diff --git a/Testing/Functional/Products/FunctionalTestUtils.ps1 b/Testing/Functional/Products/FunctionalTestUtils.ps1 index 0d12f1bcf..848bc0400 100644 --- a/Testing/Functional/Products/FunctionalTestUtils.ps1 +++ b/Testing/Functional/Products/FunctionalTestUtils.ps1 @@ -264,49 +264,49 @@ function UpdateConditionalAccessPolicyByName{ } } -function UpdateCachedConditionalAccessPolicyByName{ - <# - .SYNOPSIS - Wrapper function to locate a given conditional access policy by name for update within an provider setting export. - .PARAMETER DisplayName - The DisplayName of the Directory Setting to be updated. - .PARAMETER Updates - A hashtable of key/value pairs used as a splat for the Update-MgBetaDirectorySetting commandlet. - .PARAMETER OutputFolder - The folder containing the original and updated provider settings exports. - .NOTES - If more than one conditional access policy has the same DisplayName then only the first is updated. - #> +function UpdateCachedConditionalAccessPolicyByName { + <# +.SYNOPSIS + Wrapper function to locate a given conditional access policy by name for update within an provider setting export. +.PARAMETER DisplayName + The DisplayName of the Directory Setting to be updated. +.PARAMETER Updates + A hashtable of key/value pairs used as a splat for the Update-MgBetaDirectorySetting commandlet. +.PARAMETER OutputFolder + The folder containing the original and updated provider settings exports. +.NOTES + If more than one conditional access policy has the same DisplayName then only the first is updated. +#> [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] - $DisplayName, - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [hashtable] - $Updates, - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] - $OutputFolder + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] + $DisplayName, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [hashtable] + $Updates, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] + $OutputFolder ) $ProviderExport = LoadProviderExport($OutputFolder) $ConditionalAccessPolicies = $ProviderExport.conditional_access_policies - $Index = $ConditionalAccessPolicies.indexof($($ConditionalAccessPolicies.Where{$_.DisplayName -eq $DisplayName})) + $Index = $ConditionalAccessPolicies.indexof($($ConditionalAccessPolicies.Where{ $_.DisplayName -eq $DisplayName })) - if (-1 -ne $Index){ - $Updates.Keys | ForEach-Object{ + if (-1 -ne $Index) { + $Updates.Keys | ForEach-Object { try { - $Update = $Updates.Item($_) - $Policy = $ConditionalAccessPolicies[$Index] - Set-NestedMemberValue -InputObject $Policy -MemberPath $_ -Value $Update + $Update = $Updates.Item($_) + $Policy = $ConditionalAccessPolicies[$Index] + Set-NestedMemberValue -InputObject $Policy -MemberPath $_ -Value $Update } catch { - Write-Error "Exception: UpdateCachedConditionalAccessPolicyByName failed" + Write-Error "Exception: UpdateCachedConditionalAccessPolicyByName failed" } } @@ -334,3 +334,70 @@ function LoadTestResults() { $IntermediateTestResults = Get-Content "$OutputFolder/TestResults.json" -Raw | ConvertFrom-Json $IntermediateTestResults } + +function SetAndCheckTenantSetting { +<# + .SYNOPSIS + Function executes one script block until the second block registers it as successful or timeout occurs. + .PARAMETER SetBlock + Script block used to set the tenant setting value + .PARAMETER CheckBlock + A hashtable of key/value pairs used as a splat for the Update-MgBetaDirectorySetting commandlet. + .PARAMETER Retries + Number of times to retry the set block before failing (0 - 10) + .PARAMETER WaitInterval + Number of seconds to wait before each check, except the first which always checks immediately (0 - 3600) + .PARAMETER WaitOnFirstCheck + Delay first check by WaitInterval if true, otherwise check immediately (Default: True) + .NOTES + If the check block does not return true after the last retry, function will throw an error. +#> +[CmdletBinding()] +param ( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] + $SetBlock, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] + $CheckBlock, + [Parameter(Mandatory = $false)] + [ValidateRange(0,10)] + [int] + $Retries = 3, + [Parameter(Mandatory = $false)] + [ValidateRange(0,3600)] + [int] + $WaitInterval = 10, + [Parameter(Mandatory = $false)] + [switch] + $WaitOnFirstCheck = $False +) + $SetAttempts = 0 + + try { + $SetFunc = [ScriptBlock]::Create($SetBlock) + $CheckFunc = [ScriptBlock]::Create($CheckBlock) + do { + Write-Debug("Running set block: $($SetFunc.Ast.EndBlock)...") + Invoke-Command -ScriptBlock $SetFunc + + # Sleep if not first check or option to always wait is set + if($SetAttempts -ne 0 -or $WaitOnFirstCheck) { + Write-Debug("Sleeping