[Work Item] Pester test gap: Get-FilteredSettingOverrideInformation fallback path untested

## Describe the work

`Get-FilteredSettingOverrideInformation.ps1` has two data sources for setting overrides:

1. Per-server `ExchangeSettingOverride` (from `Get-ExchangeDiagnosticInfo` → VariantConfiguration)
2. Org-level `GetSettingOverride` (from `Get-SettingOverride` cmdlet) — used as fallback

The fallback path (lines 46-48) is **never exercised** in any Pester test because all VariantConfig mock files contain `SimpleSettingOverrides` entries, so the code always enters line 43-45 and never reaches the `GetSettingOverride` fallback.

```powershell
# Get-FilteredSettingOverrideInformation.ps1 lines 42-56
# Use ExchangeSettingOverride first
if ($null -ne $ExchangeSettingOverride -and
    $ExchangeSettingOverride.SimpleSettingOverrides.Count -gt 0) {
    $findFromOverride = $ExchangeSettingOverride.SimpleSettingOverrides        # <-- always hits this
} elseif ($null -ne $GetSettingOverride -and
    $GetSettingOverride -ne "Unknown") {
    $findFromOverride = $GetSettingOverride                                    # <-- never tested
    $usedAdSettings = $true
} elseif ($GetSettingOverride -eq "Unknown") {
    $results.Add("Unknown")                                                   # <-- never tested
    return
} else {
    Write-Verbose "No data to filter"
    return
}
```

## Approach

### 1. Dedicated Pester test file for `Get-FilteredSettingOverrideInformation`

No test file currently exists. Create `Diagnostics\HealthChecker\Tests\Get-FilteredSettingOverrideInformation.Tests.ps1` to unit test the function directly with controlled inputs covering all branches:

```powershell
BeforeAll {
    . $PSScriptRoot\..\Analyzer\Get-FilteredSettingOverrideInformation.ps1
}

Describe "Get-FilteredSettingOverrideInformation" {
    Context "Per-server ExchangeSettingOverride path" {
        It "Uses SimpleSettingOverrides when available" { }
        It "Filters by ComponentName and SectionName correctly" { }
        It "Returns null when filter finds no match" { }
        It "Only adds Accepted status entries" { }
    }

    Context "Org-level GetSettingOverride fallback path" {
        It "Falls through when ExchangeSettingOverride is null" { }
        It "Falls through when SimpleSettingOverrides is empty" { }
        It "Sets FromAdSettings to true" { }
        It "Applies MinVersion/MaxVersion/Server filtering" { }
        It "Returns DoesNotApply when version out of range" { }
    }

    Context "Edge cases" {
        It "Returns 'Unknown' when GetSettingOverride is 'Unknown'" { }
        It "Returns null when both sources are null" { }
        It "Handles multiple overrides for same component" { }
    }
}
```

### 2. Full HC integration test for the fallback scenario

Add a scenario in `HealthChecker.SE.Scenarios.Tests.ps1` where `Get-ExchangeDiagnosticInfo` returns `$null`, forcing the pipeline to use org-level `Get-SettingOverride` data:

```powershell
# In test BeforeAll:
Mock Get-ExchangeDiagnosticInfo -ParameterFilter {
    $Process -eq "Microsoft.Exchange.Directory.TopologyService" -and
    $Component -eq "VariantConfiguration" -and
    $Argument -eq "Overrides"
} -MockWith { return $null }

# Use SO3 for signing disabled via org-level
Mock Get-SettingOverride { return Import-Clixml "$Script:MockDataCollectionRoot\Exchange\GetSettingOverride3.xml" }
```

Expected result: `SerializedDataSigning Enabled` = `$false` Red with "SerializedDataSigning is explicitly disabled"

## What's untested

- [ ] `$usedAdSettings = $true` path — AD-based MinVersion/MaxVersion/Server filtering (lines 73-84)
- [ ] `FromAdSettings = $true` in returned result objects
- [ ] `GetSettingOverride -eq "Unknown"` path
- [ ] SerializedDataSigning determined via org-level `Get-SettingOverride` (`GetSettingOverride3.xml` exists but is unreachable)
- [ ] AMSI state determined via org-level fallback
- [ ] Hybrid app detection via org-level fallback

## Additional context

- `GetSettingOverride3.xml` already exists in `DataCollection\ExchangeSE\Exchange\` — 1 override: `DisableSigningVerification` (Component=Data, Section=EnableSerializationDataSigning, Enabled=false)
- This fallback path is hit in production when `Get-ExchangeDiagnosticInfo` fails (TopologyService not running, permissions, network issues)
- `Get-ExchangeSettingOverride.ps1` line 55-56: if `diagnosticInfo` is null, `SimpleSettingOverrides` stays as an empty list, triggering the fallback
- Related files: `Get-SerializedDataSigningState.ps1`, `Invoke-AnalyzerSecurityAMSIConfigState.ps1`, `Invoke-AnalyzerHybridInformation.ps1` — all call `Get-FilteredSettingOverrideInformation`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Work Item] Pester test gap: Get-FilteredSettingOverrideInformation fallback path untested #2555

Describe the work

Approach

1. Dedicated Pester test file for `Get-FilteredSettingOverrideInformation`

2. Full HC integration test for the fallback scenario

What's untested

Additional context

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[Work Item] Pester test gap: Get-FilteredSettingOverrideInformation fallback path untested #2555

Description

Describe the work

Approach

1. Dedicated Pester test file for Get-FilteredSettingOverrideInformation

2. Full HC integration test for the fallback scenario

What's untested

Additional context

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

1. Dedicated Pester test file for `Get-FilteredSettingOverrideInformation`