From 7fb54de8ce48adb7aba227e0bdbee615bb68d235 Mon Sep 17 00:00:00 2001 From: Teh-STIG <105899123+Teh-STIG@users.noreply.github.com> Date: Thu, 26 Dec 2024 09:14:42 -0600 Subject: [PATCH 01/93] Update Connect-HuduAPI.ps1 Add logic to check if Hudu.CFEnabled checkbox is enabled in from Extension.json**. If so, pull the CloudFlare Client ID and API Key from the cippmsdwl key vault and add them as a header for the initial connection request. ** Hudu.CFEnabled checkbox and input fields were added to /CIPP/blob/main/src/data/Extensions.json --- Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 index 05c2f9b1e78f..a8ba08b38c3d 100644 --- a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 @@ -12,6 +12,12 @@ function Connect-HuduAPI { $null = Connect-AzAccount -Identity $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'Hudu' -AsPlainText) } + # Add logic to check if we're using CloudFlare Tunnel, and if so, pull CloudFlare API Key and add as a header + if ($Configuration.CFEnabled) { + $CFClientID = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareClientID' -AsPlainText) + $CFAPIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareAPIKey' -AsPlainText) + New-HuduCustomHeaders -Headers @{"CF-Access-Client-Id" = "$CFClientID"; "CF-Access-Client-Secret" = "$CFAPIKey"} + } New-HuduBaseURL -BaseURL $Configuration.BaseURL New-HuduAPIKey -ApiKey $APIKey } From 70c9d60c2f93da6e16ffaf2e38b714c00c6c4804 Mon Sep 17 00:00:00 2001 From: Teh-STIG <105899123+Teh-STIG@users.noreply.github.com> Date: Thu, 26 Dec 2024 09:36:35 -0600 Subject: [PATCH 02/93] Update Connect-HuduAPI.ps1 --- Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 index a8ba08b38c3d..433bbe8547f5 100644 --- a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 @@ -12,7 +12,7 @@ function Connect-HuduAPI { $null = Connect-AzAccount -Identity $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'Hudu' -AsPlainText) } - # Add logic to check if we're using CloudFlare Tunnel, and if so, pull CloudFlare API Key and add as a header + # Add logic to check if we're using CloudFlare Tunnel (if Hudu.CFEnabled checkbox is checked from Extensions.json). If the checkbox is checked, pull CloudFlare ClientID and API Key and add as a header if ($Configuration.CFEnabled) { $CFClientID = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareClientID' -AsPlainText) $CFAPIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareAPIKey' -AsPlainText) From 826d8802663900754cb90fba9f1c47fcf9b842bc Mon Sep 17 00:00:00 2001 From: Roel van der Wegen Date: Fri, 17 Jan 2025 12:38:45 +0100 Subject: [PATCH 03/93] Add app reg certificate expiry alert --- .../Get-CIPPAlertAppCertificateExpiry.ps1 | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1 diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1 new file mode 100644 index 000000000000..6e9b3bbf387f --- /dev/null +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1 @@ -0,0 +1,33 @@ +function Get-CIPPAlertAppCertificateExpiry { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + Param ( + [Parameter(Mandatory = $false)] + [Alias('input')] + $InputValue, + $TenantFilter + ) + + try { + Write-Host "Checking app expire for $($TenantFilter)" + $appList = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,keyCredentials" -tenantid $TenantFilter + } catch { + return + } + + $AlertData = foreach ($App in $applist) { + Write-Host "checking $($App.displayName)" + if ($App.keyCredentials) { + foreach ($Credential in $App.keyCredentials) { + if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) { + Write-Host ("Application '{0}' has certificates expiring on {1}" -f $App.displayName, $Credential.endDateTime) + @{ DisplayName = $App.displayName; Expires = $Credential.endDateTime } + } + } + } + } + Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData +} From 44d0ffe9eb6cad4e1bf2652a91b82821694669ee Mon Sep 17 00:00:00 2001 From: Roel van der Wegen Date: Fri, 17 Jan 2025 13:33:26 +0100 Subject: [PATCH 04/93] Add Apple Business Manager terms alert --- .../Public/Alerts/Get-CIPPAlertAppleTerms.ps1 | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppleTerms.ps1 diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppleTerms.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppleTerms.ps1 new file mode 100644 index 000000000000..3a1d0d6160c4 --- /dev/null +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppleTerms.ps1 @@ -0,0 +1,30 @@ +function Get-CIPPAlertAppleTerms { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + Param ( + [Parameter(Mandatory = $false)] + [Alias('input')] + $InputValue, + $TenantFilter + ) + + # 0 = Expired + # 1 = expired? + # 2 = unknown + # 3 = Terms & Conditions + # 4 = Warning + + try { + $appleterms = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings" -tenantid $TenantFilter + } catch { + return + } + + if ($appleterms.lastSyncErrorCode -eq 3) { + $AlertData = "New Apple Business Manager terms are ready to accept." + Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData + } +} From 5b3da6f2af487b16046c35440b69dd030d5bb391 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 17 Jan 2025 20:32:48 +0100 Subject: [PATCH 05/93] Skip disabled users and enhance readability --- .../Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 index d114a7426cc0..6190005de391 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 @@ -15,10 +15,13 @@ function Get-CIPPAlertInactiveLicensedUsers { try { $Lookup = (Get-Date).AddDays(-90).ToUniversalTime().ToString('o') - $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | Where-Object { $_.assignedLicenses.skuId -ne $null } + $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | + Where-Object { $null -ne $_.assignedLicenses.skuId } $AlertData = foreach ($user in $GraphRequest) { + # Skip disabled users + if ($user.accountEnabled -eq $false) { continue } $Message = 'User {0} has been inactive for 90 days, but still has a license assigned.' -f $user.UserPrincipalName - $user | Select-Object -Property userPrincipalname, signInActivity, @{Name = 'Message'; Expression = { $Message } } + $user | Select-Object -Property UserPrincipalName, signInActivity, @{Name = 'Message'; Expression = { $Message } } } Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData From 9ff3bf05e6cff1164213d63bc89cbf982e8d70a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 17 Jan 2025 22:17:02 +0100 Subject: [PATCH 06/93] formatting --- .../Invoke-CIPPStandardcalDefault.ps1 | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 index a67b9132dedb..9e4e68fc26ca 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 @@ -63,44 +63,44 @@ function Invoke-CIPPStandardcalDefault { $Mailbox = $_ try { New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxFolderStatistics' -cmdParams @{identity = $Mailbox.UserPrincipalName; FolderScope = 'Calendar' } -Anchor $Mailbox.UserPrincipalName | Where-Object { $_.FolderType -eq 'Calendar' } | - ForEach-Object { - try { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdparams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug - $SuccessCounter++ - } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-Host "Setting cal failed: $ErrorMessage" - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error + ForEach-Object { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdparams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug + $SuccessCounter++ + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + Write-Host "Setting cal failed: $ErrorMessage" + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error + } } + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error } - } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error - } - $processedMailboxes++ - if ($processedMailboxes % 25 -eq 0) { - $LastRun = @{ - RowKey = 'calDefaults' - PartitionKey = $Tenant - totalMailboxes = $TotalMailboxes - processedMailboxes = $processedMailboxes - currentSuccessCount = $SuccessCounter + $processedMailboxes++ + if ($processedMailboxes % 25 -eq 0) { + $LastRun = @{ + RowKey = 'calDefaults' + PartitionKey = $Tenant + totalMailboxes = $TotalMailboxes + processedMailboxes = $processedMailboxes + currentSuccessCount = $SuccessCounter + } + Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force + Write-Host "Processed $processedMailboxes mailboxes" } - Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force - Write-Host "Processed $processedMailboxes mailboxes" } - } - $LastRun = @{ - RowKey = 'calDefaults' - PartitionKey = $Tenant - totalMailboxes = $TotalMailboxes - processedMailboxes = $processedMailboxes - currentSuccessCount = $SuccessCounter - } - Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force + $LastRun = @{ + RowKey = 'calDefaults' + PartitionKey = $Tenant + totalMailboxes = $TotalMailboxes + processedMailboxes = $processedMailboxes + currentSuccessCount = $SuccessCounter + } + Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter out of $TotalMailboxes mailboxes." -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter out of $TotalMailboxes mailboxes." -sev Info + } } -} From 4c5495850dcf4a019d4c75246ef9c67682cab715 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 17 Jan 2025 23:07:32 +0100 Subject: [PATCH 07/93] Filter inactive licensed users based on account status --- .../Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 index 6190005de391..59a1d5044b1a 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 @@ -17,9 +17,9 @@ function Get-CIPPAlertInactiveLicensedUsers { $Lookup = (Get-Date).AddDays(-90).ToUniversalTime().ToString('o') $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | Where-Object { $null -ne $_.assignedLicenses.skuId } + + if ($InputValue -eq $true) { $GraphRequest = $GraphRequest | Where-Object { $_.accountEnabled -eq $false } } $AlertData = foreach ($user in $GraphRequest) { - # Skip disabled users - if ($user.accountEnabled -eq $false) { continue } $Message = 'User {0} has been inactive for 90 days, but still has a license assigned.' -f $user.UserPrincipalName $user | Select-Object -Property UserPrincipalName, signInActivity, @{Name = 'Message'; Expression = { $Message } } From d79657c38e0a49e4966e8acab5d042d9ebe94892 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 17 Jan 2025 23:19:49 +0100 Subject: [PATCH 08/93] fix --- .../Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 index 59a1d5044b1a..14cc2e1dbffc 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 @@ -18,7 +18,7 @@ function Get-CIPPAlertInactiveLicensedUsers { $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | Where-Object { $null -ne $_.assignedLicenses.skuId } - if ($InputValue -eq $true) { $GraphRequest = $GraphRequest | Where-Object { $_.accountEnabled -eq $false } } + if ($InputValue -eq $true) { $GraphRequest = $GraphRequest | Where-Object { $_.accountEnabled -eq $true } } $AlertData = foreach ($user in $GraphRequest) { $Message = 'User {0} has been inactive for 90 days, but still has a license assigned.' -f $user.UserPrincipalName $user | Select-Object -Property UserPrincipalName, signInActivity, @{Name = 'Message'; Expression = { $Message } } From edbe8d253cd0267afffca5130967d818a1e4e710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 17 Jan 2025 23:28:22 +0100 Subject: [PATCH 09/93] comment --- .../Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 index 14cc2e1dbffc..c8907e481339 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 @@ -18,6 +18,7 @@ function Get-CIPPAlertInactiveLicensedUsers { $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | Where-Object { $null -ne $_.assignedLicenses.skuId } + # true = only active users if ($InputValue -eq $true) { $GraphRequest = $GraphRequest | Where-Object { $_.accountEnabled -eq $true } } $AlertData = foreach ($user in $GraphRequest) { $Message = 'User {0} has been inactive for 90 days, but still has a license assigned.' -f $user.UserPrincipalName From 59c29efb89a56a2ead6c27163e5f3b8ece9680a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 18 Jan 2025 11:27:10 +0100 Subject: [PATCH 10/93] improve logging --- .../Invoke-CIPPStandardcalDefault.ps1 | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 index dd859ddc4738..e44c5f39f443 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 @@ -64,44 +64,44 @@ function Invoke-CIPPStandardcalDefault { $Mailbox = $_ try { New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxFolderStatistics' -cmdParams @{identity = $Mailbox.UserPrincipalName; FolderScope = 'Calendar' } -Anchor $Mailbox.UserPrincipalName | Where-Object { $_.FolderType -eq 'Calendar' } | - ForEach-Object { - try { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdparams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug - $SuccessCounter++ - } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-Host "Setting cal failed: $ErrorMessage" - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error + ForEach-Object { + try { + $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdparams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug + $SuccessCounter++ + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-Host "Setting cal failed: $ErrorMessage" + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage + } } + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } - } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error - } - $processedMailboxes++ - if ($processedMailboxes % 25 -eq 0) { - $LastRun = @{ - RowKey = 'calDefaults' - PartitionKey = $Tenant - totalMailboxes = $TotalMailboxes - processedMailboxes = $processedMailboxes - currentSuccessCount = $SuccessCounter + $processedMailboxes++ + if ($processedMailboxes % 25 -eq 0) { + $LastRun = @{ + RowKey = 'calDefaults' + PartitionKey = $Tenant + totalMailboxes = $TotalMailboxes + processedMailboxes = $processedMailboxes + currentSuccessCount = $SuccessCounter + } + Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force + Write-Host "Processed $processedMailboxes mailboxes" } - Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force - Write-Host "Processed $processedMailboxes mailboxes" } - } - $LastRun = @{ - RowKey = 'calDefaults' - PartitionKey = $Tenant - totalMailboxes = $TotalMailboxes - processedMailboxes = $processedMailboxes - currentSuccessCount = $SuccessCounter - } - Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force + $LastRun = @{ + RowKey = 'calDefaults' + PartitionKey = $Tenant + totalMailboxes = $TotalMailboxes + processedMailboxes = $processedMailboxes + currentSuccessCount = $SuccessCounter + } + Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter out of $TotalMailboxes mailboxes." -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter out of $TotalMailboxes mailboxes." -sev Info + } } -} From 39cabcdfc2b2f42d57da9b0f81bde1765f247930 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 18 Jan 2025 11:31:32 +0100 Subject: [PATCH 11/93] param capitalization --- .../CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 index e44c5f39f443..77a13e16c047 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 @@ -66,7 +66,7 @@ function Invoke-CIPPStandardcalDefault { New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxFolderStatistics' -cmdParams @{identity = $Mailbox.UserPrincipalName; FolderScope = 'Calendar' } -Anchor $Mailbox.UserPrincipalName | Where-Object { $_.FolderType -eq 'Calendar' } | ForEach-Object { try { - $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdparams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName + $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdParams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug $SuccessCounter++ } catch { From cb1a622d7b21500dd2bb31890811bcc08004d027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 18 Jan 2025 17:39:30 +0100 Subject: [PATCH 12/93] Improve error handling in Invoke-CIPPStandardEnablePronouns function --- .../Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 index 915bf8ecc044..070e25a23aa6 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 @@ -33,8 +33,8 @@ function Invoke-CIPPStandardEnablePronouns { try { $CurrentState = New-GraphGetRequest -Uri $Uri -tenantid $Tenant } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not get CurrentState for Pronouns. Error: $ErrorMessage" -sev Error + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not get CurrentState for Pronouns. Error: $($ErrorMessage.NormalizedError)" -sev Error Return } Write-Host $CurrentState From a5f98e2ddf04603f44459764c297e53e6b3b918b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 18 Jan 2025 17:39:52 +0100 Subject: [PATCH 13/93] Add new standard: ProfilePhotos --- .../Invoke-CIPPStandardProfilePhotos.ps1 | 103 ++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 new file mode 100644 index 000000000000..6a53f09a7073 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 @@ -0,0 +1,103 @@ +function Invoke-CIPPStandardProfilePhotos { + <# + .FUNCTIONALITY + Internal + .COMPONENT + (APIName) ProfilePhotos + .SYNOPSIS + (Label) Allow users to set profile photos + .DESCRIPTION + (Helptext) Controls whether users can set their own profile photos in Microsoft 365 + (DocsDescription) Controls whether users can set their own profile photos in Microsoft 365. When disabled, only User and Global administrators can update profile photos for users. + .NOTES + CAT + Global Standards + TAG + "lowimpact" + ADDEDCOMPONENT + {"type":"select","multiple":false,"label":"Select value","name":"standards.ProfilePhotos.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + IMPACT + Low Impact + POWERSHELLEQUIVALENT + Set-OrganizationConfig -ProfilePhotoOptions EnablePhotos and Update-MgBetaAdminPeople + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + #> + + param($Tenant, $Settings) + + # Input validation + if ([string]::IsNullOrWhiteSpace($Settings.state)) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'ProfilePhotos: Invalid state parameter set' -sev Error + Return + } + + # true if wanted state is enabled, false if disabled + $DesiredState = $Settings.state -eq 'enabled' + + + # Get current Graph policy state + # $Uri = 'https://graph.microsoft.com/beta/admin/people/photoUpdateSettings' + # $CurrentGraphState = New-GraphGetRequest -uri $Uri -tenantid $Tenant + # $UsersCanChangePhotos = if (($CurrentGraphState.allowedRoles -contains 'fe930be7-5e62-47db-91af-98c3a49a38b1' -and $CurrentGraphState.allowedRoles -contains '62e90394-69f5-4237-9190-012177145e10') -or + # $null -ne $CurrentGraphState.allowedRoles) { $false } else { $true } + + + # Get current OWA mailbox policy state + $CurrentOWAState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OwaMailboxPolicy' -cmdParams @{Identity = 'OwaMailboxPolicy-Default' } -Select 'Identity,SetPhotoEnabled' + $OWAStateCorrect = $CurrentOWAState.SetPhotoEnabled -eq $DesiredState + # $GraphStateCorrect = $UsersCanChangePhotos -eq $DesiredState + # $CurrentStatesCorrect = $GraphStateCorrect -eq $true -and $OWAStateCorrect -eq $true + $CurrentStatesCorrect = $OWAStateCorrect -eq $true + + if ($Settings.remediate -eq $true) { + Write-Host 'Time to remediate' + + if ($CurrentStatesCorrect -eq $false) { + Write-Host 'Settings are not correct' + try { + if ($Settings.state -eq 'enabled') { + Write-Host 'Enabling' + # Enable photo updates + $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OwaMailboxPolicy' -cmdParams @{Identity = $CurrentOWAState.Identity; SetPhotoEnabled = $true } -useSystemMailbox $true + # $null = New-GraphRequest -uri $Uri -tenant $Tenant -type DELETE + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set Profile photo settings to $($Settings.state)" -sev Info + + } else { + Write-Host 'Disabling' + # Disable photo updates + $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OwaMailboxPolicy' -cmdParams @{Identity = $CurrentOWAState.Identity; SetPhotoEnabled = $false } -useSystemMailbox $true + + # $body = @{ + # source = 'cloud' + # allowedRoles = @( + # 'fe930be7-5e62-47db-91af-98c3a49a38b1', # Global admin + # '62e90394-69f5-4237-9190-012177145e10' # User admin + # ) + # } + # $body = ConvertTo-Json -InputObject $body -Depth 5 -Compress + # $null = New-GraphPostRequest -uri $Uri -tenant $Tenant -body $body -type PATCH -AsApp $true + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set Profile photo settings to $($Settings.state)" -sev Info + } + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set profile photo settings to $($Settings.state). Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage + } + } else { + Write-Host 'Settings are correct' + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Profile photo settings are already set to the desired state: $($Settings.state)" -sev Info + } + } + + if ($Settings.alert -eq $true) { + if ($CurrentStatesCorrect -eq $false) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Profile photo settings do not match desired state: $($Settings.state)" -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Profile photo settings match desired state: $($Settings.state)" -sev Alert + } + } + + if ($Settings.report -eq $true) { + Add-CIPPBPAField -FieldName 'ProfilePhotos' -FieldValue $CurrentStatesCorrect -StoreAs bool -Tenant $Tenant + } +} From d1f548bf8ad632a042031f419e091c0df528415a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 18 Jan 2025 17:41:44 +0100 Subject: [PATCH 14/93] move comment --- .../Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 index 6a53f09a7073..7878a08a4bdc 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 @@ -41,12 +41,12 @@ # $CurrentGraphState = New-GraphGetRequest -uri $Uri -tenantid $Tenant # $UsersCanChangePhotos = if (($CurrentGraphState.allowedRoles -contains 'fe930be7-5e62-47db-91af-98c3a49a38b1' -and $CurrentGraphState.allowedRoles -contains '62e90394-69f5-4237-9190-012177145e10') -or # $null -ne $CurrentGraphState.allowedRoles) { $false } else { $true } + # $GraphStateCorrect = $UsersCanChangePhotos -eq $DesiredState # Get current OWA mailbox policy state $CurrentOWAState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OwaMailboxPolicy' -cmdParams @{Identity = 'OwaMailboxPolicy-Default' } -Select 'Identity,SetPhotoEnabled' $OWAStateCorrect = $CurrentOWAState.SetPhotoEnabled -eq $DesiredState - # $GraphStateCorrect = $UsersCanChangePhotos -eq $DesiredState # $CurrentStatesCorrect = $GraphStateCorrect -eq $true -and $OWAStateCorrect -eq $true $CurrentStatesCorrect = $OWAStateCorrect -eq $true From cba3c55107d310d705b6cce98e0935d283cade6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 18 Jan 2025 17:48:16 +0100 Subject: [PATCH 15/93] Add a comment explaining the current limitation with the API endpoint for profile photos --- .../Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 index 7878a08a4bdc..1c0472b3749b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 @@ -35,6 +35,11 @@ # true if wanted state is enabled, false if disabled $DesiredState = $Settings.state -eq 'enabled' + <# + HACK This does not work, as the API endpoint is not available via GDAP it seems? It works in the Graph Explorer, but not here. + The error is: "Authorization failed because of missing requirement(s)." + I'm keeping the code here for now, so it's much easier to re-enable if Microsoft makes it possible someday. -Bobby + #> # Get current Graph policy state # $Uri = 'https://graph.microsoft.com/beta/admin/people/photoUpdateSettings' From 618a0ba9eebb63f22a26bf5fd64a159859a87b6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 18 Jan 2025 18:46:33 +0100 Subject: [PATCH 16/93] FIX DelegateSentItems to actually do what it says in the frontend and improve logging --- .../Invoke-CIPPStandardDelegateSentItems.ps1 | 39 ++++++++++++------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 index 0a50dd6bcc86..e1dfb0ae2459 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 @@ -30,10 +30,21 @@ function Invoke-CIPPStandardDelegateSentItems { #$Rerun -Type Standard -Tenant $Tenant -API 'DelegateSentItems' -Settings $Settings + # Backwards compatibility for Pre 7.0.5 + if ([string]::IsNullOrWhiteSpace($Settings.IncludeUserMailboxes)) { + $Settings.IncludeUserMailboxes = $true + } + + if ($Settings.IncludeUserMailboxes -eq $true) { + $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('UserMailbox', 'SharedMailbox') } -Select 'Identity,UserPrincipalName,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled' | + Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false } + } else { + $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('SharedMailbox') } -Select 'Identity,UserPrincipalName,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled' | + Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false } + } + - $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('UserMailbox', 'SharedMailbox') } | - Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false } - Write-Host "Mailboxes: $($Mailboxes.count)" + Write-Host "Mailboxes: $($Mailboxes.Count)" If ($Settings.remediate -eq $true) { Write-Host 'Time to remediate' @@ -47,34 +58,34 @@ function Invoke-CIPPStandardDelegateSentItems { } } } - $BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray @($Request) + $BatchResults = New-ExoBulkRequest -tenantid $Tenant -cmdletArray @($Request) $BatchResults | ForEach-Object { if ($_.error) { - $ErrorMessage = Get-NormalizedError -Message $_.error - Write-Host "Failed to apply Delegate Sent Items Style to $($_.target) Error: $ErrorMessage" - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style to $($_.error.target) Error: $ErrorMessage" -sev Error + $ErrorMessage = Get-CippException -Exception $_.error + Write-Host "Failed to apply Delegate Sent Items Style to $($_.target) Error: $($ErrorMessage.NormalizedError)" + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to apply Delegate Sent Items Style to $($_.error.target) Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } } - Write-LogMessage -API 'Standards' -tenant $tenant -message "Delegate Sent Items Style applied for $($Mailboxes.count - $BatchResults.Error.Count) mailboxes" -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Delegate Sent Items Style applied for $($Mailboxes.Count - $BatchResults.Error.Count) mailboxes" -sev Info } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style. Error: $ErrorMessage" -sev Error + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to apply Delegate Sent Items Style. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style already enabled.' -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Delegate Sent Items Style already enabled.' -sev Info } } if ($Settings.alert -eq $true) { if ($null -eq $Mailboxes) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style is enabled for all mailboxes' -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Delegate Sent Items Style is enabled for all mailboxes' -sev Info } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Delegate Sent Items Style is not enabled for $($Mailboxes.count) mailboxes" -sev Alert + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Delegate Sent Items Style is not enabled for $($Mailboxes.Count) mailboxes" -sev Alert } } if ($Settings.report -eq $true) { $Filtered = $Mailboxes | Select-Object -Property UserPrincipalName, MessageCopyForSendOnBehalfEnabled, MessageCopyForSentAsEnabled - Add-CIPPBPAField -FieldName 'DelegateSentItems' -FieldValue $Filtered -StoreAs json -Tenant $tenant + Add-CIPPBPAField -FieldName 'DelegateSentItems' -FieldValue $Filtered -StoreAs json -Tenant $Tenant } } From eda26a78a27240218822b8dde4f1f8e86bd67b7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 01:52:05 +0100 Subject: [PATCH 17/93] Support POST and GET request for ExecHideFromGAL --- .../Email-Exchange/Invoke-ExecHideFromGAL.ps1 | 21 ++++++++++++------- .../CIPPCore/Public/Set-CIPPHideFromGAL.ps1 | 14 ++++++------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 index 7dac7da9c2fd..034bcce73789 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 @@ -11,22 +11,29 @@ Function Invoke-ExecHideFromGAL { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExecutingUser = $Request.headers.'x-ms-client-principal' + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Support if the request is a POST or a GET. So to support legacy(GET) and new(POST) requests + $UserId = if (-not [string]::IsNullOrWhiteSpace($Request.Query.ID)) { $Request.Query.ID } else { $Request.body.ID } + $TenantFilter = if (-not [string]::IsNullOrWhiteSpace($Request.Query.TenantFilter)) { $Request.Query.TenantFilter } else { $Request.body.tenantFilter } + $Hidden = if (-not [string]::IsNullOrWhiteSpace($Request.Query.HideFromGAL)) { [System.Convert]::ToBoolean($Request.Query.HideFromGAL) } else { [System.Convert]::ToBoolean($Request.body.HideFromGAL) } - $TenantFilter = $request.query.tenantfilter Try { - $Hidden = [System.Convert]::ToBoolean($Request.query.HideFromGal) - $HideResults = Set-CIPPHideFromGAL -tenantFilter $tenantFilter -userid $Request.query.ID -HideFromGAL $Hidden -ExecutingUser $request.headers.'x-ms-client-principal' -APIName 'ExecOffboardUser' + $HideResults = Set-CIPPHideFromGAL -tenantFilter $TenantFilter -UserID $UserId -hidefromgal $Hidden -ExecutingUser $ExecutingUser -APIName $APIName $Results = [pscustomobject]@{'Results' = $HideResults } + $StatusCode = [HttpStatusCode]::OK } catch { - $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Hide/UnHide from GAL failed: $($_.Exception.Message)" -Sev 'Error' + $ErrorMessage = Get-CippException -Exception $_ + $Results = [pscustomobject]@{'Results' = "Failed. $($ErrorMessage.NormalizedError)" } + $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $Results }) diff --git a/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 b/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 index 13c70a474602..be63ce724782 100644 --- a/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 @@ -1,20 +1,20 @@ function Set-CIPPHideFromGAL { [CmdletBinding()] param ( - $userid, - $tenantFilter, + $UserId, + $TenantFilter, $APIName = 'Hide From Address List', [bool]$HideFromGAL, $ExecutingUser ) $Text = if ($HideFromGAL) { 'hidden' } else { 'unhidden' } try { - $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-mailbox' -cmdParams @{Identity = $userid ; HiddenFromAddressListsEnabled = $HideFromGAL } - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($tenantfilter) -message "$($userid) $Text from GAL" -Sev 'Info' - return "Successfully $Text $($userid) from GAL." + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $UserId ; HiddenFromAddressListsEnabled = $HideFromGAL } + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($Tenantfilter) -message "$($UserId) $Text from GAL" -Sev Info + return "Successfully $Text $($UserId) from GAL." } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not hide $($userid) from address list. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage - return "Could not hide $($userid) from address list. Error: $($ErrorMessage.NormalizedError)" + Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + return "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)" } } From 06210fe10de6726c261222f8d6d12eeba4500984 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 01:53:00 +0100 Subject: [PATCH 18/93] Add Invoke-ListGlobalAddressList function for retrieving global address list --- .../Invoke-ListGlobalAddressList.ps1 | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 new file mode 100644 index 000000000000..993f894fed02 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 @@ -0,0 +1,34 @@ +using namespace System.Net + +Function Invoke-ListGlobalAddressList { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Exchange.Mailbox.Read + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter + + try { + $GAL = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Recipient' -cmdParams @{ResultSize = 'unlimited'; SortBy = 'DisplayName' } ` + -Select 'Identity, DisplayName, Alias, PrimarySmtpAddress, ExternalDirectoryObjectId, HiddenFromAddressListsEnabled, EmailAddresses, IsDirSynced, SKUAssigned, RecipientType, RecipientTypeDetails, AddressListMembership' | Select-Object -ExcludeProperty *odata*, *data.type* + $StatusCode = [HttpStatusCode]::OK + } catch { + $ErrorMessage = Get-CippException -Exception $_ + $StatusCode = [HttpStatusCode]::Forbidden + $GAL = $ErrorMessage.NormalizedError + } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = @($GAL) + }) + +} From c8e3669f6b707cfb1b817dee577e7236911bfe00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 19:19:05 +0100 Subject: [PATCH 19/93] Add Set-CIPPDeviceState function and refactor Invoke-ExecDeviceDelete to use new function. GET support is maintained --- .../Devices/Invoke-ExecDeviceDelete.ps1 | 29 ++++--- .../CIPPCore/Public/Set-CIPPDeviceState.ps1 | 79 +++++++++++++++++++ 2 files changed, 93 insertions(+), 15 deletions(-) create mode 100644 Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 index 14101947635f..644edea28aed 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 @@ -11,29 +11,28 @@ Function Invoke-ExecDeviceDelete { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - # Interact with query parameters or the body of the request. + $ExecutingUser = $Request.headers.'x-ms-client-principal' + $TenantFilter = $Request.body.tenantFilter + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + # Interact with body parameters or the body of the request. + $Action = $Request.body.action ?? $Request.Query.action + $DeviceID = $Request.body.ID ?? $Request.Query.ID try { - $url = "https://graph.microsoft.com/beta/devices/$($request.query.id)" - if ($Request.query.action -eq 'delete') { - $ActionResult = New-GraphPOSTRequest -uri $url -type DELETE -tenantid $Request.Query.TenantFilter - } elseif ($Request.query.action -eq 'disable') { - $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": false }' - } elseif ($Request.query.action -eq 'enable') { - $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": true }' - } - Write-Host $ActionResult - $body = [pscustomobject]@{'Results' = "Executed action $($Request.query.action) on $($Request.query.id)" } + $Results = Set-CIPPDeviceState -Action $Action -DeviceID $DeviceID -TenantFilter $TenantFilter -ExecutingUser $ExecutingUser -APIName $APINAME + $StatusCode = [HttpStatusCode]::OK } catch { - $body = [pscustomobject]@{'Results' = "Failed to queue action $($Request.query.action) on $($request.query.id): $($_.Exception.Message)" } + $Results = $_.Exception.Message + $StatusCode = [HttpStatusCode]::BadRequest } + Write-Host $Results + $body = [pscustomobject]@{'Results' = "$Results" } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $body }) diff --git a/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 b/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 new file mode 100644 index 000000000000..f9740fb591a7 --- /dev/null +++ b/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 @@ -0,0 +1,79 @@ +function Set-CIPPDeviceState { + <# + .SYNOPSIS + Sets or modifies the state of a device in Microsoft Graph. + + .DESCRIPTION + This function allows you to enable, disable, or delete a device by making + corresponding requests to the Microsoft Graph API. It logs the result + and returns a success or error message based on the outcome. + + .PARAMETER Action + Specifies the action to perform on the device. Valid actions are: + - Enable: Enable the device + - Disable: Disable the device + - Delete: Remove the device from the tenant + + .PARAMETER DeviceID + Specifies the unique identifier (Object ID) of the device to be managed. + + .PARAMETER TenantFilter + Specifies the tenant ID or domain against which to perform the operation. + + .PARAMETER ExecutingUser + Specifies the user who initiated the request for logging purposes. + + .PARAMETER APIName + Specifies the name of the API call for logging purposes. Defaults to 'Set Device State'. + + .EXAMPLE + Set-CIPPDeviceState -Action Enable -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com" -ExecutingUser "admin@contoso.onmicrosoft.com" + + This command enables the specified device within the given tenant. + + .EXAMPLE + Set-CIPPDeviceState -Action Delete -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com" + + This command removes the specified device from the tenant. +#> + param ( + [Parameter(Mandatory = $true)][ValidateSet('Enable', 'Disable', 'Delete')]$Action, + + [ValidateScript({ + if ([Guid]::TryParse($_, [ref] [Guid]::Empty)) { + $true + } else { + throw 'DeviceID must be a valid GUID.' + } + })] + [Parameter(Mandatory = $true)]$DeviceID, + + [Parameter(Mandatory = $true)]$TenantFilter, + $ExecutingUser, + $APIName = 'Set Device State' + ) + $Url = "https://graph.microsoft.com/beta/devices/$($DeviceID)" + + try { + switch ($Action) { + 'Delete' { + $ActionResult = New-GraphPOSTRequest -uri $Url -type DELETE -tenantid $TenantFilter + } + 'Disable' { + $ActionResult = New-GraphPOSTRequest -uri $Url -type PATCH -tenantid $TenantFilter -body '{"accountEnabled": false }' + } + 'Enable' { + $ActionResult = New-GraphPOSTRequest -uri $Url -type PATCH -tenantid $TenantFilter -body '{"accountEnabled": true }' + } + } + Write-Host $ActionResult + Write-LogMessage -user $ExecutingUser -API $APIName -message "Executed action $($Action) on $($DeviceID)" -Sev Info + return "Executed action $($Action) on $($DeviceID)" + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + throw "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" + } + + +} From 0c4cd3081f99b6cd5f6f9ecc2dbfc67c3c85c1b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 20:47:54 +0100 Subject: [PATCH 20/93] Add Invoke-CIPPStandardStaleEntraDevices function to identify and report stale Entra devices --- .../Invoke-CIPPStandardStaleEntraDevices.ps1 | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 new file mode 100644 index 000000000000..ee0290c220ea --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 @@ -0,0 +1,52 @@ +function Invoke-CIPPStandardStaleEntraDevices { + <# + .FUNCTIONALITY + Internal + #> + + param($Tenant, $Settings) + + # Get all Entra devices + $AllDevices = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/devices' -tenantid $Tenant | Where-Object { $null -ne $_.approximateLastSignInDateTime } + $Date = (Get-Date).AddDays( - [int]$Settings.deviceAgeThreshold) + $StaleDevices = $AllDevices | Where-Object { $_.approximateLastSignInDateTime -lt $Date } + + + # Sort + + If ($Settings.remediate -eq $true) { + + Write-Host 'Remediation not implemented yet' + # TODO: Implement remediation. For others in the future that want to try this: + # Good MS guide on what to watch out for https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices#clean-up-stale-devices + # https://learn.microsoft.com/en-us/graph/api/device-list?view=graph-rest-beta&tabs=http + # Properties to look at: + # approximateLastSignInDateTime: For knowing when the device last signed in + # enrollmentProfileName and operatingSystem: For knowing if it's an AutoPilot device + # managementType or isManaged: For knowing if it's an Intune managed device. If it is, should be removed from Intune also. Stale intune standard could prossibly be used for this. + # profileType: For knowing if it's only registered or also managed + # accountEnabled: For knowing if the device is disabled or not + + } + + + if ($Settings.alert -eq $true) { + + if ($StaleDevices.Count -gt 0) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "$($StaleDevices.Count) Stale devices found" -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'No stale devices found' -sev Info + } + } + + + if ($Settings.report -eq $true) { + + if ($StaleDevices.Count -gt 0) { + $StaleReport = ConvertTo-Json -InputObject ($StaleDevices | Select-Object -Property displayName, id, approximateLastSignInDateTime, accountEnabled, enrollmentProfileName, operatingSystem, managementType, profileType) -Depth 10 -Compress + Add-CIPPBPAField -FieldName 'StaleEntraDevices' -FieldValue $StaleReport -StoreAs json -Tenant $Tenant + } else { + Add-CIPPBPAField -FieldName 'StaleEntraDevices' -FieldValue $true -StoreAs bool -Tenant $Tenant + } + } +} From accc5497b035666a5064f0de94cd975f1ae00b0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 20:48:23 +0100 Subject: [PATCH 21/93] Remove comment --- .../Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 index ee0290c220ea..2fd7a32cac04 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 @@ -11,9 +11,6 @@ $Date = (Get-Date).AddDays( - [int]$Settings.deviceAgeThreshold) $StaleDevices = $AllDevices | Where-Object { $_.approximateLastSignInDateTime -lt $Date } - - # Sort - If ($Settings.remediate -eq $true) { Write-Host 'Remediation not implemented yet' From c67404d9feaaa09988f62339ea64be5b9da1c048 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 21:06:02 +0100 Subject: [PATCH 22/93] Better links to docs in the help --- Tools/Update-StandardsComments.ps1 | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/Tools/Update-StandardsComments.ps1 b/Tools/Update-StandardsComments.ps1 index c47bb4d4a6cb..c3d7c9cc30f1 100644 --- a/Tools/Update-StandardsComments.ps1 +++ b/Tools/Update-StandardsComments.ps1 @@ -118,7 +118,25 @@ foreach ($Standard in $StandardsInfo) { $NewComment.Add(" Run the Tools\Update-StandardsComments.ps1 script to update this comment block`r`n") # -Online help link $NewComment.Add(" .LINK`r`n") - $NewComment.Add(" https://docs.cipp.app/user-documentation/tenant/standards/edit-standards`r`n") + $DocsLink = 'https://docs.cipp.app/user-documentation/tenant/standards/list-standards/' + + switch ($Standard.cat) { + 'Global Standards' { $DocsLink += 'global-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Entra (AAD) Standards' { $DocsLink += 'entra-aad-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Exchange Standards' { $DocsLink += 'exchange-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Defender Standards' { $DocsLink += 'defender-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Intune Standards' { $DocsLink += 'intune-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'SharePoint Standards' { $DocsLink += 'sharepoint-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Teams Standards' { $DocsLink += 'teams-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + Default {} + } + + switch ($Standard.impact) { + condition { } + Default {} + } + + $NewComment.Add(" $DocsLink`r`n") $NewComment.Add(' #>') # Write the new comment block to the file From 1cd4dd909c6f3005ee96331f74dcab749b3d0724 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 21:06:17 +0100 Subject: [PATCH 23/93] Update documentation links in standards scripts to point to the correct sections --- ...nvoke-CIPPStandardActivityBasedTimeout.ps1 | 4 +-- .../Standards/Invoke-CIPPStandardAddDKIM.ps1 | 2 +- .../Invoke-CIPPStandardAnonReportDisable.ps1 | 2 +- .../Invoke-CIPPStandardAntiPhishPolicy.ps1 | 26 ++++++++--------- .../Invoke-CIPPStandardAppDeploy.ps1 | 4 +-- .../Invoke-CIPPStandardAtpPolicyForO365.ps1 | 8 +++--- .../Standards/Invoke-CIPPStandardAuditLog.ps1 | 2 +- .../Invoke-CIPPStandardAutoExpandArchive.ps1 | 2 +- .../Standards/Invoke-CIPPStandardBookings.ps1 | 4 +-- .../Standards/Invoke-CIPPStandardBranding.ps1 | 14 +++++----- .../Invoke-CIPPStandardCloudMessageRecall.ps1 | 4 +-- ...-CIPPStandardConditionalAccessTemplate.ps1 | 25 ++++++++++++++++- .../Invoke-CIPPStandardDelegateSentItems.ps1 | 2 +- ...voke-CIPPStandardDeletedUserRentention.ps1 | 4 +-- ...PStandardDisableAddShortcutsToOneDrive.ps1 | 4 +-- ...ndardDisableAdditionalStorageProviders.ps1 | 2 +- .../Invoke-CIPPStandardDisableAppCreation.ps1 | 2 +- ...nvoke-CIPPStandardDisableBasicAuthSMTP.ps1 | 4 +-- .../Invoke-CIPPStandardDisableEmail.ps1 | 6 ++-- ...StandardDisableExternalCalendarSharing.ps1 | 2 +- ...voke-CIPPStandardDisableGuestDirectory.ps1 | 2 +- .../Invoke-CIPPStandardDisableGuests.ps1 | 2 +- ...voke-CIPPStandardDisableM365GroupUsers.ps1 | 4 +-- ...nvoke-CIPPStandardDisableOutlookAddins.ps1 | 2 +- .../Invoke-CIPPStandardDisableReshare.ps1 | 2 +- .../Invoke-CIPPStandardDisableSMS.ps1 | 2 +- ...-CIPPStandardDisableSecurityGroupUsers.ps1 | 2 +- ...CIPPStandardDisableSelfServiceLicenses.ps1 | 4 +-- ...IPPStandardDisableSharePointLegacyAuth.ps1 | 2 +- ...nvoke-CIPPStandardDisableSharedMailbox.ps1 | 2 +- .../Invoke-CIPPStandardDisableTNEF.ps1 | 2 +- ...voke-CIPPStandardDisableTenantCreation.ps1 | 4 +-- ...voke-CIPPStandardDisableUserSiteCreate.ps1 | 2 +- .../Invoke-CIPPStandardDisableViva.ps1 | 2 +- .../Invoke-CIPPStandardDisableVoice.ps1 | 2 +- ...oke-CIPPStandardDisablex509Certificate.ps1 | 2 +- ...e-CIPPStandardEXODisableAutoForwarding.ps1 | 2 +- ...e-CIPPStandardEnableAppConsentRequests.ps1 | 2 +- ...voke-CIPPStandardEnableCustomerLockbox.ps1 | 2 +- .../Invoke-CIPPStandardEnableFIDO2.ps1 | 2 +- ...Invoke-CIPPStandardEnableHardwareOAuth.ps1 | 2 +- ...nvoke-CIPPStandardEnableLitigationHold.ps1 | 2 +- .../Invoke-CIPPStandardEnableMailTips.ps1 | 2 +- ...voke-CIPPStandardEnableMailboxAuditing.ps1 | 2 +- ...voke-CIPPStandardEnableOnlineArchiving.ps1 | 2 +- .../Invoke-CIPPStandardEnablePronouns.ps1 | 2 +- .../Invoke-CIPPStandardExcludedfileExt.ps1 | 4 +-- .../Invoke-CIPPStandardExternalMFATrusted.ps1 | 4 +-- .../Invoke-CIPPStandardFocusedInbox.ps1 | 4 +-- ...PStandardGlobalQuarantineNotifications.ps1 | 4 +-- .../Invoke-CIPPStandardGroupTemplate.ps1 | 24 +++++++++++++++- .../Invoke-CIPPStandardGuestInvite.ps1 | 13 +++++---- ...e-CIPPStandardIntuneComplianceSettings.ps1 | 10 +++++-- .../Invoke-CIPPStandardIntuneTemplate.ps1 | 26 ++++++++++++++++- .../Invoke-CIPPStandardLegacyMFACleanup.ps1 | 2 +- .../Invoke-CIPPStandardMailContacts.ps1 | 10 +++---- ...Invoke-CIPPStandardMalwareFilterPolicy.ps1 | 16 +++++------ .../Invoke-CIPPStandardMessageExpiration.ps1 | 2 +- .../Standards/Invoke-CIPPStandardNudgeMFA.ps1 | 4 +-- .../Invoke-CIPPStandardOauthConsent.ps1 | 4 +-- .../Invoke-CIPPStandardOauthConsentLowSec.ps1 | 2 +- .../Invoke-CIPPStandardOutBoundSpamAlert.ps1 | 4 +-- ...CIPPStandardPWcompanionAppAllowedState.ps1 | 4 +-- ...rdPWdisplayAppInformationRequiredState.ps1 | 2 +- ...oke-CIPPStandardPasswordExpireDisabled.ps1 | 2 +- .../Invoke-CIPPStandardPerUserMFA.ps1 | 2 +- .../Invoke-CIPPStandardPhishProtection.ps1 | 4 +-- ...oke-CIPPStandardQuarantineRequestAlert.ps1 | 4 +-- .../Invoke-CIPPStandardRotateDKIM.ps1 | 2 +- .../Invoke-CIPPStandardSPAzureB2B.ps1 | 2 +- .../Invoke-CIPPStandardSPDirectSharing.ps1 | 2 +- ...e-CIPPStandardSPDisableLegacyWorkflows.ps1 | 2 +- ...ke-CIPPStandardSPDisallowInfectedFiles.ps1 | 2 +- .../Invoke-CIPPStandardSPEmailAttestation.ps1 | 2 +- ...e-CIPPStandardSPExternalUserExpiration.ps1 | 2 +- .../Invoke-CIPPStandardSPSyncButtonState.ps1 | 4 +-- ...nvoke-CIPPStandardSafeAttachmentPolicy.ps1 | 10 +++---- .../Invoke-CIPPStandardSafeLinksPolicy.ps1 | 8 +++--- .../Invoke-CIPPStandardSafeSendersDisable.ps1 | 4 +-- .../Invoke-CIPPStandardSecurityDefaults.ps1 | 2 +- .../Invoke-CIPPStandardSendFromAlias.ps1 | 2 +- ...oke-CIPPStandardSendReceiveLimitTenant.ps1 | 2 +- .../Invoke-CIPPStandardShortenMeetings.ps1 | 4 +-- .../Invoke-CIPPStandardSpamFilterPolicy.ps1 | 20 ++++++------- .../Invoke-CIPPStandardSpoofWarn.ps1 | 4 +-- .../Invoke-CIPPStandardStaleEntraDevices.ps1 | 26 +++++++++++++++++ .../Standards/Invoke-CIPPStandardTAP.ps1 | 6 ++-- ...voke-CIPPStandardTeamsEmailIntegration.ps1 | 4 +-- .../Invoke-CIPPStandardTeamsEnrollUser.ps1 | 23 +++++++++++++++ ...-CIPPStandardTeamsExternalAccessPolicy.ps1 | 8 +++--- ...e-CIPPStandardTeamsExternalFileSharing.ps1 | 12 ++++---- ...PPStandardTeamsFederationConfiguration.ps1 | 10 +++---- ...e-CIPPStandardTeamsGlobalMeetingPolicy.ps1 | 6 ++-- ...oke-CIPPStandardTeamsMeetingsByDefault.ps1 | 4 +-- ...nvoke-CIPPStandardTeamsMessagingPolicy.ps1 | 28 +++++++++++++++++-- ...voke-CIPPStandardTenantDefaultTimezone.ps1 | 2 +- ...voke-CIPPStandardTransportRuleTemplate.ps1 | 22 ++++++++++++++- .../Invoke-CIPPStandardUndoOauth.ps1 | 2 +- .../Invoke-CIPPStandardUserSubmissions.ps1 | 6 ++-- .../Invoke-CIPPStandardallowOAuthTokens.ps1 | 2 +- .../Invoke-CIPPStandardallowOTPTokens.ps1 | 2 +- .../Invoke-CIPPStandardcalDefault.ps1 | 6 ++-- .../Invoke-CIPPStandarddisableMacSync.ps1 | 2 +- ...voke-CIPPStandardintuneBrandingProfile.ps1 | 22 +++++++-------- .../Invoke-CIPPStandardintuneDeviceReg.ps1 | 2 +- ...CIPPStandardintuneDeviceRetirementDays.ps1 | 2 +- .../Invoke-CIPPStandardintuneRequireMFA.ps1 | 2 +- .../Standards/Invoke-CIPPStandardlaps.ps1 | 2 +- .../Invoke-CIPPStandardsharingCapability.ps1 | 10 +++---- ...e-CIPPStandardsharingDomainRestriction.ps1 | 6 ++-- .../Invoke-CIPPStandardunmanagedSync.ps1 | 2 +- 111 files changed, 398 insertions(+), 227 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 index cd1495d5300b..ad6778144a6a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 @@ -17,7 +17,7 @@ function Invoke-CIPPStandardActivityBasedTimeout { "CIS" "spo_idle_session_timeout" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.ActivityBasedTimeout.timeout","values":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.ActivityBasedTimeout.timeout","options":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -27,7 +27,7 @@ function Invoke-CIPPStandardActivityBasedTimeout { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 index 338019dd8faf..df9c1b8c58e5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardAddDKIM { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 index b22029ba886c..1eeaae1b89fb 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardAnonReportDisable { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 index d8e819072ba0..888a7fca3608 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 @@ -24,18 +24,18 @@ function Invoke-CIPPStandardAntiPhishPolicy { "mdo_phishthresholdlevel" ADDEDCOMPONENT {"type":"number","label":"Phishing email threshold. (Default 1)","name":"standards.AntiPhishPolicy.PhishThresholdLevel","default":1} - {"type":"boolean","label":"Show first contact safety tip","name":"standards.AntiPhishPolicy.EnableFirstContactSafetyTips","default":true} - {"type":"boolean","label":"Show user impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarUsersSafetyTips","default":true} - {"type":"boolean","label":"Show domain impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarDomainsSafetyTips","default":true} - {"type":"boolean","label":"Show user impersonation unusual characters safety tip","name":"standards.AntiPhishPolicy.EnableUnusualCharactersSafetyTips","default":true} - {"type":"Select","label":"If the message is detected as spoof by spoof intelligence","name":"standards.AntiPhishPolicy.AuthenticationFailAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move to Junk Folder","value":"MoveToJmf"}]} - {"type":"Select","label":"Quarantine policy for Spoof","name":"standards.AntiPhishPolicy.SpoofQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"If a message is detected as user impersonation","name":"standards.AntiPhishPolicy.TargetedUserProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} - {"type":"Select","label":"Quarantine policy for user impersonation","name":"standards.AntiPhishPolicy.TargetedUserQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"If a message is detected as domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} - {"type":"Select","label":"Quarantine policy for domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainQuarantineTag","values":[{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"},{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"}]} - {"type":"Select","label":"If Mailbox Intelligence detects an impersonated user","name":"standards.AntiPhishPolicy.MailboxIntelligenceProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} - {"type":"Select","label":"Apply quarantine policy","name":"standards.AntiPhishPolicy.MailboxIntelligenceQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"switch","label":"Show first contact safety tip","name":"standards.AntiPhishPolicy.EnableFirstContactSafetyTips","default":true} + {"type":"switch","label":"Show user impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarUsersSafetyTips","default":true} + {"type":"switch","label":"Show domain impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarDomainsSafetyTips","default":true} + {"type":"switch","label":"Show user impersonation unusual characters safety tip","name":"standards.AntiPhishPolicy.EnableUnusualCharactersSafetyTips","default":true} + {"type":"select","multiple":false,"label":"If the message is detected as spoof by spoof intelligence","name":"standards.AntiPhishPolicy.AuthenticationFailAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move to Junk Folder","value":"MoveToJmf"}]} + {"type":"select","multiple":false,"label":"Quarantine policy for Spoof","name":"standards.AntiPhishPolicy.SpoofQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"select","multiple":false,"label":"If a message is detected as user impersonation","name":"standards.AntiPhishPolicy.TargetedUserProtectionAction","options":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} + {"type":"select","multiple":false,"label":"Quarantine policy for user impersonation","name":"standards.AntiPhishPolicy.TargetedUserQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"select","multiple":false,"label":"If a message is detected as domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainProtectionAction","options":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} + {"type":"select","multiple":false,"label":"Quarantine policy for domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainQuarantineTag","options":[{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"},{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"}]} + {"type":"select","multiple":false,"label":"If Mailbox Intelligence detects an impersonated user","name":"standards.AntiPhishPolicy.MailboxIntelligenceProtectionAction","options":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} + {"type":"select","multiple":false,"label":"Apply quarantine policy","name":"standards.AntiPhishPolicy.MailboxIntelligenceQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -45,7 +45,7 @@ function Invoke-CIPPStandardAntiPhishPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 index 8bc576d56eb1..bd9b80c3c0c3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardAppDeploy { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.AppDeploy.appids","label":"Application IDs, comma separated"} + {"type":"textField","name":"standards.AppDeploy.appids","label":"Application IDs, comma separated"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardAppDeploy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 index 7ed7a78334c9..510c9fdf9e08 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 @@ -7,8 +7,8 @@ function Invoke-CIPPStandardAtpPolicyForO365 { .SYNOPSIS (Label) Default Atp Policy For O365 .DESCRIPTION - (Helptext) This creates a Atp policy that enables Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams. - (DocsDescription) This creates a Atp policy that enables Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams. + (Helptext) This creates a Atp policy that enables Defender for Office 365 for SharePoint, OneDrive and Microsoft Teams. + (DocsDescription) This creates a Atp policy that enables Defender for Office 365 for SharePoint, OneDrive and Microsoft Teams. .NOTES CAT Defender Standards @@ -16,7 +16,7 @@ function Invoke-CIPPStandardAtpPolicyForO365 { "lowimpact" "CIS" ADDEDCOMPONENT - {"type":"boolean","label":"Allow people to click through Protected View even if Safe Documents identified the file as malicious","name":"standards.AtpPolicyForO365.AllowSafeDocsOpen","default":false} + {"type":"switch","label":"Allow people to click through Protected View even if Safe Documents identified the file as malicious","name":"standards.AtpPolicyForO365.AllowSafeDocsOpen","default":false,"required":false} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardAtpPolicyForO365 { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 index 86f8805e3247..3c5243f8e732 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardAuditLog { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 index e746e10799ea..a7bf50586167 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardAutoExpandArchive { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 index 77f42776c954..738ef7844b91 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardBookings { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.Bookings.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.Bookings.state","options":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardBookings { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 index 41e4616c230c..6c28b2d8baf5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 @@ -15,12 +15,12 @@ function Invoke-CIPPStandardBranding { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.Branding.signInPageText","label":"Sign-in page text"} - {"type":"input","name":"standards.Branding.usernameHintText","label":"Username hint Text"} - {"type":"boolean","name":"standards.Branding.hideAccountResetCredentials","label":"Hide self-service password reset"} - {"type":"Select","label":"Visual Template","name":"standards.Branding.layoutTemplateType","values":[{"label":"Full-screen background","value":"default"},{"label":"Partial-screen background","value":"verticalSplit"}]} - {"type":"boolean","name":"standards.Branding.isHeaderShown","label":"Show header"} - {"type":"boolean","name":"standards.Branding.isFooterShown","label":"Show footer"} + {"type":"textField","name":"standards.Branding.signInPageText","label":"Sign-in page text","required":false} + {"type":"textField","name":"standards.Branding.usernameHintText","label":"Username hint Text","required":false} + {"type":"switch","name":"standards.Branding.hideAccountResetCredentials","label":"Hide self-service password reset"} + {"type":"select","multiple":false,"label":"Visual Template","name":"standards.Branding.layoutTemplateType","options":[{"label":"Full-screen background","value":"default"},{"label":"Partial-screen background","value":"verticalSplit"}]} + {"type":"switch","name":"standards.Branding.isHeaderShown","label":"Show header"} + {"type":"switch","name":"standards.Branding.isFooterShown","label":"Show footer"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -29,7 +29,7 @@ function Invoke-CIPPStandardBranding { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1 index b4e94b12f969..384c50ee66e2 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardCloudMessageRecall { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.CloudMessageRecall.