance_policies; - some PolicyWithProtection in PoliciesWithFullProtection; - Policy.Name in PolicyWithProtection; - "All" in Policy[Location]; +{ + "Name": Policy.Name, + "Locations": Policy[Location], + "Workload": Policy.Workload +} | + some Policy in input.dlp_compliance_policies + some PolicyWithProtection in PoliciesWithFullProtection + Policy.Name in PolicyWithProtection + "All" in Policy[Location] contains(Policy.Workload, Name) } @@ -514,35 +516,132 @@ Policies := { "SharePoint": ProductEnableSensitiveProtection("SharePoint", "SharePointLocation"), "OneDrive": ProductEnableSensitiveProtection("OneDriveForBusiness", "OneDriveLocation"), "Teams": ProductEnableSensitiveProtection("Teams", "TeamsLocation"), - "Devices": ProductEnableSensitiveProtection("EndpointDevices", "EndpointDlpLocation"), + "Devices": ProductEnableSensitiveProtection("EndpointDevices", "EndpointDlpLocation") } -# Build the error message if all sensitive content is not protected by -# any policies for the M365 product. -error_policies contains "Exchange" if count(Policies.Exchange) == 0 +# Create a set of locations missing from the set of policies +# protecting sensitive info types +MissingLocations contains "Exchange" if count(Policies.Exchange) == 0 -error_policies contains "SharePoint" if count(Policies.SharePoint) == 0 +MissingLocations contains "SharePoint" if count(Policies.SharePoint) == 0 -error_policies contains "OneDrive" if count(Policies.OneDrive) == 0 +MissingLocations contains "OneDrive" if count(Policies.OneDrive) == 0 -error_policies contains "Teams" if count(Policies.Teams) == 0 +MissingLocations contains "Teams" if count(Policies.Teams) == 0 -error_policies contains "Devices" if count(Policies.Devices) == 0 +MissingLocations contains "Devices" if count(Policies.Devices) == 0 -# Create the Report details message for policy -DefenderErrorMessage4_2 := ErrorMessage if { - count(PoliciesWithFullProtection) > 0 - error_policy := "No enabled policy found that applies to:" - ErrorMessage := concat(" ", [error_policy, concat(", ", error_policies)]) +# Empty license warning string when both Devices and Teams present +DLPLicenseWarning4_2(AbsentLocations) := LicenseWarning if { + not "Devices" in AbsentLocations + not "Teams" in AbsentLocations + LicenseWarning := "" } -DefenderErrorMessage4_2 := ErrorMessage if { - count(PoliciesWithFullProtection) == 0 - ErrorMessage := "No DLP policy matching all types found for evaluation." +DLPLicenseWarning4_2(AbsentLocations) := LicenseWarning if { + # Add license warning when only Teams is missing + not "Devices" in AbsentLocations + "Teams" in AbsentLocations + + LicenseWarning := "Teams location requires DLP for Teams included in E5/G5 licenses." } -# If error_policies contains any value, then some M365 product does not -# have a policy protectig all sensitive content & check should fail. +DLPLicenseWarning4_2(AbsentLocations) := LicenseWarning if { + # Add license warning when only Devices is missing + "Devices" in AbsentLocations + not "Teams" in AbsentLocations + + LicenseWarning := "Devices location requires DLP for Endpoint licensing and at least one registered device." +} + +DLPLicenseWarning4_2(AbsentLocations) := LicenseWarning if { + # Add both license warnings when Devices and Teams are missing + "Devices" in AbsentLocations + "Teams" in AbsentLocations + + LicenseWarning := concat( + " ", + [ + "Devices location requires DLP for Endpoint licensing and at least one registered device.", + "Teams location requires DLP for Teams included in E5/G5 licenses." + ] + ) +} + +# Return results file path when no custom config defined +ResultsFilePath := Path if { + not input.scuba_config.OutputPath + not input.scuba_config.OutRegoFileName + Path := "./TestResults.json" +} + +# Return results file path when only file name is defined +ResultsFilePath := Path if { + not input.scuba_config.OutputPath + Filename := input.scuba_config.OutRegoFileName + Path := concat("", ["./", Filename,".json"]) +} + +# Return results file path when only file path is defined +ResultsFilePath := Path if { + not input.scuba_config.OutRegoFileName + FilePath := input.scuba_config.OutputPath + Path := concat("", [FilePath, "/TestResults",".json"]) +} + +# Return results file path when custom config defined +ResultsFilePath := Path if { + input.scuba_config.OutputPath + input.scuba_config.OutputRegoFileName + Path := concat("", [ + input.scuba_config.OutPath, "/", + input.scuba_config.OutRegoFileName, + ".json" + ]) +} + +# DLP policy contains at least one required location +DefenderErrorMessage4_2(PresentLocations) := ErrorMessage if { + count(PresentLocations) != 0 + + LocationsAppliedMsg := "DLP custom policy applied to the following locations: " + LocationsMissingMsg := ". Custom policy protecting sensitive info types NOT applied to: " + LicenseNotice := DLPLicenseWarning4_2(MissingLocations) + + FullPolicyDetailsMsg := concat("", [ + " For full policy details, see the ActualValue field in the results file: ", + ResultsFilePath + ]) + ErrorMessage := concat("", [ + LocationsAppliedMsg, concat(", ", PresentLocations), + LocationsMissingMsg, concat(", ", MissingLocations), + ". ", + LicenseNotice, + FullPolicyDetailsMsg + ]) +} + +# Matching DLP policy does not contain any of the required locations +DefenderErrorMessage4_2(PresentLocations) := ErrorMessage if { + count(PresentLocations) == 0 + + LocationsMissingMsg := "Custom policy protecting sensitive info types NOT applied to: " + LicenseNotice := DLPLicenseWarning4_2(MissingLocations) + + FullPolicyDetailsMsg := concat("", [ + " For full policy details, see the ActualValue field in the results file: ", + ResultsFilePath + ]) + ErrorMessage := concat("", [ + LocationsMissingMsg, concat(", ", MissingLocations), + ". ", + LicenseNotice, + FullPolicyDetailsMsg + ]) +} + +# If MissingLocations contains any value, then some M365 product does not +# have a policy protectig sensitive content & check should fail. # Check should also fail if there are no policies that protect all sensitive # content. tests contains { @@ -550,14 +649,18 @@ tests contains { "Criticality": "Should", "Commandlet": ["Get-DLPCompliancePolicy"], "ActualValue": Policies, - "ReportDetails": ReportDetailsString(Status, DefenderErrorMessage4_2), + "ReportDetails": DLPLicenseWarningString(Status, ErrorMessage), "RequirementMet": Status } if { + PresentLocations := {"Devices", "Exchange", "OneDrive", "SharePoint", "Teams"} - MissingLocations + Conditions := [ - count(error_policies) == 0, - count(PoliciesWithFullProtection) > 0, + count(MissingLocations) == 0, + input.defender_dlp_license == true ] - Status := count(FilterArray(Conditions, true)) == 2 + + ErrorMessage := DefenderErrorMessage4_2(PresentLocations) + Status := count(FilterArray(Conditions, false)) == 0 } # @@ -599,13 +702,13 @@ tests contains { "Criticality": "Should", "Commandlet": ["Get-DlpComplianceRule"], "ActualValue": Rules, - "ReportDetails": ReportDetailsString(Status, DefenderErrorMessage4_3(Rules)), + "ReportDetails": DLPLicenseWarningString(Status, DefenderErrorMessage4_3(Rules)), "RequirementMet": Status } if { Rules := SensitiveRulesNotBlocking Conditions := [ count(Rules) == 0, - count(PoliciesWithFullProtection) > 0, + count(PoliciesWithFullProtection) > 0 ] Status := count(FilterArray(Conditions, true)) == 2 } @@ -644,13 +747,13 @@ tests contains { "Criticality": "Should", "Commandlet": ["Get-DlpComplianceRule"], "ActualValue": Rules, - "ReportDetails": ReportDetailsString(Status, DefenderErrorMessage4_4(Rules)), + "ReportDetails": DLPLicenseWarningString(Status, DefenderErrorMessage4_4(Rules)), "RequirementMet": Status } if { Rules := SensitiveRulesNotNotifying Conditions := [ count(Rules) == 0, - count(PoliciesWithFullProtection) > 0, + count(PoliciesWithFullProtection) > 0 ] Status := count(FilterArray(Conditions, true)) == 2 } @@ -686,7 +789,6 @@ tests contains { } #-- - ################# # MS.DEFENDER.5 # ################# @@ -742,7 +844,6 @@ tests contains { } #-- - ################# # MS.DEFENDER.6 # ################# @@ -754,7 +855,7 @@ tests contains { # Save the identity of audit logs that have logging enabled CorrectLogConfigs contains { "Identity": AuditLog.Identity, - "UnifiedAuditLogIngestionEnabled": AuditLog.UnifiedAuditLogIngestionEnabled, + "UnifiedAuditLogIngestionEnabled": AuditLog.UnifiedAuditLogIngestionEnabled } if { some AuditLog in input.admin_audit_log_config AuditLog.UnifiedAuditLogIngestionEnabled == true @@ -806,4 +907,4 @@ tests contains { "ReportDetails": NotCheckedDetails("MS.DEFENDER.6.3v1"), "RequirementMet": false } -#-- \ No newline at end of file +#-- diff --git a/PowerShell/ScubaGear/Rego/Utils/Defender.rego b/PowerShell/ScubaGear/Rego/Utils/Defender.rego index e8e076fe82..4f4e7ffd6c 100644 --- a/PowerShell/ScubaGear/Rego/Utils/Defender.rego +++ b/PowerShell/ScubaGear/Rego/Utils/Defender.rego @@ -1,9 +1,28 @@ package utils.defender -import rego.v1 -import data.utils.report.ReportDetailsBoolean -import data.utils.key.FAIL + import data.utils.key.ConvertToSet +import data.utils.key.FAIL import data.utils.key.FilterArray +import data.utils.report.ReportDetailsBoolean +import data.utils.report.ReportDetailsString +import rego.v1 + +############# +# Constants # +############# + +DEFLICENSEWARNSTR := concat(" ", [ + "**NOTE: Either you do not have sufficient permissions or", + "your tenant does not have a license for Microsoft Defender", + "for Office 365 Plan 1 or Plan 2, which is required for this feature.