private/review/defender/collaboration/Invoke-ReviewDefenderSafeAttachmentPolicyEnabledForApp.ps1

function Invoke-ReviewDefenderSafeAttachmentPolicyEnabledForApp
{
    <#
    .SYNOPSIS
        Review the Safe Attachment Policy is enabled for Microsoft Teams, SharePoint and OneDrive.
    .DESCRIPTION
        Returns review object.
    .NOTES
        Requires the following modules:
        - ExchangeOnlineManagement
    .EXAMPLE
        Invoke-ReviewDefenderSafeAttachmentPolicyEnabledForApp;
    #>


    [cmdletbinding()]
    param
    (
    )

    BEGIN
    {
        # Write progress.
        Write-Progress -Activity $MyInvocation.MyCommand -Status 'Running' -CurrentOperation $MyInvocation.MyCommand.Name -PercentComplete -1 -SecondsRemaining -1;

        # Write to log.
        Write-CustomLog -Category 'Microsoft Defender' -Subcategory 'Policy' -Message 'Getting safe attachment global settings' -Level Verbose;

        # Get safe attachment global settings.
        $atpPolicyForO365 = Get-AtpPolicyForO365;
    }
    PROCESS
    {
        # Boolean if configured correctly.
        $valid = $true;

        # If enabled for Microsoft Teams, SharePoint and OneDrive.
        if ($atpPolicyForO365.EnableATPForSPOTeamsODB -eq $false -or
            $atpPolicyForO365.EnableSafeDocs -eq $false -or
            $atpPolicyForO365.AllowSafeDocsOpen -eq $true)
        {
            # Set the boolean to false.
            $valid = $false;

            # Write to log.
            Write-CustomLog -Category 'Microsoft Defender' -Subcategory 'Policy' -Message 'Safe attachment global settings is not configured correctly' -Level Verbose;
        }
        else
        {
            # Write to log.
            Write-CustomLog -Category 'Microsoft Defender' -Subcategory 'Policy' -Message 'Safe attachment global settings is configured correctly' -Level Verbose;
        }

        # Create object.
        $settings = [PSCustomObject]@{
            Valid                   = $valid;
            EnableATPForSPOTeamsODB = $atpPolicyForO365.EnableATPForSPOTeamsODB;
            EnableSafeDocs          = $atpPolicyForO365.EnableSafeDocs;
            AllowSafeDocsOpen       = $atpPolicyForO365.AllowSafeDocsOpen;
        };
    }
    END
    {
        # Bool for review flag.
        [bool]$reviewFlag = $false;

        # If review flag should be set.
        if ($settings | Where-Object { $_.Valid -eq $false })
        {
            # Should be reviewed.
            $reviewFlag = $true;
        }

        # Create new review object to return.
        [Review]$review = [Review]::new();

        # Add to object.
        $review.Id = 'a4fb003f-b742-4a97-8a9a-c4e5a82171a4';
        $review.Category = 'Microsoft 365 Defender';
        $review.Subcategory = 'Email and collaboration';
        $review.Title = 'Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled';
        $review.Data = $settings;
        $review.Review = $reviewFlag;

        # Print result.
        $review.PrintResult();

        # Write progress.
        #Write-Progress -Activity $MyInvocation.MyCommand -Status 'Completed' -CurrentOperation $MyInvocation.MyCommand.Name -Completed;

        # Return object.
        return $review;
    }
}