search

maester365 / maester

The core repository for the Maester module with helper cmdlets that will be called from the Pester tests.
https://maester.dev
MIT License
299 stars 73 forks source link

No status indication of the M365 platform tests? #469

Open albert-widjaja opened 2 weeks ago

albert-widjaja commented 2 weeks ago

As the continuation from this thread: https://github.com/maester365/maester/issues/457

I wonder what I can do to ensure that these checks are executed successfully every day.

Some of the test has the indication when not executed. but not these tests: image

As you can see the above, there is no status or even error thrown after the execution.

These tests (without the duplicate:

  1. EIDSCA.AF02: Authentication Method - FIDO2 security key - Allow self-service set up.
  2. EIDSCA.AF03: Authentication Method - FIDO2 security key - Enforce attestation.
  3. EIDSCA.AF04: Authentication Method - FIDO2 security key - Enforce key restrictions.
  4. EIDSCA.AF05: Authentication Method - FIDO2 security key - Restricted.
  5. EIDSCA.AF06: Authentication Method - FIDO2 security key - Restrict specific keys.
  6. EIDSCA.AT02: Authentication Method - Temporary Access Pass - One-time.
  7. EIDSCA.CP01: Default Settings - Consent Policy Settings - Group owner consent for apps accessing data.
  8. MS.AAD.4.1: Security logs SHALL be sent to the agency's security operations center for monitoring.
  9. MS.EXO.1.1: Automatic forwarding to external domains SHALL be disabled.
  10. MS.EXO.12.1: IP allow lists SHOULD NOT be created.
  11. MS.EXO.12.2: Safe lists SHOULD NOT be enabled.
  12. MS.EXO.13.1: Mailbox auditing SHALL be enabled.
  13. MS.EXO.2.1: A list of approved IP addresses for sending mail SHALL be maintained.
  14. MS.EXO.2.2: An SPF policy SHALL be published for each domain, designating only these addresses as approved senders.
  15. MS.EXO.3.1: DKIM SHOULD be enabled for all domains.
  16. MS.EXO.4.1: A DMARC policy SHALL be published for every second-level domain.
  17. MS.EXO.4.2: The DMARC message rejection option SHALL be p=reject.
  18. MS.EXO.4.3: The DMARC point of contact for aggregate reports SHALL include reports@dmarc.cyber.dhs.gov.
  19. MS.EXO.5.1: SMTP AUTH SHALL be disabled.
  20. MS.EXO.6.1: Contact folders SHALL NOT be shared with all domains.
  21. MS.EXO.6.2: Calendar details SHALL NOT be shared with all domains.
  22. MS.EXO.7.1: External sender warnings SHALL be implemented.
  23. MS.EXO.8.1: A DLP solution SHALL be used.
  24. MT.1002: App management restrictions on applications and service principals is configured and enabled.
  25. MT.1021: Security Defaults are enabled.
Haakonak commented 2 weeks ago

What do your Test details say? For the MS.EXO tests, it is probably due to not having Exchange Online connected.

albert-widjaja commented 2 weeks ago

@Haakonak , Yes, it shows skipped, there is no status at the table, nor any icon. I assume it is expected this way.

As for the ExO testing, do I just follow this https://maester.dev/docs/installation/#installing-azure-and-exchange-online-modules and then manually click on the Run Maester Test button ? image