Skip to content

Commit 3c12359

Browse files
OfficialEscoOfficialEsco
committed
fix: improvements for Anti-phishing
1 parent 4e21d31 commit 3c12359

1 file changed

Lines changed: 34 additions & 23 deletions

File tree

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1

Lines changed: 34 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,21 @@ function Invoke-CIPPStandardAntiPhishPolicy {
5151
param($Tenant, $Settings)
5252
##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'AntiPhishPolicy'
5353

54-
$PolicyList = @('Default Anti-Phishing Policy', 'Office365 AntiPhish Default (Default)')
54+
$PolicyList = @('CIPP Default Anti-Phishing Policy','Default Anti-Phishing Policy')
5555
$ExistingPolicy = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishPolicy' | Where-Object -Property Name -In $PolicyList
56-
$PolicyName = $ExistingPolicy.Name
56+
if ($null -eq $ExistingPolicy.Name) {
57+
$PolicyName = $PolicyList[0]
58+
} else {
59+
$PolicyName = $ExistingPolicy.Name
60+
}
61+
$RuleList = @( 'CIPP Default Anti-Phishing Rule','CIPP Default Anti-Phishing Policy')
62+
$ExistingRule = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishRule' | Where-Object -Property Name -In $RuleList
63+
if ($null -eq $ExistingRule.Name) {
64+
$RuleName = $RuleList[0]
65+
} else {
66+
$RuleName = $ExistingRule.Name
67+
}
68+
5769
$CurrentState = $ExistingPolicy |
5870
Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, AuthenticationFailAction, SpoofQuarantineTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag, TargetedUserProtectionAction, TargetedUserQuarantineTag, TargetedDomainProtectionAction, TargetedDomainQuarantineTag, EnableOrganizationDomainsProtection
5971

@@ -82,17 +94,17 @@ function Invoke-CIPPStandardAntiPhishPolicy {
8294
$AcceptedDomains = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AcceptedDomain'
8395

8496
$RuleState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishRule' |
85-
Where-Object -Property Name -EQ "CIPP $PolicyName" |
97+
Where-Object -Property Name -EQ $RuleName |
8698
Select-Object Name, AntiPhishPolicy, Priority, RecipientDomainIs
8799

88-
$RuleStateIsCorrect = ($RuleState.Name -eq "CIPP $PolicyName") -and
100+
$RuleStateIsCorrect = ($RuleState.Name -eq $RuleName) -and
89101
($RuleState.AntiPhishPolicy -eq $PolicyName) -and
90102
($RuleState.Priority -eq 0) -and
91103
(!(Compare-Object -ReferenceObject $RuleState.RecipientDomainIs -DifferenceObject $AcceptedDomains.Name))
92104

93105
if ($Settings.remediate -eq $true) {
94106
if ($StateIsCorrect -eq $true) {
95-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy already correctly configured' -sev Info
107+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy already correctly configured' -sev Info
96108
} else {
97109
$cmdparams = @{
98110
Enabled = $true
@@ -121,47 +133,46 @@ function Invoke-CIPPStandardAntiPhishPolicy {
121133
try {
122134
$cmdparams.Add('Identity', $PolicyName)
123135
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
124-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Policy' -sev Info
136+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Anti-phishing policy $PolicyName." -sev Info
125137
} catch {
126-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
127-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing Policy. Error: $ErrorMessage" -sev Error
138+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing policy $PolicyName." -sev Error -LogData $_
128139
}
129140
} else {
130141
try {
131142
$cmdparams.Add('Name', $PolicyName)
132143
New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
133-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Policy' -sev Info
144+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Anti-phishing policy $PolicyName." -sev Info
134145
} catch {
135-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
136-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Policy. Error: $ErrorMessage" -sev Error
146+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing policy $PolicyName." -sev Error -LogData $_
137147
}
138148
}
139149
}
140150

141151
if ($RuleStateIsCorrect -eq $false) {
142152
$cmdparams = @{
143-
AntiPhishPolicy = $PolicyName
144153
Priority = 0
145154
RecipientDomainIs = $AcceptedDomains.Name
146155
}
147156

148-
if ($RuleState.Name -eq "CIPP $PolicyName") {
157+
if ($RuleState.AntiPhishPolicy -ne $PolicyName) {
158+
$cmdparams.Add('AntiPhishPolicy', $PolicyName)
159+
}
160+
161+
if ($RuleState.Name -eq $RuleName) {
149162
try {
150-
$cmdparams.Add('Identity', "CIPP $PolicyName")
163+
$cmdparams.Add('Identity', $RuleName)
151164
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true
152-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Rule' -sev Info
165+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Anti-phishing rule $RuleName." -sev Info
153166
} catch {
154-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
155-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing Rule. Error: $ErrorMessage" -sev Error
167+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing rule $RuleName." -sev Error -LogData $_
156168
}
157169
} else {
158170
try {
159-
$cmdparams.Add('Name', "CIPP $PolicyName")
171+
$cmdparams.Add('Name', $RuleName)
160172
New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true
161-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Rule' -sev Info
173+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Anti-phishing rule $RuleName." -sev Info
162174
} catch {
163-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
164-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Rule. Error: $ErrorMessage" -sev Error
175+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing rule $RuleName." -sev Error -LogData $_
165176
}
166177
}
167178
}
@@ -170,9 +181,9 @@ function Invoke-CIPPStandardAntiPhishPolicy {
170181
if ($Settings.alert -eq $true) {
171182

172183
if ($StateIsCorrect -eq $true) {
173-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is enabled' -sev Info
184+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy is enabled' -sev Info
174185
} else {
175-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is not enabled' -sev Alert
186+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy is not enabled' -sev Alert
176187
}
177188
}
178189

0 commit comments

Comments
 (0)