Skip to content

Commit cc9f3bd

Browse files
JohnDupreyJohnDuprey
authored
Merge pull request KelvinTegelaar#1165 from Ren-Roros-Digital/antiphishingpolicy
fix: Defender filter policy tweaks
2 parents 3ed84c2 + 6eed3e7 commit cc9f3bd

7 files changed

Lines changed: 154 additions & 108 deletions

Modules/CIPPCore/Public/Get-CIPPTimerFunctions.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ function Get-CIPPTimerFunctions {
124124
} else {
125125
if ($Status) {
126126
Write-Warning "Timer function: $($Orchestrator.Command) does not exist"
127-
Remove-CIPPAzDataTableEntity @Table -Entity $Status
127+
Remove-AzDataTableEntity @Table -Entity $Status
128128
}
129129
}
130130
}

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1

Lines changed: 34 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,21 @@ function Invoke-CIPPStandardAntiPhishPolicy {
5151
param($Tenant, $Settings)
5252
##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'AntiPhishPolicy'
5353

54-
$PolicyList = @('Default Anti-Phishing Policy', 'Office365 AntiPhish Default (Default)')
54+
$PolicyList = @('CIPP Default Anti-Phishing Policy','Default Anti-Phishing Policy')
5555
$ExistingPolicy = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishPolicy' | Where-Object -Property Name -In $PolicyList
56-
$PolicyName = $ExistingPolicy.Name
56+
if ($null -eq $ExistingPolicy.Name) {
57+
$PolicyName = $PolicyList[0]
58+
} else {
59+
$PolicyName = $ExistingPolicy.Name
60+
}
61+
$RuleList = @( 'CIPP Default Anti-Phishing Rule','CIPP Default Anti-Phishing Policy')
62+
$ExistingRule = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishRule' | Where-Object -Property Name -In $RuleList
63+
if ($null -eq $ExistingRule.Name) {
64+
$RuleName = $RuleList[0]
65+
} else {
66+
$RuleName = $ExistingRule.Name
67+
}
68+
5769
$CurrentState = $ExistingPolicy |
5870
Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, AuthenticationFailAction, SpoofQuarantineTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag, TargetedUserProtectionAction, TargetedUserQuarantineTag, TargetedDomainProtectionAction, TargetedDomainQuarantineTag, EnableOrganizationDomainsProtection
5971

@@ -82,17 +94,17 @@ function Invoke-CIPPStandardAntiPhishPolicy {
8294
$AcceptedDomains = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AcceptedDomain'
8395

8496
$RuleState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishRule' |
85-
Where-Object -Property Name -EQ "CIPP $PolicyName" |
97+
Where-Object -Property Name -EQ $RuleName |
8698
Select-Object Name, AntiPhishPolicy, Priority, RecipientDomainIs
8799

88-
$RuleStateIsCorrect = ($RuleState.Name -eq "CIPP $PolicyName") -and
100+
$RuleStateIsCorrect = ($RuleState.Name -eq $RuleName) -and
89101
($RuleState.AntiPhishPolicy -eq $PolicyName) -and
90102
($RuleState.Priority -eq 0) -and
91103
(!(Compare-Object -ReferenceObject $RuleState.RecipientDomainIs -DifferenceObject $AcceptedDomains.Name))
92104

93105
if ($Settings.remediate -eq $true) {
94106
if ($StateIsCorrect -eq $true) {
95-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy already correctly configured' -sev Info
107+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy already correctly configured' -sev Info
96108
} else {
97109
$cmdparams = @{
98110
Enabled = $true
@@ -121,47 +133,46 @@ function Invoke-CIPPStandardAntiPhishPolicy {
121133
try {
122134
$cmdparams.Add('Identity', $PolicyName)
123135
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
124-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Policy' -sev Info
136+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Anti-phishing policy $PolicyName." -sev Info
125137
} catch {
126-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
127-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing Policy. Error: $ErrorMessage" -sev Error
138+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing policy $PolicyName." -sev Error -LogData $_
128139
}
129140
} else {
130141
try {
131142
$cmdparams.Add('Name', $PolicyName)
132143
New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
133-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Policy' -sev Info
144+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Anti-phishing policy $PolicyName." -sev Info
134145
} catch {
135-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
136-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Policy. Error: $ErrorMessage" -sev Error
146+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing policy $PolicyName." -sev Error -LogData $_
137147
}
138148
}
139149
}
140150