**" +]) + +DLPLICENSEWARNSTR := concat(" ", [ + "**NOTE: Either you do not have sufficient permissions or", + "your tenant does not have a license for Microsoft Purview", + "Data Loss Prevention, which is required for this feature.", + "This feature is included in E3/G3/E5/G5 licenses.**" +]) ########################################## # User/Group Exclusion support functions # @@ -46,8 +65,9 @@ SensitiveAccountsSetting(Policies) := { "Policy": Policy } if { Policy := [ - Policy | some Policy in Policies; - Policy.Identity == "Strict Preset Security Policy"; + Policy | + some Policy in Policies + Policy.Identity == "Strict Preset Security Policy" Policy.State == "Enabled" ][0] IncludedUsers := ConvertToSet(Policy.SentTo) @@ -98,7 +118,7 @@ SensitiveAccounts(SensitiveAccountsSetting, SensitiveAccountsConfig) := false if ### Case 4 ### # When settings and config are present, do they match? -SensitiveAccounts(SensitiveAccountsSetting, SensitiveAccountsConfig) := true if { +SensitiveAccounts(SensitiveAccountsSetting, SensitiveAccountsConfig) if { count(SensitiveAccountsSetting.Policy) > 0 # Policy filter includes one or more conditions or exclusions @@ -148,7 +168,8 @@ ImpersonationProtectionSetting(Policies, IdentityString, KeyValue) := Policy if ImpersonationProtectionConfig(PolicyID, AccountKey) := IncludedAccounts if { SensitiveAccounts := input.scuba_config.Defender[PolicyID] IncludedAccounts := { - lower(trim_space(x)) | some x in SensitiveAccounts[AccountKey]; + lower(trim_space(x)) | + some x in SensitiveAccounts[AccountKey] x != null } } else := set() @@ -194,11 +215,27 @@ ApplyLicenseWarning(Status) := ReportDetailsBoolean(Status) if { # If a defender license is not present, assume failure and # replace the message with the warning -ApplyLicenseWarning(_) := concat(" ", [FAIL, LicenseWarning]) if { +ApplyLicenseWarning(_) := concat(" ", [FAIL, DEFLICENSEWARNSTR]) if { input.defender_license == false - LicenseWarning := concat(" ", [ - "**NOTE: Either you do not have sufficient permissions or", - "your tenant does not have a license for Microsoft Defender", - "for Office 365 Plan 1, which is required for this feature.**" - ]) -} \ No newline at end of file +} + +################################################################################# +# Report Detail Functions for check that required Defender license # +################################################################################# +# If a defender license is present, don't apply the warning +# and leave the message unchanged +ApplyLicenseWarningString(Status, String) := ReportDetailsString(Status, String) if { + input.defender_license == true +} + +ApplyLicenseWarningString(_, _) := concat(" ", [FAIL, DEFLICENSEWARNSTR]) if { + input.defender_license == false +} + +DLPLicenseWarningString(Status, String) := ReportDetailsString(Status, String) if { + input.defender_dlp_license == true +} + +DLPLicenseWarningString(_, _) := concat(" ", [FAIL, DLPLICENSEWARNSTR]) if { + input.defender_dlp_license == false +} diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_01_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_01_test.rego index 8ffa70c5cb..71a501a354 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_01_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_01_test.rego @@ -1,10 +1,11 @@ package defender_test -import rego.v1 + import data.defender -import data.utils.key.TestResult +import data.utils.defender.DEFLICENSEWARNSTR import data.utils.key.FAIL import data.utils.key.PASS - +import data.utils.key.TestResult +import rego.v1 # # Policy MS.DEFENDER.1.1v1 @@ -88,12 +89,10 @@ test_Enabled_Incorrect_V1 if { test_Enabled_Incorrect_V2 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "State": "Disabled" - } - ], + "protection_policy_rules": [{ + "Identity": "Standard Preset Security Policy", + "State": "Disabled" + }], "atp_policy_rules": [], "defender_license": true } @@ -104,12 +103,10 @@ test_Enabled_Incorrect_V2 if { test_Enabled_Incorrect_V3 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "State": "Enabled" - } - ], + "protection_policy_rules": [{ + "Identity": "Standard Preset Security Policy", + "State": "Enabled" + }], "atp_policy_rules": [], "defender_license": true } @@ -137,6 +134,7 @@ test_Enabled_Incorrect_V4 if { ReportDetailString := "Standard and Strict preset policies are both disabled" TestResult("MS.DEFENDER.1.1v1", Output, ReportDetailString, false) == true } + #-- # @@ -144,14 +142,12 @@ test_Enabled_Incorrect_V4 if { #-- test_AllEOP_Correct_V1 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - } - ], + "protection_policy_rules": [{ + "Identity": "Standard Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null + }], "defender_license": true } @@ -160,14 +156,12 @@ test_AllEOP_Correct_V1 if { test_AllEOP_Correct_V2 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - } - ], + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null + }], "defender_license": true } @@ -185,9 +179,7 @@ test_AllEOP_Correct_V3 if { }, { "Identity": "Strict Preset Security Policy", - "SentTo": [ - "user@example.com" - ], + "SentTo": ["user@example.com"], "SentToMemberOf": null, "RecipientDomainIs": null } @@ -208,16 +200,12 @@ test_AllEOP_Incorrect_V1 if { test_AllEOP_Incorrect_V2 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "user@example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null - } - ], + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["user@example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null + }], "defender_license": true } @@ -229,9 +217,7 @@ test_AllEOP_Incorrect_V3 if { "protection_policy_rules": [ { "Identity": "Strict Preset Security Policy", - "SentTo": [ - "user@example.com" - ], + "SentTo": ["user@example.com"], "SentToMemberOf": null, "RecipientDomainIs": null }, @@ -239,9 +225,7 @@ test_AllEOP_Incorrect_V3 if { "Identity": "Standard Preset Security Policy", "SentTo": null, "SentToMemberOf": null, - "RecipientDomainIs": [ - "example.com" - ] + "RecipientDomainIs": ["example.com"] } ], "defender_license": true @@ -249,6 +233,7 @@ test_AllEOP_Incorrect_V3 if { TestResult("MS.DEFENDER.1.2v1", Output, FAIL, false) == true } + #-- # @@ -256,14 +241,12 @@ test_AllEOP_Incorrect_V3 if { #-- test_AllDefender_Correct_V1 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - } - ], + "atp_policy_rules": [{ + "Identity": "Standard Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null + }], "defender_license": true } @@ -272,14 +255,12 @@ test_AllDefender_Correct_V1 if { test_AllDefender_Correct_V2 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - } - ], + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null + }], "defender_license": true } @@ -297,9 +278,7 @@ test_AllDefender_Correct_V3 if { }, { "Identity": "Strict Preset Security Policy", - "SentTo": [ - "user@example.com" - ], + "SentTo": ["user@example.com"], "SentToMemberOf": null, "RecipientDomainIs": null } @@ -321,16 +300,12 @@ test_AllDefender_Incorrect_V1 if { test_AllDefender_Incorrect_V2 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "user@example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null - } - ], + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["user@example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null + }], "defender_license": true } @@ -342,9 +317,7 @@ test_AllDefender_Incorrect_V3 if { "atp_policy_rules": [ { "Identity": "Strict Preset Security Policy", - "SentTo": [ - "user@example.com" - ], + "SentTo": ["user@example.com"], "SentToMemberOf": null, "RecipientDomainIs": null }, @@ -352,9 +325,7 @@ test_AllDefender_Incorrect_V3 if { "Identity": "Standard Preset Security Policy", "SentTo": null, "SentToMemberOf": null, - "RecipientDomainIs": [ - "example.com" - ] + "RecipientDomainIs": ["example.com"] } ], "defender_license": true @@ -369,14 +340,11 @@ test_AllDefender_Incorrect_V4 if { "defender_license": false } - ReportDetailString := concat(" ", [ - "Requirement not met **NOTE: Either you do not have sufficient permissions or", - "your tenant does not have a license for Microsoft Defender for Office 365 Plan 1,", - "which is required for this feature.