Merge pull request KelvinTegelaar#930 from kris6673/auto-docs-standards

Add standards documentation based on JSON
kris6673 · Jul 3, 2024 · b8568d0 · b8568d0
2 parents e9dcf68 + 4d6d080
commit b8568d0
Show file tree

Hide file tree

Showing 88 changed files with 2,820 additions and 33 deletions.
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1
@@ -2,7 +2,35 @@ function Invoke-CIPPStandardActivityBasedTimeout {
     <#
     .FUNCTIONALITY
     Internal
+    .APINAME
+    ActivityBasedTimeout
+    .CAT
+    Global Standards
+    .TAG
+    "mediumimpact"
+    "CIS"
+    "spo_idle_session_timeout"
+    .HELPTEXT
+    Enables and sets Idle session timeout for Microsoft 365 to 1 hour. This policy affects most M365 web apps
+    .ADDEDCOMPONENT
+    {"type":"Select","label":"Select value","name":"standards.ActivityBasedTimeout.timeout","values":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]}
+    .LABEL
+    Enable Activity based Timeout
+    .IMPACT
+    Medium Impact
+    .POWERSHELLEQUIVALENT
+    Portal or Graph API
+    .RECOMMENDEDBY
+    "CIS"
+    .DOCSDESCRIPTION
+    Enables and sets Idle session timeout for Microsoft 365 to 1 hour. This policy affects most M365 web apps
+    .UPDATECOMMENTBLOCK
+    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     #>
+
+
+
+
     param($Tenant, $Settings)
 
     # Input validation
@@ -64,3 +92,7 @@ function Invoke-CIPPStandardActivityBasedTimeout {
 
 }
 
+
+
+
+
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1
@@ -2,7 +2,33 @@ function Invoke-CIPPStandardAddDKIM {
     <#
     .FUNCTIONALITY
     Internal
+    .APINAME
+    AddDKIM
+    .CAT
+    Exchange Standards
+    .TAG
+    "lowimpact"
+    "CIS"
+    .HELPTEXT
+    Enables DKIM for all domains that currently support it
+    .ADDEDCOMPONENT
+    .LABEL
+    Enables DKIM for all domains that currently support it
+    .IMPACT
+    Low Impact
+    .POWERSHELLEQUIVALENT
+    New-DkimSigningConfig and Set-DkimSigningConfig
+    .RECOMMENDEDBY
+    "CIS"
+    .DOCSDESCRIPTION
+    Enables DKIM for all domains that currently support it
+    .UPDATECOMMENTBLOCK
+    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     #>
+
+
+
+
     param($Tenant, $Settings)
 
     $AllDomains = (New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/domains?$top=999' -tenantid $Tenant | Where-Object { $_.supportedServices -contains 'Email' -or $_.id -like '*mail.onmicrosoft.com' }).id
@@ -81,3 +107,7 @@ function Invoke-CIPPStandardAddDKIM {
         Add-CIPPBPAField -FieldName 'DKIM' -FieldValue $DKIMState -StoreAs bool -Tenant $tenant
     }
 }
+
+
+
+
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1
@@ -2,7 +2,33 @@ function Invoke-CIPPStandardAnonReportDisable {
     <#
     .FUNCTIONALITY
     Internal
+    .APINAME
+    AnonReportDisable
+    .CAT
+    Global Standards
+    .TAG
+    "lowimpact"
+    .HELPTEXT
+    Shows usernames instead of pseudo anonymised names in reports. This standard is required for reporting to work correctly.
+    .DOCSDESCRIPTION
+    Microsoft announced some APIs and reports no longer return names, to comply with compliance and legal requirements in specific countries. This proves an issue for a lot of MSPs because those reports are often helpful for engineers. This standard applies a setting that shows usernames in those API calls / reports.
+    .ADDEDCOMPONENT
+    .LABEL
+    Enable Usernames instead of pseudo anonymised names in reports
+    .IMPACT
+    Low Impact
+    .POWERSHELLEQUIVALENT
+    Update-MgBetaAdminReportSetting -BodyParameter @{displayConcealedNames = $true}
+    .RECOMMENDEDBY
+    .DOCSDESCRIPTION
+    Shows usernames instead of pseudo anonymised names in reports. This standard is required for reporting to work correctly.
+    .UPDATECOMMENTBLOCK
+    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     #>
+
+
+
+
     param($Tenant, $Settings)
     $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -tenantid $Tenant -AsApp $true
 