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.CloudMessageRecall.state","options":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardCloudMessageRecall { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 index 384a13d1814e..51182481cfa2 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 @@ -1,7 +1,30 @@ function Invoke-CIPPStandardConditionalAccessTemplate { <# .FUNCTIONALITY - Internal + Internal + .COMPONENT + (APIName) ConditionalAccessTemplate + .SYNOPSIS + (Label) Conditional Access Template + .DESCRIPTION + (Helptext) Manage conditional access policies for better security. + (DocsDescription) Manage conditional access policies for better security. + .NOTES + CAT + Templates + MULTIPLE + True + DISABLEDFEATURES + + IMPACT + High + ADDEDCOMPONENT + {"type":"autoComplete","name":"TemplateList","multiple":false,"label":"Select Conditional Access Template","api":{"url":"/api/ListCATemplates","labelField":"displayName","valueField":"GUID","queryKey":"ListCATemplates"}} + {"name":"state","label":"What state should we deploy this template in?","type":"radio","options":[{"value":"donotchange","label":"Do not change state"},{"value":"Enabled","label":"Set to enabled"},{"value":"Disabled","label":"Set to disabled"},{"value":"enabledForReportingButNotEnforced","label":"Set to report only"}]} + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/ #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'ConditionalAccess' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 index 0a50dd6bcc86..838a03cc7a8f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDelegateSentItems { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 index 54308b5f7a9f..0d90e2a0e4ff 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardDeletedUserRentention { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","name":"standards.DeletedUserRentention.Days","label":"Retention time (Default 30 days)","values":[{"label":"30 days","value":"30"},{"label":"90 days","value":"90"},{"label":"1 year","value":"365"},{"label":"2 years","value":"730"},{"label":"3 years","value":"1095"},{"label":"4 years","value":"1460"},{"label":"5 years","value":"1825"},{"label":"6 years","value":"2190"},{"label":"7 years","value":"2555"},{"label":"8 years","value":"2920"},{"label":"9 years","value":"3285"},{"label":"10 years","value":"3650"}]} + {"type":"select","multiple":false,"name":"standards.DeletedUserRentention.Days","label":"Retention time (Default 30 days)","options":[{"label":"30 days","value":"30"},{"label":"90 days","value":"90"},{"label":"1 year","value":"365"},{"label":"2 years","value":"730"},{"label":"3 years","value":"1095"},{"label":"4 years","value":"1460"},{"label":"5 years","value":"1825"},{"label":"6 years","value":"2190"},{"label":"7 years","value":"2555"},{"label":"8 years","value":"2920"},{"label":"9 years","value":"3285"},{"label":"10 years","value":"3650"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardDeletedUserRentention { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 index 0b6ef68a16bb..a09a7fa3daf7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardDisableAddShortcutsToOneDrive { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"Add Shortcuts To OneDrive button state","name":"standards.DisableAddShortcutsToOneDrive.state","values":[{"label":"Disabled","value":"true"},{"label":"Enabled","value":"false"}]} + {"type":"autoComplete","multiple":false,"label":"Add Shortcuts To OneDrive button state","name":"standards.DisableAddShortcutsToOneDrive.state","options":[{"label":"Disabled","value":"true"},{"label":"Enabled","value":"false"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardDisableAddShortcutsToOneDrive { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 index 8d66e0d16441..d0061c46b32d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardDisableAdditionalStorageProviders { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 index 246bc951d3f2..ac75add64456 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardDisableAppCreation { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 index 279366265065..73c9716025cf 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP { .SYNOPSIS (Label) Disable SMTP Basic Authentication .DESCRIPTION - (Helptext) Disables SMTP AUTH for the organization and all users. This is the default for new tenants. + (Helptext) Disables SMTP AUTH for the organization and all users. This is the default for new tenants. (DocsDescription) Disables SMTP basic authentication for the tenant and all users with it explicitly enabled. .NOTES CAT @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 index a23c3b7b2610..1f9d537a015e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 @@ -7,8 +7,8 @@ function Invoke-CIPPStandardDisableEmail { .SYNOPSIS (Label) Disables Email as an MFA method .DESCRIPTION - (Helptext) This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead promts them to create a Microsoft account. - (DocsDescription) This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead promts them to create a Microsoft account. + (Helptext) This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead prompts them to create a Microsoft account. + (DocsDescription) This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead prompts them to create a Microsoft account. .NOTES CAT Entra (AAD) Standards @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableEmail { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 index c8cf1818902f..f920de3c18d7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardDisableExternalCalendarSharing { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 index ed98f8f5378d..55c188bda32e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableGuestDirectory { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 index 4ef37eab9c29..32e3d2a345a4 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableGuests { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 index 01dedb2141f1..ceb53907e1e0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPStandardDisableM365GroupUsers { .SYNOPSIS (Label) Disable M365 Group creation by users .DESCRIPTION - (Helptext) Restricts M365 group creation to certain admin roles. This disables the ability to create Teams, Sharepoint sites, Planner, etc + (Helptext) Restricts M365 group creation to certain admin roles. This disables the ability to create Teams, SharePoint sites, Planner, etc (DocsDescription) Users by default are allowed to create M365 groups. This restricts M365 group creation to certain admin roles. This disables the ability to create Teams, SharePoint sites, Planner, etc .NOTES CAT @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableM365GroupUsers { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1 index d72f7dd493fb..b6507d5710e5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardDisableOutlookAddins { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 index c508ea8beea4..2c9a435131d7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardDisableReshare { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 index 929b56e27df7..a948d1d13213 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableSMS { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 index 4e3c6d546ff0..55fa4af4371d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableSecurityGroupUsers { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1 index 331879a3b7b1..4567b9d99a72 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.DisableSelfServiceLicenses.Exclusions","label":"License Ids to exclude from this standard"} + {"type":"textField","name":"standards.DisableSelfServiceLicenses.Exclusions","label":"License Ids to exclude from this standard","required":false} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1 index dda4ba27b51b..37b894544638 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardDisableSharePointLegacyAuth { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 index 5b92504f7938..7a42cc0ec788 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardDisableSharedMailbox { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTNEF.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTNEF.ps1 index 2b544afad213..4ad21eb72c6c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTNEF.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTNEF.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableTNEF { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param ($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 index 00b0b1380422..1a2ebea5f2f0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPStandardDisableTenantCreation { .SYNOPSIS (Label) Disable M365 Tenant creation by users .DESCRIPTION - (Helptext) Restricts creation of M365 tenants to the Global Administrator or Tenant Creator roles. + (Helptext) Restricts creation of M365 tenants to the Global Administrator or Tenant Creator roles. (DocsDescription) Users by default are allowed to create M365 tenants. This disables that so only admins can create new M365 tenants. .NOTES CAT @@ -25,7 +25,7 @@ function Invoke-CIPPStandardDisableTenantCreation { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 index 4b0c9b4287b9..9f2d1a96dfde 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableUserSiteCreate { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 index ed80354f77eb..c44565c5b519 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableViva { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 index d3de8e7f02dc..619b3e11c50b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableVoice { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 index 27b1e9c67362..8d1d0ae0b990 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisablex509Certificate { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEXODisableAutoForwarding.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEXODisableAutoForwarding.ps1 index bbfb458bab6f..8705dcd630cb 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEXODisableAutoForwarding.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEXODisableAutoForwarding.ps1 @@ -27,7 +27,7 @@ function Invoke-CIPPStandardEXODisableAutoForwarding { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 index c11dde73038f..dd64008cff74 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardEnableAppConsentRequests { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 index 666fd5f9ce27..7434e8035e07 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardEnableCustomerLockbox { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 index deee9286eaf4..8b71a8f1963a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnableFIDO2 { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 index 9a79fbbc3711..a55d5410612d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnableHardwareOAuth { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1 index a9ec00f799e7..cdea9bd134b1 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnableLitigationHold { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 index eb46db683cf9..e5211d2eda92 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 @@ -27,7 +27,7 @@ function Invoke-CIPPStandardEnableMailTips { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 index 160019c15e88..dac3185d381a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardEnableMailboxAuditing { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 index 29083290b99a..9a28cea18c9c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnableOnlineArchiving { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 index 915bf8ecc044..9f34eb0ff62f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnablePronouns { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param ($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 index dc204f253833..f28b6984c1c9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardExcludedfileExt { TAG "highimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.ExcludedfileExt.ext","label":"Extensions, Comma separated"} + {"type":"textField","name":"standards.ExcludedfileExt.ext","label":"Extensions, Comma separated"} IMPACT High Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardExcludedfileExt { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 index bc133d544d89..95f28b7c2cd9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardExternalMFATrusted { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.ExternalMFATrusted.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.ExternalMFATrusted.state","options":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardExternalMFATrusted { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardFocusedInbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardFocusedInbox.ps1 index e7e625e88253..adface2383c8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardFocusedInbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardFocusedInbox.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardFocusedInbox { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.FocusedInbox.state","values":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.FocusedInbox.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardFocusedInbox { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 index b282c7301cd3..8b1fd25e48b3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardGlobalQuarantineNotifications { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.GlobalQuarantineNotifications.NotificationInterval","values":[{"label":"4 hours","value":"04:00:00"},{"label":"1 day/Daily","value":"1.00:00:00"},{"label":"7 days/Weekly","value":"7.00:00:00"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.GlobalQuarantineNotifications.NotificationInterval","options":[{"label":"4 hours","value":"04:00:00"},{"label":"1 day/Daily","value":"1.00:00:00"},{"label":"7 days/Weekly","value":"7.00:00:00"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardGlobalQuarantineNotifications { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param ($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 index 032aac507abc..cb20b7d7fae9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 @@ -1,7 +1,29 @@ function Invoke-CIPPStandardGroupTemplate { <# .FUNCTIONALITY - Internal + Internal + .COMPONENT + (APIName) GroupTemplate + .SYNOPSIS + (Label) Group Template + .DESCRIPTION + (Helptext) Deploy and manage group templates. + (DocsDescription) Deploy and manage group templates. + .NOTES + MULTI + True + CAT + Templates + DISABLEDFEATURES + + IMPACT + Medium + ADDEDCOMPONENT + {"type":"autoComplete","name":"groupTemplate","label":"Select Group Template","api":{"url":"/api/ListGroupTemplates","labelField":"Displayname","valueField":"GUID","queryKey":"ListGroupTemplates"}} + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/ #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'GroupTemplate' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 index dfa296eb106a..e9df84d6f574 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 @@ -5,23 +5,26 @@ function Invoke-CIPPStandardGuestInvite { .COMPONENT (APIName) GuestInvite .SYNOPSIS - (Label) Guest Invite settings + (Label) Guest Invite setting .DESCRIPTION (Helptext) This setting controls who can invite guests to your directory to collaborate on resources secured by your company, such as SharePoint sites or Azure resources. (DocsDescription) This setting controls who can invite guests to your directory to collaborate on resources secured by your company, such as SharePoint sites or Azure resources. .NOTES CAT - InTune Standards + Entra (AAD) Standards TAG - "highimpact" + "mediumimpact" ADDEDCOMPONENT + {"type":"autoComplete","multiple":false,"label":"Who can send invites?","name":"standards.GuestInvite.allowInvitesFrom","options":[{"label":"Everyone","value":"everyone"},{"label":"Admins, Guest inviters and All Members","value":"adminsGuestInvitersAndAllMembers"},{"label":"Admins and Guest inviters","value":"adminsAndGuestInviters"},{"label":"None","value":"none"}]} IMPACT - High Impact + Medium Impact + POWERSHELLEQUIVALENT + RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 index 25d4b1e8eb58..e946ef49cc4f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 @@ -5,23 +5,27 @@ function Invoke-CIPPStandardIntuneComplianceSettings { .COMPONENT (APIName) IntuneComplianceSettings .SYNOPSIS - (Label) InTune Compliance settings + (Label) Set Intune Compliance Settings .DESCRIPTION (Helptext) Sets the mark devices with no compliance policy assigned as compliance/non compliant and Compliance status validity period. (DocsDescription) Sets the mark devices with no compliance policy assigned as compliance/non compliant and Compliance status validity period. .NOTES CAT - InTune Standards + Intune Standards TAG "lowimpact" ADDEDCOMPONENT + {"type":"autoComplete","multiple":false,"name":"standards.IntuneComplianceSettings.secureByDefault","label":"Mark devices with no compliance policy as","options":[{"label":"Compliant","value":"false"},{"label":"Non-Compliant","value":"true"}]} + {"type":"number","name":"standards.IntuneComplianceSettings.deviceComplianceCheckinThresholdDays","label":"Compliance status validity period (days)"} IMPACT Low Impact + POWERSHELLEQUIVALENT + RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 index 953836f15d83..3963933db0e4 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 @@ -1,7 +1,31 @@ function Invoke-CIPPStandardIntuneTemplate { <# .FUNCTIONALITY - Internal + Internal + .COMPONENT + (APIName) IntuneTemplate + .SYNOPSIS + (Label) Intune Template + .DESCRIPTION + (Helptext) Deploy and manage Intune templates across devices. + (DocsDescription) Deploy and manage Intune templates across devices. + .NOTES + CAT + Templates + MULTIPLE + True + DISABLEDFEATURES + + IMPACT + High + ADDEDCOMPONENT + {"type":"autoComplete","multiple":false,"name":"TemplateList","label":"Select Intune Template","api":{"url":"/api/ListIntuneTemplates","labelField":"Displayname","valueField":"GUID","queryKey":"languages"}} + {"name":"AssignTo","label":"Who should this template be assigned to?","type":"radio","options":[{"label":"Do not assign","value":"On"},{"label":"Assign to all users","value":"allLicensedUsers"},{"label":"Assign to all devices","value":"AllDevices"},{"label":"Assign to all users and devices","value":"AllDevicesAndUsers"},{"label":"Assign to Custom Group","value":"customGroup"}]} + {"type":"textField","required":false,"name":"customGroup","label":"Enter the custom group name if you selected 'Assign to Custom Group'. Wildcards are allowed."} + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/ #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'intuneTemplate' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardLegacyMFACleanup.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardLegacyMFACleanup.ps1 index aed46df835f2..018cc262c0ef 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardLegacyMFACleanup.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardLegacyMFACleanup.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardLegacyMFACleanup { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 index b161378639ce..28ad1f65a291 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 @@ -15,10 +15,10 @@ function Invoke-CIPPStandardMailContacts { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.MailContacts.GeneralContact","label":"General Contact"} - {"type":"input","name":"standards.MailContacts.SecurityContact","label":"Security Contact"} - {"type":"input","name":"standards.MailContacts.MarketingContact","label":"Marketing Contact"} - {"type":"input","name":"standards.MailContacts.TechContact","label":"Technical Contact"} + {"type":"textField","name":"standards.MailContacts.GeneralContact","label":"General Contact","required":false} + {"type":"textField","name":"standards.MailContacts.SecurityContact","label":"Security Contact","required":false} + {"type":"textField","name":"standards.MailContacts.MarketingContact","label":"Marketing Contact","required":false} + {"type":"textField","name":"standards.MailContacts.TechContact","label":"Technical Contact","required":false} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -27,7 +27,7 @@ function Invoke-CIPPStandardMailContacts { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 index 8992d680904c..e34a7124f8e5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 @@ -19,13 +19,13 @@ function Invoke-CIPPStandardMalwareFilterPolicy { "mdo_zapphish" "mdo_zapmalware" ADDEDCOMPONENT - {"type":"Select","label":"FileTypeAction","name":"standards.MalwareFilterPolicy.FileTypeAction","values":[{"label":"Reject","value":"Reject"},{"label":"Quarantine the message","value":"Quarantine"}]} - {"type":"input","name":"standards.MalwareFilterPolicy.OptionalFileTypes","label":"Optional File Types, Comma separated"} - {"type":"Select","label":"QuarantineTag","name":"standards.MalwareFilterPolicy.QuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"boolean","label":"Enable Internal Sender Admin Notifications","name":"standards.MalwareFilterPolicy.EnableInternalSenderAdminNotifications"} - {"type":"input","name":"standards.MalwareFilterPolicy.InternalSenderAdminAddress","label":"Internal Sender Admin Address"} - {"type":"boolean","label":"Enable External Sender Admin Notifications","name":"standards.MalwareFilterPolicy.EnableExternalSenderAdminNotifications"} - {"type":"input","name":"standards.MalwareFilterPolicy.ExternalSenderAdminAddress","label":"External Sender Admin Address"} + {"type":"select","multiple":false,"label":"FileTypeAction","name":"standards.MalwareFilterPolicy.FileTypeAction","options":[{"label":"Reject","value":"Reject"},{"label":"Quarantine the message","value":"Quarantine"}]} + {"type":"textField","name":"standards.MalwareFilterPolicy.OptionalFileTypes","required":false,"label":"Optional File Types, Comma separated"} + {"type":"select","multiple":false,"label":"QuarantineTag","name":"standards.MalwareFilterPolicy.QuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"switch","label":"Enable Internal Sender Admin Notifications","required":false,"name":"standards.MalwareFilterPolicy.EnableInternalSenderAdminNotifications"} + {"type":"textField","name":"standards.MalwareFilterPolicy.InternalSenderAdminAddress","required":false,"label":"Internal Sender Admin Address"} + {"type":"switch","label":"Enable External Sender Admin Notifications","required":false,"name":"standards.MalwareFilterPolicy.EnableExternalSenderAdminNotifications"} + {"type":"textField","name":"standards.MalwareFilterPolicy.ExternalSenderAdminAddress","required":false,"label":"External Sender Admin Address"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -35,7 +35,7 @@ function Invoke-CIPPStandardMalwareFilterPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 index 0c65a52ac51c..4126811842e8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardMessageExpiration { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 index 6ff2826da936..b00f525d0fef 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardNudgeMFA { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.NudgeMFA.state","values":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.NudgeMFA.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} {"type":"number","name":"standards.NudgeMFA.snoozeDurationInDays","label":"Number of days to allow users to skip registering Authenticator (0-14, default is 1)","default":1} IMPACT Low Impact @@ -25,7 +25,7 @@ function Invoke-CIPPStandardNudgeMFA { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 index 92d7f64d612f..5df66cd46ca5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 @@ -16,7 +16,7 @@ function Invoke-CIPPStandardOauthConsent { "mediumimpact" "CIS" ADDEDCOMPONENT - {"type":"input","name":"standards.OauthConsent.AllowedApps","label":"Allowed application IDs, comma separated"} + {"type":"textField","name":"standards.OauthConsent.AllowedApps","label":"Allowed application IDs, comma separated","required":false} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardOauthConsent { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($tenant, $settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 index d336e2d7528b..e43a57367058 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardOauthConsentLowSec { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 index 316fd3495bab..4c6230c0b28c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 @@ -16,7 +16,7 @@ function Invoke-CIPPStandardOutBoundSpamAlert { "lowimpact" "CIS" ADDEDCOMPONENT - {"type":"input","name":"standards.OutBoundSpamAlert.OutboundSpamContact","label":"Outbound spam contact"} + {"type":"textField","name":"standards.OutBoundSpamAlert.OutboundSpamContact","label":"Outbound spam contact"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardOutBoundSpamAlert { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 index cc104b002d9a..4116d53897c6 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardPWcompanionAppAllowedState { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.PWcompanionAppAllowedState.state","values":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.PWcompanionAppAllowedState.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardPWcompanionAppAllowedState { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 index a6936f2346d2..1c7005cb470f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardPWdisplayAppInformationRequiredState { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 index cf62c6c9ed55..fd6d68613ace 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardPasswordExpireDisabled { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 index e0aa9df16f0c..21a802bc079c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardPerUserMFA { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 index e07f2e3c4dcf..4cd025548e72 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 @@ -18,7 +18,7 @@ function Invoke-CIPPStandardPhishProtection { IMPACT Low Impact DISABLEDFEATURES - + POWERSHELLEQUIVALENT Portal only RECOMMENDEDBY @@ -26,7 +26,7 @@ function Invoke-CIPPStandardPhishProtection { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 index 9dba79606f3f..3040ef1f155e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardQuarantineRequestAlert { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.QuarantineRequestAlert.NotifyUser","label":"E-mail to receive the alert"} + {"type":"textField","name":"standards.QuarantineRequestAlert.NotifyUser","label":"E-mail to receive the alert"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardQuarantineRequestAlert { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param ($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 index e5e04e8e136a..47776ea2f17f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardRotateDKIM { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 index 0531386edce1..bd016f0f9ba8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSPAzureB2B { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 index e27cc33a94ee..c9f44c0c8a21 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSPDirectSharing { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 index b499216b3bf6..7ee1f747340b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardSPDisableLegacyWorkflows { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'SPDisableLegacyWorkflows' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 index 383f77ae20d0..76e9a1682200 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSPDisallowInfectedFiles { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 index ded1d34833c5..05b078a5e62e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardSPEmailAttestation { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 index 6957bee42020..02589cf0c61e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardSPExternalUserExpiration { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPSyncButtonState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPSyncButtonState.ps1 index 11029ff97972..4b54a8b44ad3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPSyncButtonState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPSyncButtonState.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardSPSyncButtonState { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"SharePoint Sync Button state","name":"standards.SPSyncButtonState.state","values":[{"label":"Disabled","value":"true"},{"label":"Enabled","value":"false"}]} + {"type":"autoComplete","multiple":false,"label":"SharePoint Sync Button state","name":"standards.SPSyncButtonState.state","options":[{"label":"Disabled","value":"true"},{"label":"Enabled","value":"false"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardSPSyncButtonState { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 index 5ac64c7887c6..a35f420cf73f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 @@ -19,10 +19,10 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { "mdo_commonattachmentsfilter" "mdo_safeattachmentpolicy" ADDEDCOMPONENT - {"type":"Select","label":"Action","name":"standards.SafeAttachmentPolicy.Action","values":[{"label":"Allow","value":"Allow"},{"label":"Block","value":"Block"},{"label":"DynamicDelivery","value":"DynamicDelivery"}]} - {"type":"Select","label":"QuarantineTag","name":"standards.SafeAttachmentPolicy.QuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"boolean","label":"Redirect","name":"standards.SafeAttachmentPolicy.Redirect"} - {"type":"input","name":"standards.SafeAttachmentPolicy.RedirectAddress","label":"Redirect Address"} + {"type":"select","multiple":false,"label":"Action","name":"standards.SafeAttachmentPolicy.Action","options":[{"label":"Allow","value":"Allow"},{"label":"Block","value":"Block"},{"label":"DynamicDelivery","value":"DynamicDelivery"}]} + {"type":"select","multiple":false,"label":"QuarantineTag","name":"standards.SafeAttachmentPolicy.QuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"switch","label":"Redirect","name":"standards.SafeAttachmentPolicy.Redirect"} + {"type":"textField","name":"standards.SafeAttachmentPolicy.RedirectAddress","label":"Redirect Address","required":false} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -32,7 +32,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 index d692297f26b6..b9b9823cf47c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 @@ -18,9 +18,9 @@ function Invoke-CIPPStandardSafeLinksPolicy { "mdo_safelinksforemail" "mdo_safelinksforOfficeApps" ADDEDCOMPONENT - {"type":"boolean","label":"AllowClickThrough","name":"standards.SafeLinksPolicy.AllowClickThrough"} - {"type":"boolean","label":"DisableUrlRewrite","name":"standards.SafeLinksPolicy.DisableUrlRewrite"} - {"type":"boolean","label":"EnableOrganizationBranding","name":"standards.SafeLinksPolicy.EnableOrganizationBranding"} + {"type":"switch","label":"AllowClickThrough","name":"standards.SafeLinksPolicy.AllowClickThrough"} + {"type":"switch","label":"DisableUrlRewrite","name":"standards.SafeLinksPolicy.DisableUrlRewrite"} + {"type":"switch","label":"EnableOrganizationBranding","name":"standards.SafeLinksPolicy.EnableOrganizationBranding"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -30,7 +30,7 @@ function Invoke-CIPPStandardSafeLinksPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 index fd70ad3b2f77..283bc4d5a267 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 @@ -16,7 +16,7 @@ function Invoke-CIPPStandardSafeSendersDisable { "mediumimpact" ADDEDCOMPONENT DISABLEDFEATURES - + IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSafeSendersDisable { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 index 916e42043fa7..3a43c05d0222 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardSecurityDefaults { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 index 051d46d2a0cb..4084650d240e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardSendFromAlias { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 index a0997a9869da..a2ce48171f59 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSendReceiveLimitTenant { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardShortenMeetings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardShortenMeetings.ps1 index fdd67d8dbfa1..c1469596a27e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardShortenMeetings.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardShortenMeetings.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardShortenMeetings { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.ShortenMeetings.ShortenEventScopeDefault","values":[{"label":"Disabled/None","value":"None"},{"label":"End early","value":"EndEarly"},{"label":"Start late","value":"StartLate"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.ShortenMeetings.ShortenEventScopeDefault","options":[{"label":"Disabled/None","value":"None"},{"label":"End early","value":"EndEarly"},{"label":"Start late","value":"StartLate"}]} {"type":"number","name":"standards.ShortenMeetings.DefaultMinutesToReduceShortEventsBy","label":"Minutes to reduce short calendar events by (Default is 5)","default":5} {"type":"number","name":"standards.ShortenMeetings.DefaultMinutesToReduceLongEventsBy","label":"Minutes to reduce long calendar events by (Default is 10)","default":10} IMPACT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardShortenMeetings { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 index b4de133595e8..4e4bd537aa5e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 @@ -16,15 +16,15 @@ function Invoke-CIPPStandardSpamFilterPolicy { "mediumimpact" ADDEDCOMPONENT {"type":"number","label":"Bulk email threshold (Default 7)","name":"standards.SpamFilterPolicy.BulkThreshold","default":7} - {"type":"Select","label":"Spam Action","name":"standards.SpamFilterPolicy.SpamAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} - {"type":"Select","label":"Spam Quarantine Tag","name":"standards.SpamFilterPolicy.SpamQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"High Confidence Spam Action","name":"standards.SpamFilterPolicy.HighConfidenceSpamAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} - {"type":"Select","label":"High Confidence Spam Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidenceSpamQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"Bulk Spam Action","name":"standards.SpamFilterPolicy.BulkSpamAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} - {"type":"Select","label":"Bulk Quarantine Tag","name":"standards.SpamFilterPolicy.BulkQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"Phish Spam Action","name":"standards.SpamFilterPolicy.PhishSpamAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} - {"type":"Select","label":"Phish Quarantine Tag","name":"standards.SpamFilterPolicy.PhishQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"High Confidence Phish Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidencePhishQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"Spam Action","name":"standards.SpamFilterPolicy.SpamAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} + {"type":"autoComplete","multiple":false,"label":"Spam Quarantine Tag","name":"standards.SpamFilterPolicy.SpamQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"High Confidence Spam Action","name":"standards.SpamFilterPolicy.HighConfidenceSpamAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} + {"type":"autoComplete","multiple":false,"label":"High Confidence Spam Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidenceSpamQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"Bulk Spam Action","name":"standards.SpamFilterPolicy.BulkSpamAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} + {"type":"autoComplete","multiple":false,"label":"Bulk Quarantine Tag","name":"standards.SpamFilterPolicy.BulkQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"Phish Spam Action","name":"standards.SpamFilterPolicy.PhishSpamAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} + {"type":"autoComplete","multiple":false,"label":"Phish Quarantine Tag","name":"standards.SpamFilterPolicy.PhishQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"High Confidence Phish Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidencePhishQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -33,7 +33,7 @@ function Invoke-CIPPStandardSpamFilterPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 index b8487b3d5889..a9ba02025ac7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 @@ -16,7 +16,7 @@ function Invoke-CIPPStandardSpoofWarn { "lowimpact" "CIS" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.SpoofWarn.state","values":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.SpoofWarn.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardSpoofWarn { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 index 2fd7a32cac04..fbb236903975 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 @@ -2,6 +2,32 @@ <# .FUNCTIONALITY Internal + .COMPONENT + (APIName) StaleEntraDevices + .SYNOPSIS + (Label) Cleanup stale Entra devices + .DESCRIPTION + (Helptext) Cleans up Entra devices that have not connected/signed in for the specified number of days. + (DocsDescription) Cleans up Entra devices that have not connected/signed in for the specified number of days. First disables and later deletes the devices. More info can be found in the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices) + .NOTES + CAT + Entra (AAD) Standards + TAG + "highimpact" + "CIS" + ADDEDCOMPONENT + {"type":"number","name":"standards.StaleEntraDevices.deviceAgeThreshold","label":"Days before stale(Dont set below 30)"} + DISABLEDFEATURES + + IMPACT + High Impact + POWERSHELLEQUIVALENT + Remove-MgDevice, Update-MgDevice or Graph API + RECOMMENDEDBY + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 index eb72868d0ce9..925916f948e8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPStandardTAP { .SYNOPSIS (Label) Enable Temporary Access Passwords .DESCRIPTION - (Helptext) Enables TAP and sets the default TAP lifetime to 1 hour. This configuration also allows you to select is a TAP is single use or multi-logon. + (Helptext) Enables TAP and sets the default TAP lifetime to 1 hour. This configuration also allows you to select if a TAP is single use or multi-logon. (DocsDescription) Enables Temporary Password generation for the tenant. .NOTES CAT @@ -15,7 +15,7 @@ function Invoke-CIPPStandardTAP { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select TAP Lifetime","name":"standards.TAP.config","values":[{"label":"Only Once","value":"true"},{"label":"Multiple Logons","value":"false"}]} + {"type":"select","multiple":false,"label":"Select TAP Lifetime","name":"standards.TAP.config","options":[{"label":"Only Once","value":"true"},{"label":"Multiple Logons","value":"false"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardTAP { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEmailIntegration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEmailIntegration.ps1 index 0d80dcc1947f..d5a1a5db6b41 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEmailIntegration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEmailIntegration.ps1 @@ -15,7 +15,7 @@ Function Invoke-CIPPStandardTeamsEmailIntegration { TAG "lowimpact" ADDEDCOMPONENT - {"type":"boolean","name":"standards.TeamsEmailIntegration.AllowEmailIntoChannel","label":"Allow channel emails"} + {"type":"switch","name":"standards.TeamsEmailIntegration.AllowEmailIntoChannel","label":"Allow channel emails"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -25,7 +25,7 @@ Function Invoke-CIPPStandardTeamsEmailIntegration { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 index adcf29f0fde1..64e4ad948181 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 @@ -2,6 +2,29 @@ Function Invoke-CIPPStandardTeamsEnrollUser { <# .FUNCTIONALITY Internal + .COMPONENT + (APIName) TeamsEnrollUser + .SYNOPSIS + (Label) Default voice and face enrollment + .DESCRIPTION + (Helptext) Controls whether users with this policy can set the voice profile capture and enrollment through the Recognition tab in their Teams client settings. + (DocsDescription) Controls whether users with this policy can set the voice profile capture and enrollment through the Recognition tab in their Teams client settings. + .NOTES + CAT + Teams Standards + TAG + "lowimpact" + ADDEDCOMPONENT + {"type":"autoComplete","name":"standards.TeamsEnrollUser.EnrollUserOverride","label":"Voice and Face Enrollment","options":[{"label":"Disabled","value":"Disabled"},{"label":"Enabled","value":"Enabled"}]} + IMPACT + Low Impact + POWERSHELLEQUIVALENT + Set-CsTeamsMeetingPolicy -Identity Global -EnrollUserOverride \$false + RECOMMENDEDBY + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalAccessPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalAccessPolicy.ps1 index 195addd804f4..3c79a6fd30be 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalAccessPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalAccessPolicy.ps1 @@ -15,9 +15,9 @@ Function Invoke-CIPPStandardTeamsExternalAccessPolicy { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"boolean","name":"standards.TeamsExternalAccessPolicy.EnableFederationAccess","label":"Allow communication from trusted organizations"} - {"type":"boolean","name":"standards.TeamsExternalAccessPolicy.EnablePublicCloudAccess","label":"Allow user to communicate with Skype users"} - {"type":"boolean","name":"standards.TeamsExternalAccessPolicy.EnableTeamsConsumerAccess","label":"Allow communication with unmanaged Teams accounts"} + {"type":"switch","name":"standards.TeamsExternalAccessPolicy.EnableFederationAccess","label":"Allow communication from trusted organizations"} + {"type":"switch","name":"standards.TeamsExternalAccessPolicy.EnablePublicCloudAccess","label":"Allow user to communicate with Skype users"} + {"type":"switch","name":"standards.TeamsExternalAccessPolicy.EnableTeamsConsumerAccess","label":"Allow communication with unmanaged Teams accounts"} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ Function Invoke-CIPPStandardTeamsExternalAccessPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalFileSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalFileSharing.ps1 index dc21121c0e3f..1fc934983092 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalFileSharing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalFileSharing.ps1 @@ -15,11 +15,11 @@ Function Invoke-CIPPStandardTeamsExternalFileSharing { TAG "lowimpact" ADDEDCOMPONENT - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowGoogleDrive","label":"Allow Google Drive"} - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowShareFile","label":"Allow ShareFile"} - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowBox","label":"Allow Box"} - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowDropBox","label":"Allow Dropbox"} - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowEgnyte","label":"Allow Egnyte"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowGoogleDrive","label":"Allow Google Drive"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowShareFile","label":"Allow ShareFile"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowBox","label":"Allow Box"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowDropBox","label":"Allow Dropbox"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowEgnyte","label":"Allow Egnyte"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -29,7 +29,7 @@ Function Invoke-CIPPStandardTeamsExternalFileSharing { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 index 13a4705338c3..930bff06c4db 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 @@ -15,10 +15,10 @@ Function Invoke-CIPPStandardTeamsFederationConfiguration { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"boolean","name":"standards.TeamsFederationConfiguration.AllowTeamsConsumer","label":"Allow users to communicate with other organizations"} - {"type":"boolean","name":"standards.TeamsFederationConfiguration.AllowPublicUsers","label":"Allow users to communicate with Skype Users"} - {"type":"Select","name":"standards.TeamsFederationConfiguration.DomainControl","label":"Communication Mode","values":[{"label":"Allow all external domains","value":"AllowAllExternal"},{"label":"Block all external domains","value":"BlockAllExternal"},{"label":"Allow specific external domains","value":"AllowSpecificExternal"},{"label":"Block specific external domains","value":"BlockSpecificExternal"}]} - {"type":"input","name":"standards.TeamsFederationConfiguration.DomainList","label":"Domains, Comma separated"} + {"type":"switch","name":"standards.TeamsFederationConfiguration.AllowTeamsConsumer","label":"Allow users to communicate with other organizations"} + {"type":"switch","name":"standards.TeamsFederationConfiguration.AllowPublicUsers","label":"Allow users to communicate with Skype Users"} + {"type":"autoComplete","multiple":false,"name":"standards.TeamsFederationConfiguration.DomainControl","label":"Communication Mode","options":[{"label":"Allow all external domains","value":"AllowAllExternal"},{"label":"Block all external domains","value":"BlockAllExternal"},{"label":"Allow specific external domains","value":"AllowSpecificExternal"},{"label":"Block specific external domains","value":"BlockSpecificExternal"}]} + {"type":"textField","name":"standards.TeamsFederationConfiguration.DomainList","label":"Domains, Comma separated","required":false} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -27,7 +27,7 @@ Function Invoke-CIPPStandardTeamsFederationConfiguration { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 index 4357b39bcb88..5827f007b0f1 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 @@ -15,7 +15,9 @@ Function Invoke-CIPPStandardTeamsGlobalMeetingPolicy { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","name":"standards.TeamsGlobalMeetingPolicy.DesignatedPresenterRoleMode","label":"Default value of the `Who can present?`","values":[{"label":"EveryoneUserOverride","value":"EveryoneUserOverride"},{"label":"EveryoneInCompanyUserOverride","value":"EveryoneInCompanyUserOverride"},{"label":"EveryoneInSameAndFederatedCompanyUserOverride","value":"EveryoneInSameAndFederatedCompanyUserOverride"},{"label":"OrganizerOnlyUserOverride","value":"OrganizerOnlyUserOverride"}]} + {"type":"autoComplete","multiple":false,"name":"standards.TeamsGlobalMeetingPolicy.DesignatedPresenterRoleMode","label":"Default value of the `Who can present?`","options":[{"label":"EveryoneUserOverride","value":"EveryoneUserOverride"},{"label":"EveryoneInCompanyUserOverride","value":"EveryoneInCompanyUserOverride"},{"label":"EveryoneInSameAndFederatedCompanyUserOverride","value":"EveryoneInSameAndFederatedCompanyUserOverride"},{"label":"OrganizerOnlyUserOverride","value":"OrganizerOnlyUserOverride"}]} + {"type":"switch","name":"standards.TeamsGlobalMeetingPolicy.AllowAnonymousUsersToJoinMeeting","label":"Allow anonymous users to join meeting"} + {"type":"autoComplete","multiple":false,"name":"standards.TeamsGlobalMeetingPolicy.MeetingChatEnabledType","label":"Meeting chat policy","options":[{"label":"On for everyone","value":"Enabled"},{"label":"On for everyone but anonymous users","value":"EnabledExceptAnonymous"},{"label":"Off for everyone","value":"Disabled"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -25,7 +27,7 @@ Function Invoke-CIPPStandardTeamsGlobalMeetingPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#low-impact #> ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'TeamsGlobalMeetingPolicy' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingsByDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingsByDefault.ps1 index 93a2a288845b..6c14e3df7ebf 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingsByDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingsByDefault.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardTeamsMeetingsByDefault { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.TeamsMeetingsByDefault.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.TeamsMeetingsByDefault.state","options":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardTeamsMeetingsByDefault { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 index 8a2d229288ca..cb0a7c4d796b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 @@ -4,11 +4,35 @@ Function Invoke-CIPPStandardTeamsMessagingPolicy { Internal .COMPONENT (APIName) TeamsMessagingPolicy - .NOTES + .SYNOPSIS + (Label) Global Messaging Policy for Microsoft Teams + .DESCRIPTION + (Helptext) Sets the properties of the Global messaging policy. + (DocsDescription) Sets the properties of the Global messaging policy. Messaging policies control which chat and channel messaging features are available to users in Teams. + .NOTES + CAT + Teams Standards + TAG + "mediumimpact" + ADDEDCOMPONENT + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowOwnerDeleteMessage","label":"Allow Owner to Delete Messages","default":false} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowUserDeleteMessage","label":"Allow User to Delete Messages","default":true} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowUserEditMessage","label":"Allow User to Edit Messages","default":true} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowUserDeleteChat","label":"Allow User to Delete Chats","default":true} + {"type":"autoComplete","multiple":false,"name":"standards.TeamsMessagingPolicy.ReadReceiptsEnabledType","label":"Read Receipts Enabled Type","options":[{"label":"User controlled","value":"UserPreference"},{"label":"Turned on for everyone","value":"Everyone"},{"label":"Turned off for everyone","value":"None"}]} + {"type":"switch","name":"standards.TeamsMessagingPolicy.CreateCustomEmojis","label":"Allow Creating Custom Emojis","default":true} + {"type":"switch","name":"standards.TeamsMessagingPolicy.DeleteCustomEmojis","label":"Allow Deleting Custom Emojis","default":false} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowSecurityEndUserReporting","label":"Allow reporting message as security concern","default":true} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowCommunicationComplianceEndUserReporting","label":"Allow reporting message as inappropriate content","default":true} + IMPACT + Medium Impact + POWERSHELLEQUIVALENT + Set-CsTeamsMessagingPolicy + RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#medium-impact #> ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'TeamsMessagingPolicy' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 index cbc223e26374..73b7d7e97614 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 @@ -24,7 +24,7 @@ function Invoke-CIPPStandardTenantDefaultTimezone { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 index 9586aeb3cd6d..0b2a2096aa89 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 @@ -1,7 +1,27 @@ function Invoke-CIPPStandardTransportRuleTemplate { <# .FUNCTIONALITY - Internal + Internal + .COMPONENT + (APIName) TransportRuleTemplate + .SYNOPSIS + (Label) Transport Rule Template + .DESCRIPTION + (Helptext) Deploy transport rules to manage email flow. + (DocsDescription) Deploy transport rules to manage email flow. + .NOTES + CAT + Templates + DISABLEDFEATURES + + IMPACT + Medium + ADDEDCOMPONENT + {"type":"autoComplete","name":"transportRuleTemplate","label":"Select Transport Rule Template","api":{"url":"/api/ListTransportRulesTemplates","labelField":"name","valueField":"GUID","queryKey":"ListTransportRulesTemplates"}} + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/ #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'TransportRuleTemplate' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 index 5548e1f0b6c5..333de3e01992 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardUndoOauth { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 index 985d040aab8e..265d37507f8b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 @@ -15,8 +15,8 @@ function Invoke-CIPPStandardUserSubmissions { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.UserSubmissions.state","values":[{"label":"Enabled","value":"enable"},{"label":"Disabled","value":"disable"}]} - {"type":"input","name":"standards.UserSubmissions.email","label":"Destination email address"} + {"type":"select","multiple":false,"label":"Select value","name":"standards.UserSubmissions.state","options":[{"label":"Enabled","value":"enable"},{"label":"Disabled","value":"disable"}]} + {"type":"textField","name":"standards.UserSubmissions.email","required":false,"label":"Destination email address"} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -25,7 +25,7 @@ function Invoke-CIPPStandardUserSubmissions { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 index 15bd3658b861..6035ca8d04dc 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardallowOAuthTokens { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 index 7f5d0a442113..9b9441b9e951 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardallowOTPTokens { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 index dd859ddc4738..dbbd8fb4ddf9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 @@ -15,9 +15,9 @@ function Invoke-CIPPStandardcalDefault { TAG "lowimpact" DISABLEDFEATURES - + ADDEDCOMPONENT - {"type":"Select","label":"Select Sharing Level","name":"standards.calDefault.permissionlevel","values":[{"label":"Owner - The user can create, read, edit, and delete all items in the folder, and create subfolders. The user is both folder owner and folder contact.","value":"Owner"},{"label":"Publishing Editor - The user can create, read, edit, and delete all items in the folder, and create subfolders.","value":"PublishingEditor"},{"label":"Editor - The user can create items in the folder. The contents of the folder do not appear.","value":"Editor"},{"label":"Publishing Author. The user can read, create all items/subfolders. Can modify and delete only items they create.","value":"PublishingAuthor"},{"label":"Author - The user can create and read items, and modify and delete items that they create.","value":"Author"},{"label":"Non Editing Author - The user has full read access and create items. Can can delete only own items.","value":"NonEditingAuthor"},{"label":"Reviewer - The user can read all items in the folder.","value":"Reviewer"},{"label":"Contributor - The user can create items and folders.","value":"Contributor"},{"label":"Availability Only - Indicates that the user can view only free/busy time within the calendar.","value":"AvailabilityOnly"},{"label":"Limited Details - The user can view free/busy time within the calendar and the subject and location of appointments.","value":"LimitedDetails"},{"label":"None - The user has no permissions on the folder.","value":"none"}]} + {"type":"select","multiple":false,"label":"Select Sharing Level","name":"standards.calDefault.permissionlevel","options":[{"label":"Owner - The user can create, read, edit, and delete all items in the folder, and create subfolders. The user is both folder owner and folder contact.","value":"Owner"},{"label":"Publishing Editor - The user can create, read, edit, and delete all items in the folder, and create subfolders.","value":"PublishingEditor"},{"label":"Editor - The user can create items in the folder. The contents of the folder do not appear.","value":"Editor"},{"label":"Publishing Author. The user can read, create all items/subfolders. Can modify and delete only items they create.","value":"PublishingAuthor"},{"label":"Author - The user can create and read items, and modify and delete items that they create.","value":"Author"},{"label":"Non Editing Author - The user has full read access and create items. Can can delete only own items.","value":"NonEditingAuthor"},{"label":"Reviewer - The user can read all items in the folder.","value":"Reviewer"},{"label":"Contributor - The user can create items and folders.","value":"Contributor"},{"label":"Availability Only - Indicates that the user can view only free/busy time within the calendar.","value":"AvailabilityOnly"},{"label":"Limited Details - The user can view free/busy time within the calendar and the subject and location of appointments.","value":"LimitedDetails"},{"label":"None - The user has no permissions on the folder.","value":"none"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardcalDefault { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings, $QueueItem) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 index aeb24bbe8d7a..dc6b2184a4d5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandarddisableMacSync { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneBrandingProfile.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneBrandingProfile.ps1 index c4e9be0222af..420f3c11498f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneBrandingProfile.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneBrandingProfile.ps1 @@ -15,16 +15,16 @@ function Invoke-CIPPStandardintuneBrandingProfile { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.intuneBrandingProfile.displayName","label":"Organization name"} - {"type":"boolean","name":"standards.intuneBrandingProfile.showLogo","label":"Show logo"} - {"type":"boolean","name":"standards.intuneBrandingProfile.showDisplayNameNextToLogo","label":"Show organization name next to logo"} - {"type":"input","name":"standards.intuneBrandingProfile.contactITName","label":"Contact IT name"} - {"type":"input","name":"standards.intuneBrandingProfile.contactITPhoneNumber","label":"Contact IT phone number"} - {"type":"input","name":"standards.intuneBrandingProfile.contactITEmailAddress","label":"Contact IT email address"} - {"type":"input","name":"standards.intuneBrandingProfile.contactITNotes","label":"Contact IT notes"} - {"type":"input","name":"standards.intuneBrandingProfile.onlineSupportSiteName","label":"Online support site name"} - {"type":"input","name":"standards.intuneBrandingProfile.onlineSupportSiteUrl","label":"Online support site URL"} - {"type":"input","name":"standards.intuneBrandingProfile.privacyUrl","label":"Privacy statement URL"} + {"type":"textField","name":"standards.intuneBrandingProfile.displayName","label":"Organization name","required":false} + {"type":"switch","name":"standards.intuneBrandingProfile.showLogo","label":"Show logo"} + {"type":"switch","name":"standards.intuneBrandingProfile.showDisplayNameNextToLogo","label":"Show organization name next to logo","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.contactITName","label":"Contact IT name","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.contactITPhoneNumber","label":"Contact IT phone number","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.contactITEmailAddress","label":"Contact IT email address","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.contactITNotes","label":"Contact IT notes","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.onlineSupportSiteName","label":"Online support site name","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.onlineSupportSiteUrl","label":"Online support site URL","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.privacyUrl","label":"Privacy statement URL","required":false} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -33,7 +33,7 @@ function Invoke-CIPPStandardintuneBrandingProfile { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 index beb6174fbdcc..f6840bafc092 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 @@ -24,7 +24,7 @@ function Invoke-CIPPStandardintuneDeviceReg { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 index 6e8792d71df7..3cab0708f09d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 @@ -24,7 +24,7 @@ function Invoke-CIPPStandardintuneDeviceRetirementDays { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 index 143acbc4e2f5..9939dd0005c6 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 @@ -22,7 +22,7 @@ function Invoke-CIPPStandardintuneRequireMFA { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 index 307e631cd868..da89f92a6795 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardlaps { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 index a8c962b2f0a0..277263b94e61 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 @@ -5,10 +5,10 @@ function Invoke-CIPPStandardsharingCapability { .COMPONENT (APIName) sharingCapability .SYNOPSIS - (Label) Set Sharing Level for OneDrive and Sharepoint + (Label) Set Sharing Level for OneDrive and SharePoint .DESCRIPTION - (Helptext) Sets the default sharing level for OneDrive and Sharepoint. This is a tenant wide setting and overrules any settings set on the site level - (DocsDescription) Sets the default sharing level for OneDrive and Sharepoint. This is a tenant wide setting and overrules any settings set on the site level + (Helptext) Sets the default sharing level for OneDrive and SharePoint. This is a tenant wide setting and overrules any settings set on the site level + (DocsDescription) Sets the default sharing level for OneDrive and SharePoint. This is a tenant wide setting and overrules any settings set on the site level .NOTES CAT SharePoint Standards @@ -16,7 +16,7 @@ function Invoke-CIPPStandardsharingCapability { "highimpact" "CIS" ADDEDCOMPONENT - {"type":"Select","label":"Select Sharing Level","name":"standards.sharingCapability.Level","values":[{"label":"Users can share only with people in the organization. No external sharing is allowed.","value":"disabled"},{"label":"Users can share with new and existing guests. Guests must sign in or provide a verification code.","value":"externalUserSharingOnly"},{"label":"Users can share with anyone by using links that do not require sign-in.","value":"externalUserAndGuestSharing"},{"label":"Users can share with existing guests (those already in the directory of the organization).","value":"existingExternalUserSharingOnly"}]} + {"type":"select","multiple":false,"label":"Select Sharing Level","name":"standards.sharingCapability.Level","options":[{"label":"Users can share only with people in the organization. No external sharing is allowed.","value":"disabled"},{"label":"Users can share with new and existing guests. Guests must sign in or provide a verification code.","value":"externalUserSharingOnly"},{"label":"Users can share with anyone by using links that do not require sign-in.","value":"externalUserAndGuestSharing"},{"label":"Users can share with existing guests (those already in the directory of the organization).","value":"existingExternalUserSharingOnly"}]} IMPACT High Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardsharingCapability { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingDomainRestriction.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingDomainRestriction.ps1 index 9ea89a31897b..098b0ef3e17e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingDomainRestriction.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingDomainRestriction.ps1 @@ -16,8 +16,8 @@ function Invoke-CIPPStandardsharingDomainRestriction { "highimpact" "CIS" ADDEDCOMPONENT - {"type":"Select","name":"standards.sharingDomainRestriction.Mode","label":"Limit external sharing by domains","values":[{"label":"Off","value":"none"},{"label":"Restrict sharing to specific domains","value":"allowList"},{"label":"Block sharing to specific domains","value":"blockList"}]} - {"type":"input","name":"standards.sharingDomainRestriction.Domains","label":"Domains to allow/block, comma separated"} + {"type":"select","multiple":false,"name":"standards.sharingDomainRestriction.Mode","label":"Limit external sharing by domains","options":[{"label":"Off","value":"none"},{"label":"Restrict sharing to specific domains","value":"allowList"},{"label":"Block sharing to specific domains","value":"blockList"}]} + {"type":"textField","name":"standards.sharingDomainRestriction.Domains","label":"Domains to allow/block, comma separated","required":false} IMPACT High Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardsharingDomainRestriction { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 index 4e2ad5693119..416af1a6ded7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardunmanagedSync { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) From 48867b93e3bc45ff5f23b7c746b2802fe49e1741 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 21:19:08 +0100 Subject: [PATCH 24/93] Enhance Invoke-ExecDeviceDelete to support tenantFilter and action from query parameters --- .../Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 index 644edea28aed..7fd95cdeb8f4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 @@ -12,10 +12,10 @@ Function Invoke-ExecDeviceDelete { $APIName = $TriggerMetadata.FunctionName $ExecutingUser = $Request.headers.'x-ms-client-principal' - $TenantFilter = $Request.body.tenantFilter Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with body parameters or the body of the request. + $TenantFilter = $Request.body.tenantFilter ?? $Request.Query.tenantFilter $Action = $Request.body.action ?? $Request.Query.action $DeviceID = $Request.body.ID ?? $Request.Query.ID From aa425b2a331304948ec3604f9201b0d83ff07d98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 21:54:37 +0100 Subject: [PATCH 25/93] Use tertiary operator instead to improve readability --- .../Email-Exchange/Invoke-ExecHideFromGAL.ps1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 index 034bcce73789..145a0ed7c46d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 @@ -17,9 +17,10 @@ Function Invoke-ExecHideFromGAL { # Support if the request is a POST or a GET. So to support legacy(GET) and new(POST) requests - $UserId = if (-not [string]::IsNullOrWhiteSpace($Request.Query.ID)) { $Request.Query.ID } else { $Request.body.ID } - $TenantFilter = if (-not [string]::IsNullOrWhiteSpace($Request.Query.TenantFilter)) { $Request.Query.TenantFilter } else { $Request.body.tenantFilter } - $Hidden = if (-not [string]::IsNullOrWhiteSpace($Request.Query.HideFromGAL)) { [System.Convert]::ToBoolean($Request.Query.HideFromGAL) } else { [System.Convert]::ToBoolean($Request.body.HideFromGAL) } + $UserId = $Request.Query.ID ?? $Request.body.ID + $TenantFilter = $Request.Query.TenantFilter ?? $Request.body.tenantFilter + $Hidden = -not [string]::IsNullOrWhiteSpace($Request.Query.HideFromGAL) ? [System.Convert]::ToBoolean($Request.Query.HideFromGAL) : [System.Convert]::ToBoolean($Request.body.HideFromGAL) + Try { $HideResults = Set-CIPPHideFromGAL -tenantFilter $TenantFilter -UserID $UserId -hidefromgal $Hidden -ExecutingUser $ExecutingUser -APIName $APIName From 4c289073bc77dd431ef655110b15858c220f20d3 Mon Sep 17 00:00:00 2001 From: nicholxs <41819863+nichxlxs@users.noreply.github.com> Date: Mon, 20 Jan 2025 10:04:41 +1100 Subject: [PATCH 26/93] Sort Intune Templates regardless of View --- .../CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 index 37ee1c5bc2a3..e9cf627eab90 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 @@ -48,6 +48,8 @@ Function Invoke-ListIntuneTemplates { if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property guid -EQ $Request.query.id } + # Sort all output regardless of view condition + $Templates = $Templates | Sort-Object -Property displayName # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ From 951cd47a85fdad2da14849a9cd0dd97ebb918a8d Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 20 Jan 2025 01:16:42 +0100 Subject: [PATCH 27/93] backup fixes --- Modules/CIPPCore/Public/New-CIPPBackup.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Modules/CIPPCore/Public/New-CIPPBackup.ps1 b/Modules/CIPPCore/Public/New-CIPPBackup.ps1 index 7e068a1fde90..09d441fcbde9 100644 --- a/Modules/CIPPCore/Public/New-CIPPBackup.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPBackup.ps1 @@ -21,6 +21,8 @@ function New-CIPPBackup { 'standards' 'SchedulerConfig' 'Extensions' + 'WebhookRules' + 'ScheduledTasks' ) $CSVfile = foreach ($CSVTable in $BackupTables) { $Table = Get-CippTable -tablename $CSVTable From 30a55862630e9f7aa884a1f7a344408cf7d3f4c0 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:09:30 +0100 Subject: [PATCH 28/93] hf for run now standards --- Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 index 0f5cbca25204..529b2a9330c4 100644 --- a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 +++ b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 @@ -13,7 +13,7 @@ function Get-CIPPStandards { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'StandardsTemplateV2'" - $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ConvertFrom-Json | Where-Object { + $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ForEach-Object { ConvertFrom-Json -InputObject $_ -ErrorAction SilentlyContinue } | Where-Object { $_.GUID -like $TemplateId -and $_.runManually -eq $runManually } From b27c371655c1081a9d5220d3abc76e2699c125d6 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:15:39 +0100 Subject: [PATCH 29/93] Remove the Azure App Service build and deployment workflow config --- .github/workflows/dev_cippbcaom.yml | 30 ----------------------------- 1 file changed, 30 deletions(-) delete mode 100644 .github/workflows/dev_cippbcaom.yml diff --git a/.github/workflows/dev_cippbcaom.yml b/.github/workflows/dev_cippbcaom.yml deleted file mode 100644 index 4b0517c5303b..000000000000 --- a/.github/workflows/dev_cippbcaom.yml +++ /dev/null @@ -1,30 +0,0 @@ -# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action -# More GitHub Actions for Azure: https://github.com/Azure/actions - -name: Build and deploy Powershell project to Azure Function App - cippbcaom - -on: - push: - branches: - - dev - workflow_dispatch: - -env: - AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root - -jobs: - deploy: - runs-on: windows-latest - - steps: - - name: 'Checkout GitHub Action' - uses: actions/checkout@v4 - - - name: 'Run Azure Functions Action' - uses: Azure/functions-action@v1 - id: fa - with: - app-name: 'cippbcaom' - slot-name: 'Production' - package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} - publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_56AD4FDD49354D0CAB4D9A9E868D2015 }} \ No newline at end of file From b55e63d886f5651eaf6ee00fbafdefd805ec5b5b Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 20 Jan 2025 13:22:37 +0100 Subject: [PATCH 30/93] bug fix empty results --- .../CIPP/Core/invoke-ListEmptyResults.ps1 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/invoke-ListEmptyResults.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/invoke-ListEmptyResults.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/invoke-ListEmptyResults.ps1 new file mode 100644 index 000000000000..c0497528c42a --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/invoke-ListEmptyResults.ps1 @@ -0,0 +1,19 @@ +using namespace System.Net + +Function invoke-ListEmptyResults { + <# + .FUNCTIONALITY + Entrypoint - Purposely lists an empty result + .ROLE + CIPP.Core + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = @() + }) + +} From e3c3b1f0ba558f842b40802cf4f2d1ed08a38d8e Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 20 Jan 2025 13:36:40 +0100 Subject: [PATCH 31/93] fix typecasting --- .../Identity/Administration/Users/Invoke-EditUser.ps1 | 4 ++-- Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index abe7fd5bf030..3f3e51b2a14e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -23,7 +23,7 @@ Function Invoke-EditUser { }) return } - $Results = [System.Collections.Generic.List[string]]::new() + $Results = [System.Collections.Generic.List[object]]::new() $licenses = ($UserObj.licenses).value $Aliases = if ($UserObj.AddedAliases) { ($UserObj.AddedAliases) -split '\s' } $AddToGroups = $Request.body.AddToGroups @@ -133,7 +133,7 @@ Function Invoke-EditUser { if ($Request.body.CopyFrom.value) { $CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $User -CopyFromId $Request.body.CopyFrom.value -UserID $UserPrincipalName -TenantFilter $UserObj.tenantFilter - $null = $results.AddRange($CopyFrom) + $null = $results.AddRange(@($CopyFrom)) } if ($AddToGroups) { diff --git a/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 b/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 index 550c9400f551..bdc0c0cb1409 100644 --- a/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 @@ -38,8 +38,8 @@ function Set-CIPPCopyGroupMembers { '@odata.id' = $ODataBind } | ConvertTo-Json -Compress - $Success = [System.Collections.Generic.List[string]]::new() - $Errors = [System.Collections.Generic.List[string]]::new() + $Success = [System.Collections.Generic.List[object]]::new() + $Errors = [System.Collections.Generic.List[object]]::new() $Memberships = $CopyFromMemberships | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.group' -and $_.groupTypes -notcontains 'DynamicMembership' -and $_.onPremisesSyncEnabled -ne $true -and $_.visibility -ne 'Public' -and $CurrentMemberships.id -notcontains $_.id } $ScheduleExchangeGroupTask = $false foreach ($MailGroup in $Memberships) { From 6f5a32039d794fcd49fd3e3b01ce4b0424518b0d Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 20 Jan 2025 13:52:27 +0100 Subject: [PATCH 32/93] fix singular add --- .../HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 index 889b79f232c6..922357511af4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 @@ -107,10 +107,10 @@ Function Invoke-ExecAddGDAPRole { $RoleMappings = [System.Collections.Generic.List[object]]::new() if ($ExistingRoleMappings) { - $RoleMappings.AddRange($ExistingRoleMappings) + $RoleMappings.AddRange(@($ExistingRoleMappings)) } if ($NewRoleMappings) { - $RoleMappings.AddRange($NewRoleMappings) + $RoleMappings.AddRange(@($NewRoleMappings)) } if ($Request.Body.templateId) { From af7fdb77b667878014b77f8b4c707e77b38f82a3 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 20 Jan 2025 14:39:56 +0100 Subject: [PATCH 33/93] fixes template overview --- .../Entrypoints/Invoke-ListIntuneTemplates.ps1 | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 index e9cf627eab90..240d12d26d98 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 @@ -34,16 +34,19 @@ Function Invoke-ListIntuneTemplates { #List new policies $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'IntuneTemplate'" - $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter).JSON | ConvertFrom-Json + $RawTemplates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) if ($Request.query.View) { - $Templates = $Templates | ForEach-Object { - $data = $_.RAWJson | ConvertFrom-Json -Depth 100 - $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $_.Displayname -Force - $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $_.Description -Force - $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $_.Type -Force + $Templates = $RawTemplates | ForEach-Object { + $JSONData = $_.JSON | ConvertFrom-Json + $data = $JSONData.RAWJson | ConvertFrom-Json -Depth 100 + $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $JSONData.Displayname -Force + $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $JSONData.Description -Force + $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force $data } | Sort-Object -Property displayName + } else { + $Templates = $RawTemplates.JSON | ConvertFrom-Json } if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property guid -EQ $Request.query.id } From b185974a2e902a5511f8d3ad936645d8418f7487 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 20 Jan 2025 17:40:36 +0100 Subject: [PATCH 34/93] FIX support for GET and POST and clean up code a bit --- .../Invoke-AddTransportTemplate.ps1 | 15 +++++----- .../Invoke-EditTransportRule.ps1 | 25 +++++++++------- .../Public/Invoke-RemoveTransportRule.ps1 | 29 ++++++++++--------- 3 files changed, 38 insertions(+), 31 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 index 0f7fb738e6ff..293d525c4628 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 @@ -11,7 +11,8 @@ Function Invoke-AddTransportTemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host ($request | ConvertTo-Json -Compress) try { @@ -19,8 +20,7 @@ Function Invoke-AddTransportTemplate { $JSON = if ($request.body.PowerShellCommand) { Write-Host 'PowerShellCommand' $request.body.PowerShellCommand | ConvertFrom-Json - } - else { + } else { ([pscustomobject]$Request.body | Select-Object Name, ActivationDate, ADComparisonAttribute, ADComparisonOperator, AddManagerAsRecipientType, AddToRecipients, AnyOfCcHeader, AnyOfCcHeaderMemberOf, AnyOfRecipientAddressContainsWords, AnyOfRecipientAddressMatchesPatterns, AnyOfToCcHeader, AnyOfToCcHeaderMemberOf, AnyOfToHeader, AnyOfToHeaderMemberOf, ApplyClassification, ApplyHtmlDisclaimerFallbackAction, ApplyHtmlDisclaimerLocation, ApplyHtmlDisclaimerText, ApplyOME, ApplyRightsProtectionCustomizationTemplate, ApplyRightsProtectionTemplate, AttachmentContainsWords, AttachmentExtensionMatchesWords, AttachmentHasExecutableContent, AttachmentIsPasswordProtected, AttachmentIsUnsupported, AttachmentMatchesPatterns, AttachmentNameMatchesPatterns, AttachmentProcessingLimitExceeded, AttachmentPropertyContainsWords, AttachmentSizeOver, BetweenMemberOf1, BetweenMemberOf2, BlindCopyTo, Comments, Confirm, ContentCharacterSetContainsWords, CopyTo, DeleteMessage, DlpPolicy, DomainController, Enabled, ExceptIfADComparisonAttribute, ExceptIfADComparisonOperator, ExceptIfAnyOfCcHeader, ExceptIfAnyOfCcHeaderMemberOf, ExceptIfAnyOfRecipientAddressContainsWords, ExceptIfAnyOfRecipientAddressMatchesPatterns, ExceptIfAnyOfToCcHeader, ExceptIfAnyOfToCcHeaderMemberOf, ExceptIfAnyOfToHeader, ExceptIfAnyOfToHeaderMemberOf, ExceptIfAttachmentContainsWords, ExceptIfAttachmentExtensionMatchesWords, ExceptIfAttachmentHasExecutableContent, ExceptIfAttachmentIsPasswordProtected, ExceptIfAttachmentIsUnsupported, ExceptIfAttachmentMatchesPatterns, ExceptIfAttachmentNameMatchesPatterns, ExceptIfAttachmentProcessingLimitExceeded, ExceptIfAttachmentPropertyContainsWords, ExceptIfAttachmentSizeOver, ExceptIfBetweenMemberOf1, ExceptIfBetweenMemberOf2, ExceptIfContentCharacterSetContainsWords, ExceptIfFrom, ExceptIfFromAddressContainsWords, ExceptIfFromAddressMatchesPatterns, ExceptIfFromMemberOf, ExceptIfFromScope, ExceptIfHasClassification, ExceptIfHasNoClassification, ExceptIfHasSenderOverride, ExceptIfHeaderContainsMessageHeader, ExceptIfHeaderContainsWords, ExceptIfHeaderMatchesMessageHeader, ExceptIfHeaderMatchesPatterns, ExceptIfManagerAddresses, ExceptIfManagerForEvaluatedUser, ExceptIfMessageContainsDataClassifications, ExceptIfMessageSizeOver, ExceptIfMessageTypeMatches, ExceptIfRecipientADAttributeContainsWords, ExceptIfRecipientADAttributeMatchesPatterns, ExceptIfRecipientAddressContainsWords, ExceptIfRecipientAddressMatchesPatterns, ExceptIfRecipientDomainIs, ExceptIfRecipientInSenderList, ExceptIfSCLOver, ExceptIfSenderADAttributeContainsWords, ExceptIfSenderADAttributeMatchesPatterns, ExceptIfSenderDomainIs, ExceptIfSenderInRecipientList, ExceptIfSenderIpRanges, ExceptIfSenderManagementRelationship, ExceptIfSentTo, ExceptIfSentToMemberOf, ExceptIfSentToScope, ExceptIfSubjectContainsWords, ExceptIfSubjectMatchesPatterns, ExceptIfSubjectOrBodyContainsWords, ExceptIfSubjectOrBodyMatchesPatterns, ExceptIfWithImportance, ExpiryDate, From, FromAddressContainsWords, FromAddressMatchesPatterns, FromMemberOf, FromScope, GenerateIncidentReport, GenerateNotification, HasClassification, HasNoClassification, HasSenderOverride, HeaderContainsMessageHeader, HeaderContainsWords, HeaderMatchesMessageHeader, HeaderMatchesPatterns, IncidentReportContent, IncidentReportOriginalMail, LogEventText, ManagerAddresses, ManagerForEvaluatedUser, MessageContainsDataClassifications, MessageSizeOver, MessageTypeMatches, Mode, ModerateMessageByManager, ModerateMessageByUser, NotifySender, PrependSubject, Quarantine, RecipientADAttributeContainsWords, RecipientADAttributeMatchesPatterns, RecipientAddressContainsWords, RecipientAddressMatchesPatterns, RecipientAddressType, RecipientDomainIs, RecipientInSenderList, RedirectMessageTo, RejectMessageEnhancedStatusCode, RejectMessageReasonText, RemoveHeader, RemoveOME, RemoveOMEv2, RemoveRMSAttachmentEncryption, RouteMessageOutboundConnector, RouteMessageOutboundRequireTls, RuleErrorAction, RuleSubType, SCLOver, SenderADAttributeContainsWords, SenderADAttributeMatchesPatterns, SenderAddressLocation, SenderDomainIs, SenderInRecipientList, SenderIpRanges, SenderManagementRelationship, SentTo, SentToMemberOf, SentToScope, SetAuditSeverity, SetHeaderName, SetHeaderValue, SetSCL, SmtpRejectMessageRejectStatusCode, SmtpRejectMessageRejectText, StopRuleProcessing, SubjectContainsWords, SubjectMatchesPatterns, SubjectOrBodyContainsWords, SubjectOrBodyMatchesPatterns, UseLegacyRegex, WithImportance ) | ForEach-Object { $NonEmptyProperties = $_.psobject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name $_ | Select-Object -Property $NonEmptyProperties @@ -34,13 +34,12 @@ Function Invoke-AddTransportTemplate { RowKey = "$GUID" PartitionKey = 'TransportTemplate' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -user $ExecutingUser -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug $body = [pscustomobject]@{'Results' = 'Successfully added template' } - } - catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create Transport Rule Template: $($_.Exception.Message)" -Sev 'Error' - $body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" } + } catch { + Write-LogMessage -user $ExecutingUser -API $APINAME -message "Failed to create Transport Rule Template: $($_.Exception.Message)" -Sev Error + $body = [pscustomobject]@{'Results' = "Template Deployment failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 index 52837656b0e0..eb8f57c38f10 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 @@ -11,28 +11,33 @@ Function Invoke-EditTransportRule { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenantfilter = $request.Query.tenantfilter + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter + $Identity = $Request.Query.guid ?? $Request.body.guid + $State = $Request.Query.state ?? $Request.body.state $Params = @{ - Identity = $request.query.guid + Identity = $Identity } try { - $cmdlet = if ($request.query.state -eq 'enable') { 'Enable-TransportRule' } else { 'Disable-TransportRule' } - $null = New-ExoRequest -tenantid $Tenantfilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true - $Result = "Set transport rule $($Request.query.guid) to $($request.query.State)" - Write-LogMessage -user $User -API $APINAME -tenant $tenantfilter -message "Set transport rule $($Request.query.guid) to $($request.query.State)" -sev Info + $cmdlet = if ($State -eq 'enable') { 'Enable-TransportRule' } else { 'Disable-TransportRule' } + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true + $Result = "Set transport rule $($Identity) to $($State)" + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message $Result -sev Info + $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $tenantfilter -message "Failed setting transport rule $($Request.query.guid) to $($request.query.State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Failed setting transport rule $($Identity) to $($State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError + $StatusCode = [HttpStatusCode]::Forbidden } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = @{Results = $Result } }) diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 index 8db570555836..fceb370fd81b 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 @@ -11,29 +11,32 @@ Function Invoke-RemoveTransportRule { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenantfilter = $request.Query.tenantfilter + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APIName -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter + $Identity = $Request.Query.guid ?? $Request.body.guid $Params = @{ - Identity = $request.query.guid + Identity = $Identity } try { $cmdlet = 'Remove-TransportRule' - $null = New-ExoRequest -tenantid $Tenantfilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true - $Result = "Deleted $($Request.query.guid)" - Write-LogMessage -user $User -API $APIName -tenant $tenantfilter -message "Deleted transport rule $($Request.query.guid)" -sev Debug + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet $cmdlet -cmdParams $Params -UseSystemMailbox $true + $Result = "Deleted $($Identity)" + Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Deleted transport rule $($Identity)" -Sev Info + $StatusCode = [HttpStatusCode]::OK } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception - Write-LogMessage -user $User -API $APIName -tenant $tenantfilter -message "Failed deleting transport rule $($Request.query.guid). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage - $Result = $ErrorMessage + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Failed deleting transport rule $($Identity). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + $Result = $ErrorMessage.NormalizedError + $StatusCode = [HttpStatusCode]::Forbidden } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = @{Results = $Result } + StatusCode = $StatusCode + Body = @{ Results = $Result } }) - } From 911af41c848482ef3c92419487bb6b7cf9100cfa Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 20 Jan 2025 12:34:11 -0500 Subject: [PATCH 35/93] fix post functions --- .../HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 | 2 +- Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 | 2 +- Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 index 52837656b0e0..2c5fd60f4f76 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 @@ -17,7 +17,7 @@ Function Invoke-EditTransportRule { $Params = @{ - Identity = $request.query.guid + Identity = $request.query.guid ?? $request.body.guid } try { diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 index 8db570555836..d12528285bf9 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 @@ -17,7 +17,7 @@ Function Invoke-RemoveTransportRule { $Params = @{ - Identity = $request.query.guid + Identity = $request.query.guid ?? $request.body.guid } try { diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 index 997c150e47f8..1f32522ecddf 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 @@ -14,7 +14,7 @@ Function Invoke-RemoveTransportRuleTemplate { $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $ID = $request.query.id + $ID = $request.query.id ?? $request.body.id try { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'TransportTemplate' and RowKey eq '$id'" From 9f71fe1f32dc94834449f4ef45515011360a6e2e Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 20 Jan 2025 12:35:55 -0500 Subject: [PATCH 36/93] specify utc time --- Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index 176167ea597f..c96f93f810f4 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -128,7 +128,7 @@ function Test-CIPPAccessPermissions { $Messages.Add('You have all the required permissions.') | Out-Null } - $LastUpdate = $GraphPermissions.Timestamp + $LastUpdate = [DateTime]::SpecifyKind($GraphPermissions.Timestamp.DateTime, [DateTimeKind]::Utc) $CpvTable = Get-CippTable -tablename 'cpvtenants' $CpvRefresh = Get-CippAzDataTableEntity @CpvTable -Filter "PartitionKey eq 'Tenant'" $TenantList = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantID -and $_.Excluded -eq $false } From 56a98eeddeac4e4c987c5eb294c561f116ded85d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 20 Jan 2025 20:08:20 +0100 Subject: [PATCH 37/93] im going to lose my mind --- Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 index 703a6aa3b9ac..fceb370fd81b 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 @@ -18,11 +18,7 @@ Function Invoke-RemoveTransportRule { $Identity = $Request.Query.guid ?? $Request.body.guid $Params = @{ -<<<<<<< HEAD Identity = $Identity -======= - Identity = $request.query.guid ?? $request.body.guid ->>>>>>> upstream/dev } try { From ba1e34f251c87788e64dc7dfd3fbec9cc3a3b575 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 20 Jan 2025 20:09:55 +0100 Subject: [PATCH 38/93] can you please stop it and just work now --- Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 | 2 +- Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 index 997c150e47f8..1f32522ecddf 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 @@ -14,7 +14,7 @@ Function Invoke-RemoveTransportRuleTemplate { $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $ID = $request.query.id + $ID = $request.query.id ?? $request.body.id try { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'TransportTemplate' and RowKey eq '$id'" diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index 176167ea597f..c96f93f810f4 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -128,7 +128,7 @@ function Test-CIPPAccessPermissions { $Messages.Add('You have all the required permissions.') | Out-Null } - $LastUpdate = $GraphPermissions.Timestamp + $LastUpdate = [DateTime]::SpecifyKind($GraphPermissions.Timestamp.DateTime, [DateTimeKind]::Utc) $CpvTable = Get-CippTable -tablename 'cpvtenants' $CpvRefresh = Get-CippAzDataTableEntity @CpvTable -Filter "PartitionKey eq 'Tenant'" $TenantList = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantID -and $_.Excluded -eq $false } From eaccbaa287f52e5ece572e4a0ba41a69ce6c6861 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 20 Jan 2025 14:10:29 -0500 Subject: [PATCH 39/93] Update New-PwPushLink.ps1 --- .../Public/PwPush/New-PwPushLink.ps1 | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 b/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 index 0a29234f0071..566bf8c3cb45 100644 --- a/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 +++ b/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 @@ -1,11 +1,11 @@ function New-PwPushLink { - [CmdletBinding()] + [CmdletBinding(SupportsShouldProcess)] Param( $Payload ) $Table = Get-CIPPTable -TableName Extensionsconfig $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).PWPush - if ($Configuration.Enabled) { + if ($Configuration.Enabled -eq $true) { Set-PwPushConfig -Configuration $Configuration $PushParams = @{ Payload = $Payload @@ -14,15 +14,17 @@ function New-PwPushLink { if ($Configuration.ExpireAfterViews) { $PushParams.ExpireAfterViews = $Configuration.ExpireAfterViews } if ($Configuration.DeletableByViewer) { $PushParams.DeletableByViewer = $Configuration.DeletableByViewer } try { - $Link = New-Push @PushParams | Select-Object Link, LinkRetrievalStep - if ($Configuration.RetrievalStep) { - $Link.Link = $Link.LinkRetrievalStep + if ($PSCmdlet.ShouldProcess('Create a new PwPush link')) { + $Link = New-Push @PushParams + if ($Configuration.RetrievalStep) { + return $Link.LinkRetrievalStep + } + return $Link.Link } - $Link | Select-Object -ExpandProperty Link } catch { $LogData = [PSCustomObject]@{ - 'Response' = $Link - 'Exception' = Get-CippException -Exception $_ + 'Response' = $Link + 'Exception' = Get-CippException -Exception $_ } Write-LogMessage -API PwPush -Message "Failed to create a new PwPush link: $($_.Exception.Message)" -Sev 'Error' -LogData $LogData throw 'Failed to create a new PwPush link, check the log book for more details' From f7a560bb8d21dde21349609f076f83a79dac5c78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 20 Jan 2025 22:10:40 +0100 Subject: [PATCH 40/93] Refactor logging and variable naming in Invoke-AddTransportRule function for clarity and consistency --- .../Invoke-AddTransportRule.ps1 | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 index 82363d390adb..fae7f8b60e5f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 @@ -11,29 +11,31 @@ Function Invoke-AddTransportRule { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExetutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExetutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, Comments, HasSenderOverride, ExceptIfHasSenderOverride, ExceptIfMessageContainsDataClassifications, MessageContainsDataClassifications + $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, HasSenderOverride, ExceptIfHasSenderOverride, ExceptIfMessageContainsDataClassifications, MessageContainsDataClassifications $Tenants = ($Request.body.selectedTenants).value - $Result = foreach ($Tenantfilter in $tenants) { - $Existing = New-ExoRequest -ErrorAction SilentlyContinue -tenantid $Tenantfilter -cmdlet 'Get-TransportRule' -useSystemMailbox $true | Where-Object -Property Identity -EQ $RequestParams.name + $Result = foreach ($tenantFilter in $tenants) { + $Existing = New-ExoRequest -ErrorAction SilentlyContinue -tenantid $tenantFilter -cmdlet 'Get-TransportRule' -useSystemMailbox $true | Where-Object -Property Identity -EQ $RequestParams.name try { if ($Existing) { Write-Host 'Found existing' $RequestParams | Add-Member -NotePropertyValue $RequestParams.name -NotePropertyName Identity - $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Set-TransportRule' -cmdParams ($RequestParams | Select-Object -Property * -ExcludeProperty UseLegacyRegex) -useSystemMailbox $true - "Successfully set transport rule for $tenantfilter." + $null = New-ExoRequest -tenantid $tenantFilter -cmdlet 'Set-TransportRule' -cmdParams ($RequestParams | Select-Object -Property * -ExcludeProperty UseLegacyRegex) -useSystemMailbox $true + "Successfully set transport rule for $tenantFilter." } else { Write-Host 'Creating new' - $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'New-TransportRule' -cmdParams $RequestParams -useSystemMailbox $true - "Successfully created transport rule for $tenantfilter." + $null = New-ExoRequest -tenantid $tenantFilter -cmdlet 'New-TransportRule' -cmdParams $RequestParams -useSystemMailbox $true + "Successfully created transport rule for $tenantFilter." } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Created transport rule for $($tenantfilter)" -sev Info + Write-LogMessage -user $ExetutingUser -API $APINAME -tenant $tenantFilter -message "Created transport rule for $($tenantFilter)" -sev Info } catch { - "Could not create transport rule for $($tenantfilter): $($_.Exception.message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Could not create transport rule for $($tenantfilter). Error:$($_.Exception.message)" -sev Error + $ErrorMessage = Get-CippException -Exception $_ + "Could not create transport rule for $($tenantFilter): $($ErrorMessage.NormalizedError)" + Write-LogMessage -user $ExetutingUser -API $APINAME -tenant $tenantFilter -message "Could not create transport rule for $($tenantFilter). Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } } From 8ff9887c848d7d59e4474f533f64f9c67a724ccc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 20 Jan 2025 22:11:00 +0100 Subject: [PATCH 41/93] Enhance Invoke-AddTransportTemplate function with improved JSON handling and error messaging --- .../Invoke-AddTransportTemplate.ps1 | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 index 293d525c4628..9c176d7c8939 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 @@ -13,7 +13,7 @@ Function Invoke-AddTransportTemplate { $APIName = $TriggerMetadata.FunctionName $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug - Write-Host ($request | ConvertTo-Json -Compress) + Write-Host ($request | ConvertTo-Json -Depth 10 -Compress) try { $GUID = (New-Guid).GUID @@ -21,31 +21,34 @@ Function Invoke-AddTransportTemplate { Write-Host 'PowerShellCommand' $request.body.PowerShellCommand | ConvertFrom-Json } else { - ([pscustomobject]$Request.body | Select-Object Name, ActivationDate, ADComparisonAttribute, ADComparisonOperator, AddManagerAsRecipientType, AddToRecipients, AnyOfCcHeader, AnyOfCcHeaderMemberOf, AnyOfRecipientAddressContainsWords, AnyOfRecipientAddressMatchesPatterns, AnyOfToCcHeader, AnyOfToCcHeaderMemberOf, AnyOfToHeader, AnyOfToHeaderMemberOf, ApplyClassification, ApplyHtmlDisclaimerFallbackAction, ApplyHtmlDisclaimerLocation, ApplyHtmlDisclaimerText, ApplyOME, ApplyRightsProtectionCustomizationTemplate, ApplyRightsProtectionTemplate, AttachmentContainsWords, AttachmentExtensionMatchesWords, AttachmentHasExecutableContent, AttachmentIsPasswordProtected, AttachmentIsUnsupported, AttachmentMatchesPatterns, AttachmentNameMatchesPatterns, AttachmentProcessingLimitExceeded, AttachmentPropertyContainsWords, AttachmentSizeOver, BetweenMemberOf1, BetweenMemberOf2, BlindCopyTo, Comments, Confirm, ContentCharacterSetContainsWords, CopyTo, DeleteMessage, DlpPolicy, DomainController, Enabled, ExceptIfADComparisonAttribute, ExceptIfADComparisonOperator, ExceptIfAnyOfCcHeader, ExceptIfAnyOfCcHeaderMemberOf, ExceptIfAnyOfRecipientAddressContainsWords, ExceptIfAnyOfRecipientAddressMatchesPatterns, ExceptIfAnyOfToCcHeader, ExceptIfAnyOfToCcHeaderMemberOf, ExceptIfAnyOfToHeader, ExceptIfAnyOfToHeaderMemberOf, ExceptIfAttachmentContainsWords, ExceptIfAttachmentExtensionMatchesWords, ExceptIfAttachmentHasExecutableContent, ExceptIfAttachmentIsPasswordProtected, ExceptIfAttachmentIsUnsupported, ExceptIfAttachmentMatchesPatterns, ExceptIfAttachmentNameMatchesPatterns, ExceptIfAttachmentProcessingLimitExceeded, ExceptIfAttachmentPropertyContainsWords, ExceptIfAttachmentSizeOver, ExceptIfBetweenMemberOf1, ExceptIfBetweenMemberOf2, ExceptIfContentCharacterSetContainsWords, ExceptIfFrom, ExceptIfFromAddressContainsWords, ExceptIfFromAddressMatchesPatterns, ExceptIfFromMemberOf, ExceptIfFromScope, ExceptIfHasClassification, ExceptIfHasNoClassification, ExceptIfHasSenderOverride, ExceptIfHeaderContainsMessageHeader, ExceptIfHeaderContainsWords, ExceptIfHeaderMatchesMessageHeader, ExceptIfHeaderMatchesPatterns, ExceptIfManagerAddresses, ExceptIfManagerForEvaluatedUser, ExceptIfMessageContainsDataClassifications, ExceptIfMessageSizeOver, ExceptIfMessageTypeMatches, ExceptIfRecipientADAttributeContainsWords, ExceptIfRecipientADAttributeMatchesPatterns, ExceptIfRecipientAddressContainsWords, ExceptIfRecipientAddressMatchesPatterns, ExceptIfRecipientDomainIs, ExceptIfRecipientInSenderList, ExceptIfSCLOver, ExceptIfSenderADAttributeContainsWords, ExceptIfSenderADAttributeMatchesPatterns, ExceptIfSenderDomainIs, ExceptIfSenderInRecipientList, ExceptIfSenderIpRanges, ExceptIfSenderManagementRelationship, ExceptIfSentTo, ExceptIfSentToMemberOf, ExceptIfSentToScope, ExceptIfSubjectContainsWords, ExceptIfSubjectMatchesPatterns, ExceptIfSubjectOrBodyContainsWords, ExceptIfSubjectOrBodyMatchesPatterns, ExceptIfWithImportance, ExpiryDate, From, FromAddressContainsWords, FromAddressMatchesPatterns, FromMemberOf, FromScope, GenerateIncidentReport, GenerateNotification, HasClassification, HasNoClassification, HasSenderOverride, HeaderContainsMessageHeader, HeaderContainsWords, HeaderMatchesMessageHeader, HeaderMatchesPatterns, IncidentReportContent, IncidentReportOriginalMail, LogEventText, ManagerAddresses, ManagerForEvaluatedUser, MessageContainsDataClassifications, MessageSizeOver, MessageTypeMatches, Mode, ModerateMessageByManager, ModerateMessageByUser, NotifySender, PrependSubject, Quarantine, RecipientADAttributeContainsWords, RecipientADAttributeMatchesPatterns, RecipientAddressContainsWords, RecipientAddressMatchesPatterns, RecipientAddressType, RecipientDomainIs, RecipientInSenderList, RedirectMessageTo, RejectMessageEnhancedStatusCode, RejectMessageReasonText, RemoveHeader, RemoveOME, RemoveOMEv2, RemoveRMSAttachmentEncryption, RouteMessageOutboundConnector, RouteMessageOutboundRequireTls, RuleErrorAction, RuleSubType, SCLOver, SenderADAttributeContainsWords, SenderADAttributeMatchesPatterns, SenderAddressLocation, SenderDomainIs, SenderInRecipientList, SenderIpRanges, SenderManagementRelationship, SentTo, SentToMemberOf, SentToScope, SetAuditSeverity, SetHeaderName, SetHeaderValue, SetSCL, SmtpRejectMessageRejectStatusCode, SmtpRejectMessageRejectText, StopRuleProcessing, SubjectContainsWords, SubjectMatchesPatterns, SubjectOrBodyContainsWords, SubjectOrBodyMatchesPatterns, UseLegacyRegex, WithImportance ) | ForEach-Object { - $NonEmptyProperties = $_.psobject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name - $_ | Select-Object -Property $NonEmptyProperties - } + ([pscustomobject]$Request.body | Select-Object Name, ActivationDate, ADComparisonAttribute, ADComparisonOperator, AddManagerAsRecipientType, AddToRecipients, AnyOfCcHeader, AnyOfCcHeaderMemberOf, AnyOfRecipientAddressContainsWords, AnyOfRecipientAddressMatchesPatterns, AnyOfToCcHeader, AnyOfToCcHeaderMemberOf, AnyOfToHeader, AnyOfToHeaderMemberOf, ApplyClassification, ApplyHtmlDisclaimerFallbackAction, ApplyHtmlDisclaimerLocation, ApplyHtmlDisclaimerText, ApplyOME, ApplyRightsProtectionCustomizationTemplate, ApplyRightsProtectionTemplate, AttachmentContainsWords, AttachmentExtensionMatchesWords, AttachmentHasExecutableContent, AttachmentIsPasswordProtected, AttachmentIsUnsupported, AttachmentMatchesPatterns, AttachmentNameMatchesPatterns, AttachmentProcessingLimitExceeded, AttachmentPropertyContainsWords, AttachmentSizeOver, BetweenMemberOf1, BetweenMemberOf2, BlindCopyTo, Comments, Confirm, ContentCharacterSetContainsWords, CopyTo, DeleteMessage, DlpPolicy, DomainController, Enabled, ExceptIfADComparisonAttribute, ExceptIfADComparisonOperator, ExceptIfAnyOfCcHeader, ExceptIfAnyOfCcHeaderMemberOf, ExceptIfAnyOfRecipientAddressContainsWords, ExceptIfAnyOfRecipientAddressMatchesPatterns, ExceptIfAnyOfToCcHeader, ExceptIfAnyOfToCcHeaderMemberOf, ExceptIfAnyOfToHeader, ExceptIfAnyOfToHeaderMemberOf, ExceptIfAttachmentContainsWords, ExceptIfAttachmentExtensionMatchesWords, ExceptIfAttachmentHasExecutableContent, ExceptIfAttachmentIsPasswordProtected, ExceptIfAttachmentIsUnsupported, ExceptIfAttachmentMatchesPatterns, ExceptIfAttachmentNameMatchesPatterns, ExceptIfAttachmentProcessingLimitExceeded, ExceptIfAttachmentPropertyContainsWords, ExceptIfAttachmentSizeOver, ExceptIfBetweenMemberOf1, ExceptIfBetweenMemberOf2, ExceptIfContentCharacterSetContainsWords, ExceptIfFrom, ExceptIfFromAddressContainsWords, ExceptIfFromAddressMatchesPatterns, ExceptIfFromMemberOf, ExceptIfFromScope, ExceptIfHasClassification, ExceptIfHasNoClassification, ExceptIfHasSenderOverride, ExceptIfHeaderContainsMessageHeader, ExceptIfHeaderContainsWords, ExceptIfHeaderMatchesMessageHeader, ExceptIfHeaderMatchesPatterns, ExceptIfManagerAddresses, ExceptIfManagerForEvaluatedUser, ExceptIfMessageContainsDataClassifications, ExceptIfMessageSizeOver, ExceptIfMessageTypeMatches, ExceptIfRecipientADAttributeContainsWords, ExceptIfRecipientADAttributeMatchesPatterns, ExceptIfRecipientAddressContainsWords, ExceptIfRecipientAddressMatchesPatterns, ExceptIfRecipientDomainIs, ExceptIfRecipientInSenderList, ExceptIfSCLOver, ExceptIfSenderADAttributeContainsWords, ExceptIfSenderADAttributeMatchesPatterns, ExceptIfSenderDomainIs, ExceptIfSenderInRecipientList, ExceptIfSenderIpRanges, ExceptIfSenderManagementRelationship, ExceptIfSentTo, ExceptIfSentToMemberOf, ExceptIfSentToScope, ExceptIfSubjectContainsWords, ExceptIfSubjectMatchesPatterns, ExceptIfSubjectOrBodyContainsWords, ExceptIfSubjectOrBodyMatchesPatterns, ExceptIfWithImportance, ExpiryDate, From, FromAddressContainsWords, FromAddressMatchesPatterns, FromMemberOf, FromScope, GenerateIncidentReport, GenerateNotification, HasClassification, HasNoClassification, HasSenderOverride, HeaderContainsMessageHeader, HeaderContainsWords, HeaderMatchesMessageHeader, HeaderMatchesPatterns, IncidentReportContent, IncidentReportOriginalMail, LogEventText, ManagerAddresses, ManagerForEvaluatedUser, MessageContainsDataClassifications, MessageSizeOver, MessageTypeMatches, Mode, ModerateMessageByManager, ModerateMessageByUser, NotifySender, PrependSubject, Quarantine, RecipientADAttributeContainsWords, RecipientADAttributeMatchesPatterns, RecipientAddressContainsWords, RecipientAddressMatchesPatterns, RecipientAddressType, RecipientDomainIs, RecipientInSenderList, RedirectMessageTo, RejectMessageEnhancedStatusCode, RejectMessageReasonText, RemoveHeader, RemoveOME, RemoveOMEv2, RemoveRMSAttachmentEncryption, RouteMessageOutboundConnector, RouteMessageOutboundRequireTls, RuleErrorAction, RuleSubType, SCLOver, SenderADAttributeContainsWords, SenderADAttributeMatchesPatterns, SenderAddressLocation, SenderDomainIs, SenderInRecipientList, SenderIpRanges, SenderManagementRelationship, SentTo, SentToMemberOf, SentToScope, SetAuditSeverity, SetHeaderName, SetHeaderValue, SetSCL, SmtpRejectMessageRejectStatusCode, SmtpRejectMessageRejectText, StopRuleProcessing, SubjectContainsWords, SubjectMatchesPatterns, SubjectOrBodyContainsWords, SubjectOrBodyMatchesPatterns, UseLegacyRegex, WithImportance ) | + ForEach-Object { + $NonEmptyProperties = $_.PSObject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name + $_ | Select-Object -Property $NonEmptyProperties + } } $JSON = ($JSON | Select-Object @{n = 'name'; e = { $_.name } }, @{n = 'comments'; e = { $_.comments } }, * | ConvertTo-Json -Depth 10) $Table = Get-CippTable -tablename 'templates' $Table.Force = $true Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$json" + JSON = "$JSON" RowKey = "$GUID" PartitionKey = 'TransportTemplate' } Write-LogMessage -user $ExecutingUser -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug - $body = [pscustomobject]@{'Results' = 'Successfully added template' } - + $body = [pscustomobject]@{'Results' = "Created Transport Rule Template $($Request.body.name) with GUID $GUID" } + $StatusCode = [HttpStatusCode]::OK } catch { - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Failed to create Transport Rule Template: $($_.Exception.Message)" -Sev Error - $body = [pscustomobject]@{'Results' = "Template Deployment failed: $($_.Exception.Message)" } + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APINAME -message "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + $body = [pscustomobject]@{'Results' = "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" } + $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $body }) From 28908edc6101e1c41161149cff235952143c8ae7 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Tue, 21 Jan 2025 02:04:29 +0100 Subject: [PATCH 42/93] stuff --- .../CIPP/Settings/Invoke-ExecRestoreBackup.ps1 | 2 +- .../Tenant/Standards/Invoke-listStandardTemplates.ps1 | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 index 2898b57c89ae..e07e8e139dca 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 @@ -41,7 +41,7 @@ Function Invoke-ExecRestoreBackup { $ht2 = @{} $line.psobject.properties | ForEach-Object { $ht2[$_.Name] = [string]$_.Value } $Table.Entity = $ht2 - Add-CIPPAzDataTableEntity @Table -Force + Add-AzDataTableEntity @Table -Force } Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Created backup' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 index eaeba1486007..d7856daff6cf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 @@ -15,10 +15,11 @@ Function Invoke-listStandardTemplates { $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object { $JSON = $_.JSON try { + $RowKey = $_.RowKey $data = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue } catch { - Write-Host "Could not load standard template: $($_.Exception.Message). Content of the template is: $($JSON)." - Write-Host "Template GUID: $($_.GUID)" + Write-Host "Could not load standard template: $($_.Exception.Message)." + Write-Host "Template GUID: $($RowKey)" return } $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force From ff27ec9a94fc98de9d640f153fecc7e91a6d7604 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Tue, 21 Jan 2025 12:22:22 +0100 Subject: [PATCH 43/93] add json compress --- .../Tenant/Standards/Invoke-ExecStandardConvert.ps1 | 2 +- .../Tenant/Standards/Invoke-listStandardTemplates.ps1 | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardConvert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardConvert.ps1 index 659ca385d93b..915ba2ef475b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardConvert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardConvert.ps1 @@ -204,7 +204,7 @@ function Invoke-ExecStandardConvert { $Converted | Add-Member -NotePropertyName 'createdAt' -NotePropertyValue ((Get-Date).ToUniversalTime()) -Force $Converted | Add-Member -NotePropertyName 'updatedBy' -NotePropertyValue 'System' -Force $Converted | Add-Member -NotePropertyName 'updatedAt' -NotePropertyValue (Get-Date).ToUniversalTime() -Force - $JSON = ConvertTo-Json -Depth 40 -InputObject $Converted + $JSON = ConvertTo-Json -Depth 100 -InputObject $Converted -Compress $Table = Get-CippTable -tablename 'templates' $Table.Force = $true diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 index d7856daff6cf..ebf7a663e342 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 @@ -18,8 +18,7 @@ Function Invoke-listStandardTemplates { $RowKey = $_.RowKey $data = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue } catch { - Write-Host "Could not load standard template: $($_.Exception.Message)." - Write-Host "Template GUID: $($RowKey)" + Write-Host "$($RowKey)" return } $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force From bbf40f838cef9e666997b6ed1984ffadb25333e8 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 21 Jan 2025 13:47:07 -0500 Subject: [PATCH 44/93] sharepoint tweaks --- .../HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 | 4 ++-- Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 index 35017077da0f..c7c44c70e403 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 @@ -44,12 +44,12 @@ Function Invoke-ListSites { @{ id = 'listAllSites' method = 'GET' - url = "sites/getAllSites?`$filter=$($Filter)&`$select=id,createdDateTime,description,name,displayName,isPersonalSite,lastModifiedDateTime,webUrl,siteCollection,sharepointIds" + url = "sites/getAllSites?`$filter=$($Filter)&`$select=id,createdDateTime,description,name,displayName,isPersonalSite,lastModifiedDateTime,webUrl,siteCollection,sharepointIds&`$top=999" } @{ id = 'usage' method = 'GET' - url = "reports/get$($type)Detail(period='D7')?`$format=application/json" + url = "reports/get$($type)Detail(period='D7')?`$format=application/json&`$top=999" } ) diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 index bfda5b393a75..5cb79ce0d6a6 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 @@ -44,6 +44,7 @@ function New-GraphBulkRequest { } foreach ($MoreData in $ReturnedData.Responses | Where-Object { $_.body.'@odata.nextLink' }) { Write-Host 'Getting more' + Write-Host $MoreData.body.'@odata.nextLink' $AdditionalValues = New-GraphGetRequest -ComplexFilter -uri $MoreData.body.'@odata.nextLink' -tenantid $tenantid -NoAuthCheck:$NoAuthCheck $NewValues = [System.Collections.Generic.List[PSCustomObject]]$MoreData.body.value $AdditionalValues | ForEach-Object { $NewValues.add($_) } From 8e250e2f1f78119bc33a4ff01a54f0434a46d8d6 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 21 Jan 2025 13:52:34 -0500 Subject: [PATCH 45/93] Update New-GraphBulkRequest.ps1 --- Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 index 5cb79ce0d6a6..d0502b973082 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 @@ -45,7 +45,7 @@ function New-GraphBulkRequest { foreach ($MoreData in $ReturnedData.Responses | Where-Object { $_.body.'@odata.nextLink' }) { Write-Host 'Getting more' Write-Host $MoreData.body.'@odata.nextLink' - $AdditionalValues = New-GraphGetRequest -ComplexFilter -uri $MoreData.body.'@odata.nextLink' -tenantid $tenantid -NoAuthCheck:$NoAuthCheck + $AdditionalValues = New-GraphGetRequest -ComplexFilter -uri $MoreData.body.'@odata.nextLink' -tenantid $tenantid -NoAuthCheck $NoAuthCheck -scope $scope -AsApp $asapp $NewValues = [System.Collections.Generic.List[PSCustomObject]]$MoreData.body.value $AdditionalValues | ForEach-Object { $NewValues.add($_) } $MoreData.body.value = $NewValues From fde5d7eac118a638d6a1b8f9deae5f9577451c1b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 21 Jan 2025 14:47:40 -0500 Subject: [PATCH 46/93] force onboarding list to be an array --- .../Tenant/Administration/Invoke-ListTenantOnboarding.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 index 50a3c1486f61..0c96c95f65fe 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 @@ -31,6 +31,6 @@ function Invoke-ListTenantOnboarding { # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode - Body = $Results + Body = @($Results) }) -} \ No newline at end of file +} From dc9d4b6609cb73a57823dd06c4451b805bb8725c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 21 Jan 2025 21:05:27 +0100 Subject: [PATCH 47/93] Add sort to display newest first --- .../Tenant/Administration/Invoke-ListTenantOnboarding.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 index 0c96c95f65fe..9e65d7bf3a17 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 @@ -22,6 +22,7 @@ function Invoke-ListTenantOnboarding { $TenantOnboarding.Logs = $Logs $TenantOnboarding }) + $Results = $Results | Sort-Object Timestamp -Descending $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMsg = Get-NormalizedError -message $($_.Exception.Message) From d6ca8a4fbea68799bda9efc0015c4e6d234ee1a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 21 Jan 2025 21:07:32 +0100 Subject: [PATCH 48/93] Error message --- .../Tenant/Administration/Invoke-ListTenantOnboarding.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 index 9e65d7bf3a17..8fee5dbf56f8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 @@ -25,8 +25,8 @@ function Invoke-ListTenantOnboarding { $Results = $Results | Sort-Object Timestamp -Descending $StatusCode = [HttpStatusCode]::OK } catch { - $ErrorMsg = Get-NormalizedError -message $($_.Exception.Message) - $Results = "Function Error: $($_.InvocationInfo.ScriptLineNumber) - $ErrorMsg" + $ErrorMessage = Get-CippException -Exception $_ + $Results = "Function Error: $($ErrorMessage.LineNumber) - $($ErrorMessage.NormalizedError)" $StatusCode = [HttpStatusCode]::BadRequest } # Associate values to output bindings by calling 'Push-OutputBinding'. From 7ccd2b8620317022dac053cbcdb250c739bad3c3 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Tue, 21 Jan 2025 22:16:32 +0100 Subject: [PATCH 49/93] fixes tenant standard detection --- .../Standards/Push-CIPPStandard.ps1 | 2 +- .../Standards/Push-GetStandards.ps1 | 1 + .../Standards/Invoke-ExecStandardsRun.ps1 | 2 +- .../Public/Invoke-CIPPStandardsRun.ps1 | 3 +- .../Public/Standards/Get-CIPPStandards.ps1 | 59 ++++++++++++------- 5 files changed, 42 insertions(+), 25 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 index 276c90519a39..27b206bbc513 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 @@ -12,7 +12,7 @@ function Push-CIPPStandard { $Standard = $Item.Standard $FunctionName = 'Invoke-CIPPStandard{0}' -f $Standard Write-Information "We'll be running $FunctionName" - $Rerun = Test-CIPPRerun -Type Standard -Tenant $Tenant -API $Standard + $Rerun = Test-CIPPRerun -Type Standard -Tenant $Tenant -API "$($Standard)_$($Item.templateId)" if ($Rerun) { Write-Information 'Detected rerun. Exiting cleanly' exit 0 diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-GetStandards.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-GetStandards.ps1 index fea482139854..df57ab77f885 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-GetStandards.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-GetStandards.ps1 @@ -16,6 +16,7 @@ function Push-GetStandards { Standard = $task.Standard Settings = $task.Settings QueueId = $Item.QueueId + templateId = $task.templateId QueueName = '{0} - {1}' -f $task.Standard, $Task.Tenant FunctionName = 'CIPPStandard' } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 index 7ba2206daf02..74c88643ce89 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 @@ -26,7 +26,7 @@ Function Invoke-ExecStandardsRun { if ($Config -and $Config.state -eq $true) { if ($env:CIPP_PROCESSOR -ne 'true') { - + $ProcessorFunction = [PSCustomObject]@{ PartitionKey = 'Function' RowKey = "Invoke-CIPPStandardsRun-$tenantfilter" diff --git a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 index fdfd48276292..ea1e553903fe 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 @@ -19,7 +19,8 @@ function Invoke-CIPPStandardsRun { if ($Force.IsPresent) { Write-Host 'Clearing Rerun Cache' foreach ($Task in $AllTasks) { - $null = Test-CIPPRerun -Type Standard -Tenant $Task.Tenant -API $Task.Standard -Clear + Write-Host "Clearing $($Task.Standard)_$($TemplateID)" + $null = Test-CIPPRerun -Type Standard -Tenant $Task.Tenant -API "$($Task.Standard)_$($TemplateID)" -Clear } } diff --git a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 index 529b2a9330c4..a9c3d1260254 100644 --- a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 +++ b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 @@ -1,4 +1,3 @@ - function Get-CIPPStandards { param( [Parameter(Mandatory = $false)] @@ -13,11 +12,12 @@ function Get-CIPPStandards { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'StandardsTemplateV2'" - $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ForEach-Object { ConvertFrom-Json -InputObject $_ -ErrorAction SilentlyContinue } | Where-Object { + $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ForEach-Object { + ConvertFrom-Json -InputObject $_ -ErrorAction SilentlyContinue + } | Where-Object { $_.GUID -like $TemplateId -and $_.runManually -eq $runManually } - $AllTenantsList = Get-Tenants if ($TenantFilter -ne 'allTenants') { $AllTenantsList = $AllTenantsList | Where-Object { @@ -36,30 +36,39 @@ function Get-CIPPStandards { $Standards = $Template.standards foreach ($StandardName in $Standards.PSObject.Properties.Name) { $CurrentStandard = $Standards.$StandardName.PSObject.Copy() + $CurrentStandard | Add-Member -NotePropertyName 'TemplateId' -NotePropertyValue $Template.GUID -Force + $Actions = $CurrentStandard.action.value if ($Actions -contains 'Remediate' -or $Actions -contains 'warn' -or $Actions -contains 'Report') { if (-not $ComputedStandards.Contains($StandardName)) { $ComputedStandards[$StandardName] = $CurrentStandard } else { - $ComputedStandards[$StandardName] = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard.TemplateId = $CurrentStandard.TemplateId + $ComputedStandards[$StandardName] = $MergedStandard } } } } foreach ($Standard in $ComputedStandards.Keys) { - $Normalized = ConvertTo-CippStandardObject $ComputedStandards[$Standard] + $TempCopy = $ComputedStandards[$Standard].PSObject.Copy() + $TempCopy.PSObject.Properties.Remove('TemplateId') + + $Normalized = ConvertTo-CippStandardObject $TempCopy + [pscustomobject]@{ - Tenant = 'AllTenants' - Standard = $Standard - Settings = $Normalized + Tenant = 'AllTenants' + Standard = $Standard + Settings = $Normalized + TemplateId = $ComputedStandards[$Standard].TemplateId } } } else { foreach ($Tenant in $AllTenantsList) { $TenantName = $Tenant.defaultDomainName - # Determine applicable templates + $ApplicableTemplates = $Templates | ForEach-Object { $template = $_ $tenantFilterValues = $template.tenantFilter | ForEach-Object { $_.value } @@ -74,7 +83,6 @@ function Get-CIPPStandards { if ($tenantFilterValues -contains 'AllTenants' -and (-not ($excludedTenantValues -contains $TenantName))) { $AllTenantsApplicable = $true } - if ($tenantFilterValues -contains $TenantName) { $TenantSpecificApplicable = $true } @@ -84,57 +92,64 @@ function Get-CIPPStandards { } } - # Separate AllTenants and Tenant-Specific templates $AllTenantTemplatesSet = $ApplicableTemplates | Where-Object { $_.tenantFilter.value -contains 'AllTenants' } - $TenantSpecificTemplatesSet = $ApplicableTemplates | Where-Object { $_.tenantFilter.value -notcontains 'AllTenants' } $ComputedStandards = [ordered]@{} - # First merge AllTenants templates foreach ($Template in $AllTenantTemplatesSet) { $Standards = $Template.standards foreach ($StandardName in $Standards.PSObject.Properties.Name) { $CurrentStandard = $Standards.$StandardName.PSObject.Copy() + $CurrentStandard | Add-Member -NotePropertyName 'TemplateId' -NotePropertyValue $Template.GUID -Force + $Actions = $CurrentStandard.action.value if ($Actions -contains 'Remediate' -or $Actions -contains 'warn' -or $Actions -contains 'Report') { if (-not $ComputedStandards.Contains($StandardName)) { $ComputedStandards[$StandardName] = $CurrentStandard } else { - $ComputedStandards[$StandardName] = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard.TemplateId = $CurrentStandard.TemplateId + $ComputedStandards[$StandardName] = $MergedStandard } } } } - # Then merge Tenant-Specific templates (overriding AllTenants where needed) foreach ($Template in $TenantSpecificTemplatesSet) { $Standards = $Template.standards foreach ($StandardName in $Standards.PSObject.Properties.Name) { $CurrentStandard = $Standards.$StandardName.PSObject.Copy() + $CurrentStandard | Add-Member -NotePropertyName 'TemplateId' -NotePropertyValue $Template.GUID -Force + $Actions = $CurrentStandard.action.value | Where-Object { $_ -in 'Remediate', 'warn', 'report' } if ($Actions -contains 'Remediate' -or $Actions -contains 'warn' -or $Actions -contains 'Report') { if (-not $ComputedStandards.Contains($StandardName)) { $ComputedStandards[$StandardName] = $CurrentStandard } else { - # Tenant-specific overrides any previous AllTenants settings - $ComputedStandards[$StandardName] = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard.TemplateId = $CurrentStandard.TemplateId + $ComputedStandards[$StandardName] = $MergedStandard } } } } - # Normalize and output foreach ($Standard in $ComputedStandards.Keys) { - $Normalized = ConvertTo-CippStandardObject $ComputedStandards[$Standard] + $TempCopy = $ComputedStandards[$Standard].PSObject.Copy() + $TempCopy.PSObject.Properties.Remove('TemplateId') + + $Normalized = ConvertTo-CippStandardObject $TempCopy + [pscustomobject]@{ - Tenant = $TenantName - Standard = $Standard - Settings = $Normalized + Tenant = $TenantName + Standard = $Standard + Settings = $Normalized + TemplateId = $ComputedStandards[$Standard].TemplateId } } } From 3d9affdc02e6169deac7ecf54d8ed24e8a739bf5 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 21 Jan 2025 17:04:41 -0500 Subject: [PATCH 50/93] prevent $domain from leaking to other tenants --- Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index 4774292f150d..6cd3bd8bb5c6 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -121,6 +121,7 @@ function Get-Tenants { } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -API 'Get-Tenants' -message "Tried adding $($LatestRelationship.customerId) to tenant list but failed to get domains - $($_.Exception.Message)" -Sev 'Critical' -LogData $ErrorMessage + $Domain = 'Invalid' } finally { $defaultDomainName = $Domain $initialDomainName = $Domain From 9d93401466a2154f76ab25335441784f2843478e Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 21 Jan 2025 17:07:04 -0500 Subject: [PATCH 51/93] handle errors with automap url lookup --- .../HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 index c7c44c70e403..2d23640c9fcd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 @@ -90,7 +90,11 @@ Function Invoke-ListSites { url = "sites/$($Site.siteId)/lists?`$select=id,name,list,parentReference" } } - $Requests = (New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($Requests) -asapp $true).body.value | Where-Object { $_.list.template -eq 'DocumentLibrary' } + try { + $Requests = (New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($Requests) -asapp $true).body.value | Where-Object { $_.list.template -eq 'DocumentLibrary' } + } catch { + Write-LogMessage -Message "Error getting auto map urls: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter -API 'ListSites' -LogData (Get-CippException -Exception $_) + } $GraphRequest = foreach ($Site in $GraphRequest) { $ListId = ($Requests | Where-Object { $_.parentReference.siteId -like "*$($Site.siteId)*" }).id $site.AutoMapUrl = "tenantId=$($TenantId)&webId={$($Site.webId)}&siteid={$($Site.siteId)}&webUrl=$($Site.webUrl)&listId={$($ListId)}" From 2366c443c9b71ea3f1f4d42a5c5525ca339bf9f9 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 21 Jan 2025 22:28:02 -0500 Subject: [PATCH 52/93] fix tenant access from custom roles --- .../Public/Authentication/Get-CIPPRolePermissions.ps1 | 8 +++++--- .../CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 | 6 +++--- .../Tenant/Administration/Tenant/Invoke-ListTenants.ps1 | 1 + 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1 b/Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1 index f3e1f525ac57..8bac3674e677 100644 --- a/Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1 @@ -18,13 +18,15 @@ function Get-CIPPRolePermissions { $Role = Get-CIPPAzDataTableEntity @Table -Filter $Filter if ($Role) { $Permissions = $Role.Permissions | ConvertFrom-Json + $AllowedTenants = if ($Role.AllowedTenants) { $Role.AllowedTenants | ConvertFrom-Json } else { @() } + $BlockedTenants = if ($Role.BlockedTenants) { $Role.BlockedTenants | ConvertFrom-Json } else { @() } [PSCustomObject]@{ Role = $Role.RowKey Permissions = $Permissions.PSObject.Properties.Value - AllowedTenants = if ($Role.AllowedTenants) { $Role.AllowedTenants | ConvertFrom-Json } else { @() } - BlockedTenants = if ($Role.BlockedTenants) { $Role.BlockedTenants | ConvertFrom-Json } else { @() } + AllowedTenants = @($AllowedTenants) + BlockedTenants = @($BlockedTenants) } } else { throw "Role $RoleName not found." } -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 index b221d89b7ea5..aa12f2741414 100644 --- a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 @@ -69,8 +69,8 @@ function Test-CIPPAccess { if ($PermissionsFound) { if ($TenantList.IsPresent) { $LimitedTenantList = foreach ($Permission in $PermissionSet) { - if (($Permission.AllowedTenants | Measure-Object).Count -eq 0 -and ($Permission.BlockedTenants | Measure-Object).Count -eq 0) { - return @('AllTenants') + if ((($Permission.AllowedTenants | Measure-Object).Count -eq 0 -or $Permission.AllowedTenants -contains 'AllTenants') -and (($Permission.BlockedTenants | Measure-Object).Count -eq 0)) { + @('AllTenants') } else { if ($Permission.AllowedTenants -contains 'AllTenants') { $Permission.AllowedTenants = $Tenants.customerId @@ -135,4 +135,4 @@ function Test-CIPPAccess { } else { return $true } -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 index fccb38d002ef..4227a6f78be8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 @@ -14,6 +14,7 @@ Function Invoke-ListTenants { Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantAccess = Test-CIPPAccess -Request $Request -TenantList + Write-Host "Tenant Access: $TenantAccess" if ($TenantAccess -notcontains 'AllTenants') { $AllTenantSelector = $false From 859f97a96ea06a2f75444d9e1df6fce2dd4741a7 Mon Sep 17 00:00:00 2001 From: Roel van der Wegen Date: Wed, 22 Jan 2025 13:21:37 +0100 Subject: [PATCH 53/93] Add PR check to prevent nonsense PRs --- .github/workflows/PR_Branch_Check.yml | 62 +++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 .github/workflows/PR_Branch_Check.yml diff --git a/.github/workflows/PR_Branch_Check.yml b/.github/workflows/PR_Branch_Check.yml new file mode 100644 index 000000000000..2fd5b8e65249 --- /dev/null +++ b/.github/workflows/PR_Branch_Check.yml @@ -0,0 +1,62 @@ +name: PR Branch Check + +on: + # Using pull_request_target instead of pull_request for secure handling of fork PRs + pull_request_target: + # Only run on these PR events + types: [opened, synchronize, reopened] + # Only check PRs targeting these branches + branches: + - main + - master + +permissions: + pull-requests: write + issues: write + +jobs: + check-branch: + runs-on: ubuntu-latest + steps: + - name: Check and Comment on PR + # Only process fork PRs with specific branch conditions + # Must be a fork AND (source is main/master OR target is main/master) + if: | + github.event.pull_request.head.repo.fork == true && + ((github.event.pull_request.head.ref == 'main' || github.event.pull_request.head.ref == 'master') || + (github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'master')) + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + let message = ''; + + message += '🔄 If you are attempting to update your CIPP repo please follow the instructions at: https://docs.cipp.app/setup/self-hosting-guide/updating '; + message += '\n\n'; + + // Check if PR is targeting main/master + if (context.payload.pull_request.base.ref === 'main' || context.payload.pull_request.base.ref === 'master') { + message += '⚠️ PRs cannot target the main branch directly. If you are attempting to contribute code please PR to the dev branch.