**" - ]) + ReportDetailString := concat(" ", [FAIL, DEFLICENSEWARNSTR]) TestResult("MS.DEFENDER.1.3v1", Output, ReportDetailString, false) == true } + #-- # @@ -384,34 +352,26 @@ test_AllDefender_Incorrect_V4 if { #-- test_SensitiveEOP_Correct_V1 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [], - "IncludedGroups": [], - "IncludedDomains": [], - "ExcludedUsers": [], - "ExcludedGroups": [], - "ExcludedDomains": [] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedUsers": [], + "IncludedGroups": [], + "IncludedDomains": [], + "ExcludedUsers": [], + "ExcludedGroups": [], + "ExcludedDomains": [] + }}}}, "defender_license": true } @@ -420,27 +380,19 @@ test_SensitiveEOP_Correct_V1 if { test_SensitiveEOP_Correct_V2 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": {} - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -449,31 +401,23 @@ test_SensitiveEOP_Correct_V2 if { test_SensitiveEOP_Correct_V3 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], "scuba_config": { "Defender": { "MS.DEFENDER.1.4v1": { "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ] + "IncludedUsers": ["johndoe@random.example.com"] } } } @@ -486,37 +430,25 @@ test_SensitiveEOP_Correct_V3 if { test_SensitiveEOP_Correct_V4 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {"IncludedUsers": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ]}}}}, "defender_license": true } @@ -525,24 +457,19 @@ test_SensitiveEOP_Correct_V4 if { test_SensitiveEOP_Correct_V5 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "johndoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["johndoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + } + ], "scuba_config": { "Defender": { "MS.DEFENDER.1.4v1": { @@ -562,24 +489,21 @@ test_SensitiveEOP_Correct_V5 if { test_SensitiveEOP_Correct_V6 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + } ], "scuba_config": { "Defender": { @@ -601,23 +525,18 @@ test_SensitiveEOP_Correct_V6 if { test_SensitiveEOP_Correct_V7 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + } ], "scuba_config": { "Defender": { @@ -638,24 +557,21 @@ test_SensitiveEOP_Correct_V7 if { test_SensitiveEOP_Correct_V8 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune", - "Dune12" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": [ + "Dune", + "Dune12" + ], + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + } ], "scuba_config": { "Defender": { @@ -677,23 +593,18 @@ test_SensitiveEOP_Correct_V8 if { test_SensitiveEOP_Correct_V9 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": ["Dune"], + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + } ], "scuba_config": { "Defender": { @@ -714,24 +625,21 @@ test_SensitiveEOP_Correct_V9 if { test_SensitiveEOP_Correct_V10 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune", - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": [ + "Dune", + "Dune12" + ], + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + } ], "scuba_config": { "Defender": { @@ -753,23 +661,18 @@ test_SensitiveEOP_Correct_V10 if { test_SensitiveEOP_Correct_V11 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.mail.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": ["random.mail.example.com"], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + } ], "scuba_config": { "Defender": { @@ -790,25 +693,21 @@ test_SensitiveEOP_Correct_V11 if { test_SensitiveEOP_Correct_V12 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.mail.example.com", - "random.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": [ + "random.mail.example.com", + "random.example.com" + ], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], "scuba_config": { "Defender": { "MS.DEFENDER.1.4v1": { @@ -829,23 +728,18 @@ test_SensitiveEOP_Correct_V12 if { test_SensitiveEOP_Correct_V13 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + } ], "scuba_config": { "Defender": { @@ -866,37 +760,25 @@ test_SensitiveEOP_Correct_V13 if { test_SensitiveEOP_Correct_V14 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com", - "random.example.com" - ], - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "ExcludedDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": [ + "random.mail.example.com", + "random.example.com" + ], + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {"ExcludedDomains": [ + "random.mail.example.com", + "random.example.com" + ]}}}}, "defender_license": true } @@ -905,42 +787,22 @@ test_SensitiveEOP_Correct_V14 if { test_SensitiveEOP_Correct_V15 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"] + }}}}, "defender_license": true } @@ -949,42 +811,22 @@ test_SensitiveEOP_Correct_V15 if { test_SensitiveEOP_Correct_V16 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"] + }}}}, "defender_license": true } @@ -993,42 +835,22 @@ test_SensitiveEOP_Correct_V16 if { test_SensitiveEOP_Correct_V17 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedDomains": [ - "random.example.com" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": ["random.example.com"], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedDomains": ["random.example.com"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } @@ -1037,47 +859,23 @@ test_SensitiveEOP_Correct_V17 if { test_SensitiveEOP_Correct_V18 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "IncludedGroups": [ - "Dune" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": null, + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "IncludedGroups": ["Dune"] + }}}}, "defender_license": true } @@ -1086,47 +884,23 @@ test_SensitiveEOP_Correct_V18 if { test_SensitiveEOP_Correct_V19 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "ExcludedGroups": [ - "Dune12" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "ExcludedGroups": ["Dune12"] + }}}}, "defender_license": true } @@ -1135,47 +909,23 @@ test_SensitiveEOP_Correct_V19 if { test_SensitiveEOP_Correct_V20 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.example.com" - ], - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "IncludedDomains": [ - "random.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": ["random.example.com"], + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "IncludedDomains": ["random.example.com"] + }}}}, "defender_license": true } @@ -1184,47 +934,23 @@ test_SensitiveEOP_Correct_V20 if { test_SensitiveEOP_Correct_V21 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } @@ -1233,47 +959,23 @@ test_SensitiveEOP_Correct_V21 if { test_SensitiveEOP_Correct_V22 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": [ - "random.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ], - "IncludedDomains": [ - "random.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": ["random.example.com"], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"], + "IncludedDomains": ["random.example.com"] + }}}}, "defender_license": true } @@ -1282,47 +984,23 @@ test_SensitiveEOP_Correct_V22 if { test_SensitiveEOP_Correct_V23 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } @@ -1331,62 +1009,26 @@ test_SensitiveEOP_Correct_V23 if { test_SensitiveEOP_Correct_V24 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": [ - "random.example.com" - ], - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ], - "IncludedDomains": [ - "random.example.com" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": ["random.example.com"], + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"], + "IncludedDomains": ["random.example.com"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } @@ -1395,27 +1037,19 @@ test_SensitiveEOP_Correct_V24 if { test_SensitiveEOP_Incorrect_V1 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Disabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": {} - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Disabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -1424,27 +1058,19 @@ test_SensitiveEOP_Incorrect_V1 if { test_SensitiveEOP_Incorrect_V2 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": {} - } - } - }, + "protection_policy_rules": [{ + "Identity": "Standard Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -1453,16 +1079,8 @@ test_SensitiveEOP_Incorrect_V2 if { test_SensitiveEOP_Incorrect_V3 if { Output := defender.tests with input as { - "protection_policy_rules": [ - {} - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": {} - } - } - }, + "protection_policy_rules": [{}], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -1471,31 +1089,19 @@ test_SensitiveEOP_Incorrect_V3 if { test_SensitiveEOP_Incorrect_V4 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "johndoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": {} - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["johndoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -1504,55 +1110,32 @@ test_SensitiveEOP_Incorrect_V4 if { test_SensitiveEOP_Incorrect_V5 if { Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ], - "IncludedDomains": [ - "random.example.com" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "protection_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"], + "IncludedDomains": ["random.example.com"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } TestResult("MS.DEFENDER.1.4v1", Output, FAIL, false) == true } + #-- # @@ -1560,34 +1143,26 @@ test_SensitiveEOP_Incorrect_V5 if { #-- test_SensitiveATP_Correct_V1 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [], - "IncludedGroups": [], - "IncludedDomains": [], - "ExcludedUsers": [], - "ExcludedGroups": [], - "ExcludedDomains": [] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedUsers": [], + "IncludedGroups": [], + "IncludedDomains": [], + "ExcludedUsers": [], + "ExcludedGroups": [], + "ExcludedDomains": [] + }}}}, "defender_license": true } @@ -1596,27 +1171,19 @@ test_SensitiveATP_Correct_V1 if { test_SensitiveATP_Correct_V2 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": {} - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -1625,31 +1192,23 @@ test_SensitiveATP_Correct_V2 if { test_SensitiveATP_Correct_V3 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], "scuba_config": { "Defender": { "MS.DEFENDER.1.5v1": { "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ] + "IncludedUsers": ["johndoe@random.example.com"] } } } @@ -1662,37 +1221,25 @@ test_SensitiveATP_Correct_V3 if { test_SensitiveATP_Correct_V4 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"IncludedUsers": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ]}}}}, "defender_license": true } @@ -1701,31 +1248,23 @@ test_SensitiveATP_Correct_V4 if { test_SensitiveATP_Correct_V5 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "johndoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["johndoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], "scuba_config": { "Defender": { "MS.DEFENDER.1.5v1": { "SensitiveAccounts": { - "ExcludedUsers": [ - "johndoe@random.example.com" - ] + "ExcludedUsers": ["johndoe@random.example.com"] } } } @@ -1738,37 +1277,25 @@ test_SensitiveATP_Correct_V5 if { test_SensitiveATP_Correct_V6 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "ExcludedUsers": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"ExcludedUsers": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ]}}}}, "defender_license": true } @@ -1777,35 +1304,19 @@ test_SensitiveATP_Correct_V6 if { test_SensitiveATP_Correct_V7 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"IncludedGroups": ["Dune"]}}}}, "defender_license": true } @@ -1814,37 +1325,25 @@ test_SensitiveATP_Correct_V7 if { test_SensitiveATP_Correct_V8 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune", - "Dune12" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune", - "Dune12" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": [ + "Dune", + "Dune12" + ], + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"IncludedGroups": [ + "Dune", + "Dune12" + ]}}}}, "defender_license": true } @@ -1853,35 +1352,19 @@ test_SensitiveATP_Correct_V8 if { test_SensitiveATP_Correct_V9 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "ExcludedGroups": [ - "Dune" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": ["Dune"], + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"ExcludedGroups": ["Dune"]}}}}, "defender_license": true } @@ -1890,37 +1373,25 @@ test_SensitiveATP_Correct_V9 if { test_SensitiveATP_Correct_V10 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune", - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "ExcludedGroups": [ - "Dune", - "Dune12" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": [ + "Dune", + "Dune12" + ], + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"ExcludedGroups": [ + "Dune", + "Dune12" + ]}}}}, "defender_license": true } @@ -1929,31 +1400,23 @@ test_SensitiveATP_Correct_V10 if { test_SensitiveATP_Correct_V11 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.mail.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": ["random.mail.example.com"], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], "scuba_config": { "Defender": { "MS.DEFENDER.1.5v1": { "SensitiveAccounts": { - "IncludedDomains": [ - "random.mail.example.com" - ] + "IncludedDomains": ["random.mail.example.com"] } } } @@ -1966,37 +1429,25 @@ test_SensitiveATP_Correct_V11 if { test_SensitiveATP_Correct_V12 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.mail.example.com", - "random.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": [ + "random.mail.example.com", + "random.example.com" + ], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"IncludedDomains": [ + "random.mail.example.com", + "random.example.com" + ]}}}}, "defender_license": true } @@ -2005,31 +1456,23 @@ test_SensitiveATP_Correct_V12 if { test_SensitiveATP_Correct_V13 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], "scuba_config": { "Defender": { "MS.DEFENDER.1.5v1": { "SensitiveAccounts": { - "ExcludedDomains": [ - "random.mail.example.com" - ] + "ExcludedDomains": ["random.mail.example.com"] } } } @@ -2042,37 +1485,25 @@ test_SensitiveATP_Correct_V13 if { test_SensitiveATP_Correct_V14 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com", - "random.example.com" - ], - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "ExcludedDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": [ + "random.mail.example.com", + "random.example.com" + ], + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"ExcludedDomains": [ + "random.mail.example.com", + "random.example.com" + ]}}}}, "defender_license": true } @@ -2081,86 +1512,46 @@ test_SensitiveATP_Correct_V14 if { test_SensitiveATP_Correct_V15 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"] + }}}}, "defender_license": true } TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } - -test_SensitiveATP_Correct_V16 if { - Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ] - } - } - } - }, + +test_SensitiveATP_Correct_V16 if { + Output := defender.tests with input as { + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"] + }}}}, "defender_license": true } @@ -2169,42 +1560,22 @@ test_SensitiveATP_Correct_V16 if { test_SensitiveATP_Correct_V17 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedDomains": [ - "random.example.com" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": ["random.example.com"], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedDomains": ["random.example.com"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } @@ -2213,47 +1584,23 @@ test_SensitiveATP_Correct_V17 if { test_SensitiveATP_Correct_V18 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "IncludedGroups": [ - "Dune" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": null, + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "IncludedGroups": ["Dune"] + }}}}, "defender_license": true } @@ -2262,47 +1609,23 @@ test_SensitiveATP_Correct_V18 if { test_SensitiveATP_Correct_V19 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "ExcludedGroups": [ - "Dune12" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "ExcludedGroups": ["Dune12"] + }}}}, "defender_license": true } @@ -2311,47 +1634,23 @@ test_SensitiveATP_Correct_V19 if { test_SensitiveATP_Correct_V20 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.example.com" - ], - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "IncludedDomains": [ - "random.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": ["random.example.com"], + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "IncludedDomains": ["random.example.com"] + }}}}, "defender_license": true } @@ -2360,47 +1659,23 @@ test_SensitiveATP_Correct_V20 if { test_SensitiveATP_Correct_V21 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } @@ -2409,47 +1684,23 @@ test_SensitiveATP_Correct_V21 if { test_SensitiveATP_Correct_V22 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": [ - "random.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ], - "IncludedDomains": [ - "random.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": ["random.example.com"], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"], + "IncludedDomains": ["random.example.com"] + }}}}, "defender_license": true } @@ -2458,47 +1709,23 @@ test_SensitiveATP_Correct_V22 if { test_SensitiveATP_Correct_V23 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } @@ -2507,62 +1734,26 @@ test_SensitiveATP_Correct_V23 if { test_SensitiveATP_Correct_V24 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": [ - "Dune" - ], - "RecipientDomainIs": [ - "random.example.com" - ], - "ExceptIfSentTo": [ - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": [ - "Dune12" - ], - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com" - ], - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ], - "IncludedDomains": [ - "random.example.com" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": ["Dune"], + "RecipientDomainIs": ["random.example.com"], + "ExceptIfSentTo": ["janedoe@random.example.com"], + "ExceptIfSentToMemberOf": ["Dune12"], + "ExceptIfRecipientDomainIs": ["random.mail.example.com"], + "Conditions": ["Rules.Tasks"], + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"], + "IncludedDomains": ["random.example.com"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } @@ -2571,27 +1762,19 @@ test_SensitiveATP_Correct_V24 if { test_SensitiveATP_Incorrect_V1 