141151
if ($RuleStateIsCorrect -eq $false) {
142152
$cmdparams = @{
143-
AntiPhishPolicy = $PolicyName
144153
Priority = 0
145154
RecipientDomainIs = $AcceptedDomains.Name
146155
}
147156

148-
if ($RuleState.Name -eq "CIPP $PolicyName") {
157+
if ($RuleState.AntiPhishPolicy -ne $PolicyName) {
158+
$cmdparams.Add('AntiPhishPolicy', $PolicyName)
159+
}
160+
161+
if ($RuleState.Name -eq $RuleName) {
149162
try {
150-
$cmdparams.Add('Identity', "CIPP $PolicyName")
163+
$cmdparams.Add('Identity', $RuleName)
151164
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true
152-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Rule' -sev Info
165+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Anti-phishing rule $RuleName." -sev Info
153166
} catch {
154-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
155-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing Rule. Error: $ErrorMessage" -sev Error
167+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing rule $RuleName." -sev Error -LogData $_
156168
}
157169
} else {
158170
try {
159-
$cmdparams.Add('Name', "CIPP $PolicyName")
171+
$cmdparams.Add('Name', $RuleName)
160172
New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true
161-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Rule' -sev Info
173+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Anti-phishing rule $RuleName." -sev Info
162174
} catch {
163-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
164-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Rule. Error: $ErrorMessage" -sev Error
175+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing rule $RuleName." -sev Error -LogData $_
165176
}
166177
}
167178
}
@@ -170,9 +181,9 @@ function Invoke-CIPPStandardAntiPhishPolicy {
170181
if ($Settings.alert -eq $true) {
171182

172183
if ($StateIsCorrect -eq $true) {
173-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is enabled' -sev Info
184+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy is enabled' -sev Info
174185
} else {
175-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is not enabled' -sev Alert
186+
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy is not enabled' -sev Alert
176187
}
177188
}
178189

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1

Lines changed: 34 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -41,11 +41,24 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
4141
param($Tenant, $Settings)
4242
##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'MalwareFilterPolicy'
4343

44-
$PolicyName = 'Default Malware Policy'
44+
$PolicyList = @('CIPP Default Malware Policy','Default Malware Policy')
45+
$ExistingPolicy = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterPolicy' | Where-Object -Property Name -In $PolicyList
46+
if ($null -eq $ExistingPolicy.Name) {
47+
$PolicyName = $PolicyList[0]
48+
} else {
49+
$PolicyName = $ExistingPolicy.Name
50+
}
51+
$RuleList = @( 'CIPP Default Malware Rule','CIPP Default Malware Policy')
52+
$ExistingRule = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterRule' | Where-Object -Property Name -In $RuleList
53+
if ($null -eq $ExistingRule.Name) {
54+
$RuleName = $RuleList[0]
55+
} else {
56+
$RuleName = $ExistingRule.Name
57+
}
4558

4659
$CurrentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterPolicy' |
47-
Where-Object -Property Name -EQ $PolicyName |
48-
Select-Object Name, EnableFileFilter, FileTypeAction, FileTypes, ZapEnabled, QuarantineTag, EnableInternalSenderAdminNotifications, InternalSenderAdminAddress, EnableExternalSenderAdminNotifications, ExternalSenderAdminAddress
60+
Where-Object -Property Name -EQ $PolicyName |
61+
Select-Object Name, EnableFileFilter, FileTypeAction, FileTypes, ZapEnabled, QuarantineTag, EnableInternalSenderAdminNotifications, InternalSenderAdminAddress, EnableExternalSenderAdminNotifications, ExternalSenderAdminAddress
4962