\n\n'; + } + + // Check if PR is from a fork's main/master branch + if (context.payload.pull_request.head.repo.fork && + (context.payload.pull_request.head.ref === 'main' || context.payload.pull_request.head.ref === 'master')) { + message += '⚠️ This PR cannot be merged because it originates from your fork\'s main/master branch. If you are attempting to contribute code please PR from your dev branch or another non-main/master branch.\n\n'; + } + + message += '🔒 This PR will now be automatically closed due to the above violation(s).'; + + // Post the comment + await github.rest.issues.createComment({ + ...context.repo, + issue_number: context.issue.number, + body: message + }); + + // Close the PR + await github.rest.pulls.update({ + ...context.repo, + pull_number: context.issue.number, + state: 'closed' + }); From 5fd2d5cb11cbaa298953c4791890ddcaedb60df1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Wed, 22 Jan 2025 18:22:09 +0100 Subject: [PATCH 54/93] Error handling for when the ForwardingAddress is a displayname --- .../Users/Invoke-ListUserMailboxDetails.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 index 0dbf730fb00e..fad747bb3e2f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 @@ -129,7 +129,15 @@ Function Invoke-ListUserMailboxDetails { # Get forwarding address $ForwardingAddress = if ($MailboxDetailedRequest.ForwardingAddress) { - (New-GraphGetRequest -TenantId $TenantFilter -Uri "https://graph.microsoft.com/beta/users/$($MailboxDetailedRequest.ForwardingAddress)").UserPrincipalName + try { + (New-GraphGetRequest -TenantId $TenantFilter -Uri "https://graph.microsoft.com/beta/users/$($MailboxDetailedRequest.ForwardingAddress)").UserPrincipalName + } catch { + try { + '{0} ({1})' -f $MailboxDetailedRequest.ForwardingAddress, (($((New-GraphGetRequest -TenantId $TenantFilter -Uri "https://graph.microsoft.com/beta/users?`$filter=displayName eq '$($MailboxDetailedRequest.ForwardingAddress)'") | Select-Object -First 1 -ExpandProperty UserPrincipalName))) + } catch { + $MailboxDetailedRequest.ForwardingAddress + } + } } elseif ($MailboxDetailedRequest.ForwardingSmtpAddress -and $MailboxDetailedRequest.ForwardingAddress) { "$($MailboxDetailedRequest.ForwardingAddress) $($MailboxDetailedRequest.ForwardingSmtpAddress)" } else { From dda43132987438589182b087c84a426584fdf5da Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Wed, 22 Jan 2025 22:10:16 +0100 Subject: [PATCH 55/93] fixes --- .../HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 | 1 + Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 index d019dc129e6f..d0e3c340a7b5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 @@ -24,6 +24,7 @@ Function Invoke-AddMSPApp { $InstallParams = [pscustomobject]$RMMApp.params switch ($rmmapp.RMMName.value) { 'datto' { + Write-Host 'test' $installcommandline = "powershell.exe -executionpolicy bypass .\install.ps1 -URL $($InstallParams.DattoURL) -GUID $($InstallParams.DattoGUID."$($tenant.customerId)")" $UninstallCommandLine = 'powershell.exe -executionpolicy bypass .\uninstall.ps1' } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 index ef22fb63ce82..767f49448c3a 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 @@ -14,7 +14,7 @@ Function Invoke-RemoveQueuedApp { $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $ID = $request.query.id + $ID = $request.body.id try { $Table = Get-CippTable -tablename 'apps' $Filter = "PartitionKey eq 'apps' and RowKey eq '$id'" @@ -25,7 +25,7 @@ Function Invoke-RemoveQueuedApp { } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -user $User -API $APINAME -message "Failed to remove application queue for $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage - $body = [pscustomobject]@{'Results' = 'Failed to remove standard)' } + $body = [pscustomobject]@{'Results' = "Failed to remove item. $(Get-NormalizedError -message $_.Exception.Message)" } } # Associate values to output bindings by calling 'Push-OutputBinding'. From bccdd6defd60dab819b007b6bbd9e33d864b2382 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 22 Jan 2025 16:35:21 -0500 Subject: [PATCH 56/93] Update Invoke-ListTeamsVoice.ps1 --- .../Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 index 11870bac1165..5dd1c14a4ede 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 @@ -21,12 +21,17 @@ Function Invoke-ListTeamsVoice { $TenantFilter = $Request.Query.TenantFilter $tenantid = (Get-Tenants | Where-Object -Property defaultDomainName -EQ $Request.Query.TenantFilter).customerId try { - $users = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$top=999&`$select=id,userPrincipalName,displayname" -tenantid $TenantFilter) + $users = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$top=999&`$select=id,userPrincipalName,displayName" -tenantid $TenantFilter) $skip = 0 $GraphRequest = do { $data = (New-TeamsAPIGetRequest -uri "https://api.interfaces.records.teams.microsoft.com/Skype.TelephoneNumberMgmt/Tenants/$($Tenantid)/telephone-numbers?skip=$($skip)&locale=en-US&top=999" -tenantid $TenantFilter).TelephoneNumbers | ForEach-Object { - $CompleteRequest = $_ | Select-Object *, 'AssignedTo', 'AcquisitionDate' -ErrorAction SilentlyContinue - $CompleteRequest.AcquisitionDate = $CompleteRequest.AcquisitionDate -split 'T' | Select-Object -First 1 + try { + $CompleteRequest = $_ | Select-Object *, 'AssignedTo', 'AcquisitionDate' -ErrorAction SilentlyContinue + $CompleteRequest.AcquisitionDate = $CompleteRequest.AcquisitionDate -split 'T' | Select-Object -First 1 + } catch { + $CompleteRequest = $_ | Select-Object *, 'AssignedTo' -ErrorAction SilentlyContinue + } + if ($CompleteRequest.TargetId -eq '00000000-0000-0000-0000-000000000000') { $CompleteRequest.AssignedTo = 'Unassigned' } else { From 9c4380b2981ac6f30c293f6864c60d88f1359cf0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 22 Jan 2025 17:39:06 -0500 Subject: [PATCH 57/93] Update Invoke-ListMailboxes.ps1 --- Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 index c69a160045ec..a46e1c6487cb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 @@ -20,7 +20,7 @@ Function Invoke-ListMailboxes { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter try { - $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress' + $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled' $ExoRequest = @{ tenantid = $TenantFilter cmdlet = 'Get-Mailbox' @@ -67,7 +67,8 @@ Function Invoke-ListMailboxes { @{ Name = 'AdditionalEmailAddresses'; Expression = { ($_.'EmailAddresses' | Where-Object { $_ -clike 'smtp:*' }).Replace('smtp:', '') -join ', ' } }, @{Name = 'ForwardingSmtpAddress'; Expression = { $_.'ForwardingSmtpAddress' -replace 'smtp:', '' } }, @{Name = 'InternalForwardingAddress'; Expression = { $_.'ForwardingAddress' } }, - DeliverToMailboxAndForward + DeliverToMailboxAndForward, + HiddenFromAddressListsEnabled $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message From fcb401303cec1ef68586b050cf20c5b116bf3ff0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 22 Jan 2025 21:09:21 -0500 Subject: [PATCH 58/93] fix api response --- .../HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 index 29b622550ef2..bf31040b83a8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 @@ -89,7 +89,7 @@ Function Invoke-ExecIncidentsList { if (!$body) { $StatusCode = [HttpStatusCode]::OK $body = [PSCustomObject]@{ - MSResults = ($GraphRequest | Where-Object -Property id -NE $null) + Results = @($GraphRequest | Where-Object -Property id -NE $null) } } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ From 1c6d76455616719e042c8d428552b926f2c51976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= <31723128+kris6673@users.noreply.github.com> Date: Thu, 23 Jan 2025 13:27:33 +0100 Subject: [PATCH 59/93] Update Get-CIPPAlertNewAppApproval.ps1 --- Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 index 145d6c3b384f..e7e9ba47816e 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 @@ -13,7 +13,7 @@ function Get-CIPPAlertNewAppApproval { ) try { $Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests?`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter - if ($Approvals.count -gt 1) { + if ($Approvals.count -gt 0) { $AlertData = "There are $($Approvals.count) App Approval(s) pending." Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData } From 49a3d4c8eba407fff0676ffea9441b65a8800da3 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Thu, 23 Jan 2025 14:57:49 +0100 Subject: [PATCH 60/93] template id remove --- Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 index 3d5f1981d32a..10f1e81d45dc 100644 --- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 @@ -58,6 +58,7 @@ function New-CIPPCAPolicy { #Remove context as it does not belong in the payload. try { $JsonObj.grantControls.PSObject.Properties.Remove('authenticationStrength@odata.context') + $JSONObj.templateId ? $JSONObj.PSObject.Properties.Remove('templateId') : $null if ($JSONObj.conditions.users.excludeGuestsOrExternalUsers.externalTenants.Members) { $JsonObj.conditions.users.excludeGuestsOrExternalUsers.externalTenants.PSObject.Properties.Remove('@odata.context') } From d63346c3e54b2ed2706a16593e5afd2888eef883 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 23 Jan 2025 18:29:34 +0100 Subject: [PATCH 61/93] Fix not being able to null the othermails value --- .../Identity/Administration/Users/Invoke-EditUser.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index 3f3e51b2a14e..4ed2b204bfc1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -51,7 +51,7 @@ Function Invoke-EditUser { 'streetAddress' = $UserObj.streetAddress 'postalCode' = $UserObj.PostalCode 'companyName' = $UserObj.CompanyName - 'otherMails' = @($UserObj.otherMails) + 'otherMails' = $UserObj.otherMails ? @($UserObj.otherMails) : @() 'passwordProfile' = @{ 'forceChangePasswordNextSignIn' = [bool]$UserObj.MustChangePass } From d66cd97bc777f851cf83f61f8c715c15af23bef3 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 23 Jan 2025 13:46:34 -0500 Subject: [PATCH 62/93] Create Invoke-ExecAzBobbyTables.ps1 --- .../CIPP/Core/Invoke-ExecAzBobbyTables.ps1 | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 new file mode 100644 index 000000000000..410b76853378 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 @@ -0,0 +1,58 @@ + +function Invoke-ExecAzBobbyTables { + <# + .SYNOPSIS + Execute a AzBobbyTables function + .DESCRIPTION + This function is used to interact with Azure Tables. This is advanced functionality used for external integrations or SuperAdmin functionality. + .FUNCTIONALITY + Entrypoint + .ROLE + CIPP.SuperAdmin.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $AllowList = @( + 'Add-AzDataTableEntity' + 'Update-AzDataTableEntity' + 'Get-AzDataTableEntity' + 'Get-AzDataTable' + 'New-AzDataTable' + 'Remove-AzDataTableEntity' + 'Remove-AzDataTable' + ) + + $Function = $Request.Body.FunctionName + $Params = if ($Request.Body.Parameters) { + $Request.Body.Parameters | ConvertTo-Json -Compress -ErrorAction Stop | ConvertFrom-Json -AsHashtable + } else { + @{} + } + + if ($Function -in $AllowList) { + if ($Function -eq 'Get-AzDataTable') { + $Context = New-AzDataTableContext -ConnectionString $env:AzureWebJobsStorage + } else { + $Context = New-AzDataTableContext -ConnectionString $env:AzureWebJobsStorage -TableName $Request.Body.TableName + } + try { + $Results = & $Function -Context $Context @Params + if (!$Results) { + $Results = "Function $Function executed successfully" + } + $StatusCode = [HttpStatusCode]::OK + } catch { + $Results = $_.Exception.Message + $StatusCode = [HttpStatusCode]::InternalServerError + } + } else { + $Results = "Function $Function not found or not allowed" + $StatusCode = [HttpStatusCode]::NotFound + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = $Results + }) +} From 88f97d287de8daadbfb2ddc6876e837c12e4756d Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Thu, 23 Jan 2025 22:57:12 +0100 Subject: [PATCH 63/93] fixes standard conversion --- Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 index a9c3d1260254..408c62385b78 100644 --- a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 +++ b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 @@ -13,7 +13,8 @@ function Get-CIPPStandards { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'StandardsTemplateV2'" $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ForEach-Object { - ConvertFrom-Json -InputObject $_ -ErrorAction SilentlyContinue + #in the string $_, replace the word 'action' by the word 'Action'. + $_ -replace 'Action', 'action' | ConvertFrom-Json -InputObject $_ -ErrorAction SilentlyContinue } | Where-Object { $_.GUID -like $TemplateId -and $_.runManually -eq $runManually } From bb9bf14f938e51702a076bceb74b06483fb7a257 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Thu, 23 Jan 2025 23:27:01 +0100 Subject: [PATCH 64/93] return the id --- .../Tenant/Standards/Invoke-AddStandardsTemplate.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 index 71fa0635d60a..a901e108b61b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 @@ -31,7 +31,7 @@ Function Invoke-AddStandardsTemplate { } Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created CA Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' - $body = [pscustomobject]@{'Results' = 'Successfully added template' } + $body = [pscustomobject]@{'Results' = 'Successfully added template'; id = $GUID } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ From bfae49b350bf122c9b5c2807ab92b8abcf4bd7cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 23 Jan 2025 23:56:03 +0100 Subject: [PATCH 65/93] refactor logging in Invoke-ListDefenderTVM and Invoke-ListDeletedItems functions --- .../Public/Entrypoints/Invoke-ListDefenderTVM.ps1 | 9 ++++----- .../Entrypoints/Invoke-ListDeletedItems.ps1 | 15 +++++++-------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 index 01e7cacb254f..e61191283062 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 @@ -11,14 +11,12 @@ Function Invoke-ListDefenderTVM { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' - # Interact with query parameters or the body of the request. - $TenantFilter = $Request.Query.TenantFilter try { $GraphRequest = New-GraphgetRequest -tenantid $TenantFilter -uri "https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesByMachine?`$top=999" -scope 'https://api.securitycenter.microsoft.com/.default' | Group-Object cveid $GroupObj = foreach ($cve in $GraphRequest) { @@ -42,6 +40,7 @@ Function Invoke-ListDefenderTVM { $StatusCode = [HttpStatusCode]::Forbidden $GroupObj = $ErrorMessage } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 index 26d68ac580b7..cb763699e04c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 @@ -11,22 +11,21 @@ Function Invoke-ListDeletedItems { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $selectlist = 'id', 'accountEnabled', 'businessPhones', 'city', 'createdDateTime', 'companyName', 'country', 'department', 'displayName', 'faxNumber', 'givenName', 'isResourceAccount', 'jobTitle', 'mail', 'mailNickname', 'mobilePhone', 'onPremisesDistinguishedName', 'officeLocation', 'onPremisesLastSyncDateTime', 'otherMails', 'postalCode', 'preferredDataLocation', 'preferredLanguage', 'proxyAddresses', 'showInAddressList', 'state', 'streetAddress', 'surname', 'usageLocation', 'userPrincipalName', 'userType', 'assignedLicenses', 'onPremisesSyncEnabled', 'LicJoined', 'Aliases', 'primDomain' - - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' # Interact with query parameters or the body of the request. - $TenantFilter = $Request.Query.TenantFilter $Types = 'Application', 'User', 'Device', 'Group' $GraphRequest = foreach ($Type in $Types) { - (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/directory/deletedItems/microsoft.graph.$($Type)" -tenantid $TenantFilter) | Where-Object -Property '@odata.context' -NotLike '*graph.microsoft.com*' | Select-Object *, @{ Name = 'TargetType'; Expression = { $Type } } + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/directory/deletedItems/microsoft.graph.$($Type)" -tenantid $TenantFilter) | + Where-Object -Property '@odata.context' -NotLike '*graph.microsoft.com*' | + Select-Object *, @{ Name = 'TargetType'; Expression = { $Type } } } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK Body = @($GraphRequest) }) - } From 6209622d961dcc854dd6852f07f4c103a01789f8 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 24 Jan 2025 10:51:27 +0100 Subject: [PATCH 66/93] overview bug --- .../Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 | 10 +-- .../Entrypoints/Invoke-ListBreachesTenant.ps1 | 6 +- .../Entrypoints/Invoke-ListIntunePolicy.ps1 | 79 ++++++++++--------- .../Public/HIBP/New-BreachTenantSearch.ps1 | 2 +- 4 files changed, 51 insertions(+), 46 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 index 8000d6f46d2f..4af8ca501a15 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 @@ -13,14 +13,14 @@ Function Invoke-ExecAssignPolicy { $APIName = $TriggerMetadata.FunctionName Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenant = $request.query.tenantfilter - $ID = $request.query.id - $displayname = $request.query.Displayname - $AssignTo = if ($request.query.Assignto -ne 'on') { $request.query.Assignto } + $Tenant = $request.body.tenantfilter + $ID = $request.body.id + $displayname = $request.body.Displayname + $AssignTo = if ($request.body.Assignto -ne 'on') { $request.body.Assignto } $results = try { if ($AssignTo) { - $assign = Set-CIPPAssignedPolicy -PolicyId $ID -TenantFilter $tenant -GroupName $AssignTo -Type $Request.query.Type + $assign = Set-CIPPAssignedPolicy -PolicyId $ID -TenantFilter $tenant -GroupName $AssignTo -Type $Request.body.Type Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $AssignTo" -Sev 'Info' } "Successfully edited policy for $($Tenant)" diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesTenant.ps1 index d894b6118af8..812a8c46b272 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesTenant.ps1 @@ -17,7 +17,11 @@ Function Invoke-ListBreachesTenant { } else { $filter = $null } - $usersResults = (Get-CIPPAzDataTableEntity @Table -Filter $filter).breaches | ConvertFrom-Json -ErrorAction SilentlyContinue + try { + $usersResults = (Get-CIPPAzDataTableEntity @Table -Filter $filter).breaches | ConvertFrom-Json -ErrorAction SilentlyContinue + } catch { + $usersResults = $null + } if ($usersResults -eq $null) { $usersResults = @() } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index 8e65b6f27001..12132f51e4f0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -57,47 +57,48 @@ Function Invoke-ListIntunePolicy { $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter $GraphRequest = $BulkResults | ForEach-Object { - $URLName = $_.Id - $_.body.Value | ForEach-Object { - $policyTypeName = switch -Wildcard ($_.'assignments@odata.context') { - '*microsoft.graph.windowsIdentityProtectionConfiguration*' { 'Identity Protection' } - '*microsoft.graph.windows10EndpointProtectionConfiguration*' { 'Endpoint Protection' } - '*microsoft.graph.windows10CustomConfiguration*' { 'Custom' } - '*microsoft.graph.windows10DeviceFirmwareConfigurationInterface*' { 'Firmware Configuration' } - '*groupPolicyConfigurations*' { 'Administrative Templates' } - '*windowsDomainJoinConfiguration*' { 'Domain Join configuration' } - '*windowsUpdateForBusinessConfiguration*' { 'Update Configuration' } - '*windowsHealthMonitoringConfiguration*' { 'Health Monitoring' } - '*microsoft.graph.macOSGeneralDeviceConfiguration*' { 'MacOS Configuration' } - '*microsoft.graph.macOSEndpointProtectionConfiguration*' { 'MacOS Endpoint Protection' } - '*microsoft.graph.androidWorkProfileGeneralDeviceConfiguration*' { 'Android Configuration' } - default { $_.'assignments@odata.context' } - } - $Assignments = $_.assignments.target | Select-Object -Property '@odata.type', groupId - $PolicyAssignment = [System.Collections.Generic.List[string]]::new() - $PolicyExclude = [System.Collections.Generic.List[string]]::new() - ForEach ($target in $Assignments) { - switch ($target.'@odata.type') { - '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') } - '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') } - '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') } - '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') } - '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } - '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } - default { - $PolicyAssignment.Add($null) - $PolicyExclude.Add($null) + $URLName = $_.Id + $_.body.Value | ForEach-Object { + $policyTypeName = switch -Wildcard ($_.'assignments@odata.context') { + '*microsoft.graph.windowsIdentityProtectionConfiguration*' { 'Identity Protection' } + '*microsoft.graph.windows10EndpointProtectionConfiguration*' { 'Endpoint Protection' } + '*microsoft.graph.windows10CustomConfiguration*' { 'Custom' } + '*microsoft.graph.windows10DeviceFirmwareConfigurationInterface*' { 'Firmware Configuration' } + '*groupPolicyConfigurations*' { 'Administrative Templates' } + '*windowsDomainJoinConfiguration*' { 'Domain Join configuration' } + '*windowsUpdateForBusinessConfiguration*' { 'Update Configuration' } + '*windowsHealthMonitoringConfiguration*' { 'Health Monitoring' } + '*microsoft.graph.macOSGeneralDeviceConfiguration*' { 'MacOS Configuration' } + '*microsoft.graph.macOSEndpointProtectionConfiguration*' { 'MacOS Endpoint Protection' } + '*microsoft.graph.androidWorkProfileGeneralDeviceConfiguration*' { 'Android Configuration' } + default { $_.'assignments@odata.context' } + } + $Assignments = $_.assignments.target | Select-Object -Property '@odata.type', groupId + $PolicyAssignment = [System.Collections.Generic.List[string]]::new() + $PolicyExclude = [System.Collections.Generic.List[string]]::new() + ForEach ($target in $Assignments) { + switch ($target.'@odata.type') { + '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') } + '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') } + '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') } + '#microsoft.graph.allLicensedUsersAssignmentTarget' { $PolicyExclude.Add('All Licenced Users') } + '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') } + '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } + '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } + default { + $PolicyAssignment.Add($null) + $PolicyExclude.Add($null) + } } } - } - if ($_.displayname -eq $null) { $_ | Add-Member -NotePropertyName displayName -NotePropertyValue $_.name } - $_ | Add-Member -NotePropertyName PolicyTypeName -NotePropertyValue $policyTypeName - $_ | Add-Member -NotePropertyName URLName -NotePropertyValue $URLName - $_ | Add-Member -NotePropertyName PolicyAssignment -NotePropertyValue ($PolicyAssignment -join ', ') - $_ | Add-Member -NotePropertyName PolicyExclude -NotePropertyValue ($PolicyExclude -join ', ') - $_ - } | Where-Object { $_.DisplayName -ne $null } - } + if ($_.displayname -eq $null) { $_ | Add-Member -NotePropertyName displayName -NotePropertyValue $_.name } + $_ | Add-Member -NotePropertyName PolicyTypeName -NotePropertyValue $policyTypeName + $_ | Add-Member -NotePropertyName URLName -NotePropertyValue $URLName + $_ | Add-Member -NotePropertyName PolicyAssignment -NotePropertyValue ($PolicyAssignment -join ', ') + $_ | Add-Member -NotePropertyName PolicyExclude -NotePropertyValue ($PolicyExclude -join ', ') + $_ + } | Where-Object { $_.DisplayName -ne $null } + } } $StatusCode = [HttpStatusCode]::OK } catch { diff --git a/Modules/CippExtensions/Public/HIBP/New-BreachTenantSearch.ps1 b/Modules/CippExtensions/Public/HIBP/New-BreachTenantSearch.ps1 index 7d26f97dc242..96ce636256d0 100644 --- a/Modules/CippExtensions/Public/HIBP/New-BreachTenantSearch.ps1 +++ b/Modules/CippExtensions/Public/HIBP/New-BreachTenantSearch.ps1 @@ -23,7 +23,7 @@ function New-BreachTenantSearch { @{ RowKey = $domain.domain PartitionKey = $TenantFilter - breaches = "$($LatestBreach.Result | ConvertTo-Json)" + breaches = "$($LatestBreach.Result | ConvertTo-Json -Depth 10 -Compress)" sum = $SumOfBreaches } } From aff88733933728248569a5a5744cfd9ce273d8d6 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 24 Jan 2025 10:52:41 +0100 Subject: [PATCH 67/93] fix bug --- Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index 12132f51e4f0..c2ad60650959 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -81,7 +81,7 @@ Function Invoke-ListIntunePolicy { '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') } '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') } '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') } - '#microsoft.graph.allLicensedUsersAssignmentTarget' { $PolicyExclude.Add('All Licenced Users') } + '#microsoft.graph.allLicensedUsersAssignmentTarget' { $PolicyAssignment.Add('All Licenced Users') } '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') } '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } From 034b9b2b7aff9aa0b9dc4d461035e34ee9eac1c5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 24 Jan 2025 11:13:56 +0100 Subject: [PATCH 68/93] json failure catch --- Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 index 408c62385b78..4bf96e3b2787 100644 --- a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 +++ b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 @@ -14,7 +14,10 @@ function Get-CIPPStandards { $Filter = "PartitionKey eq 'StandardsTemplateV2'" $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ForEach-Object { #in the string $_, replace the word 'action' by the word 'Action'. - $_ -replace 'Action', 'action' | ConvertFrom-Json -InputObject $_ -ErrorAction SilentlyContinue + try { + $_ -replace 'Action', 'action' | ConvertFrom-Json -InputObject $_ -ErrorAction SilentlyContinue + } catch { + } } | Where-Object { $_.GUID -like $TemplateId -and $_.runManually -eq $runManually } From 098bcdfbd6f121ee3fd7c808944f82953ef8aeb7 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 24 Jan 2025 11:15:22 +0100 Subject: [PATCH 69/93] Add or update the Azure App Service build and deployment workflow config --- .github/workflows/dev_cippbcaom.yml | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/dev_cippbcaom.yml diff --git a/.github/workflows/dev_cippbcaom.yml b/.github/workflows/dev_cippbcaom.yml new file mode 100644 index 000000000000..c4bcf1198e74 --- /dev/null +++ b/.github/workflows/dev_cippbcaom.yml @@ -0,0 +1,30 @@ +# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action +# More GitHub Actions for Azure: https://github.com/Azure/actions + +name: Build and deploy Powershell project to Azure Function App - cippbcaom + +on: + push: + branches: + - dev + workflow_dispatch: + +env: + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + +jobs: + deploy: + runs-on: windows-latest + + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v4 + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: 'cippbcaom' + slot-name: 'Production' + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_0FE8CACBBF7D409DAAF132988BECEC4B }} \ No newline at end of file From 6e38c42acfb0f503630bc47b2278a7ef77a89c4a Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 24 Jan 2025 12:05:55 +0100 Subject: [PATCH 70/93] remove bool from asapp --- .../Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 | 2 +- Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 index 840145d08dee..4229e704b46f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 @@ -21,7 +21,7 @@ function Push-BPACollectData { $Table = Get-CippTable -tablename 'cachebpav2' $Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $TenantName.defaultDomainName -API $Item.Template if ($Rerun) { - Write-Host 'Detected rerun. Exiting cleanly' + Write-Host 'Detected rerun for BPA. Exiting cleanly' exit 0 } Write-Host "Working on BPA for $($TenantName.defaultDomainName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)" diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 index a949da45936e..9f340b1fb0ae 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 @@ -8,7 +8,7 @@ function New-GraphGetRequest { [string]$uri, [string]$tenantid, [string]$scope, - [bool]$AsApp, + $AsApp, [bool]$noPagination, $NoAuthCheck = $false, [bool]$skipTokenCache, From 46fe0cbef5be5a42663871b7500d16f70b40cdef Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 24 Jan 2025 12:48:49 +0100 Subject: [PATCH 71/93] fix data retrieval --- .../HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 index ca8b373bcadc..0df80f7d9f7a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 @@ -34,9 +34,9 @@ Function Invoke-ListBPA { if ($Request.query.tenantFilter -ne 'AllTenants' -and $Style -eq 'Tenant') { + $CustomerId = (Get-Tenants -TenantFilter $Request.query.tenantFilter).customerId $mergedObject = New-Object pscustomobject - - $Data = (Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq '$($Request.query.tenantFilter)'") | ForEach-Object { + $Data = (Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq '$CustomerId'") | ForEach-Object { $row = $_ $JSONFields | ForEach-Object { $jsonContent = $row.