for $WaitInterval seconds...") + Start-Sleep $WaitInterval + } + Write-Debug("Running check block: $($CheckFunc.Ast.EndBlock)...") + $CheckSucceeded = Invoke-Command -ScriptBlock $CheckFunc + Write-Verbose("(Attempt $SetAttempts) Check block result = $CheckSucceeded") + ++$SetAttempts + } while(-not $CheckSucceeded -and $SetAttempts -lt $Retries) + + if(-not $CheckSucceeded) { + throw "Unable to set value after $SetAttempts attempts." + } + } catch { + throw "Error executing script block: $_.StackTrace" + } +} \ No newline at end of file diff --git a/Testing/Functional/Products/TestPlans/powerplatform.testplan.yaml b/Testing/Functional/Products/TestPlans/powerplatform.testplan.yaml index e0b22a339..75cf86df2 100644 --- a/Testing/Functional/Products/TestPlans/powerplatform.testplan.yaml +++ b/Testing/Functional/Products/TestPlans/powerplatform.testplan.yaml @@ -90,12 +90,22 @@ TestPlan: Tests: - TestDescription: MS.POWERPLATFORM.3.1v1 Non-Compliant case - Power Platform tenant isolation is NOT enabled Preconditions: - - Command: '$guid = (Get-AdminPowerAppEnvironment -Default).EnvironmentName | Select-String -Pattern "[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$" -AllMatches | Select-Object -ExpandProperty Matches | Select-Object -ExpandProperty Value; $iso = Get-PowerAppTenantIsolationPolicy -TenantId $guid; $iso.psobject.properties.value.isDisabled = $true; Set-PowerAppTenantIsolationPolicy -TenantId $guid -TenantIsolationPolicy $iso' + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: '$guid = (Get-AdminPowerAppEnvironment -Default).EnvironmentName | Select-String -Pattern "[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$" -AllMatches | Select-Object -ExpandProperty Matches | Select-Object -ExpandProperty Value; $iso = Get-PowerAppTenantIsolationPolicy -TenantId $guid; $iso.psobject.properties.value.isDisabled = $true; Set-PowerAppTenantIsolationPolicy -TenantId $guid -TenantIsolationPolicy $iso' + CheckBlock: '$guid = (Get-AdminPowerAppEnvironment -Default).EnvironmentName | Select-String -Pattern "[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$" -AllMatches | Select-Object -ExpandProperty Matches | Select-Object -ExpandProperty Value; $iso = Get-PowerAppTenantIsolationPolicy -TenantId $guid; $iso.psobject.properties.value.isDisabled -eq $True' + Retries: 3 + WaitInterval: 10 Postconditions: [] ExpectedResult: false - TestDescription: MS.POWERPLATFORM.3.1v1 Compliant case - Power Platform tenant isolation is enabled. Preconditions: - - Command: '$guid = (Get-AdminPowerAppEnvironment -Default).EnvironmentName | Select-String -Pattern "[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$" -AllMatches | Select-Object -ExpandProperty Matches | Select-Object -ExpandProperty Value; $iso = Get-PowerAppTenantIsolationPolicy -TenantId $guid; $iso.psobject.properties.value.isDisabled = $false; Set-PowerAppTenantIsolationPolicy -TenantId $guid -TenantIsolationPolicy $iso' + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: '$guid = (Get-AdminPowerAppEnvironment -Default).EnvironmentName | Select-String -Pattern "[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$" -AllMatches | Select-Object -ExpandProperty Matches | Select-Object -ExpandProperty Value; $iso = Get-PowerAppTenantIsolationPolicy -TenantId $guid; $iso.psobject.properties.value.isDisabled = $false; Set-PowerAppTenantIsolationPolicy -TenantId $guid -TenantIsolationPolicy $iso' + CheckBlock: '$guid = (Get-AdminPowerAppEnvironment -Default).EnvironmentName | Select-String -Pattern "[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$" -AllMatches | Select-Object -ExpandProperty Matches | Select-Object -ExpandProperty Value; $iso = Get-PowerAppTenantIsolationPolicy -TenantId $guid; $iso.psobject.properties.value.isDisabled -eq $False' + Retries: 3 + WaitInterval: 10 Postconditions: [] ExpectedResult: true diff --git a/Testing/Functional/Products/TestPlans/sharepoint.pnp.testplan.yaml b/Testing/Functional/Products/TestPlans/sharepoint.pnp.testplan.yaml index be13a85c5..b17453d16 100644 --- a/Testing/Functional/Products/TestPlans/sharepoint.pnp.testplan.yaml +++ b/Testing/Functional/Products/TestPlans/sharepoint.pnp.testplan.yaml @@ -6,30 +6,42 @@ TestPlan: Tests: - TestDescription: MS.SHAREPOINT.1.1v1 Non-compliant - ExternalUserAndGuestSharing (3) Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: ExternalUserAndGuestSharing + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.1.1v1 Non-compliant - ExternalUserSharingOnly (1) Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: ExternalUserSharingOnly + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.1.1v1 Compliant - ExistingExternalUserSharingOnly (2) Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: ExistingExternalUserSharingOnly + SetBlock: "Set-PnPTenant -SharingCapability ExistingExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExistingExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 Postconditions: [] ExpectedResult: true - TestDescription: MS.SHAREPOINT.1.1v1 Compliant - Disabled (0) Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: Disabled + SetBlock: "Set-PnPTenant -SharingCapability Disabled" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'Disabled'" + Retries: 3 + WaitInterval: 10 Postconditions: [] ExpectedResult: true @@ -47,45 +59,70 @@ TestPlan: Tests: - TestDescription: MS.SHAREPOINT.1.3v1 Non-compliant - SharingCapability = ExternalUserSharingOnly (New and existing guests); SharingDomainRestrictionMode = BlockList Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserSharingOnly SharingDomainRestrictionMode: BlockList SharingBlockedDomainList: nefarious.com evil.is.us Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.1.3v1 Compliant - SharingCapability = ExternalUserSharingOnly (New and existing guests); SharingDomainRestrictionMode = AllowList Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserSharingOnly SharingDomainRestrictionMode: AllowList SharingAllowedDomainList: good.org admirable.us Postconditions: [] ExpectedResult: true - TestDescription: MS.SHAREPOINT.1.3v1 Compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); SharingDomainRestrictionMode = AllowList Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserAndGuestSharing SharingDomainRestrictionMode: AllowList SharingAllowedDomainList: good.org admirable.us Postconditions: [] ExpectedResult: true - TestDescription: MS.SHAREPOINT.1.3v1 Non-Applicable - SharingCapability = Disabled (Only people in organization); Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability Disabled" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'Disabled'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: Disabled SharingDomainRestrictionMode: None Postconditions: [] IsNotChecked: true ExpectedResult: false - TestDescription: MS.SHAREPOINT.1.3v1 Non-Applicable - SharingCapability = Disabled (Only people in organization); SharingDomainRestrictionMode = AllowList Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability Disabled" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'Disabled'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: Disabled SharingDomainRestrictionMode: AllowList SharingAllowedDomainList: good.org admirable.us Postconditions: [] @@ -120,9 +157,12 @@ TestPlan: ExpectedResult: false - TestDescription: MS.SHAREPOINT.2.1v1 Non-compliant - DefaultSharingLinkType = AnonymousAccess Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: ExternalUserAndGuestSharing + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: DefaultSharingLinkType: AnonymousAccess @@ -130,9 +170,12 @@ TestPlan: ExpectedResult: false - TestDescription: MS.SHAREPOINT.2.1v1 Compliant - DefaultSharingLinkType = Direct Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: Disabled + SetBlock: "Set-PnPTenant -SharingCapability Disabled" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'Disabled'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: DefaultSharingLinkType: Direct @@ -162,87 +205,137 @@ TestPlan: Tests: - TestDescription: MS.SHAREPOINT.3.1v1 Non-compliant - SharingCapability = ExternalUserAndGuestSharing; RequireAnonymousLinksExpireInDays > 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 31 - SharingCapability: ExternalUserAndGuestSharing Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.1v1 Compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); RequireAnonymousLinksExpireInDays < 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 7 - SharingCapability: ExternalUserAndGuestSharing Postconditions: [] ExpectedResult: true - TestDescription: MS.SHAREPOINT.3.1v1 Compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); RequireAnonymousLinksExpireInDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 30 - SharingCapability: ExternalUserAndGuestSharing Postconditions: [] ExpectedResult: true - TestDescription: MS.SHAREPOINT.3.1v1 Non-Compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); RequireAnonymousLinksExpireInDays = 0 (Anyone links in unchecked state) Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 0 - SharingCapability: ExternalUserAndGuestSharing Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.1v1 Non-Compliant - SharingCapability = ExternalUserSharingOnly (New and existing guests); RequireAnonymousLinksExpireInDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 30 - SharingCapability: ExternalUserSharingOnly Postconditions: [] IsNotChecked: true ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.1v1 Non-Compliant - SharingCapability = ExistingExternalUserSharingOnly (Existing guests); RequireAnonymousLinksExpireInDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExistingExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExistingExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 30 - SharingCapability: ExistingExternalUserSharingOnly Postconditions: [] IsNotChecked: true ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.1v1 Non-Compliant - SharingCapability = Disabled (Only people in your organization); RequireAnonymousLinksExpireInDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability Disabled" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'Disabled'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 30 - SharingCapability: Disabled Postconditions: [] IsNotChecked: true ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.1v1 Non-Applicable - SharingCapability = ExternalUserSharingOnly (New and existing guests); RequireAnonymousLinksExpireInDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 30 - SharingCapability: ExternalUserSharingOnly Postconditions: [] IsNotChecked: true ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.1v1 Non-Applicable - SharingCapability = ExistingExternalUserSharingOnly (Existing guests); RequireAnonymousLinksExpireInDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExistingExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExistingExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 30 - SharingCapability: ExistingExternalUserSharingOnly Postconditions: [] IsNotChecked: true ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.1v1 Non-Applicable - SharingCapability = Disabled (Only people in your organization); RequireAnonymousLinksExpireInDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability Disabled" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'Disabled'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: RequireAnonymousLinksExpireInDays: 30 - SharingCapability: Disabled Postconditions: [] IsNotChecked: true ExpectedResult: false @@ -252,61 +345,94 @@ TestPlan: Tests: - TestDescription: MS.SHAREPOINT.3.2v1 Compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); FileAnonymousLinkType = View; FolderAnonymousLinkType = View Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 + WaitOnFirstCheck: True - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserAndGuestSharing FileAnonymousLinkType: View FolderAnonymousLinkType: View Postconditions: [] ExpectedResult: true - TestDescription: MS.SHAREPOINT.3.2v1 Non-compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); FileAnonymousLinkType = Edit; FolderAnonymousLinkType = View Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 + WaitOnFirstCheck: True - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserAndGuestSharing FileAnonymousLinkType: Edit FolderAnonymousLinkType: View Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.2v1 Non-compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); FileAnonymousLinkType = View; FolderAnonymousLinkType = Edit Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 + WaitOnFirstCheck: True - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserAndGuestSharing FileAnonymousLinkType: View FolderAnonymousLinkType: Edit Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.2v1 Non-compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); FileAnonymousLinkType = Edit; FolderAnonymousLinkType = Edit Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 + WaitOnFirstCheck: True - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserAndGuestSharing FileAnonymousLinkType: Edit FolderAnonymousLinkType: Edit Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.2v1 Non-Applicable - SharingCapability = Disabled (Only people in your organization) Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: Disabled + SetBlock: "Set-PnPTenant -SharingCapability Disabled" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'Disabled'" + Retries: 3 + WaitInterval: 10 Postconditions: [] IsNotChecked: true ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.2v1 Non-Applicable - SharingCapability = ExistingExternalUserSharingOnly (Existing guests) Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: ExistingExternalUserSharingOnly + SetBlock: "Set-PnPTenant -SharingCapability ExistingExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExistingExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 Postconditions: [] IsNotChecked: true ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.2v1 