private/review/defender/collaboration/Invoke-ReviewDefenderEmailDomainDmarc.ps1
function Invoke-ReviewDefenderEmailDomainDmarc { <# .SYNOPSIS Review that all e-mail domains have a valid DMARC-record. .DESCRIPTION Returns review object. .NOTES Requires the following modules: - Microsoft.Graph.Identity.DirectoryManagement .EXAMPLE Invoke-ReviewDefenderEmailDomainDmarc; #> [cmdletbinding()] param ( ) BEGIN { # Write progress. Write-Progress -Activity $MyInvocation.MyCommand -Status 'Running' -CurrentOperation $MyInvocation.MyCommand.Name -PercentComplete -1 -SecondsRemaining -1; # Write to log. Write-CustomLog -Category 'Microsoft Defender' -Subcategory 'Policy' -Message 'Getting all domains' -Level Verbose; # Get all domains in Microsoft 365 tenant. $domains = Get-MgDomain -All; # Get initial domain. $initialDomain = Get-DnsOnmicrosoftDomain; # Object array to store domain DMARC settings. $dmarcSettings = New-Object System.Collections.ArrayList; } PROCESS { # Foreach domain. foreach ($domain in $domains) { # If this is the initial domain. if ($domain.Id -eq $initialDomain) { # Skip. continue; } # Boolean if DMARC is configured correct. $valid = $false; # CLear DMARC records. $dmarcRecords = $null; # If e-mail is a supported service. if ($domain.SupportedServices -contains 'Email') { # Get the DMARC records. $dmarcRecords = Get-DnsDmarcRecord -Domain $domain.Id; # If DMARC record is found. if ($dmarcRecords.Count -gt 0) { # Set boolean to true. $valid = $true; } # Add domain DMARC settings to object array. $dmarcSettings += [PSCustomObject]@{ Domain = $domain.Id; Valid = $valid; IsDefault = $domain.IsDefault; IsVerified = $domain.IsVerified; AuthenticationType = $domain.AuthenticationType; Record = $dmarcRecords.Record; }; } } } END { # Bool for review flag. [bool]$reviewFlag = $false; # If review flag should be set. if ($dmarcSettings | Where-Object { $_.Valid -eq $false }) { # Should be reviewed. $reviewFlag = $true; } # Create new review object to return. [Review]$review = [Review]::new(); # Add to object. $review.Id = '7f46d070-097f-4a6b-aad1-118b5b707f41'; $review.Category = 'Microsoft 365 Defender'; $review.Subcategory = 'Email and collaboration'; $review.Title = 'Ensure DMARC Records for all Exchange Online domains are published'; $review.Data = $dmarcSettings; $review.Review = $reviewFlag; # Print result. $review.PrintResult(); # Write progress. #Write-Progress -Activity $MyInvocation.MyCommand -Status 'Completed' -CurrentOperation $MyInvocation.MyCommand.Name -Completed; # Return object. return $review; } } |