diff --git a/Testing/Functional/Products/TestPlans/defender.g3.testplan.yaml b/Testing/Functional/Products/TestPlans/defender.g3.testplan.yaml index c9bf644b8..6fd0c3602 100644 --- a/Testing/Functional/Products/TestPlans/defender.g3.testplan.yaml +++ b/Testing/Functional/Products/TestPlans/defender.g3.testplan.yaml @@ -72,5 +72,4 @@ TestPlan: - TestDescription: MS.DEFENDER.3.1v1 Non-compliant - No defender license Preconditions: [] Postconditions: [] - IsNotChecked: true ExpectedResult: false diff --git a/Testing/Functional/Products/TestPlans/defender.g5.testplan.yaml b/Testing/Functional/Products/TestPlans/defender.g5.testplan.yaml index e8609136d..6275e8db2 100644 --- a/Testing/Functional/Products/TestPlans/defender.g5.testplan.yaml +++ b/Testing/Functional/Products/TestPlans/defender.g5.testplan.yaml @@ -384,6 +384,132 @@ TestPlan: Postconditions: [] ExpectedResult: true + - PolicyId: MS.DEFENDER.2.1v1 + TestDriver: RunScuba + Tests: + - TestDescription: MS.DEFENDER.2.1v1 Non-compliant - Sensitive user not listed + ConfigFileName: MismatchedUser.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect $null}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect $null}' + Postconditions: [] + ExpectedResult: false + - TestDescription: MS.DEFENDER.2.1v1 Non-compliant - Sensitive user partial coverage + ConfigFileName: MatchedUser.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect $null}' + Postconditions: [] + ExpectedResult: false + - TestDescription: MS.DEFENDER.2.1v1 Compliant - All Listed sensitive users (mix-cased) are protected + ConfigFileName: MatchedWithMixedCase.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' + Postconditions: [] + ExpectedResult: true + - TestDescription: MS.DEFENDER.2.1v1 Compliant - All Listed sensitive users are protected + ConfigFileName: MatchedUser.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' + Postconditions: [] + ExpectedResult: true + - TestDescription: MS.DEFENDER.2.1v1 Compliant - No sensitive users identified but all users covered + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect $null}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect $null}' + Postconditions: [] + ExpectedResult: true + + - PolicyId: MS.DEFENDER.2.2v1 + TestDriver: RunScuba + Tests: + - TestDescription: MS.DEFENDER.2.2v1 Non-compliant - Agency domain not listed + ConfigFileName: AgencyDomainList.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' + Postconditions: [] + ExpectedResult: false + - TestDescription: MS.DEFENDER.2.2v1 Non-compliant - Agency domain partial coverage + ConfigFileName: AgencyDomainList.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodguys.com"}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' + Postconditions: [] + ExpectedResult: false + - TestDescription: MS.DEFENDER.2.2v1 Non-compliant - All domains No list + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' + Postconditions: [] + ExpectedResult: false + - TestDescription: MS.DEFENDER.2.2v1 Compliant - All Listed are protected + ConfigFileName: AgencyDomainList.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodguys.com"}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodguys.com"}' + Postconditions: [] + ExpectedResult: true + + - PolicyId: MS.DEFENDER.2.3v1 + TestDriver: RunScuba + Tests: + - TestDescription: MS.DEFENDER.2.3v1 Non-compliant - Agency domain not listed + ConfigFileName: PartnerDomainList.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' + Postconditions: [] + ExpectedResult: false + - TestDescription: MS.DEFENDER.2.3v1 Non-compliant - Agency domain partial coverage + ConfigFileName: PartnerDomainList.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodparnter.com"}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' + Postconditions: [] + ExpectedResult: false + - TestDescription: MS.DEFENDER.2.3v1 Compliant - All domains No list of domains in config + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect @{}}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect @{}}' + Postconditions: [] + ExpectedResult: true + - TestDescription: MS.DEFENDER.2.3v1 Compliant - All Listed are protected + ConfigFileName: PartnerDomainList.yaml + Preconditions: + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodparnter.com"}' + # yamllint disable-line