Non-Applicable - SharingCapability = ExternalUserSharingOnly (New and existing guests) Preconditions: - - Command: Set-PnPTenant + - Command: SetAndCheckTenantSetting Splat: - SharingCapability: ExternalUserSharingOnly + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 Postconditions: [] IsNotChecked: true ExpectedResult: false @@ -316,9 +442,14 @@ TestPlan: Tests: - TestDescription: MS.SHAREPOINT.3.3v1 Non-Applicable - SharingCapability = ExistingExternalUserSharingOnly (Existing guests); EmailAttestationRequired = false; EmailAttestationReAuthDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExistingExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExistingExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExistingExternalUserSharingOnly EmailAttestationRequired: false EmailAttestationReAuthDays: 30 Postconditions: [] @@ -326,27 +457,42 @@ TestPlan: ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.3v1 Non-compliant - SharingCapability = ExternalUserSharingOnly (New and existing guests); EmailAttestationRequired = false; EmailAttestationReAuthDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserSharingOnly EmailAttestationRequired: false EmailAttestationReAuthDays: 30 Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.3v1 Non-compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); EmailAttestationRequired = false; EmailAttestationReAuthDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserAndGuestSharing EmailAttestationRequired: false EmailAttestationReAuthDays: 30 Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.3v1 Non-Applicable - SharingCapability = ExistingExternalUserSharingOnly (Existing guests); EmailAttestationRequired = true; EmailAttestationReAuthDays > 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExistingExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExistingExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExistingExternalUserSharingOnly EmailAttestationRequired: true EmailAttestationReAuthDays: 31 Postconditions: [] @@ -354,27 +500,42 @@ TestPlan: ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.3v1 Non-compliant - SharingCapability = ExternalUserSharingOnly (New and existing guests); EmailAttestationRequired = true; EmailAttestationReAuthDays > 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserSharingOnly EmailAttestationRequired: true EmailAttestationReAuthDays: 31 Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.3v1 Non-compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); EmailAttestationRequired = true; EmailAttestationReAuthDays > 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserAndGuestSharing EmailAttestationRequired: true EmailAttestationReAuthDays: 31 Postconditions: [] ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.3v1 Non-Applicable - SharingCapability = ExistingExternalUserSharingOnly (Existing guests); EmailAttestationRequired = true; EmailAttestationReAuthDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExistingExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExistingExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExistingExternalUserSharingOnly EmailAttestationRequired: true EmailAttestationReAuthDays: 30 Postconditions: [] @@ -382,27 +543,42 @@ TestPlan: ExpectedResult: false - TestDescription: MS.SHAREPOINT.3.3v1 Compliant - SharingCapability = ExternalUserSharingOnly (New and existing guests); EmailAttestationRequired = true; EmailAttestationReAuthDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserSharingOnly" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserSharingOnly'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserSharingOnly EmailAttestationRequired: true EmailAttestationReAuthDays: 30 Postconditions: [] ExpectedResult: true - TestDescription: MS.SHAREPOINT.3.3v1 Compliant - SharingCapability = ExternalUserAndGuestSharing (Anyone); EmailAttestationRequired = true; EmailAttestationReAuthDays = 30 Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'ExternalUserAndGuestSharing'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: ExternalUserAndGuestSharing EmailAttestationRequired: true EmailAttestationReAuthDays: 30 Postconditions: [] ExpectedResult: true - TestDescription: MS.SHAREPOINT.3.3v1 Non-Applicable - SharingCapability = Disabled (Only people in organization) Preconditions: + - Command: SetAndCheckTenantSetting + Splat: + SetBlock: "Set-PnPTenant -SharingCapability Disabled" + CheckBlock: "$(Get-PnPTenant).SharingCapability -eq 'Disabled'" + Retries: 3 + WaitInterval: 10 - Command: Set-PnPTenant Splat: - SharingCapability: Disabled EmailAttestationRequired: true EmailAttestationReAuthDays: 29 Postconditions: []