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Disabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": {} - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Disabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -2600,27 +1783,19 @@ test_SensitiveATP_Incorrect_V1 if { test_SensitiveATP_Incorrect_V2 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": {} - } - } - }, + "atp_policy_rules": [{ + "Identity": "Standard Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -2629,16 +1804,8 @@ test_SensitiveATP_Incorrect_V2 if { test_SensitiveATP_Incorrect_V3 if { Output := defender.tests with input as { - "atp_policy_rules": [ - {} - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": {} - } - } - }, + "atp_policy_rules": [{}], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -2647,31 +1814,19 @@ test_SensitiveATP_Incorrect_V3 if { test_SensitiveATP_Incorrect_V4 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "johndoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": [ - "Rules.Tasks" - ], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": {} - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": ["johndoe@random.example.com"], + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": ["Rules.Tasks"], + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, "defender_license": true } @@ -2680,53 +1835,30 @@ test_SensitiveATP_Incorrect_V4 if { test_SensitiveATP_Incorrect_V5 if { Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Rules.Tasks" - ], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": [ - "johndoe@random.example.com" - ], - "ExcludedUsers": [ - "janedoe@random.example.com" - ], - "IncludedGroups": [ - "Dune" - ], - "ExcludedGroups": [ - "Dune12" - ], - "IncludedDomains": [ - "random.example.com" - ], - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, + "atp_policy_rules": [{ + "Identity": "Strict Preset Security Policy", + "SentTo": ["johndoe@random.example.com"], + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": ["Rules.Tasks"], + "Exceptions": null, + "State": "Enabled" + }], + "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { + "IncludedUsers": ["johndoe@random.example.com"], + "ExcludedUsers": ["janedoe@random.example.com"], + "IncludedGroups": ["Dune"], + "ExcludedGroups": ["Dune12"], + "IncludedDomains": ["random.example.com"], + "ExcludedDomains": ["random.mail.example.com"] + }}}}, "defender_license": true } TestResult("MS.DEFENDER.1.5v1", Output, FAIL, false) == true } -#-- \ No newline at end of file + +#-- diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_02_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_02_test.rego index 2c7c8773ef..fbc8311a62 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_02_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_02_test.rego @@ -41,7 +41,8 @@ test_TargetedUsers_Correct_V1 if { ] } } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.1v1", Output, PASS, true) == true @@ -79,7 +80,8 @@ test_TargetedUsers_Correct_V2 if { ] } } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.1v1", Output, PASS, true) == true @@ -118,7 +120,8 @@ test_TargetedUsers_Correct_V3 if { ] } } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.1v1", Output, PASS, true) == true @@ -147,7 +150,8 @@ test_TargetedUsers_Incorrect_V1 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all sensitive users are included for targeted protection in Standard policy." @@ -177,7 +181,8 @@ test_TargetedUsers_Incorrect_V2 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all sensitive users are included for targeted protection in Strict policy." @@ -207,7 +212,8 @@ test_TargetedUsers_Incorrect_V3 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all sensitive users are included for targeted protection in Strict or Standard policy." @@ -247,7 +253,8 @@ test_TargetedUsers_Incorrect_V4 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all sensitive users are included for targeted protection in Standard policy." @@ -287,7 +294,8 @@ test_TargetedUsers_Incorrect_V5 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all sensitive users are included for targeted protection in Standard policy." @@ -326,12 +334,57 @@ test_TargetedUsers_Incorrect_V6 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all sensitive users are included for targeted protection in Strict policy." TestResult("MS.DEFENDER.2.1v1", Output, ReportDetailString, false) == true } + +test_TargetedUsers_Incorrect_V7 if { + Output := defender.tests with input as { + "anti_phish_policies": [ + { + "Identity": "Standard Preset Security Policy1659535429826", + "Enabled": true, + "EnableTargetedUserProtection": true, + "TargetedUsersToProtect": [ + "John Doe;jdoe@someemail.com", + "Jane Doe;jadoe@someemail.com" + ], + "TargetedUserProtectionAction": "Quarantine" + }, + { + "Identity": "Strict Preset Security Policy1659535429826", + "Enabled": true, + "EnableTargetedUserProtection": true, + "TargetedUsersToProtect": [ + "John Doe;jdoe@someemail.com" + ], + "TargetedUserProtectionAction": "Quarantine" + } + ], + "scuba_config": { + "Defender": { + "MS.DEFENDER.2.1v1": { + "SensitiveUsers": [ + "John Doe;jdoe@someemail.com", + "Jane Doe;jadoe@someemail.com" + ] + } + } + }, + "defender_license": false + } + + ReportDetailString := concat(" ", [ + "Requirement not met **NOTE: Either you do not have sufficient permissions or", + "your tenant does not have a license for Microsoft Defender", + "for Office 365 Plan 1 or Plan 2, which is required for this feature.**" + ]) + TestResult("MS.DEFENDER.2.1v1", Output, ReportDetailString, false) == true +} #-- # @@ -370,7 +423,8 @@ test_AgencyDomains_Correct_V1 if { ] } } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.2v1", Output, PASS, true) == true @@ -408,7 +462,8 @@ test_AgencyDomains_Correct_V2 if { ] } } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.2v1", Output, PASS, true) == true @@ -437,7 +492,8 @@ test_AgencyDomains_Incorrect_V1 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all agency domains are included for targeted protection in Standard policy." @@ -467,7 +523,8 @@ test_AgencyDomains_Incorrect_V2 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all agency domains are included for targeted protection in Strict policy." @@ -497,7 +554,8 @@ test_AgencyDomains_Incorrect_V3 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all agency domains are included for targeted protection in Strict or Standard policy." @@ -537,7 +595,8 @@ test_AgencyDomains_Incorrect_V4 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all agency domains are included for targeted protection in Standard policy." @@ -577,7 +636,8 @@ test_AgencyDomains_Incorrect_V5 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all agency domains are included for targeted protection in Standard policy." @@ -616,7 +676,8 @@ test_AgencyDomains_Incorrect_V6 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all agency domains are included for targeted protection in Strict policy." @@ -651,7 +712,8 @@ test_AgencyDomains_Incorrect_V7 if { "Defender": { "MS.DEFENDER.2.2v1": {} } - } + }, + "defender_license": true } ReportDetailString := "Not all agency domains are included for targeted protection in Strict or Standard policy." @@ -680,7 +742,8 @@ test_AgencyDomains_Incorrect_V8 if { "Defender": { "MS.DEFENDER.2.2v1": {} } - } + }, + "defender_license": true } ReportDetailString := concat(" ", [ @@ -689,6 +752,40 @@ test_AgencyDomains_Incorrect_V8 if { ]) TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true } + +test_AgencyDomains_Incorrect_V9 if { + Output := defender.tests with input as { + "anti_phish_policies": [ + { + "Identity": "Standard Preset Security Policy1659535429826", + "Enabled": true, + "EnableTargetedDomainsProtection": true, + "TargetedDomainsToProtect": null, + "TargetedDomainProtectionAction": "Quarantine" + }, + { + "Identity": "Strict Preset Security Policy1659535429826", + "Enabled": true, + "EnableTargetedDomainsProtection": true, + "TargetedDomainsToProtect": null, + "TargetedDomainProtectionAction": "Quarantine" + } + ], + "scuba_config": { + "Defender": { + "MS.DEFENDER.2.2v1": {} + } + }, + "defender_license": false + } + + ReportDetailString := concat(" ", [ + "Requirement not met **NOTE: Either you do not have sufficient permissions or", + "your tenant does not have a license for Microsoft Defender", + "for Office 365 Plan 1 or Plan 2, which is required for this feature.