Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Defender filter policy tweaks #1165

Merged
merged 4 commits into from
Oct 30, 2024
Merged

fix: Defender filter policy tweaks #1165

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4e21d31
fix: rename Remove-CIPPAzDataTableEntity function
OfficialEsco Oct 30, 2024
3c12359
fix: improvements for Anti-phishing
OfficialEsco Oct 30, 2024
9351db8
fix: small tweak to Spam Filter Policy
OfficialEsco Oct 30, 2024
6eed3e7
fix: SafeLinks,SafeAttachment,Malware policy tweaks
OfficialEsco Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Modules/CIPPCore/Public/Get-CIPPTimerFunctions.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ function Get-CIPPTimerFunctions {
} else {
if ($Status) {
Write-Warning "Timer function: $($Orchestrator.Command) does not exist"
Remove-CIPPAzDataTableEntity @Table -Entity $Status
Remove-AzDataTableEntity @Table -Entity $Status
}
}
}
Expand Down
57 changes: 34 additions & 23 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this one we found at least once instance with a legacy naming convention for the default policy - being called Office365 AntiPhish Default (Default)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That must have been from the development branch because it got changed 3 days later
Original PR: b33a399
3 days later: 18ecf9b

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, that was BEFORE it got merged #691

Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,21 @@ function Invoke-CIPPStandardAntiPhishPolicy {
param($Tenant, $Settings)
##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'AntiPhishPolicy'

$PolicyList = @('Default Anti-Phishing Policy', 'Office365 AntiPhish Default (Default)')
$PolicyList = @('CIPP Default Anti-Phishing Policy','Default Anti-Phishing Policy')
$ExistingPolicy = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishPolicy' | Where-Object -Property Name -In $PolicyList
$PolicyName = $ExistingPolicy.Name
if ($null -eq $ExistingPolicy.Name) {
$PolicyName = $PolicyList[0]
} else {
$PolicyName = $ExistingPolicy.Name
}
$RuleList = @( 'CIPP Default Anti-Phishing Rule','CIPP Default Anti-Phishing Policy')
$ExistingRule = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishRule' | Where-Object -Property Name -In $RuleList
if ($null -eq $ExistingRule.Name) {
$RuleName = $RuleList[0]
} else {
$RuleName = $ExistingRule.Name
}

$CurrentState = $ExistingPolicy |
Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, AuthenticationFailAction, SpoofQuarantineTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag, TargetedUserProtectionAction, TargetedUserQuarantineTag, TargetedDomainProtectionAction, TargetedDomainQuarantineTag, EnableOrganizationDomainsProtection

Expand Down Expand Up @@ -82,17 +94,17 @@ function Invoke-CIPPStandardAntiPhishPolicy {
$AcceptedDomains = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AcceptedDomain'

$RuleState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishRule' |
Where-Object -Property Name -EQ "CIPP $PolicyName" |
Where-Object -Property Name -EQ $RuleName |
Select-Object Name, AntiPhishPolicy, Priority, RecipientDomainIs

$RuleStateIsCorrect = ($RuleState.Name -eq "CIPP $PolicyName") -and
$RuleStateIsCorrect = ($RuleState.Name -eq $RuleName) -and
($RuleState.AntiPhishPolicy -eq $PolicyName) -and
($RuleState.Priority -eq 0) -and
(!(Compare-Object -ReferenceObject $RuleState.RecipientDomainIs -DifferenceObject $AcceptedDomains.Name))

if ($Settings.remediate -eq $true) {
if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy already correctly configured' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy already correctly configured' -sev Info
} else {
$cmdparams = @{
Enabled = $true
Expand Down Expand Up @@ -121,47 +133,46 @@ function Invoke-CIPPStandardAntiPhishPolicy {
try {
$cmdparams.Add('Identity', $PolicyName)
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Policy' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Anti-phishing policy $PolicyName." -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing Policy. Error: $ErrorMessage" -sev Error
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing policy $PolicyName." -sev Error -LogData $_
}
} else {
try {
$cmdparams.Add('Name', $PolicyName)
New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Policy' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Anti-phishing policy $PolicyName." -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Policy. Error: $ErrorMessage" -sev Error
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing policy $PolicyName." -sev Error -LogData $_
}
}
}

if ($RuleStateIsCorrect -eq $false) {
$cmdparams = @{
AntiPhishPolicy = $PolicyName
Priority = 0
RecipientDomainIs = $AcceptedDomains.Name
}

if ($RuleState.Name -eq "CIPP $PolicyName") {
if ($RuleState.AntiPhishPolicy -ne $PolicyName) {
$cmdparams.Add('AntiPhishPolicy', $PolicyName)
}

if ($RuleState.Name -eq $RuleName) {
try {
$cmdparams.Add('Identity', "CIPP $PolicyName")
$cmdparams.Add('Identity', $RuleName)
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Rule' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Anti-phishing rule $RuleName." -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing Rule. Error: $ErrorMessage" -sev Error
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Anti-phishing rule $RuleName." -sev Error -LogData $_
}
} else {
try {
$cmdparams.Add('Name', "CIPP $PolicyName")
$cmdparams.Add('Name', $RuleName)
New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Rule' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Anti-phishing rule $RuleName." -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Rule. Error: $ErrorMessage" -sev Error
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing rule $RuleName." -sev Error -LogData $_
}
}
}
Expand All @@ -170,9 +181,9 @@ function Invoke-CIPPStandardAntiPhishPolicy {
if ($Settings.alert -eq $true) {

if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is enabled' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy is enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is not enabled' -sev Alert
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing policy is not enabled' -sev Alert
}
}