@@ -32,3 +58,7 @@ function Invoke-CIPPStandardAnonReportDisable {
         Add-CIPPBPAField -FieldName 'AnonReport' -FieldValue $CurrentInfo.displayConcealedNames -StoreAs bool -Tenant $tenant
     }
 }
+
+
+
+
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1
@@ -1,8 +1,53 @@
 function Invoke-CIPPStandardAntiPhishPolicy {
-    <#
-    .FUNCTIONALITY
-    Internal
-    #>
+    <#
+    .FUNCTIONALITY
+    Internal
+    .APINAME
+    AntiPhishPolicy
+    .CAT
+    Defender Standards
+    .TAG
+    "lowimpact"
+    "CIS"
+    "mdo_safeattachments"
+    "mdo_highconfidencespamaction"
+    "mdo_highconfidencephishaction"
+    "mdo_phisspamacation"
+    "mdo_spam_notifications_only_for_admins"
+    "mdo_antiphishingpolicies"
+    .HELPTEXT
+    This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mailtips.
+    .ADDEDCOMPONENT
+    {"type":"number","label":"Phishing email threshold. (Default 1)","name":"standards.AntiPhishPolicy.PhishThresholdLevel","default":1}
+    {"type":"boolean","label":"Show first contact safety tip","name":"standards.AntiPhishPolicy.EnableFirstContactSafetyTips","default":true}
+    {"type":"boolean","label":"Show user impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarUsersSafetyTips","default":true}
+    {"type":"boolean","label":"Show domain impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarDomainsSafetyTips","default":true}
+    {"type":"boolean","label":"Show user impersonation unusual characters safety tip","name":"standards.AntiPhishPolicy.EnableUnusualCharactersSafetyTips","default":true}
+    {"type":"Select","label":"If the message is detected as spoof by spoof intelligence","name":"standards.AntiPhishPolicy.AuthenticationFailAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move to Junk Folder","value":"MoveToJmf"}]}
+    {"type":"Select","label":"Quarantine policy for Spoof","name":"standards.AntiPhishPolicy.SpoofQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
+    {"type":"Select","label":"If a message is detected as user impersonation","name":"standards.AntiPhishPolicy.TargetedUserProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
+    {"type":"Select","label":"Quarantine policy for user impersonation","name":"standards.AntiPhishPolicy.TargetedUserQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
+    {"type":"Select","label":"If a message is detected as domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
+    {"type":"Select","label":"Quarantine policy for domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainQuarantineTag","values":[{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"},{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"}]}
+    {"type":"Select","label":"If Mailbox Intelligence detects an impersonated user","name":"standards.AntiPhishPolicy.MailboxIntelligenceProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
+    {"type":"Select","label":"Apply quarantine policy","name":"standards.AntiPhishPolicy.MailboxIntelligenceQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
+    .LABEL
+    Default Anti-Phishing Policy
+    .IMPACT
+    Low Impact
+    .POWERSHELLEQUIVALENT
+    Set-AntiphishPolicy or New-AntiphishPolicy
+    .RECOMMENDEDBY
+    "CIS"
+    .DOCSDESCRIPTION
+    This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mailtips.
+    .UPDATECOMMENTBLOCK
+    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    #>
+
+
+
+
 
     param($Tenant, $Settings)
     $PolicyName = 'Default Anti-Phishing Policy'
@@ -135,3 +180,7 @@ function Invoke-CIPPStandardAntiPhishPolicy {
     }
 
 }
+
+
+
+
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1
@@ -1,8 +1,35 @@
 function Invoke-CIPPStandardAtpPolicyForO365 {
-    <#
-    .FUNCTIONALITY
-    Internal
-    #>
+    <#
+    .FUNCTIONALITY
+    Internal
+    .APINAME
+    AtpPolicyForO365
+    .CAT
+    Defender Standards
+    .TAG
+    "lowimpact"
+    "CIS"
+    .HELPTEXT
+    This creates a Atp policy that enables Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams.
+    .ADDEDCOMPONENT
+    {"type":"boolean","label":"Allow people to click through Protected View even if Safe Documents identified the file as malicious","name":"standards.AtpPolicyForO365.AllowSafeDocsOpen","default":false}
+    .LABEL
+    Default Atp Policy For O365
+    .IMPACT
+    Low Impact
+    .POWERSHELLEQUIVALENT
+    Set-AtpPolicyForO365
+    .RECOMMENDEDBY
+    "CIS"
+    .DOCSDESCRIPTION
+    This creates a Atp policy that enables Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams.
+    .UPDATECOMMENTBLOCK
+    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    #>
+
+
+
+
 
     param($Tenant, $Settings)
     $CurrentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AtpPolicyForO365' |
@@ -46,3 +73,7 @@ function Invoke-CIPPStandardAtpPolicyForO365 {
     }
 