**" + ]) + TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true +} #-- # @@ -727,7 +824,8 @@ test_CustomDomains_Correct_V1 if { ] } } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.3v1", Output, PASS, true) == true @@ -765,7 +863,8 @@ test_CustomDomains_Correct_V2 if { ] } } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.3v1", Output, PASS, true) == true @@ -804,7 +903,8 @@ test_CustomDomains_Correct_V3 if { ] } } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.3v1", Output, PASS, true) == true @@ -832,7 +932,8 @@ test_CustomDomains_Correct_V4 if { "Defender": { "MS.DEFENDER.2.3v1": {} } - } + }, + "defender_license": true } TestResult("MS.DEFENDER.2.3v1", Output, PASS, true) == true @@ -861,7 +962,8 @@ test_CustomDomains_Incorrect_V1 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all partner domains are included for targeted protection in Standard policy." @@ -891,7 +993,8 @@ test_CustomDomains_Incorrect_V2 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all partner domains are included for targeted protection in Strict policy." @@ -921,7 +1024,8 @@ test_CustomDomains_Incorrect_V3 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all partner domains are included for targeted protection in Strict or Standard policy." @@ -961,7 +1065,8 @@ test_CustomDomains_Incorrect_V4 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all partner domains are included for targeted protection in Standard policy." @@ -1001,7 +1106,8 @@ test_CustomDomains_Incorrect_V5 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all partner domains are included for targeted protection in Standard policy." @@ -1040,7 +1146,8 @@ test_CustomDomains_Incorrect_V6 if { ] } } - } + }, + "defender_license": true } ReportDetailString := "Not all partner domains are included for targeted protection in Strict policy." @@ -1075,10 +1182,52 @@ test_CustomDomains_Incorrect_V7 if { "Defender": { "MS.DEFENDER.2.3v1": {} } - } + }, + "defender_license": true } ReportDetailString := "Not all partner domains are included for targeted protection in Strict or Standard policy." TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true } -#-- \ No newline at end of file + +test_CustomDomains_Incorrect_V8 if { + Output := defender.tests with input as { + "anti_phish_policies": [ + { + "Identity": "Standard Preset Security Policy1659535429826", + "Enabled": true, + "EnableTargetedDomainsProtection": true, + "TargetedDomainsToProtect": [ + "random.mail.example.com", + "random.example.com" + ], + "TargetedDomainProtectionAction": "Quarantine" + }, + { + "Identity": "Strict Preset Security Policy1659535429826", + "Enabled": true, + "EnableTargetedDomainsProtection": true, + "TargetedDomainsToProtect": [ + "random.mail.example.com", + "random.example.com" + ], + "TargetedDomainProtectionAction": "Quarantine" + } + ], + "scuba_config": { + "Defender": { + "MS.DEFENDER.2.3v1": {} + } + }, + "defender_license": false + } + + ReportDetailString := concat(" ", [ + "Requirement not met **NOTE: Either you do not have sufficient permissions or", + "your tenant does not have a license for Microsoft Defender", + "for Office 365 Plan 1 or Plan 2, which is required for this feature.**" + ]) + TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true + +} +#-- diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego index 7fdf43f592..a21052c1b4 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego @@ -1,50 +1,44 @@ package defender_test -import rego.v1 + import data.defender -import data.utils.report.NotCheckedDetails -import data.utils.key.TestResult +import data.utils.defender.DLPLICENSEWARNSTR +import data.utils.key.FAIL import data.utils.key.PASS - +import data.utils.key.TestResult +import data.utils.report.NotCheckedDetails +import rego.v1 # # Policy MS.DEFENDER.4.1v1 #-- test_ContentContainsSensitiveInformation_Correct_V1 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } TestResult("MS.DEFENDER.4.1v1", Output, PASS, true) == true @@ -52,48 +46,36 @@ test_ContentContainsSensitiveInformation_Correct_V1 if { test_AdvancedRule_Correct_V2 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": null, - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": true, - # regal ignore:line-length - "AdvancedRule": "{rn 'Version': '1.0',rn 'Condition': {rn 'Operator': 'And',rn 'SubConditions': [rn {rn 'ConditionName': 'ContentContainsSensitiveInformation',rn 'Value': [rn {rn 'Groups': [rn {rn 'Name': 'Default',rn 'Operator': 'Or',rn 'Sensitivetypes': [rn {rn 'Name': 'Credit Card Number',rn 'Id': '50842eb7-edc8-4019-85dd-5a5c1f2bb085',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'High',rn 'Minconfidence': 85,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Individual Taxpayer Identification Number (ITIN)',rn 'Id': 'e55e2a32-f92d-4985-a35d-a0b269eb687b',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Social Security Number (SSN)',rn 'Id': 'a44669fe-0d48-453d-a9b1-2cc83f2cba77',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn }rn ]rn }rn ],rn 'Operator': 'And'rn }rn ]rn }rn ]rn }rn}" - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": null, + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": true, + # regal ignore:line-length + "AdvancedRule": "{rn 'Version': '1.0',rn 'Condition': {rn 'Operator': 'And',rn 'SubConditions': [rn {rn 'ConditionName': 'ContentContainsSensitiveInformation',rn 'Value': [rn {rn 'Groups': [rn {rn 'Name': 'Default',rn 'Operator': 'Or',rn 'Sensitivetypes': [rn {rn 'Name': 'Credit Card Number',rn 'Id': '50842eb7-edc8-4019-85dd-5a5c1f2bb085',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'High',rn 'Minconfidence': 85,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Individual Taxpayer Identification Number (ITIN)',rn 'Id': 'e55e2a32-f92d-4985-a35d-a0b269eb687b',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Social Security Number (SSN)',rn 'Id': 'a44669fe-0d48-453d-a9b1-2cc83f2cba77',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn }rn ]rn }rn ],rn 'Operator': 'And'rn }rn ]rn }rn ]rn }rn}" + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } TestResult("MS.DEFENDER.4.1v1", Output, PASS, true) == true @@ -101,37 +83,31 @@ test_AdvancedRule_Correct_V2 if { test_ContentContainsSensitiveInformation_Incorrect_V1 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "No matching rules found for: U.S. Social Security Number (SSN)" @@ -140,37 +116,31 @@ test_ContentContainsSensitiveInformation_Incorrect_V1 if { test_ContentContainsSensitiveInformation_Incorrect_V2 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "No matching rules found for: U.S. Individual Taxpayer Identification Number (ITIN)" @@ -179,37 +149,31 @@ test_ContentContainsSensitiveInformation_Incorrect_V2 if { test_ContentContainsSensitiveInformation_Incorrect_V3 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "No matching rules found for: Credit Card Number" @@ -218,30 +182,28 @@ test_ContentContainsSensitiveInformation_Incorrect_V3 if { test_ContentContainsSensitiveInformation_Incorrect_V4 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := concat(" ", [ @@ -254,40 +216,32 @@ test_ContentContainsSensitiveInformation_Incorrect_V4 if { test_ContentContainsSensitiveInformation_Incorrect_V5 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": false - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": false + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := concat(" ", [ @@ -300,40 +254,32 @@ test_ContentContainsSensitiveInformation_Incorrect_V5 if { test_ContentContainsSensitiveInformation_Incorrect_V6 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "TestWithNotifications", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "TestWithNotifications", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := concat(" ", [ @@ -343,6 +289,17 @@ test_ContentContainsSensitiveInformation_Incorrect_V6 if { TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true } + +test_NoDLPLicense_Incorrect_V1 if { + Output := defender.tests with input as { + "defender_license": false, + "defender_dlp_license": false + } + + ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR]) + TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true +} + #-- # @@ -350,18 +307,101 @@ test_ContentContainsSensitiveInformation_Incorrect_V6 if { #-- test_Locations_Correct_V1 if { Output := defender.tests with input as { + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true + } + + TestResult("MS.DEFENDER.4.2v1", Output, PASS, true) == true +} + +test_Locations_Correct_V2 if { + Output := defender.tests with input as { + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": null, + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": true, + # regal ignore:line-length + "AdvancedRule": "{rn 'Version': '1.0',rn 'Condition': {rn 'Operator': 'And',rn 'SubConditions': [rn {rn 'ConditionName': 'ContentContainsSensitiveInformation',rn 'Value': [rn {rn 'Groups': [rn {rn 'Name': 'Default',rn 'Operator': 'Or',rn 'Sensitivetypes': [rn {rn 'Name': 'Credit Card Number',rn 'Id': '50842eb7-edc8-4019-85dd-5a5c1f2bb085',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'High',rn 'Minconfidence': 85,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Individual Taxpayer Identification Number (ITIN)',rn 'Id': 'e55e2a32-f92d-4985-a35d-a0b269eb687b',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Social Security Number (SSN)',rn 'Id': 'a44669fe-0d48-453d-a9b1-2cc83f2cba77',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn }rn ]rn }rn ],rn 'Operator': 