private/review/purview/informationprotection/Invoke-ReviewPurviewInformationProtectionLabelPolicy.ps1
function Invoke-ReviewPurviewInformationProtectionLabelPolicy { <# .SYNOPSIS Check if SharePoint Online Information Protection policies are set up and used. .DESCRIPTION Returns review object. .NOTES Requires the following modules: - ExchangeOnlineManagement .EXAMPLE Invoke-ReviewPurviewInformationProtectionLabelPolicy; #> [cmdletbinding()] param ( ) BEGIN { # Write to log. Write-Log -Category 'Microsoft Purview' -Subcategory 'Information Protection' -Message ("Getting label policies") -Level Debug; # Get all label policies. $labelPolicies = Get-LabelPolicy -WarningAction SilentlyContinue; # Object array for storing policies. $policies = New-Object System.Collections.ArrayList; } PROCESS { # Foreach label policy. foreach ($labelPolicy in $labelPolicies) { # Boolean if the label policy valid. $valid = $true; # If the label policy is not enabled. if($false -eq $labelPolicy.Enabled) { # Set the policy to invalid. $valid = $false; } # If mode is not set to enforce. if('Enforce' -ne $labelPolicy.Mode) { # Set the policy to invalid. $valid = $false; } # If label policy is valid. if($true -eq $valid) { # Write to log. Write-Log -Category 'Microsoft Purview' -Subcategory 'Information Protection' -Message ("Label policy '{0}' is valid" -f $labelPolicy.Name) -Level Debug; # Add the policy to the list. $null = $policies.Add($labelPolicy); } } } END { # Bool for review flag. [bool]$reviewFlag = $false; # If review flag should be set. if ($policies.Count -eq 0) { # Should be reviewed. $reviewFlag = $true; } # Create new review object to return. [Review]$review = [Review]::new(); # Add to object. $review.Id = 'b01a1187-5921-4b29-95fd-73e1af3c5285'; $review.Category = 'Microsoft Purview'; $review.Subcategory = 'Information Protection'; $review.Title = 'Ensure SharePoint Online Information Protection policies are set up and used'; $review.Data = $policies | Select-Object -Property Guid, Name, Enabled, Mode, Comment, Workload; $review.Review = $reviewFlag; # Print result. $review.PrintResult(); # Return object. return $review; } } |