 }
+
+
+
+
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1
@@ -2,7 +2,34 @@ function Invoke-CIPPStandardAuditLog {
     <#
     .FUNCTIONALITY
     Internal
+    .APINAME
+    AuditLog
+    .CAT
+    Global Standards
+    .TAG
+    "lowimpact"
+    "CIS"
+    "mip_search_auditlog"
+    .HELPTEXT
+    Enables the Unified Audit Log for tracking and auditing activities. Also runs Enable-OrganizationCustomization if necessary.
+    .ADDEDCOMPONENT
+    .LABEL
+    Enable the Unified Audit Log
+    .IMPACT
+    Low Impact
+    .POWERSHELLEQUIVALENT
+    Enable-OrganizationCustomization
+    .RECOMMENDEDBY
+    "CIS"
+    .DOCSDESCRIPTION
+    Enables the Unified Audit Log for tracking and auditing activities. Also runs Enable-OrganizationCustomization if necessary.
+    .UPDATECOMMENTBLOCK
+    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     #>
+
+
+
+
     param($Tenant, $Settings)
     Write-Host ($Settings | ConvertTo-Json)
     $AuditLogEnabled = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AdminAuditLogConfig' -Select UnifiedAuditLogIngestionEnabled).UnifiedAuditLogIngestionEnabled
@@ -48,3 +75,7 @@ function Invoke-CIPPStandardAuditLog {
         Add-CIPPBPAField -FieldName 'AuditLog' -FieldValue $AuditLogEnabled -StoreAs bool -Tenant $tenant
     }
 }
+
+
+
+
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1
@@ -2,7 +2,33 @@ function Invoke-CIPPStandardAutoExpandArchive {
     <#
     .FUNCTIONALITY
     Internal
+    .APINAME
+    AutoExpandArchive
+    .CAT
+    Exchange Standards
+    .TAG
+    "lowimpact"
+    .HELPTEXT
+    Enables auto-expanding archives for the tenant
+    .DOCSDESCRIPTION
+    Enables auto-expanding archives for the tenant. Does not enable archives for users.
+    .ADDEDCOMPONENT
+    .LABEL
+    Enable Auto-expanding archives
+    .IMPACT
+    Low Impact
+    .POWERSHELLEQUIVALENT
+    Set-OrganizationConfig -AutoExpandingArchive
+    .RECOMMENDEDBY
+    .DOCSDESCRIPTION
+    Enables auto-expanding archives for the tenant
+    .UPDATECOMMENTBLOCK
+    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     #>
+
+
+
+
     param($Tenant, $Settings)
     $CurrentState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').AutoExpandingArchiveEnabled
 
@@ -36,3 +62,7 @@ function Invoke-CIPPStandardAutoExpandArchive {
         Add-CIPPBPAField -FieldName 'AutoExpandingArchive' -FieldValue $CurrentState -StoreAs bool -Tenant $tenant
     }
 }
+
+
+
+
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1
@@ -2,7 +2,34 @@ function Invoke-CIPPStandardBookings {
     <#
     .FUNCTIONALITY
     Internal
+    .APINAME
+    Bookings
+    .CAT
+    Exchange Standards
+    .TAG
+    "mediumimpact"
+    .HELPTEXT
+    Sets the state of Bookings on the tenant. Bookings is a scheduling tool that allows users to book appointments with others both internal and external.
+    .DOCSDESCRIPTION
+    Sets the state of Bookings on the tenant. Bookings is a scheduling tool that allows users to book appointments with others both internal and external.
+    .ADDEDCOMPONENT
+    {"type":"Select","label":"Select value","name":"standards.Bookings.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]}
+    .LABEL
+    Set Bookings state
+    .IMPACT
+    Medium Impact
+    .POWERSHELLEQUIVALENT
+    Set-OrganizationConfig -BookingsEnabled
+    .RECOMMENDEDBY
+    .DOCSDESCRIPTION
+    Sets the state of Bookings on the tenant. Bookings is a scheduling tool that allows users to book appointments with others both internal and external.
+    .UPDATECOMMENTBLOCK
+    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     #>
+
+
+
+
     param($Tenant, $Settings)
 
     $CurrentState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').BookingsEnabled
@@ -47,3 +74,7 @@ function Invoke-CIPPStandardBookings {
 
 
 }
+
+
+
+