private/review/exchangeonline/audit/Invoke-ReviewExoMailboxAuditBypassDisabled.ps1

function Invoke-ReviewExoMailboxAuditBypassDisabled
{
    <#
    .SYNOPSIS
        Check if 'AuditBypassEnabled' is not enabled on mailboxes.
    .DESCRIPTION
        Returns review object.
    .NOTES
        Requires the following modules:
        - ExchangeOnlineManagement
    .EXAMPLE
        Invoke-ReviewExoMailboxAuditBypassDisabled;
    #>


    [cmdletbinding()]
    param
    (
    )

    BEGIN
    {
        # Write to log.
        Write-Log -Category 'Exchange Online' -Subcategory 'Audit' -Message 'Getting mailbox audit bypass associations' -Level Debug;

        # Get all mailboxes.
        $mailboxes = Get-MailboxAuditBypassAssociation -ResultSize Unlimited -WarningAction SilentlyContinue;

        # Object array with mailboxes where auditing bypass is enabled.
        $mailboxesAuditBypassEnabled = New-Object System.Collections.ArrayList;
    }
    PROCESS
    {
        # Foreach mailbox.
        foreach ($mailbox in $mailboxes)
        {
            # If mailbox auditing bypass is enabled.
            if ($mailbox.AuditBypassEnabled -eq $true)
            {
                # Add to the list.
                $mailboxesAuditBypassEnabled += $mailbox;
            }
        }

        # Write to log.
        Write-Log -Category 'Exchange Online' -Subcategory 'Audit' -Message ("Found {0} mailboxes with audit bypass enabled" -f $mailboxesAuditBypassEnabled) -Level Debug;
    }
    END
    {
        # Bool for review flag.
        [bool]$reviewFlag = $false;

        # If review flag should be set.
        if ($mailboxesAuditBypassEnabled.Count -gt 0)
        {
            # Should be reviewed.
            $reviewFlag = $true;
        }

        # Create new review object to return.
        [Review]$review = [Review]::new();

        # Add to object.
        $review.Id = 'a2c3a619-df82-4e0b-ac98-47ff51ea8c2a';
        $review.Category = 'Microsoft Exchange Admin Center';
        $review.Subcategory = 'Audit';
        $review.Title = "Ensure 'AuditBypassEnabled' is not enabled on mailboxes";
        $review.Data = $mailboxesAuditBypassEnabled | Select-Object -Property Identity, AuditBypassEnabled;
        $review.Review = $reviewFlag;

        # Print result.
        $review.PrintResult();

        # Return object.
        return $review;
    }
}