Remove extraneous SHALL from MS.DEFENDER.4.1

PowerShell/ScubaGear/Rego/DefenderConfig.rego

@@ -387,7 +387,7 @@ tests contains {
 #################
 
 #
-# MS.DEFENDER.4.1v1
+# MS.DEFENDER.4.1v2
 #--
 SensitiveContent := [
     "U.S. Social Security Number (SSN)",
@@ -479,7 +479,7 @@ error_rules contains SensitiveContent[2] if count(Rules.Credit_Card) == 0
 # If error_rules contains any value, then some sensitive content
 # is not protected by any policy & check should fail.
 tests contains {
-    "PolicyId": "MS.DEFENDER.4.1v1",
+    "PolicyId": "MS.DEFENDER.4.1v2",
     "Criticality": "Shall",
     "Commandlet": ["Get-DlpComplianceRule"],
     "ActualValue": Rules,

PowerShell/ScubaGear/Testing/Unit/PowerShell/CreateReport/CreateReportStubs/TestResults.json

@@ -1037,7 +1037,7 @@
                            "Get-MalwareFilterPolicy"
                        ],
         "Criticality":  "Should",
-        "PolicyId":  "MS.DEFENDER.4.1v1",
+        "PolicyId":  "MS.DEFENDER.4.1v2",
         "ReportDetails":  "Requirement met",
         "RequirementMet":  true
     },
@@ -1494,7 +1494,7 @@
                                 "Locations":  [
                                                   "All"
                                               ],
-                                "Name":  "MS.DEFENDER.4.1v1 Test",
+                                "Name":  "MS.DEFENDER.4.1v2 Test",
                                 "Workload":  "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices, OnPremisesScanner"
                             }
                         ],
@@ -1527,7 +1527,7 @@
                                 "Locations":  [
                                                   "All"
                                               ],
-                                "Name":  "MS.DEFENDER.4.1v1 Test",
+                                "Name":  "MS.DEFENDER.4.1v2 Test",
                                 "Workload":  "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices, OnPremisesScanner"
                             }
                         ],
@@ -1560,7 +1560,7 @@
                                 "Locations":  [
                                                   "All"
                                               ],
-                                "Name":  "MS.DEFENDER.4.1v1 Test",
+                                "Name":  "MS.DEFENDER.4.1v2 Test",
                                 "Workload":  "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices, OnPremisesScanner"
                             }
                         ],
@@ -3574,4 +3574,4 @@
         "ReportDetails":  "1 meeting policy(ies) found that allow cloud recording and storage outside of the tenant\u0027s region: Tag:Custom Policy 1",
         "RequirementMet":  false
     }
-]
+]

PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego

@@ -9,15 +9,15 @@ import data.utils.report.NotCheckedDetails
 import rego.v1
 
 #
-# Policy MS.DEFENDER.4.1v1
+# Policy MS.DEFENDER.4.1v2
 #--
 test_ContentContainsSensitiveInformation_Correct_V1 if {
     Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules]
                             with input.dlp_compliance_policies as [DlpCompliancePolicies]
                             with input.defender_license as true
                             with input.defender_dlp_license as true
 
-    TestResult("MS.DEFENDER.4.1v1", Output, PASS, true) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, PASS, true) == true
 }
 
 test_AdvancedRule_Correct_V2 if {
@@ -33,7 +33,7 @@ test_AdvancedRule_Correct_V2 if {
                             with input.defender_license as true
                             with input.defender_dlp_license as true
 
-    TestResult("MS.DEFENDER.4.1v1", Output, PASS, true) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, PASS, true) == true
 }
 
 test_ContentContainsSensitiveInformation_Incorrect_V1 if {
@@ -46,7 +46,7 @@ test_ContentContainsSensitiveInformation_Incorrect_V1 if {
                             with input.defender_dlp_license as true
 
     ReportDetailString := "No matching rules found for: U.S. Social Security Number (SSN)"
-    TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, ReportDetailString, false) == true
 }
 
 test_ContentContainsSensitiveInformation_Incorrect_V2 if {
@@ -59,7 +59,7 @@ test_ContentContainsSensitiveInformation_Incorrect_V2 if {
                             with input.defender_dlp_license as true
 
     ReportDetailString := "No matching rules found for: U.S. Individual Taxpayer Identification Number (ITIN)"
-    TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, ReportDetailString, false) == true
 }
 
 test_ContentContainsSensitiveInformation_Incorrect_V3 if {
@@ -72,7 +72,7 @@ test_ContentContainsSensitiveInformation_Incorrect_V3 if {
                             with input.defender_dlp_license as true
 
     ReportDetailString := "No matching rules found for: Credit Card Number"
-    TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, ReportDetailString, false) == true
 }
 
 test_ContentContainsSensitiveInformation_Incorrect_V4 if {
@@ -89,7 +89,7 @@ test_ContentContainsSensitiveInformation_Incorrect_V4 if {
         "U.S. Individual Taxpayer Identification Number (ITIN), U.S. Social Security Number (SSN)"
     ])
 
-    TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, ReportDetailString, false) == true
 }
 
 test_ContentContainsSensitiveInformation_Incorrect_V5 if {
@@ -106,7 +106,7 @@ test_ContentContainsSensitiveInformation_Incorrect_V5 if {
         "U.S. Individual Taxpayer Identification Number (ITIN), U.S. Social Security Number (SSN)"
     ])
 
-    TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, ReportDetailString, false) == true
 }
 
 test_ContentContainsSensitiveInformation_Incorrect_V6 if {
@@ -123,15 +123,15 @@ test_ContentContainsSensitiveInformation_Incorrect_V6 if {
         "U.S. Individual Taxpayer Identification Number (ITIN), U.S. Social Security Number (SSN)"
     ])
 
-    TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, ReportDetailString, false) == true
 }
 
 test_NoDLPLicense_Incorrect_4_1_V1 if {
     Output := defender.tests with input.defender_license as false
                             with input.defender_dlp_license as false
 
     ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR])
-    TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true
+    TestResult("MS.DEFENDER.4.1v2", Output, ReportDetailString, false) == true
 }
 
 #--

PowerShell/ScubaGear/baselines/defender.md

@@ -427,15 +427,15 @@ confidence levels or adjust the levels in custom DLP policies to fit
 their environment and needs.
 
 ### Policies
-#### MS.DEFENDER.4.1v1
-A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.
+#### MS.DEFENDER.4.1v2
+A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).
 
-<!--Policy: MS.DEFENDER.4.1v1; Criticality: SHALL -->
+<!--Policy: MS.DEFENDER.4.1v2; Criticality: SHALL -->
 - _Rationale:_ Users may inadvertently share sensitive information with
                others who should not have access to it. DLP policies
                provide a way for agencies to detect and prevent
                unauthorized disclosures.
-- _Last modified:_ June 2023
+- _Last modified:_ November 2024
 - _MITRE ATT&CK TTP Mapping:_
   - [T1567: Exfiltration Over Web Service](https://attack.mitre.org/techniques/T1567/)
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -450,7 +450,7 @@ The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams cha
                affected locations to be effective.
 - _Last modified:_ June 2023
 - _Note:_ The custom policy referenced here is the same policy
-          configured in [MS.DEFENDER.4.1v1](#msdefender41v1).
+          configured in [MS.DEFENDER.4.1v2](#msdefender41v2).
 - _MITRE ATT&CK TTP Mapping:_
   - [T1567: Exfiltration Over Web Service](https://attack.mitre.org/techniques/T1567/)
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -466,7 +466,7 @@ The action for the custom policy SHOULD be set to block sharing sensitive inform
                on agency policies and valid business justifications.
 - _Last modified:_ June 2023
 - _Note:_ The custom policy referenced here is the same policy
-          configured in [MS.DEFENDER.4.1v1](#msdefender41v1).
+          configured in [MS.DEFENDER.4.1v2](#msdefender41v2).
 - _MITRE ATT&CK TTP Mapping:_
   - [T1567: Exfiltration Over Web Service](https://attack.mitre.org/techniques/T1567/)
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -482,7 +482,7 @@ Notifications to inform users and help educate them on the proper use of sensiti
                accessing sensitive information.
 - _Last modified:_ June 2023
 - _Note:_ The custom policy referenced here is the same policy
-          configured in [MS.DEFENDER.4.1v1](#msdefender41v1).
+          configured in [MS.DEFENDER.4.1v2](#msdefender41v2).
 - _MITRE ATT&CK TTP Mapping:_
   - None
 
@@ -515,7 +515,7 @@ information by restricted apps and unwanted Bluetooth applications.
 - _Last modified:_ June 2023
 - _Note:_
   - The custom policy referenced here is the same policy
-    configured in [MS.DEFENDER.4.1v1](#msdefender41v1).
+    configured in [MS.DEFENDER.4.1v2](#msdefender41v2).
   - This action can only be included if at least one device is onboarded
     to the agency tenant. Otherwise, the option to block restricted apps will
     not be available.
@@ -556,7 +556,7 @@ information by restricted apps and unwanted Bluetooth applications.
 
 ### Implementation
 
-#### MS.DEFENDER.4.1v1 Instructions
+#### MS.DEFENDER.4.1v2 Instructions
 
 1. Sign in to the **Microsoft Purview compliance portal**.
 
@@ -619,18 +619,18 @@ information by restricted apps and unwanted Bluetooth applications.
 
 #### MS.DEFENDER.4.2v1 Instructions
 
-See [MS.DEFENDER.4.1v1 Instructions](#msdefender41v1-instructions) step 8
+See [MS.DEFENDER.4.1v2 Instructions](#msdefender41v2-instructions) step 8
    for details on enforcing DLP policy in specific M365 service locations.
 
 #### MS.DEFENDER.4.3v1 Instructions
 
-See [MS.DEFENDER.4.1v1 Instructions](#msdefender41v1-instructions) steps
+See [MS.DEFENDER.4.1v2 Instructions](#msdefender41v2-instructions) steps
    15-17 for details on configuring DLP policy to block sharing sensitive
    information with everyone.
 
 #### MS.DEFENDER.4.4v1 Instructions
 
-See [MS.DEFENDER.4.1v1 Instructions](#msdefender41v1-instructions) steps
+See [MS.DEFENDER.4.1v2 Instructions](#msdefender41v2-instructions) steps
    18-19 for details on configuring DLP policy to notify users when accessing
    sensitive information.
 
@@ -669,7 +669,7 @@ before the instructions below can be completed.
 3. Select **Policies** from the top of the page.
 
 4. Find the custom DLP policy configured under
-   [MS.DEFENDER.4.1v1 Instructions](#msdefender41v1-instructions) in the list
+   [MS.DEFENDER.4.1v2 Instructions](#msdefender41v2-instructions) in the list
    and click the Policy name to select.
 
 5. Select **Edit Policy**.

PowerShell/ScubaGear/baselines/exo.md

@@ -621,14 +621,14 @@ At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S.
 Any product meeting the requirements outlined in this baseline policy may be used. If the agency uses Microsoft Defender, see the following implementation steps for [DLP](./defender.md#implementation-3) for additional guidance.
 
 #### MS.EXO.8.2v2 Instructions
-Any product meeting the requirements outlined in this baseline policy may be used. If the agency uses Microsoft Defender, see the following implementation steps for [protecting PII](./defender.md#msdefender41v1-instructions) for additional guidance.
+Any product meeting the requirements outlined in this baseline policy may be used. If the agency uses Microsoft Defender, see the following implementation steps for [protecting PII](./defender.md#msdefender41v2-instructions) for additional guidance.
 
 #### MS.EXO.8.3v1 Instructions
 Any product meeting the requirements outlined in this baseline policy may be used. If the agency uses Microsoft Defender, see the following implementation steps for [DLP](./defender.md#implementation-3) for additional guidance.
 
 
 #### MS.EXO.8.4v1 Instructions
-Any product meeting the requirements outlined in this baseline policy may be used. If the agency uses Microsoft Defender, see the following implementation steps for [protecting PII](./defender.md#msdefender41v1-instructions) for additional guidance.
+Any product meeting the requirements outlined in this baseline policy may be used. If the agency uses Microsoft Defender, see the following implementation steps for [protecting PII](./defender.md#msdefender41v2-instructions) for additional guidance.
 
 ## 9. Attachment File Type
 
@@ -1075,7 +1075,7 @@ Mailbox auditing SHALL be enabled.
     - [T1586.002: Email Accounts](https://attack.mitre.org/techniques/T1586/002/)
   - [T1564: Hide Artifacts](https://attack.mitre.org/techniques/T1564/)
   - [T1564.008: Email Hiding Rules](https://attack.mitre.org/techniques/T1564/008/)
-    
+
 ### Resources
 
 - [Manage mailbox auditing in Office 365 \| Microsoft