'And'rn }rn ]rn }rn ]rn }rn}" + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true + } + + TestResult("MS.DEFENDER.4.2v1", Output, PASS, true) == true +} + +# regal ignore:rule-length +test_Locations_Correct_V3 if { + Output := defender.tests with input as { + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, "dlp_compliance_rules": [ { "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} ], "Name": "Baseline Rule", "Disabled": false, @@ -375,44 +415,16 @@ test_Locations_Correct_V1 if { ], "NotifyUserType": "NotSet", "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ + }, { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} ], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] - } - - TestResult("MS.DEFENDER.4.2v1", Output, PASS, true) == true -} - -test_Locations_Correct_V2 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": null, - "Name": "Baseline Rule", + "Name": "Baseline Rule 2", "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", + "ParentPolicyName": "Some Office 365 DLP policy", "BlockAccess": true, "BlockAccessScope": "All", "NotifyUser": [ @@ -421,138 +433,35 @@ test_Locations_Correct_V2 if { "Owner" ], "NotifyUserType": "NotSet", - "IsAdvancedRule": true, - # regal ignore:line-length - "AdvancedRule": "{rn 'Version': '1.0',rn 'Condition': {rn 'Operator': 'And',rn 'SubConditions': [rn {rn 'ConditionName': 'ContentContainsSensitiveInformation',rn 'Value': [rn {rn 'Groups': [rn {rn 'Name': 'Default',rn 'Operator': 'Or',rn 'Sensitivetypes': [rn {rn 'Name': 'Credit Card Number',rn 'Id': '50842eb7-edc8-4019-85dd-5a5c1f2bb085',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'High',rn 'Minconfidence': 85,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Individual Taxpayer Identification Number (ITIN)',rn 'Id': 'e55e2a32-f92d-4985-a35d-a0b269eb687b',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Social Security Number (SSN)',rn 'Id': 'a44669fe-0d48-453d-a9b1-2cc83f2cba77',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn }rn ]rn }rn ],rn 'Operator': 'And'rn }rn ]rn }rn ]rn }rn}" + "IsAdvancedRule": false } ], "dlp_compliance_policies": [ { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] - } - - TestResult("MS.DEFENDER.4.2v1", Output, PASS, true) == true -} - -# regal ignore:rule-length -test_Locations_Correct_V3 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }, - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule 2", - "Disabled": false, - "ParentPolicyName": "Some Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", "Name": "Default Office 365 DLP policy", "Mode": "Enable", "Enabled": true }, { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", "Name": "Some Office 365 DLP policy", "Mode": "Enable", "Enabled": true } - ] + ], + "defender_license": true, + "defender_dlp_license": true } TestResult("MS.DEFENDER.4.2v1", Output, PASS, true) == true @@ -561,474 +470,417 @@ test_Locations_Correct_V3 if { # Policy exists, but Exchange location is null test_Locations_Incorrect_V1 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": [""], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } - ReportDetailString := "No enabled policy found that applies to: Exchange" + ReportDetailString := concat("", [ + "DLP custom policy applied to the following locations: Devices, OneDrive, SharePoint, Teams", + ". Custom policy protecting sensitive info types NOT applied to: Exchange", + ". For full policy details, see the ActualValue field in the results file: ./TestResults.json" + ]) + TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true } # Policy exists, but SharePoint is not included test_Locations_Incorrect_V2 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "Exchange, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": [""], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } - ReportDetailString := "No enabled policy found that applies to: SharePoint" + ReportDetailString := concat("", [ + "DLP custom policy applied to the following locations: Devices, Exchange, OneDrive, Teams", + ". Custom policy protecting sensitive info types NOT applied to: SharePoint", + ". For full policy details, see the ActualValue field in the results file: ./TestResults.json" + ]) + TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true } # Policy exists, but OneDrive location not included test_Locations_Incorrect_V3 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "" - ], - "Workload": "Exchange, SharePoint, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": [""], + "Workload": "Exchange, SharePoint, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } - ReportDetailString := "No enabled policy found that applies to: OneDrive" + ReportDetailString := concat("", [ + "DLP custom policy applied to the following locations: Devices, Exchange, SharePoint, Teams", + ". Custom policy protecting sensitive info types NOT applied to: OneDrive", + ". For full policy details, see the ActualValue field in the results file: ./TestResults.json" + ]) + TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true } -# Policy exists, but OneDrive location not included +# Policy exists, but Teams location not included test_Locations_Incorrect_V4 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": [""], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } - ReportDetailString := "No enabled policy found that applies to: Teams" + ReportDetailString := concat("", [ + "DLP custom policy applied to the following locations: Devices, Exchange, OneDrive, SharePoint", + ". Custom policy protecting sensitive info types NOT applied to: Teams", + ". Teams location requires DLP for Teams included in E5/G5 licenses", + ". For full policy details, see the ActualValue field in the results file: ./TestResults.json" + ]) + TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true } # Policy exists, but Devices location not included test_Locations_Incorrect_V5 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": [""], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } - ReportDetailString := "No enabled policy found that applies to: Devices" + ReportDetailString := concat("", [ + "DLP custom policy applied to the following locations: Exchange, OneDrive, SharePoint, Teams", + ". Custom policy protecting sensitive info types NOT applied to: Devices", + ". Devices location requires DLP for Endpoint licensing and at least one registered device", + ". For full policy details, see the ActualValue field in the results file: ./TestResults.json" + ]) + TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true } # Policy exists, but is not enabled test_Locations_Incorrect_V6 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": false - } - ] + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": false + }], + "defender_license": true, + "defender_dlp_license": true } - ReportDetailString := "No DLP policy matching all types found for evaluation." + ReportDetailString := concat("", [ + "Custom policy protecting sensitive info types NOT applied to: Devices, Exchange, OneDrive, SharePoint, Teams", + ". Devices location requires DLP for Endpoint licensing and at least one registered device", + ". Teams location requires DLP for Teams included in E5/G5 licenses", + ". For full policy details, see the ActualValue field in the results file: ./TestResults.json" + ]) TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true } # Policy exists and is enabled, but block rules are disabled test_Locations_Incorrect_V7 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": true, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": true, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } - ReportDetailString := "No DLP policy matching all types found for evaluation." + ReportDetailString := concat("", [ + "Custom policy protecting sensitive info types NOT applied to: Devices, Exchange, OneDrive, SharePoint, Teams", + ". Devices location requires DLP for Endpoint licensing and at least one registered device", + ". Teams location requires DLP for Teams included in E5/G5 licenses", + ". For full policy details, see the ActualValue field in the results file: ./TestResults.json" + ]) + TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true } # Policy exists but set to TestWithNotifications rather than Enable test_Locations_Incorrect_V8 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - }, - { - "name": "U.S. Social Security Number (SSN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "TeamsLocation": [ - "All" - ], - "EndpointDlpLocation": [ - "All" - ], - "OneDriveLocation": [ - "All" - ], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "TestWithNotifications", - "Enabled": true - } - ] + Output := defender.tests with input as { + "scuba_config": { + "OutPath": ".", + "OutRegoFileName": "TestResults" + }, + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"}, + {"name": "U.S. Social Security Number (SSN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "TestWithNotifications", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } - ReportDetailString := "No DLP policy matching all types found for evaluation." + ReportDetailString := concat("", [ + "Custom policy protecting sensitive info types NOT applied to: Devices, Exchange, OneDrive, SharePoint, Teams", + ". Devices location requires DLP for Endpoint licensing and at least one registered device", + ". Teams location requires DLP for Teams included in E5/G5 licenses", + ". For full policy details, see the ActualValue field in the results file: ./TestResults.json" + ]) + + TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true +} + +test_NoDLPLicense_Incorrect_V1 if { + Output := defender.tests with input as { + "defender_license": false, + "defender_dlp_license": false + } + + ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR]) TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true } + #-- # @@ -1038,40 +890,32 @@ test_Locations_Incorrect_V8 if { # All sensitive rules present and blocking test_BlockAccess_Correct_V1 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } TestResult("MS.DEFENDER.4.3v1", Output, PASS, true) == true @@ -1080,40 +924,32 @@ test_BlockAccess_Correct_V1 if { # Sensitive rules present, but not blocking test_BlockAccess_Incorrect_V1 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": false, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": false, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := concat(" ", [ @@ -1127,40 +963,32 @@ test_BlockAccess_Incorrect_V1 if { # Sensitive rules present and blocking, but only to people outside org test_BlockAccess_Incorrect_V2 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "PerUser", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "PerUser", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := concat(" ", [ @@ -1174,40 +1002,32 @@ test_BlockAccess_Incorrect_V2 if { # Sensitive rules present and blocking, but policy set to test test_BlockAccess_Incorrect_V3 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "TestWithNotifications", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "TestWithNotifications", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "No DLP policy matching all types found for evaluation." @@ -1217,37 +1037,31 @@ test_BlockAccess_Incorrect_V3 if { # All rules are blocking, but don't contain all sensitive types test_BlockAccess_Incorrect_V4 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "No DLP policy matching all types found for evaluation." @@ -1260,12 +1074,8 @@ test_BlockAccess_Incorrect_V5 if { "dlp_compliance_rules": [ { "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "Credit Card Number" - } + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "Credit Card Number"} ], "Name": "Baseline Rule", "Disabled": false, @@ -1281,11 +1091,8 @@ test_BlockAccess_Incorrect_V5 if { "IsAdvancedRule": false }, { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - } - ], + # regal ignore:line-length + "ContentContainsSensitiveInformation": [{"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}], "Name": "Baseline Rule2", "Disabled": false, "ParentPolicyName": "ITIN specific policy", @@ -1311,7 +1118,9 @@ test_BlockAccess_Incorrect_V5 if { "Mode": "Enable", "Enabled": true } - ] + ], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "No DLP policy matching all types found for evaluation." @@ -1320,45 +1129,48 @@ test_BlockAccess_Incorrect_V5 if { test_BlockAccess_Incorrect_V6 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": false - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": false + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "No DLP policy matching all types found for evaluation." TestResult("MS.DEFENDER.4.3v1", Output, ReportDetailString, false) == true } + +test_NoDLPLicense_Incorrect_V1 if { + Output := defender.tests with input as { + "defender_license": false, + "defender_dlp_license": false + } + + ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR]) + TestResult("MS.DEFENDER.4.3v1", Output, ReportDetailString, false) == true +} + #-- # @@ -1368,38 +1180,28 @@ test_BlockAccess_Incorrect_V6 if { # Sensitive policy present, and set to notify site admin test_NotifyUser_Correct_V1 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": ["SiteAdmin"], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } TestResult("MS.DEFENDER.4.4v1", Output, PASS, true) == true @@ -1408,40 +1210,32 @@ test_NotifyUser_Correct_V1 if { # Sensitive policy present, and set to notify multiple users test_NotifyUser_Correct_V2 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owners" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owners" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } TestResult("MS.DEFENDER.4.4v1", Output, PASS, true) == true @@ -1450,40 +1244,32 @@ test_NotifyUser_Correct_V2 if { # Sensitive policy not enabled test_NotifyUser_Incorrect_V1 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owners" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Disable", - "Enabled": false - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owners" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Disable", + "Enabled": false + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "No DLP policy matching all types found for evaluation." @@ -1493,41 +1279,44 @@ test_NotifyUser_Incorrect_V1 if { # Sensitive policy enabled, no users set to notify test_NotifyUser_Incorrect_V2 if { Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - { - "name": "U.S. Social Security Number (SSN)" - }, - { - "name": "U.S. Individual Taxpayer Identification Number (ITIN)" - }, - { - "name": "Credit Card Number" - } - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ] + "dlp_compliance_rules": [{ + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false + }], + "dlp_compliance_policies": [{ + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true + }], + "defender_license": true, + "defender_dlp_license": true } ReportDetailString := "1 rule(s) found that do(es) not notify at least one user: Baseline Rule" TestResult("MS.DEFENDER.4.4v1", Output, ReportDetailString, false) == true } + +test_NoDLPLicense_Incorrect_V1 if { + Output := defender.tests with input as { + "defender_license": false, + "defender_dlp_license": false + } + + ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR]) + TestResult("MS.DEFENDER.4.4v1", Output, ReportDetailString, false) == true +} + #-- # @@ -1536,11 +1325,12 @@ test_NotifyUser_Incorrect_V2 if { test_NotImplemented_Correct_V1 if { PolicyId := "MS.DEFENDER.4.5v1" - Output := defender.tests with input as { } + Output := defender.tests with input as {} ReportDetailString := NotCheckedDetails(PolicyId) TestResult(PolicyId, Output, ReportDetailString, false) == true } + #-- # @@ -1549,9 +1339,10 @@ test_NotImplemented_Correct_V1 if { test_NotImplemented_Correct_V2 if { PolicyId := "MS.DEFENDER.4.6v1" - Output := defender.tests with input as { } + Output := defender.tests with input as {} ReportDetailString := NotCheckedDetails(PolicyId) TestResult(PolicyId, Output, ReportDetailString, false) == true } -#-- \ No newline at end of file + +#-- diff --git a/Testing/Functional/Products/TestPlans/defender.g3.testplan.yaml b/Testing/Functional/Products/TestPlans/defender.g3.testplan.yaml index 6fd0c36025..fb0ef8de0c 100644 --- a/Testing/Functional/Products/TestPlans/defender.g3.testplan.yaml +++ b/Testing/Functional/Products/TestPlans/defender.g3.testplan.yaml @@ -55,21 +55,46 @@ TestPlan: - PolicyId: MS.DEFENDER.1.3v1 TestDriver: RunScuba Tests: - - TestDescription: MS.DEFENDER.1.3v1 Non-compliant - No defender license + - TestDescription: MS.DEFENDER.1.3v1 Non-compliant - No Defender for O365 license Preconditions: [] Postconditions: [] ExpectedResult: false - PolicyId: MS.DEFENDER.1.5v1 TestDriver: RunScuba Tests: - - TestDescription: MS.DEFENDER.1.5v1 Non-compliant - No defender license + - TestDescription: MS.DEFENDER.1.5v1 Non-compliant - No Defender for O365 license Preconditions: [] Postconditions: [] ExpectedResult: false + + - PolicyId: MS.DEFENDER.2.1v1 + TestDriver: RunScuba + Tests: + - TestDescription: MS.DEFENDER.2.1v1 Non-compliant - No Defender for O365 license + Preconditions: [] + Postconditions: [] + ExpectedResult: false + + - PolicyId: MS.DEFENDER.2.2v1 + TestDriver: RunScuba + Tests: + - TestDescription: MS.DEFENDER.2.2v1 Non-compliant - No Defender for O365 license + Preconditions: [] + Postconditions: [] + ExpectedResult: false + + - PolicyId: MS.DEFENDER.2.3v1 + TestDriver: RunScuba + Tests: + - TestDescription: MS.DEFENDER.2.3v1 Non-compliant - No Defender for O365 license + Preconditions: [] + Postconditions: [] + ExpectedResult: false + - PolicyId: MS.DEFENDER.3.1v1 TestDriver: RunScuba Tests: - - TestDescription: MS.DEFENDER.3.1v1 Non-compliant - No defender license + - TestDescription: MS.DEFENDER.3.1v1 Non-compliant - No Defender for O365 license Preconditions: [] Postconditions: [] ExpectedResult: false