Expand Down
56 changes: 34 additions & 22 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,24 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
param($Tenant, $Settings)
##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'MalwareFilterPolicy'

$PolicyName = 'Default Malware Policy'
$PolicyList = @('CIPP Default Malware Policy','Default Malware Policy')
$ExistingPolicy = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterPolicy' | Where-Object -Property Name -In $PolicyList
if ($null -eq $ExistingPolicy.Name) {
$PolicyName = $PolicyList[0]
} else {
$PolicyName = $ExistingPolicy.Name
}
$RuleList = @( 'CIPP Default Malware Rule','CIPP Default Malware Policy')
$ExistingRule = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterRule' | Where-Object -Property Name -In $RuleList
if ($null -eq $ExistingRule.Name) {
$RuleName = $RuleList[0]
} else {
$RuleName = $ExistingRule.Name
}

$CurrentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterPolicy' |
Where-Object -Property Name -EQ $PolicyName |
Select-Object Name, EnableFileFilter, FileTypeAction, FileTypes, ZapEnabled, QuarantineTag, EnableInternalSenderAdminNotifications, InternalSenderAdminAddress, EnableExternalSenderAdminNotifications, ExternalSenderAdminAddress
Where-Object -Property Name -EQ $PolicyName |
Select-Object Name, EnableFileFilter, FileTypeAction, FileTypes, ZapEnabled, QuarantineTag, EnableInternalSenderAdminNotifications, InternalSenderAdminAddress, EnableExternalSenderAdminNotifications, ExternalSenderAdminAddress

$DefaultFileTypes = @('ace', 'ani', 'apk', 'app', 'appx', 'arj', 'bat', 'cab', 'cmd', 'com', 'deb', 'dex', 'dll', 'docm', 'elf', 'exe', 'hta', 'img', 'iso', 'jar', 'jnlp', 'kext', 'lha', 'lib', 'library', 'lnk', 'lzh', 'macho', 'msc', 'msi', 'msix', 'msp', 'mst', 'pif', 'ppa', 'ppam', 'reg', 'rev', 'scf', 'scr', 'sct', 'sys', 'uif', 'vb', 'vbe', 'vbs', 'vxd', 'wsc', 'wsf', 'wsh', 'xll', 'xz', 'z')

Expand All @@ -69,10 +82,10 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
$AcceptedDomains = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AcceptedDomain'

$RuleState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterRule' |
Where-Object -Property Name -EQ "CIPP $PolicyName" |
Select-Object Name, MalwareFilterPolicy, Priority, RecipientDomainIs
Where-Object -Property Name -EQ $RuleName |
Select-Object Name, MalwareFilterPolicy, Priority, RecipientDomainIs

$RuleStateIsCorrect = ($RuleState.Name -eq "CIPP $PolicyName") -and
$RuleStateIsCorrect = ($RuleState.Name -eq $RuleName) -and
($RuleState.MalwareFilterPolicy -eq $PolicyName) -and
($RuleState.Priority -eq 0) -and
(!(Compare-Object -ReferenceObject $RuleState.RecipientDomainIs -DifferenceObject $AcceptedDomains.Name))
Expand All @@ -98,47 +111,46 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
try {
$cmdparams.Add('Identity', $PolicyName)
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MalwareFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Malware Filter Policy' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Malware Filter policy $PolicyName." -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Malware Filter Policy. Error: $ErrorMessage" -sev Error
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Malware Filter policy $PolicyName." -sev Error -LogData $_
}
} else {
try {
$cmdparams.Add('Name', $PolicyName)
New-ExoRequest -tenantid $Tenant -cmdlet 'New-MalwareFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Malware Filter Policy' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Malware Filter policy $PolicyName." -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter Policy. Error: $ErrorMessage" -sev Error
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter policy $PolicyName." -sev Error -LogData $_
}
}
}

if ($RuleStateIsCorrect -eq $false) {
$cmdparams = @{
MalwareFilterPolicy = $PolicyName
Priority = 0
RecipientDomainIs = $AcceptedDomains.Name
}

if ($RuleState.Name -eq "CIPP $PolicyName") {
if ($RuleState.MalwareFilterPolicy -ne $PolicyName) {
$cmdparams.Add('MalwareFilterPolicy', $PolicyName)
}

if ($RuleState.Name -eq $RuleName) {
try {
$cmdparams.Add('Identity', "CIPP $PolicyName")
$cmdparams.Add('Identity', $RuleName)
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MalwareFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Malware Filter Rule' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Malware Filter rule $RuleName." -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Malware Filter Rule. Error: $ErrorMessage" -sev Error
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Malware Filter Rule $RuleName." -sev Error -LogData $_
}
} else {
try {
$cmdparams.Add('Name', "CIPP $PolicyName")
$cmdparams.Add('Name', $RuleName)
New-ExoRequest -tenantid $Tenant -cmdlet 'New-MalwareFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Malware Filter Rule' -sev Info
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Malware Filter rule $RuleName." -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter Rule. Error: $ErrorMessage" -sev Error
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter rule $RuleName." -sev Error -LogData $_
}
}
}
Expand Down
Loading