rule:line-length + - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodparnter.com"}' + Postconditions: [] + ExpectedResult: true + - PolicyId: MS.DEFENDER.3.1v1 TestDriver: RunScuba Tests: diff --git a/Testing/Functional/Products/TestPlans/defender.testplan.yaml b/Testing/Functional/Products/TestPlans/defender.testplan.yaml index 84d9c1d5f..d15a86e37 100644 --- a/Testing/Functional/Products/TestPlans/defender.testplan.yaml +++ b/Testing/Functional/Products/TestPlans/defender.testplan.yaml @@ -118,132 +118,6 @@ TestPlan: Postconditions: [] ExpectedResult: true - - PolicyId: MS.DEFENDER.2.1v1 - TestDriver: RunScuba - Tests: - - TestDescription: MS.DEFENDER.2.1v1 Non-compliant - Sensitive user not listed - ConfigFileName: MismatchedUser.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect $null}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect $null}' - Postconditions: [] - ExpectedResult: false - - TestDescription: MS.DEFENDER.2.1v1 Non-compliant - Sensitive user partial coverage - ConfigFileName: MatchedUser.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect $null}' - Postconditions: [] - ExpectedResult: false - - TestDescription: MS.DEFENDER.2.1v1 Compliant - All Listed sensitive users (mix-cased) are protected - ConfigFileName: MatchedWithMixedCase.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' - Postconditions: [] - ExpectedResult: true - - TestDescription: MS.DEFENDER.2.1v1 Compliant - All Listed sensitive users are protected - ConfigFileName: MatchedUser.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' - Postconditions: [] - ExpectedResult: true - - TestDescription: MS.DEFENDER.2.1v1 Compliant - No sensitive users identified but all users covered - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedUsersToProtect "AgencyUserGlobalReader;AgencyUserGlobalReader@y2zj1.onmicrosoft.com"}' - Postconditions: [] - ExpectedResult: true - - - PolicyId: MS.DEFENDER.2.2v1 - TestDriver: RunScuba - Tests: - - TestDescription: MS.DEFENDER.2.2v1 Non-compliant - Agency domain not listed - ConfigFileName: AgencyDomainList.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - Postconditions: [] - ExpectedResult: false - - TestDescription: MS.DEFENDER.2.2v1 Non-compliant - Agency domain partial coverage - ConfigFileName: AgencyDomainList.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodguys.com"}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - Postconditions: [] - ExpectedResult: false - - TestDescription: MS.DEFENDER.2.2v1 Non-compliant - All domains No list - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - Postconditions: [] - ExpectedResult: false - - TestDescription: MS.DEFENDER.2.2v1 Compliant - All Listed are protected - ConfigFileName: AgencyDomainList.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodguys.com"}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodguys.com"}' - Postconditions: [] - ExpectedResult: true - - - PolicyId: MS.DEFENDER.2.3v1 - TestDriver: RunScuba - Tests: - - TestDescription: MS.DEFENDER.2.3v1 Non-compliant - Agency domain not listed - ConfigFileName: PartnerDomainList.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - Postconditions: [] - ExpectedResult: false - - TestDescription: MS.DEFENDER.2.3v1 Non-compliant - Agency domain partial coverage - ConfigFileName: PartnerDomainList.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodparnter.com"}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - Postconditions: [] - ExpectedResult: false - - TestDescription: MS.DEFENDER.2.3v1 Non-compliant - All domains No list of domains in config - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect $null}' - Postconditions: [] - ExpectedResult: false - - TestDescription: MS.DEFENDER.2.3v1 Compliant - All Listed are protected - ConfigFileName: PartnerDomainList.yaml - Preconditions: - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Strict Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodparnter.com"}' - # yamllint disable-line rule:line-length - - Command: 'Get-AntiPhishPolicy | Where-Object {$_.Identity -like "Standard Preset Security Policy*"} | % {Set-AntiPhishPolicy -Identity $($_.Identity) -TargetedDomainsToProtect "goodparnter.com"}' - Postconditions: [] - ExpectedResult: true - - PolicyId: MS.DEFENDER.4.1v1 TestDriver: RunCached Tests: