feat: Check DMARC for Entra registered managed and verified domains (MT.1177)

[blindzero]

📑 Description

Existing DMARC from CISA run against Exchange, but not against Entra registered domains.
Following recommendations (e.g. https://www.ncsc.gov.uk/blog-post/protecting-parked-domains) this should be applied as well to all Entra registered domains (if verified and managed).

Added MT.1177 - Test-MtDomainsDmarcRecordMaturity

Combining a dynamic test approach in just on test, that

• passes if all domains have p=reject policy and pct=100
• fails with low severity if p=quarantine or p=reject, but pct < 100
• fails with medium severity if p=none
• fails with high severity if no DMARC policy is found

Creates output table for all registered, managed and verified domains in Entra, total test severity is using max severity found in the results.

Closes #1739

✅ Checks

• My pull request adheres to the code style of this project.
• My code requires changes to the documentation.
• I have updated the documentation as required.
• The build and unit tests pass after running /powershell/tests/pester.ps1 locally.

ℹ️ Additional Information

Adding Get-MtRegistrableDomain.ps1 helper as other DMARC checks also suffer from issue on multi-level domains (e.g. domain.co.uk) based on pure regex. Added a powershell assets file with the public suffix list from Mozilla and a helper that checks a domain and gives back the registerable part.

E.g.
mail.domain.co.uk = domain.co.uk
domain.co.uk = domain.co.uk
domain.com = domain.com

However, based on the scope of this issue / PR I am not touching other existing DMARC / domain checks to use Get-MtRegistrableDomain

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}