Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added SpamFilterPolicy standard #986

Merged
merged 1 commit into from
Jul 15, 2024
Merged

Added SpamFilterPolicy standard #986

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
171 changes: 171 additions & 0 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,171 @@
function Invoke-CIPPStandardSpamFilterPolicy {
<#
.FUNCTIONALITY
Internal
.COMPONENT
(APIName) SpamFilterPolicy
.SYNOPSIS
(Label) Default Spam Filter Policy
.DESCRIPTION
(Helptext) This standard creates a Spam filter policy similar to the default strict policy.
(DocsDescription) This standard creates a Spam filter policy similar to the default strict policy.
.NOTES
CAT
Defender Standards
TAG
"mediumimpact"
ADDEDCOMPONENT
{"type":"Select","label":"Spam Action","name":"standards.SpamFilterPolicy.SpamAction","values":[{"label":"Move message to Junk Email folder","value":"MoveToJmf"},{"label":"Quarantine the message","value":"Quarantine"}]}
{"type":"Select","label":"Spam Quarantine Tag","name":"standards.SpamFilterPolicy.SpamQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
{"type":"Select","label":"High Confidence Spam Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidenceSpamQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
{"type":"Select","label":"Bulk Quarantine Tag","name":"standards.SpamFilterPolicy.BulkQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
{"type":"Select","label":"Phish Quarantine Tag","name":"standards.SpamFilterPolicy.PhishQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
{"type":"Select","label":"High Confidence Phish Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidencePhishQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
IMPACT
Medium Impact
POWERSHELLEQUIVALENT
New-HostedContentFilterPolicy or Set-HostedContentFilterPolicy
RECOMMENDEDBY
UPDATECOMMENTBLOCK
Run the Tools\Update-StandardsComments.ps1 script to update this comment block
.LINK
https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
#>

param($Tenant, $Settings)
$PolicyName = 'CIPP Default Spam Filter Policy'

$CurrentState = New-ExoRequest -TenantId $Tenant -cmdlet 'Get-HostedContentFilterPolicy' |
Where-Object -Property Name -EQ $PolicyName |
Select-Object -Property *

$StateIsCorrect = ($CurrentState.Name -eq $PolicyName) -and
($CurrentState.HighConfidenceSpamAction -eq 'Quarantine') -and
($CurrentState.HighConfidenceSpamQuarantineTag -eq $Settings.HighConfidenceSpamQuarantineTag) -and
($CurrentState.SpamAction -eq $Settings.SpamAction) -and
($CurrentState.SpamQuarantineTag -eq $Settings.SpamQuarantineTag) -and
($CurrentState.PhishSpamAction -eq 'MoveToJmf') -and
($CurrentState.BulkSpamAction -eq 'MoveToJmf') -and
($CurrentState.BulkQuarantineTag -eq $Settings.BulkQuarantineTag) -and
($CurrentState.PhishQuarantineTag -eq $Settings.PhishQuarantineTag) -and
($CurrentState.HighConfidencePhishAction -eq 'Quarantine') -and
($CurrentState.HighConfidencePhishQuarantineTag -eq $Settings.HighConfidencePhishQuarantineTag) -and
($CurrentState.BulkThreshold -eq 7) -and
($CurrentState.QuarantineRetentionPeriod -eq 30) -and
($CurrentState.IncreaseScoreWithNumericIps -eq 'On') -and
($CurrentState.IncreaseScoreWithRedirectToOtherPort -eq 'On') -and
($CurrentState.MarkAsSpamEmptyMessages -eq 'On') -and
($CurrentState.MarkAsSpamJavaScriptInHtml -eq 'On') -and
($CurrentState.MarkAsSpamSpfRecordHardFail -eq 'On') -and
($CurrentState.MarkAsSpamFromAddressAuthFail -eq 'On') -and
($CurrentState.MarkAsSpamNdrBackscatter -eq 'On') -and
($CurrentState.MarkAsSpamBulkMail -eq 'On') -and
($CurrentState.InlineSafetyTipsEnabled -eq $true) -and
($CurrentState.PhishZapEnabled -eq $true) -and
($CurrentState.SpamZapEnabled -eq $true)

