-
Notifications
You must be signed in to change notification settings - Fork 234
Expand file tree
/
Copy pathTest-MtIntunePlatform.Tests.ps1
More file actions
71 lines (62 loc) · 3.13 KB
/
Test-MtIntunePlatform.Tests.ps1
File metadata and controls
71 lines (62 loc) · 3.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
Describe "Maester/Intune" -Tag "Maester", "Intune" {
It "MT.1053: Ensure intune device clean-up rule is configured" -Tag "MT.1053" {
$result = Test-MtManagedDeviceCleanupSettings
if ($null -ne $result) {
$result | Should -Be $true -Because "automatic device clean-up rule is configured."
}
}
It "MT.1054: Ensure built-in Device Compliance Policy marks devices with no compliance policy assigned as 'Not compliant'" -Tag "MT.1054" {
$result = Test-MtDeviceComplianceSettings
if ($null -ne $result) {
$result | Should -Be $true -Because "built-in device compliance policy marks devices with no policy assigned as 'Not compliant'."
}
}
It "MT.1096: Ensure at least one Intune Multi Admin Approval policy is configured" -Tag "MT.1096" {
$result = Test-MtOperationApprovalPolicies
if ($null -ne $result) {
$result | Should -Be $true -Because "at least one Intune Multi Admin Approval policy is configured."
}
}
It "MT.1099: Windows Diagnostic Data Processing should be enabled" -Tag "MT.1099" {
$result = Test-MtWindowsDataProcessor
if ($null -ne $result) {
$result | Should -Be $true -Because "Windows Diagnostic Data Processing is enabled."
}
}
It "MT.1100: Intune Diagnostic Settings should include Audit Logs" -Tag "MT.1100" {
$result = Test-MtIntuneDiagnosticSettings
if ($null -ne $result) {
$result | Should -Be $true -Because "Intune Diagnostic Settings include Audit Logs."
}
}
It "MT.1101: Default Branding Profile should be customized" -Tag "MT.1101" {
$result = Test-MtTenantCustomization
if ($null -ne $result) {
$result | Should -Be $true -Because "Default Branding Profile is customized."
}
}
It "MT.1102: Windows Feature Update Policy Settings should not reference end of support builds" -Tag "MT.1102" {
$result = Test-MtFeatureUpdatePolicy
if ($null -ne $result) {
$result | Should -Be $true -Because "Windows Feature Update Policy Settings do not reference end of support builds."
}
}
It "MT.1103: Ensure Intune RBAC groups are protected by Restricted Management Administrative Units or Role Assignable groups" -Tag "MT.1103" {
$result = Test-MtIntuneRbacGroupsProtected
if ($null -ne $result) {
$result | Should -Be $true -Because "Intune RBAC groups are protected by Restricted Management Administrative Units or Role Assignable groups."
}
}
It "MT.1105: Ensure MDM Authority is set to Intune" -Tag "MT.1105" {
$result = Test-MtMdmAuthority
if ($null -ne $result) {
$result | Should -Be $true -Because "MDM Authority is set to Intune."
}
}
It "MT.1123: Ensure BitLocker full disk encryption is configured" -Tag "MT.1123" {
$result = Test-MtBitLockerFullDiskEncryption
if ($null -ne $result) {
$result | Should -Be $true -Because "at least one Intune Endpoint Security Disk encryption policy enforces BitLocker full disk encryption."
}
}
}