Remove all instances of policy MS.SHAREPOINT4.2v1 due to Microsoft update to custom scripting settings (#1447)

* Update removedpolicies.md with Sharepoint.4.2v1

* removed 4.2v1

* removed 4.2v1

* Deleted sharepointconfig_04 file

* removed 4.2v1

* removed 4.2v1

* fix yaml linter issue in sharepoint.pnp.testplan.yml

* removed sharepoint 4.1 & 4.2 checks

---------

Co-authored-by: mitchelbaker-cisa <[email protected]>

Author: ahuynhMITRE

PowerShell/ScubaGear/Rego/SharepointConfig.rego

@@ -405,26 +405,3 @@ tests contains {
     )
 }
 #--
-
-###################
-# MS.SHAREPOINT.4 #
-###################
-
-#
-# MS.SHAREPOINT.4.2v1
-#--
-
-# Microsoft has planned to remove the custom scripting configuration option
-# from SharePoint and OneDrive. We are setting this policy to not-implemented
-# and will likely remove it from the baseline in the next version.
-tests contains {
-    "PolicyId": PolicyId,
-    "Criticality": "Shall/Not-Implemented",
-    "Commandlet": ["Get-SPOSite", "Get-PnPTenantSite"],
-    "ActualValue": [],
-    "ReportDetails": NotCheckedDeprecation,
-    "RequirementMet": false
-} if {
-    PolicyId := "MS.SHAREPOINT.4.2v1"
-}
-#--

PowerShell/ScubaGear/Testing/Unit/PowerShell/CreateReport/CreateReportStubs/TestResults.json

@@ -3091,18 +3091,6 @@
         "ReportDetails":  "Requirement met",
         "RequirementMet":  true
     },
-    {
-        "ActualValue":  [
-
-                        ],
-        "Commandlet":  [
-
-                       ],
-        "Criticality":  "Shall/Not-Implemented",
-        "PolicyId":  "MS.SHAREPOINT.4.1v1",
-        "ReportDetails":  "Not currently checked automatically. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/0.3.0/baselines/sharepoint.md#mssharepoint41v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check",
-        "RequirementMet":  false
-    },
     {
         "ActualValue":  [
 
@@ -3141,19 +3129,6 @@
         "ReportDetails":  "Requirement met",
         "RequirementMet":  true
     },
-    {
-        "ActualValue":  [
-                            2
-                        ],
-        "Commandlet":  [
-                           "Get-SPOSite",
-                           "Get-PnPTenantSite"
-                       ],
-        "Criticality":  "Shall",
-        "PolicyId":  "MS.SHAREPOINT.4.2v1",
-        "ReportDetails":  "Requirement met",
-        "RequirementMet":  true
-    },
     {
         "ActualValue":  [
                             2

PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_04_test.rego

@@ -66,3 +66,9 @@ Users SHALL be prevented from running custom scripts on personal sites (aka OneD
 - _Removal date:_ July 2024
 - _Removal rationale:_ The option to enable and disable custom scripting on personal sites (aka OneDrive) found in policy MS.SHAREPOINT.4.1v1 has been deprecated by Microsoft. All references including the policy and its implementation steps have been removed as the setting is no longer present.  Furthermore, it is no longer possible to allow custom scripts on personal sites.
 
+#### MS.SHAREPOINT.4.2v1
+Users SHALL be prevented from running custom scripts on self-service created sites.
+- _Removal date:_ November 2024
+- _Removal rationale:_ Microsoft has noted that after November 2024 it will no longer be possible to prevent SharePoint in resetting custom script settings to its original value (disabled) for all sites. All references including the policy, implementation steps, and section, by direction of CISA and Microsoft, have been removed as the setting will be automatically reverted back to **Blocked** within 24 hours.
+
+**`TLP:CLEAR`**

PowerShell/ScubaGear/baselines/removedpolicies.md

@@ -307,43 +307,4 @@ Reauthentication days for people who use a verification code SHALL be set to 30
 
 6. Select **Save**.
 
-## 4. Custom Scripts
-
-This section provides policies for restricting custom scripts execution.
-
-### Policies
-
-#### MS.SHAREPOINT.4.2v1
-Users SHALL be prevented from running custom scripts on self-service created sites.
-
-<!--Policy: MS.SHAREPOINT.4.2v1; Criticality: SHALL -->
-- _Rationale:_ Scripts on SharePoint sites run in the context of users visiting the site and therefore provide access to everything users can access. By preventing custom scripts on self-service created sites, administrators block a path for potentially malicious code execution.
-- _Last modified:_ June 2023
-- _MITRE ATT&CK TTP Mapping:_
-  - [T1059: Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059/)
-    - [T1059.009: Cloud API](https://attack.mitre.org/techniques/T1059/009/)
-
-### Resources
-
-- [Allow or prevent custom script \| Microsoft
-  Documents](https://docs.microsoft.com/en-us/sharepoint/allow-or-prevent-custom-script)
-
-### License Requirements
-
-- N/A
-
-### Implementation
-
-#### MS.SHAREPOINT.4.2v1 Instructions
-
-1.  Sign in to the **SharePoint admin center**.
-
-2.  Select **Settings**.
-
-3.  Scroll down and select **classic settings page**.
-
-4.  Scroll to the **Custom Script** section.
-
-5.  Select **Prevent users from running custom script on self-service created sites**.
-
-6.  Select **OK**.
+**`TLP:CLEAR`**

PowerShell/ScubaGear/baselines/sharepoint.md

@@ -408,12 +408,3 @@ TestPlan:
         Postconditions: []
         IsNotChecked: true
         ExpectedResult: false
-
-  - PolicyId: MS.SHAREPOINT.4.2v1
-    TestDriver: RunScuba
-    Tests:
-      - TestDescription: MS.SHAREPOINT.4.2v1 Non-compliant DenyAddAndCustomizePages Not-Implemented
-        Preconditions: []
-        Postconditions: []
-        IsNotChecked: true
-        ExpectedResult: false

Testing/Functional/Products/TestPlans/sharepoint.pnp.testplan.yaml

@@ -406,12 +406,3 @@ TestPlan:
         Postconditions: []
         IsNotChecked: true
         ExpectedResult: false
-
-  - PolicyId: MS.SHAREPOINT.4.2v1
-    TestDriver: RunScuba
-    Tests:
-      - TestDescription: MS.SHAREPOINT.4.2v1 Non-compliant DenyAddAndCustomizePages Not-Implemented
-        Preconditions: []
-        Postconditions: []
-        IsNotChecked: true
-        ExpectedResult: false