$_ @@ -48,6 +48,7 @@ Function Invoke-ListBPA { } } $row.PSObject.Properties | ForEach-Object { + Write-Host "Adding $($_.Name) to mergedObject" $mergedObject | Add-Member -NotePropertyName $_.Name -NotePropertyValue $_.Value -Force } } From 9ba79b4c6350449ae6856732a27f0fee8a13655e Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 12:09:17 -0500 Subject: [PATCH 72/93] ensure array values for bobby tables --- .../HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 index 410b76853378..88080bdcf5b4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 @@ -53,6 +53,6 @@ function Invoke-ExecAzBobbyTables { Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode - Body = $Results + Body = @($Results) }) } From ee6db51ed15350f2e5fbd3872aca763ecb85c384 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 13:00:39 -0500 Subject: [PATCH 73/93] Update Add-CIPPAzDataTableEntity.ps1 --- .../Public/Add-CIPPAzDataTableEntity.ps1 | 34 ++++++++++--------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 index 760e4fe66791..3bd121c0c1c6 100644 --- a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 @@ -19,12 +19,14 @@ function Add-CIPPAzDataTableEntity { } catch [System.Exception] { if ($_.Exception.ErrorCode -eq 'PropertyValueTooLarge' -or $_.Exception.ErrorCode -eq 'EntityTooLarge' -or $_.Exception.ErrorCode -eq 'RequestBodyTooLarge') { try { + Write-Host 'Entity is too large. Splitting entity into multiple parts.' + Write-Information ($SingleEnt | ConvertTo-Json) $largePropertyNames = [System.Collections.Generic.List[string]]::new() $entitySize = 0 # Convert $SingleEnt to hashtable if it is a PSObject if ($SingleEnt -is [System.Management.Automation.PSCustomObject]) { - $SingleEnt = $SingleEnt | ConvertTo-Json -Depth 100 | ConvertFrom-Json -AsHashtable + $SingleEnt = $SingleEnt | ConvertTo-Json -Depth 100 -Compress | ConvertFrom-Json -AsHashtable } foreach ($key in $SingleEnt.Keys) { @@ -35,7 +37,7 @@ function Add-CIPPAzDataTableEntity { } } - if ($largePropertyNames.Count -gt 0) { + if (($largePropertyNames | Measure-Object).Count -gt 0) { $splitInfoList = [System.Collections.Generic.List[object]]::new() foreach ($largePropertyName in $largePropertyNames) { $dataString = $SingleEnt[$largePropertyName] @@ -45,20 +47,20 @@ function Add-CIPPAzDataTableEntity { $start = $i * $MaxSize $splitData.Add($dataString.Substring($start, [Math]::Min($MaxSize, $dataString.Length - $start))) > $null } - + $splitDataCount = ($splitData | Measure-Object).Count $splitPropertyNames = [System.Collections.Generic.List[object]]::new() - for ($i = 0; $i -lt $splitData.Count; $i++) { - $splitPropertyNames.Add("${largePropertyName}_Part$i") > $null + for ($i = 0; $i -lt $splitDataCount; $i++) { + $splitPropertyNames.Add("${largePropertyName}_Part$i") } $splitInfo = @{ OriginalHeader = $largePropertyName SplitHeaders = $splitPropertyNames } - $splitInfoList.Add($splitInfo) > $null + $splitInfoList.Add($splitInfo) $SingleEnt.Remove($largePropertyName) - for ($i = 0; $i -lt $splitData.Count; $i++) { + for ($i = 0; $i -lt $splitDataCount; $i++) { $SingleEnt[$splitPropertyNames[$i]] = $splitData[$i] } } @@ -67,7 +69,7 @@ function Add-CIPPAzDataTableEntity { } # Check if the entity is still too large - $entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json)) + $entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json -Compress)) if ($entitySize -gt $MaxRowSize) { $rows = [System.Collections.Generic.List[object]]::new() $originalPartitionKey = $SingleEnt.PartitionKey @@ -89,7 +91,7 @@ function Add-CIPPAzDataTableEntity { $propertiesToRemove = [System.Collections.Generic.List[object]]::new() foreach ($key in $SingleEnt.Keys) { - $newEntitySize = [System.Text.Encoding]::UTF8.GetByteCount($($newEntity | ConvertTo-Json)) + $newEntitySize = [System.Text.Encoding]::UTF8.GetByteCount($($newEntity | ConvertTo-Json -Compress)) if ($newEntitySize -lt $MaxRowSize) { $propertySize = [System.Text.Encoding]::UTF8.GetByteCount($SingleEnt[$key].ToString()) if ($propertySize -gt $MaxRowSize) { @@ -103,7 +105,7 @@ function Add-CIPPAzDataTableEntity { $splitPropertyNames = [System.Collections.Generic.List[object]]::new() for ($i = 0; $i -lt $splitData.Count; $i++) { - $splitPropertyNames.Add("${key}_Part$i") > $null + $splitPropertyNames.Add("${key}_Part$i") } for ($i = 0; $i -lt $splitData.Count; $i++) { @@ -112,7 +114,7 @@ function Add-CIPPAzDataTableEntity { } else { $newEntity[$key] = $SingleEnt[$key] } - $propertiesToRemove.Add($key) > $null + $propertiesToRemove.Add($key) } } @@ -120,21 +122,21 @@ function Add-CIPPAzDataTableEntity { $SingleEnt.Remove($prop) } - $rows.Add($newEntity) > $null - $entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json)) + $rows.Add($newEntity) + $entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json -Compress)) } - if ($SingleEnt.Count -gt 0) { + if (($SingleEnt | Measure-Object).Count -gt 0) { $SingleEnt['RowKey'] = "$($originalRowKey)-part$entityIndex" $SingleEnt['OriginalEntityId'] = $originalRowKey $SingleEnt['PartIndex'] = $entityIndex $SingleEnt['PartitionKey'] = $originalPartitionKey - $rows.Add($SingleEnt) > $null + $rows.Add($SingleEnt) } foreach ($row in $rows) { - Write-Information "current entity is $($row.RowKey) with $($row.PartitionKey). Our size is $([System.Text.Encoding]::UTF8.GetByteCount($($row | ConvertTo-Json)))" + Write-Information "current entity is $($row.RowKey) with $($row.PartitionKey). Our size is $([System.Text.Encoding]::UTF8.GetByteCount($($row | ConvertTo-Json -Compress)))" Add-AzDataTableEntity -Context $Context -Force:$Force -CreateTableIfNotExists:$CreateTableIfNotExists -Entity $row } } else { From 90eea12d08fa3fcee68a98f09c9c88ac7802cdfb Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 13:09:54 -0500 Subject: [PATCH 74/93] Update Invoke-ExecAccessChecks.ps1 --- .../CIPP/Settings/Invoke-ExecAccessChecks.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 index 700ff7065585..3913767c3fbe 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 @@ -17,7 +17,7 @@ Function Invoke-ExecAccessChecks { $LastRun = (Get-Date).ToUniversalTime() switch ($Request.Query.Type) { 'Permissions' { - if ($Request.Query.SkipCache -ne 'true') { + if ($Request.Query.SkipCache -ne 'true' -or $Request.Query.SkipCache -ne $true) { try { $Cache = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq 'AccessPermissions'" $Results = $Cache.Data | ConvertFrom-Json @@ -81,7 +81,7 @@ Function Invoke-ExecAccessChecks { } } - if ($Request.Query.SkipCache -eq 'true') { + if ($Request.Query.SkipCache -eq 'true' -or $Request.Query.SkipCache -eq $true) { $null = Test-CIPPAccessTenant -ExecutingUser $Request.Headers.'x-ms-client-principal' } @@ -93,7 +93,7 @@ Function Invoke-ExecAccessChecks { } 'GDAP' { - if (!$Request.Query.SkipCache -eq 'true') { + if (!$Request.Query.SkipCache -eq 'true' -or !$Request.Query.SkipCache -eq $true) { try { $Cache = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq 'GDAPRelationships'" $Results = $Cache.Data | ConvertFrom-Json From 9980b61b91775647ad39fda14b3114ae4df596d5 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 13:11:51 -0500 Subject: [PATCH 75/93] Update Test-CIPPGDAPRelationships.ps1 --- Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 index 5fe7a789ed03..8fdc4ae4e532 100644 --- a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 @@ -107,7 +107,10 @@ function Test-CIPPGDAPRelationships { $Table = Get-CIPPTable -TableName AccessChecks $Data = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'AccessCheck' and RowKey eq 'GDAPRelationships'" + if ($Data) { + Write-Host 'Existing GDAP data' + Write-Host ($Data | ConvertTo-Json) $Data.Data = [string](ConvertTo-Json -InputObject $GDAPRelationships -Depth 10 -Compress) } else { $Data = @{ From d3fde287ecbbdadc464c84027a083c038e497c24 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 13:16:10 -0500 Subject: [PATCH 76/93] add try catch --- Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 | 4 +++- Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 | 6 +++++- Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 | 6 +++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index c96f93f810f4..a47643c18b7c 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -182,7 +182,9 @@ function Test-CIPPAccessPermissions { Data = [string](ConvertTo-Json -InputObject $AccessCheck -Depth 10 -Compress) } } - Add-CIPPAzDataTableEntity @Table -Entity $Data -Force + try { + Add-CIPPAzDataTableEntity @Table -Entity $Data -Force + } catch {} return $AccessCheck } diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 index d5b3b06098c3..575993740ca6 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 @@ -133,7 +133,11 @@ function Test-CIPPAccessTenant { Data = [string]($Results | ConvertTo-Json -Depth 10 -Compress) } $Table = Get-CIPPTable -TableName 'AccessChecks' - $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + try { + $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + } catch { + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant.defaultDomainName -message "Failed to add access check for $($Tenant.customerId): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_) + } } return $Results diff --git a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 index 8fdc4ae4e532..09cf46fe35c4 100644 --- a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 @@ -109,8 +109,6 @@ function Test-CIPPGDAPRelationships { $Data = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'AccessCheck' and RowKey eq 'GDAPRelationships'" if ($Data) { - Write-Host 'Existing GDAP data' - Write-Host ($Data | ConvertTo-Json) $Data.Data = [string](ConvertTo-Json -InputObject $GDAPRelationships -Depth 10 -Compress) } else { $Data = @{ @@ -119,7 +117,9 @@ function Test-CIPPGDAPRelationships { Data = [string](ConvertTo-Json -InputObject $GDAPRelationships -Depth 10 -Compress) } } - Add-CIPPAzDataTableEntity @Table -Entity $Data -Force + try { + Add-CIPPAzDataTableEntity @Table -Entity $Data -Force + } catch {} return $GDAPRelationships } From 502e078b1aefdda7afffd5202a7ee3e670c7e373 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 15:41:35 -0500 Subject: [PATCH 77/93] access checks improvement --- .../CIPP/Settings/Invoke-ExecAccessChecks.ps1 | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 index 3913767c3fbe..5e3726e5d73f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 @@ -41,7 +41,7 @@ Function Invoke-ExecAccessChecks { $AccessChecks = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'TenantAccessChecks'" if (!$Request.Body.TenantId) { try { - $Tenants = Get-Tenants -IncludeErrors + $Tenants = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -ne $ENV:TenantID } $Results = foreach ($Tenant in $Tenants) { $TenantCheck = $AccessChecks | Where-Object -Property RowKey -EQ $Tenant.customerId | Select-Object -Property Data $TenantResult = [PSCustomObject]@{ @@ -82,7 +82,7 @@ Function Invoke-ExecAccessChecks { } if ($Request.Query.SkipCache -eq 'true' -or $Request.Query.SkipCache -eq $true) { - $null = Test-CIPPAccessTenant -ExecutingUser $Request.Headers.'x-ms-client-principal' + $Message = Test-CIPPAccessTenant -ExecutingUser $Request.Headers.'x-ms-client-principal' } if ($Request.Body.TenantId) { @@ -114,12 +114,16 @@ Function Invoke-ExecAccessChecks { } } } + $Metadata = @{ + LastRun = $LastRun + } + if ($Message) { + $Metadata.AlertMessage = $Message + } $body = [pscustomobject]@{ 'Results' = $Results - 'Metadata' = @{ - 'LastRun' = $LastRun - } + 'Metadata' = $Metadata } # Associate values to output bindings by calling 'Push-OutputBinding'. From 873e49937e8f73c5ab012e0f034c585747db9df3 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 15:51:19 -0500 Subject: [PATCH 78/93] Update Get-CippSamPermissions.ps1 --- .../CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 index c613c9370b7b..851ee5a7c491 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 @@ -174,7 +174,11 @@ function Get-CippSamPermissions { 'UpdatedBy' = 'CIPP' } $Table = Get-CIPPTable -TableName 'AppPermissions' - $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + try { + $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + } catch { + Write-Error "Failed to save the CIPP-SAM permissions: $($_.Exception.Message)" + } } if (!$NoDiff.IsPresent -and $SamAppPermissions.Type -eq 'Table') { From b6211cfde47359cb75a2dcfdc2935306500bf3db Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 15:52:28 -0500 Subject: [PATCH 79/93] skip table errors with json conversion --- .../CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 index 851ee5a7c491..3018d7abf23d 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 @@ -112,7 +112,11 @@ function Get-CippSamPermissions { $Table = Get-CippTable -tablename 'AppPermissions' $SavedPermissions = Get-CippAzDataTableEntity @Table -Filter "PartitionKey eq 'CIPP-SAM' and RowKey eq 'CIPP-SAM'" if ($SavedPermissions.Permissions) { - $SavedPermissions.Permissions = $SavedPermissions.Permissions | ConvertFrom-Json + try { + $SavedPermissions.Permissions = $SavedPermissions.Permissions | ConvertFrom-Json -ErrorAction Stop + } catch { + $SavedPermissions.Permissions = [PSCustomObject]@{} + } } else { $SavedPermissions = @{ Permissions = [PSCustomObject]@{} From a06b83e4fa089f54be76e20adf522447bf128b4e Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 16:53:48 -0500 Subject: [PATCH 80/93] Update Invoke-ListSignIns.ps1 --- Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 index 5547efe9cfd2..c540e1803567 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 @@ -19,7 +19,7 @@ Function Invoke-ListSignIns { $Days = $Request.Query.Days ?? 7 try { - if ($Request.Query.failedLogonsOnly) { + if ($Request.Query.failedLogonsOnly -eq 'true' -or $Request.Query.failedLogonsOnly -eq $true) { $FailedLogons = ' and (status/errorCode eq 50126)' } From 7e29d9b8384acaff361bc099c1ac200331f65dd6 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 24 Jan 2025 19:45:21 -0500 Subject: [PATCH 81/93] Update Invoke-ListUserMailboxRules.ps1 --- .../Administration/Users/Invoke-ListUserMailboxRules.ps1 | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 index a8c4af96c998..4ea9b6d8a35a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 @@ -23,14 +23,7 @@ Function Invoke-ListUserMailboxRules { $TenantFilter = $Request.Query.TenantFilter $UserID = $Request.Query.UserID $UserEmail = if ([string]::IsNullOrWhiteSpace($Request.Query.userEmail)) { $UserID } else { $Request.Query.userEmail } - $GraphRequest = New-ExoRequest -Anchor $UserID -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{mailbox = $UserID; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' } | Select-Object - @{ Name = 'DisplayName'; Expression = { $_.displayName } }, - @{ Name = 'Description'; Expression = { $_.Description } }, - @{ Name = 'Redirect To'; Expression = { $_.RedirectTo } }, - @{ Name = 'Copy To Folder'; Expression = { $_.CopyToFolder } }, - @{ Name = 'Move To Folder'; Expression = { $_.MoveToFolder } }, - @{ Name = 'Soft Delete Message'; Expression = { $_.SoftDeleteMessage } }, - @{ Name = 'Delete Message'; Expression = { $_.DeleteMessage } } + $GraphRequest = New-ExoRequest -Anchor $UserID -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{mailbox = $UserID; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' } | Select-Object * -ExcludeProperty RuleIdentity } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -user $User -API $APINAME -message "Failed to retrieve mailbox rules $($UserEmail): $($ErrorMessage.NormalizedError) " -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage From e1662f0f4dd8435e4bdc2acaa31ce17f5b957f41 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 25 Jan 2025 00:15:44 -0500 Subject: [PATCH 82/93] Mailbox rules tweaks --- .../Push-ListMailboxRulesQueue.ps1 | 10 ++++---- .../Entrypoints/Invoke-ListMailboxRules.ps1 | 25 +++++++++---------- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 index 2d8a0c7cd512..c64592b7aab2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 @@ -21,8 +21,8 @@ function Push-ListMailboxRulesQueue { } } if (($Rules | Measure-Object).Count -gt 0) { - foreach ($Rule in $Rules) { - $GraphRequest = [PSCustomObject]@{ + $GraphRequest = foreach ($Rule in $Rules) { + [PSCustomObject]@{ Rules = [string]($Rule | ConvertTo-Json) RowKey = [string](New-Guid).guid Tenant = [string]$domainName @@ -31,9 +31,9 @@ function Push-ListMailboxRulesQueue { } } else { - $Rules = @{ - Name = 'No rules found' - } | ConvertTo-Json + $Rules = @(@{ + Name = 'No rules found' + }) | ConvertTo-Json $GraphRequest = [PSCustomObject]@{ Rules = [string]$Rules RowKey = [string]$domainName diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 index 6bb9ae19db44..570702815e40 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 @@ -10,13 +10,6 @@ Function Invoke-ListMailboxRules { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' - # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter @@ -26,11 +19,12 @@ Function Invoke-ListMailboxRules { } $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).Addhours(-1) + $Metadata = @{} if (!$Rows -or ($TenantFilter -eq 'AllTenants' -and ($Rows | Measure-Object).Count -eq 1)) { - $GraphRequest = [PSCustomObject]@{ - Tenant = 'Loading data. Please check back in 1 minute' - Licenses = 'Loading data. Please check back in 1 minute' + $Metadata = [PSCustomObject]@{ + QueueMessage = 'Loading data. Please check back in 1 minute' } + $GraphRequest = @() if ($TenantFilter -eq 'AllTenants') { $Tenants = Get-Tenants -IncludeErrors | Select-Object defaultDomainName @@ -57,15 +51,20 @@ Function Invoke-ListMailboxRules { $Rows = $Rows | Where-Object -Property Tenant -EQ $TenantFilter } $GraphRequest = $Rows | ForEach-Object { - $NewObj = $_.Rules | ConvertFrom-Json - $NewObj | Add-Member -NotePropertyName 'Tenant' -NotePropertyValue $_.Tenant + $NewObj = $_.Rules | ConvertFrom-Json -ErrorAction SilentlyContinue + $NewObj | Add-Member -NotePropertyName 'Tenant' -NotePropertyValue $_.Tenant -Force $NewObj } } + $Body = @{ + Results = @($GraphRequest) + Metadata = $Metadata + } + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK - Body = @($GraphRequest) + Body = $Body }) } From b0872eff3a83962c86a661c091886b9a3a1fae09 Mon Sep 17 00:00:00 2001 From: Roel van der Wegen Date: Sat, 25 Jan 2025 15:21:03 +0100 Subject: [PATCH 83/93] BRRRR --- .../CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 index a8c3ff745fd5..ebdf7ee55be8 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 @@ -12,9 +12,7 @@ function Get-CIPPAlertDeviceCompliance { $TenantFilter ) try { - $AlertData = New-GraphGETRequest -uri "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$top=999" -tenantid $TenantFilter | Where-Object -Property complianceState -NE 'compliant' | ForEach-Object { - $_ | Select-Object -Property id, deviceName, deviceType, complianceState, lastReportedDateTime - } + $AlertData = New-GraphGETRequest -uri "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$filter=complianceState eq 'noncompliant'&`$select=id,deviceName,managedDeviceOwnerType,complianceState,lastSyncDateTime&`$top=999" -tenantid $TenantFilter Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData } catch { Write-AlertMessage -tenant $($TenantFilter) -message "Could not get compliance state for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)" From 1fe79904534b6452e999ac93a79efc8a7d8384b1 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 25 Jan 2025 11:15:13 -0500 Subject: [PATCH 84/93] Update Invoke-ListMailboxes.ps1 --- Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 index a46e1c6487cb..0be3e36c27e5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 @@ -20,7 +20,7 @@ Function Invoke-ListMailboxes { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter try { - $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled' + $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled,ExternalDirectoryObjectId' $ExoRequest = @{ tenantid = $TenantFilter cmdlet = 'Get-Mailbox' @@ -68,7 +68,8 @@ Function Invoke-ListMailboxes { @{Name = 'ForwardingSmtpAddress'; Expression = { $_.'ForwardingSmtpAddress' -replace 'smtp:', '' } }, @{Name = 'InternalForwardingAddress'; Expression = { $_.'ForwardingAddress' } }, DeliverToMailboxAndForward, - HiddenFromAddressListsEnabled + HiddenFromAddressListsEnabled, + ExternalDirectoryObjectId $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message From 606213ed79cfc0003ca257266b68828421472a00 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 25 Jan 2025 14:21:45 -0500 Subject: [PATCH 85/93] Update Invoke-HuduExtensionSync.ps1 --- Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 b/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 index 803643885117..f30721b8d303 100644 --- a/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 @@ -83,7 +83,7 @@ function Invoke-HuduExtensionSync { try { if (![string]::IsNullOrEmpty($DeviceLayoutId)) { - $null = Add-HuduAssetLayoutM365Field -AssetLayoutId $DeviceLayoutId + $null = Add-HuduAssetLayoutField -AssetLayoutId $DeviceLayoutId $CreateDevices = $Configuration.CreateMissingDevices $DesktopsLayout = Get-HuduAssetLayouts -Id $DeviceLayoutId if ($DesktopsLayout.id) { From 939a56d26bf1612d69830bc80a832cdb02f8353e Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 25 Jan 2025 15:11:34 -0500 Subject: [PATCH 86/93] add dev build workflow --- .github/workflows/dev_cippjta72.yml | 31 +++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/dev_cippjta72.yml diff --git a/.github/workflows/dev_cippjta72.yml b/.github/workflows/dev_cippjta72.yml new file mode 100644 index 000000000000..69a30300cc18 --- /dev/null +++ b/.github/workflows/dev_cippjta72.yml @@ -0,0 +1,31 @@ +# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action +# More GitHub Actions for Azure: https://github.com/Azure/actions + +name: Dev Build and Deploy + +on: + push: + branches: + - dev + workflow_dispatch: + +env: + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + +jobs: + if: github.event.repository.fork == false + deploy: + runs-on: windows-latest + + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v4 + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: 'cippjta72' + slot-name: 'Production' + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_6472818415124CAB84BCDF49D430C471 }} \ No newline at end of file From 85728f693f325806d3a5b1f78a68337714304686 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 25 Jan 2025 15:17:47 -0500 Subject: [PATCH 87/93] Update dev_cippjta72.yml --- .github/workflows/dev_cippjta72.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dev_cippjta72.yml b/.github/workflows/dev_cippjta72.yml index 69a30300cc18..81d3aa744f67 100644 --- a/.github/workflows/dev_cippjta72.yml +++ b/.github/workflows/dev_cippjta72.yml @@ -13,8 +13,8 @@ env: AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root jobs: - if: github.event.repository.fork == false deploy: + if: github.event.repository.fork == false runs-on: windows-latest steps: @@ -28,4 +28,4 @@ jobs: app-name: 'cippjta72' slot-name: 'Production' package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} - publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_6472818415124CAB84BCDF49D430C471 }} \ No newline at end of file + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_6472818415124CAB84BCDF49D430C471 }} From d32ee30cd1f83eea4eb9ec270e7cbac7539560a7 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Sun, 26 Jan 2025 02:14:40 +0100 Subject: [PATCH 88/93] update stats --- .../Timer Functions/Start-CIPPStatsTimer.ps1 | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 index 613b0fdc0555..d3cad35b4f08 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 @@ -19,6 +19,22 @@ function Start-CIPPStatsTimer { $CIPPRoot = (Get-Item $ModuleBase).Parent.Parent.FullName $APIVersion = Get-Content "$CIPPRoot\version_latest.txt" | Out-String + $Table = Get-CIPPTable -TableName Extensionsconfig + try { + $RawExt = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -Depth 10 -ErrorAction Stop + $Extensions = @{ + CIPPAPI = $RawExt.CIPPAPI.Enabled + Hudu = $RawExt.Hudu.Enabled + Sherweb = $RawExt.Sherweb.Enabled + Gradient = $RawExt.Gradient.Enabled + NinjaOne = $RawExt.NinjaOne.Enabled + haloPSA = $RawExt.haloPSA.Enabled + HIBP = $RawExt.HIBP.Enabled + PWPush = $RawExt.PWPush.Enabled + } + } catch { + $Extensions = @{} + } $SendingObject = [PSCustomObject]@{ rgid = $env:WEBSITE_SITE_NAME @@ -26,6 +42,14 @@ function Start-CIPPStatsTimer { RunningVersionAPI = $APIVersion.trim() CountOfTotalTenants = $tenantcount uid = $env:TenantID + CIPPAPI = $RawExt.CIPPAPI.Enabled + Hudu = $RawExt.Hudu.Enabled + Sherweb = $RawExt.Sherweb.Enabled + Gradient = $RawExt.Gradient.Enabled + NinjaOne = $RawExt.NinjaOne.Enabled + haloPSA = $RawExt.haloPSA.Enabled + HIBP = $RawExt.HIBP.Enabled + PWPush = $RawExt.PWPush.Enabled } | ConvertTo-Json Invoke-RestMethod -Uri 'https://management.cipp.app/api/stats' -Method POST -Body $SendingObject -ContentType 'application/json' From 171deb31fd4f0a161c98ef62a780696653401aef Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Sun, 26 Jan 2025 02:15:46 +0100 Subject: [PATCH 89/93] statstimer update --- .../Timer Functions/Start-CIPPStatsTimer.ps1 | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 index d3cad35b4f08..d62dcb8fd8ed 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 @@ -22,18 +22,8 @@ function Start-CIPPStatsTimer { $Table = Get-CIPPTable -TableName Extensionsconfig try { $RawExt = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -Depth 10 -ErrorAction Stop - $Extensions = @{ - CIPPAPI = $RawExt.CIPPAPI.Enabled - Hudu = $RawExt.Hudu.Enabled - Sherweb = $RawExt.Sherweb.Enabled - Gradient = $RawExt.Gradient.Enabled - NinjaOne = $RawExt.NinjaOne.Enabled - haloPSA = $RawExt.haloPSA.Enabled - HIBP = $RawExt.HIBP.Enabled - PWPush = $RawExt.PWPush.Enabled - } } catch { - $Extensions = @{} + $RawExt = @{} } $SendingObject = [PSCustomObject]@{ From cb3753191731435d36550607192d9008407e514e Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Sun, 26 Jan 2025 13:51:08 +0100 Subject: [PATCH 90/93] Add or update the Azure App Service build and deployment workflow config --- .github/workflows/dev_cippjta72.yml | 61 ++++++++++++++--------------- 1 file changed, 30 insertions(+), 31 deletions(-) diff --git a/.github/workflows/dev_cippjta72.yml b/.github/workflows/dev_cippjta72.yml index 81d3aa744f67..23c0cd3668d6 100644 --- a/.github/workflows/dev_cippjta72.yml +++ b/.github/workflows/dev_cippjta72.yml @@ -1,31 +1,30 @@ -# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action -# More GitHub Actions for Azure: https://github.com/Azure/actions - -name: Dev Build and Deploy - -on: - push: - branches: - - dev - workflow_dispatch: - -env: - AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root - -jobs: - deploy: - if: github.event.repository.fork == false - runs-on: windows-latest - - steps: - - name: 'Checkout GitHub Action' - uses: actions/checkout@v4 - - - name: 'Run Azure Functions Action' - uses: Azure/functions-action@v1 - id: fa - with: - app-name: 'cippjta72' - slot-name: 'Production' - package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} - publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_6472818415124CAB84BCDF49D430C471 }} +# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action +# More GitHub Actions for Azure: https://github.com/Azure/actions + +name: Build and deploy Powershell project to Azure Function App - cippjta72 + +on: + push: + branches: + - dev + workflow_dispatch: + +env: + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + +jobs: + deploy: + runs-on: windows-latest + + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v4 + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: 'cippjta72' + slot-name: 'Production' + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_5B44448119C645C099EE192346D7433A }} \ No newline at end of file From 1146c88fc1c2d97d0a2ca3da02f6af4e8e0f1ee0 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Sun, 26 Jan 2025 14:09:46 +0100 Subject: [PATCH 91/93] allows hosted users to not enter a key --- Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 b/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 index 38aa26b88cf8..ec2d5dacbea0 100644 --- a/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 +++ b/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 @@ -4,7 +4,7 @@ function Get-HIBPAuth { $Secret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'HIBP' and RowKey eq 'HIBP'").APIKey } else { $null = Connect-AzAccount -Identity - $VaultName = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] + $VaultName = $WEBSITE_OWNER_NAME -like '3e625d35-bf18-4e55*' ? 'hibp-kv' : ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] $Secret = Get-AzKeyVaultSecret -VaultName $VaultName -Name 'HIBP' -AsPlainText } From ff856e4c27ec290795a4618361db1c1590cf9290 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Sun, 26 Jan 2025 18:04:11 +0100 Subject: [PATCH 92/93] add edit template --- .../CIPP/Core/Invoke-ExecEditTemplate.ps1 | 10 ++++++---- Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 index 053395d7d293..61905a757faf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 @@ -15,17 +15,19 @@ Function Invoke-ExecEditTemplate { try { $Table = Get-CippTable -tablename 'templates' - $Table.Force = $true $guid = $request.body.guid $JSON = ConvertTo-Json -Compress -Depth 100 -InputObject ($request.body | Select-Object * -ExcludeProperty GUID) - $Type = $request.Query.Type + $Type = $request.Body.Type if ($Type -eq 'IntuneTemplate') { Write-Host 'Intune Template' - Write-Host '' - $RawJSON = $request.body | Select-Object * -ExcludeProperty displayName, description, type, GUID | ConvertTo-Json -Depth 10 -Compress + $OriginalTemplate = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'IntuneTemplate' and GUID eq '$GUID'" + $OriginalTemplate = ($OriginalTemplate.JSON | ConvertFrom-Json -Depth 100) + $RawJSON = $OriginalTemplate.RAWJson Set-CIPPIntuneTemplate -RawJSON $RawJSON -GUID $GUID -DisplayName $Request.body.displayName -Description $Request.body.description -templateType $Request.body.type } else { + $Table.Force = $true + Add-CIPPAzDataTableEntity @Table -Entity @{ JSON = "$JSON" RowKey = "$GUID" diff --git a/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 index b216c5b56672..1f0f707ee267 100644 --- a/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 @@ -7,7 +7,7 @@ function Set-CIPPIntuneTemplate { $Description, $templateType ) - + Write-Host "Received $DisplayName, $Description, $RawJSON, $templateType" if (!$DisplayName) { throw 'You must enter a displayname' } if ($null -eq ($RawJSON | ConvertFrom-Json)) { throw 'the JSON is invalid' } From ec88e8155d7bae0b445472a0177f088cc9b0e1c8 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Sun, 26 Jan 2025 20:22:45 +0100 Subject: [PATCH 93/93] up version --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 2be8aeb6b143..a3fcc7121bba 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -7.0.5 +7.1.0