35004 - Add test for Published Label Policies assessment #728
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a new security assessment test (ID: 35004) for validating that sensitivity label policies are properly published to users, supporting Microsoft Information Protection deployment requirements.
Key Changes:
- New assessment test to check for enabled label policies and their publication scope
- Documentation with remediation steps for publishing label policies
- Comprehensive unit tests covering success, failure, and error scenarios
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/powershell/tests/Test-Assessment.35004.ps1 | Main assessment function that queries label policies, evaluates their enabled status and publication scope, and generates detailed reports with policy information |
| src/powershell/tests/Test-Assessment.35004.md | User-facing documentation providing context, remediation steps, and links to Microsoft Learn resources for label policy management |
| code-tests/test-assessments/Test-Assessment.35004.Tests.ps1 | Pester unit tests covering error handling, no policies, disabled policies, and enabled policies with different scopes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…rs" targeting Consider adding SharePointLocation and OneDriveLocation to this condition for consistency. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
| if ($policy.ModernGroupLocation) { | ||
| foreach ($target in $policy.ModernGroupLocation) { $null = $uniqueTargets.Add($target) } | ||
| } |
There was a problem hiding this comment.
The code only counts unique targets from ExchangeLocation and ModernGroupLocation, but does not include SharePointLocation and OneDriveLocation when aggregating unique users/groups. This leads to an incomplete count when allUsersTargeted is false. SharePointLocation and OneDriveLocation should also be processed to add their targets to the uniqueTargets HashSet.
| } | |
| } | |
| if ($policy.SharePointLocation) { | |
| foreach ($target in $policy.SharePointLocation) { $null = $uniqueTargets.Add($target) } | |
| } | |
| if ($policy.OneDriveLocation) { | |
| foreach ($target in $policy.OneDriveLocation) { $null = $uniqueTargets.Add($target) } | |
| } |
Update MinimumLicense from MIP_P1 to Microsoft 365 E3
2 participants
Fix https://github.com/microsoft/ztspecs/issues/52