5063
$DefaultFileTypes = @('ace', 'ani', 'apk', 'app', 'appx', 'arj', 'bat', 'cab', 'cmd', 'com', 'deb', 'dex', 'dll', 'docm', 'elf', 'exe', 'hta', 'img', 'iso', 'jar', 'jnlp', 'kext', 'lha', 'lib', 'library', 'lnk', 'lzh', 'macho', 'msc', 'msi', 'msix', 'msp', 'mst', 'pif', 'ppa', 'ppam', 'reg', 'rev', 'scf', 'scr', 'sct', 'sys', 'uif', 'vb', 'vbe', 'vbs', 'vxd', 'wsc', 'wsf', 'wsh', 'xll', 'xz', 'z')
5164

@@ -69,10 +82,10 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
6982
$AcceptedDomains = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AcceptedDomain'
7083

7184
$RuleState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterRule' |
72-
Where-Object -Property Name -EQ "CIPP $PolicyName" |
73-
Select-Object Name, MalwareFilterPolicy, Priority, RecipientDomainIs
85+
Where-Object -Property Name -EQ $RuleName |
86+
Select-Object Name, MalwareFilterPolicy, Priority, RecipientDomainIs
7487

75-
$RuleStateIsCorrect = ($RuleState.Name -eq "CIPP $PolicyName") -and
88+
$RuleStateIsCorrect = ($RuleState.Name -eq $RuleName) -and
7689
($RuleState.MalwareFilterPolicy -eq $PolicyName) -and
7790
($RuleState.Priority -eq 0) -and
7891
(!(Compare-Object -ReferenceObject $RuleState.RecipientDomainIs -DifferenceObject $AcceptedDomains.Name))
@@ -98,47 +111,46 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
98111
try {
99112
$cmdparams.Add('Identity', $PolicyName)
100113
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MalwareFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
101-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Malware Filter Policy' -sev Info
114+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Malware Filter policy $PolicyName." -sev Info
102115
} catch {
103-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
104-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Malware Filter Policy. Error: $ErrorMessage" -sev Error
116+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Malware Filter policy $PolicyName." -sev Error -LogData $_
105117
}
106118
} else {
107119
try {
108120
$cmdparams.Add('Name', $PolicyName)
109121
New-ExoRequest -tenantid $Tenant -cmdlet 'New-MalwareFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
110-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Malware Filter Policy' -sev Info
122+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Malware Filter policy $PolicyName." -sev Info
111123
} catch {
112-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
113-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter Policy. Error: $ErrorMessage" -sev Error
124+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter policy $PolicyName." -sev Error -LogData $_
114125
}
115126
}
116127
}
117128

118129
if ($RuleStateIsCorrect -eq $false) {
119130
$cmdparams = @{
120-
MalwareFilterPolicy = $PolicyName
121131
Priority = 0
122132
RecipientDomainIs = $AcceptedDomains.Name
123133
}
124134

125-
if ($RuleState.Name -eq "CIPP $PolicyName") {
135+
if ($RuleState.MalwareFilterPolicy -ne $PolicyName) {
136+
$cmdparams.Add('MalwareFilterPolicy', $PolicyName)
137+
}
138+
139+
if ($RuleState.Name -eq $RuleName) {
126140
try {
127-
$cmdparams.Add('Identity', "CIPP $PolicyName")
141+
$cmdparams.Add('Identity', $RuleName)
128142
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MalwareFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true
129-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Malware Filter Rule' -sev Info
143+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Malware Filter rule $RuleName." -sev Info
130144
} catch {
131-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
132-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Malware Filter Rule. Error: $ErrorMessage" -sev Error
145+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Malware Filter Rule $RuleName." -sev Error -LogData $_
133146
}
134147
} else {
135148
try {
136-
$cmdparams.Add('Name', "CIPP $PolicyName")
149+
$cmdparams.Add('Name', $RuleName)
137150
New-ExoRequest -tenantid $Tenant -cmdlet 'New-MalwareFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true
138-
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Malware Filter Rule' -sev Info
151+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Malware Filter rule $RuleName." -sev Info
139152
} catch {
140-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
141-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter Rule. Error: $ErrorMessage" -sev Error
153+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter rule $RuleName." -sev Error -LogData $_
142154
}
143155
}
144156
}

0 commit comments

Comments
 (0)