Azure-abonnement Beveiligingscontactpersonen Geconfigureerd

<# ================================================================================ AZURE POWERSHELL SCRIPT - Nederlandse Baseline voor Veilige Cloud ================================================================================ .SYNOPSIS Subscription Security Contacts .DESCRIPTION Controleert security contacts per subscription. .NOTES Filename: subscription-security-contacts.ps1 Author: Nederlandse Baseline voor Veilige Cloud Version: 1.0 CIS Control: 10.6 #> #Requires -Version 5.1 #Requires -Modules Az.Accounts, Az.Security [CmdletBinding()] param([Parameter()][switch]$Monitoring) $ErrorActionPreference = 'Stop' $PolicyName = "Subscription Security Contacts" function Connect-RequiredServices { if (-not (Get-AzContext)) { Connect-AzAccount | Out-Null } } function Test-Compliance { $subscriptions = Get-AzSubscription | Where-Object { $_.State -eq 'Enabled' } $result = @{ Total = $subscriptions.Count; Configured = 0 } foreach ($sub in $subscriptions) { Set-AzContext -SubscriptionId $sub.Id | Out-Null $contacts = Get-AzSecurityContact -ErrorAction SilentlyContinue if ($contacts -and $contacts.Email) { $result.Configured++ } } return $result } try { Connect-RequiredServices if ($Monitoring) { $r = Test-Compliance Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "$PolicyName" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "Subscriptions: $($r.Total)" -ForegroundColor White Write-Host "With Security Contacts: $($r.Configured)" -ForegroundColor $(if ($r.Configured -eq $r.Total) { 'Green' } else { 'Yellow' }) if ($r.Configured -lt $r.Total) { Write-Host "`n⚠️ $($r.Total - $r.Configured) subscription(s) zonder security contacts" -ForegroundColor Yellow } } else { $r = Test-Compliance Write-Host "`nSecurity Contacts: $($r.Configured)/$($r.Total)" } } catch { Write-Error $_; exit 1 } # ================================================================================ # Standaard Invoke-* Functions (Auto-generated) # ================================================================================ function Invoke-Implementation { <# .SYNOPSIS Implementeert de configuratie #> [CmdletBinding()] param() Invoke-Remediation } function Invoke-Monitoring { <# .SYNOPSIS Controleert de huidige configuratie status #> [CmdletBinding()] param() $Monitoring = $true try { Connect-RequiredServices if ($Monitoring) { $r = Test-Compliance Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "$PolicyName" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "Subscriptions: $($r.Total)" -ForegroundColor White Write-Host "With Security Contacts: $($r.Configured)" -ForegroundColor $(if ($r.Configured -eq $r.Total) { 'Green' } else { 'Yellow' }) if ($r.Configured -lt $r.Total) { Write-Host "`n⚠️ $($r.Total - $r.Configured) subscription(s) zonder security contacts" -ForegroundColor Yellow } } else { $r = Test-Compliance Write-Host "`nSecurity Contacts: $($r.Configured)/$($r.Total)" } } catch { Write-Error $_; exit 1 } } function Invoke-Remediation { <# .SYNOPSIS Herstelt de configuratie naar de gewenste staat .DESCRIPTION Dit is een monitoring-only control, remediation delegeert naar monitoring #> [CmdletBinding()] param() Write-Host "[INFO] Dit is een monitoring-only control" -ForegroundColor Yellow Write-Host "[INFO] Running monitoring check..." -ForegroundColor Cyan Invoke-Monitoring }