feat(m365): add exchange_shared_mailbox_sign_in_disabled check

[andoniaf]

Context

Add new security check for Microsoft 365 Exchange Online to verify that shared mailboxes have sign-in blocked in Entra ID.

Based on CIS Microsoft 365 Foundations Benchmark v5.0.0 - Requirement 1.2.2.

Description

This PR adds a new M365 Exchange check exchange_shared_mailbox_sign_in_disabled that verifies shared mailboxes cannot be used for direct sign-in. Shared mailboxes should only be accessed through delegation to maintain accountability and reduce attack surface.

Changes:

• Add get_shared_mailboxes() method to M365PowerShell class to retrieve shared mailboxes via PowerShell
• Add SharedMailbox model to exchange_service.py
• Add _get_shared_mailboxes() method to Exchange service
• Implement the check that cross-references shared mailboxes with Entra ID user accounts to verify AccountEnabled is False

Steps to review

1. Review the PowerShell command in get_shared_mailboxes() method
2. Review the SharedMailbox model and service implementation
3. Review the check logic that cross-references Exchange mailboxes with Entra ID accounts
4. Verify metadata JSON follows Prowler standards

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Are there new checks included in this PR? Yes
  • If so, do we need to update permissions for the provider? No - Uses existing Exchange Online permissions
• Review if the code is being covered by tests.
• Review if code is being documented following https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes
  • If so, do we need to update permissions for the provider? No - Uses existing Get-EXOMailbox and Entra ID permissions

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[codecov]

Codecov Report

❌ Patch coverage is 81.81818% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.69%. Comparing base (cb367da) to head (a6946f3).
⚠️ Report is 9 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #9828      +/-   ##
==========================================
- Coverage   92.07%   88.69%   -3.39%     
==========================================
  Files         181       94      -87     
  Lines       25074     3564   -21510     
==========================================
- Hits        23087     3161   -19926     
+ Misses       1987      403    -1584     

Flag	Coverage Δ
api	?
prowler-py3.10-m365	88.52% <81.81%> (?)
prowler-py3.11-m365	88.52% <81.81%> (?)
prowler-py3.12-m365	88.69% <81.81%> (?)
prowler-py3.9-m365	88.52% <81.81%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	88.69% <81.81%> (∅)
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔒 Container Security Scan

Image: prowler:d7550fe
Last scan: 2026-01-23 12:26:38 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	3
Total	3

3 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[HugoPBrito]

Please, also update the changelog since 5.17 was released.