$AcceptedDomains = New-ExoRequest -TenantId $Tenant -cmdlet 'Get-AcceptedDomain'

$RuleState = New-ExoRequest -TenantId $Tenant -cmdlet 'Get-HostedContentFilterRule' |
Where-Object -Property Name -EQ $PolicyName |
Select-Object -Property *

$RuleStateIsCorrect = ($RuleState.Name -eq $PolicyName) -and
($RuleState.HostedContentFilterPolicy -eq $PolicyName) -and
($RuleState.Priority -eq 0) -and
(!(Compare-Object -ReferenceObject $RuleState.RecipientDomainIs -DifferenceObject $AcceptedDomains.Name))

if ($Settings.remediate -eq $true) {
if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Spam Filter Policy already correctly configured' -sev Info
} else {
$cmdparams = @{
HighConfidenceSpamAction = 'Quarantine'
HighConfidenceSpamQuarantineTag = $Settings.HighConfidenceSpamQuarantineTag
SpamAction = $Settings.SpamAction
SpamQuarantineTag = $Settings.SpamQuarantineTag
PhishSpamAction = 'MoveToJmf'
BulkSpamAction = 'MoveToJmf'
BulkQuarantineTag = $Settings.BulkQuarantineTag
PhishQuarantineTag = $Settings.PhishQuarantineTag
HighConfidencePhishAction = 'Quarantine'
HighConfidencePhishQuarantineTag = $Settings.HighConfidencePhishQuarantineTag
BulkThreshold = 7
QuarantineRetentionPeriod = 30
IncreaseScoreWithNumericIps = 'On'
IncreaseScoreWithRedirectToOtherPort= 'On'
MarkAsSpamEmptyMessages = 'On'
MarkAsSpamJavaScriptInHtml = 'On'
MarkAsSpamSpfRecordHardFail = 'On'
MarkAsSpamFromAddressAuthFail = 'On'
MarkAsSpamNdrBackscatter = 'On'
MarkAsSpamBulkMail = 'On'
InlineSafetyTipsEnabled = $true
PhishZapEnabled = $true
SpamZapEnabled = $true
}

if ($CurrentState.Name -eq $PolicyName) {
try {
$cmdparams.Add('Identity', $PolicyName)
New-ExoRequest -TenantId $Tenant -cmdlet 'Set-HostedContentFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Updated Spam Filter Policy' -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -Tenant $Tenant -message "Failed to update Spam Filter Policy. Error: $ErrorMessage" -sev Error
}
} else {
try {
$cmdparams.Add('Name', $PolicyName)
New-ExoRequest -TenantId $Tenant -cmdlet 'New-HostedContentFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Created Spam Filter Policy' -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -Tenant $Tenant -message "Failed to create Spam Filter Policy. Error: $ErrorMessage" -sev Error
}
}
}

if ($RuleStateIsCorrect -eq $false) {
$cmdparams = @{
HostedContentFilterPolicy = $PolicyName
Priority = 0
RecipientDomainIs = $AcceptedDomains.Name
}

if ($RuleState.Name -eq $PolicyName) {
try {
$cmdparams.Add('Identity', "$PolicyName")
New-ExoRequest -TenantId $Tenant -cmdlet 'Set-HostedContentFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Updated Spam Filter Rule' -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -Tenant $Tenant -message "Failed to update Spam Filter Rule. Error: $ErrorMessage" -sev Error
}
} else {
try {
$cmdparams.Add('Name', "$PolicyName")
New-ExoRequest -TenantId $Tenant -cmdlet 'New-HostedContentFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Created Spam Filter Rule' -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -Tenant $Tenant -message "Failed to create Spam Filter Rule. Error: $ErrorMessage" -sev Error
}
}
}
}

if ($Settings.alert -eq $true) {

if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Spam Filter Policy is enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Spam Filter Policy is not enabled' -sev Alert
}
}

if ($Settings.report -eq $true) {
Add-CIPPBPAField -FieldName 'SpamFilterPolicy' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
}

}