private/review/sharepointonline/settings/Invoke-ReviewSpoCustomScriptExecution.ps1

function Invoke-ReviewSpoCustomScriptExecution
{
    <#
    .SYNOPSIS
        Review custom script execution is restricted on site collections.
    .DESCRIPTION
        Returns review object.
    .NOTES
        Requires the following modules:
        - Pnp.PowerShell
    .EXAMPLE
        Invoke-ReviewSpoCustomScriptExecution;
    #>


    [cmdletbinding()]
    param
    (
    )

    BEGIN
    {
        # Write progress.
        Write-Progress -Activity $MyInvocation.MyCommand -Status 'Running' -CurrentOperation $MyInvocation.MyCommand.Name -PercentComplete -1 -SecondsRemaining -1;

        # Write to log.
        Write-CustomLog -Category 'SharePoint Online' -Subcategory 'Settings' -Message ('Getting all SharePoint sites') -Level Verbose;

        # Get all SharePoint sites.
        $sites = Get-PnPTenantSite;

        # Sites with custom script execution disabled.
        $sitesWithCustomScriptExecution = New-Object System.Collections.ArrayList;
    }
    PROCESS
    {
        # Foreach site.
        foreach ($site in $sites)
        {
            # If site is not OneDrive.
            if ($site.Template -like 'SPSPERS*')
            {
                # Skip site.
                continue;
            }

            # If "deny add and customize pages" is set to false.
            if ($site.DenyAddAndCustomizePages -eq $false)
            {
                # Write to log.
                Write-CustomLog -Category 'SharePoint Online' -Subcategory 'Settings' -Message ("The SharePoint site '{0}' is set to allow custom script execution" -f $site.Url) -Level Verbose;

                # Add site to list.
                $null = $sitesWithCustomScriptExecution.Add($site);
            }
        }
    }
    END
    {
        # Bool for review flag.
        [bool]$reviewFlag = $false;

        # If review flag should be set.
        if ($sitesWithCustomScriptExecution.Count -gt 0)
        {
            # Should be reviewed.
            $reviewFlag = $true;
        }

        # Create new review object to return.
        [Review]$review = [Review]::new();

        # Add to object.
        $review.Id = '6339c889-76d7-450b-855d-b9e22869c94f';
        $review.Category = 'Microsoft SharePoint Admin Center';
        $review.Subcategory = 'Settings';
        $review.Title = 'Ensure custom script execution is restricted on site collections';
        $review.Data = $sitesWithCustomScriptExecution | Select-Object -Property Url, DenyAddAndCustomizePages;
        $review.Review = $reviewFlag;

        # Print result.
        $review.PrintResult();

        # Write progress.
        #Write-Progress -Activity $MyInvocation.MyCommand -Status 'Completed' -CurrentOperation $MyInvocation.MyCommand.Name -Completed;

        # Return object.
        return $review;
    }
}