Merge branch 'KelvinTegelaar:master' into master

Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1

@@ -26,6 +26,12 @@ Function Invoke-AddStandardsDeploy {
                 URL       = $URL
             }
         }
+        #Get all subobjects in $Settings that are set to false, and remove them.
+        $Settings.psobject.properties.name | Where-Object { $Settings.$_ -eq $false -and $_ -ne 'v2.1' -and $_ -in 'Alert', 'Remediate', 'Report' } | ForEach-Object {
+            $Settings.psobject.properties.remove($_)
+        }
+
+
         foreach ($Tenant in $tenants) {
 
             $object = [PSCustomObject]@{

Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1

@@ -69,6 +69,7 @@ Function Invoke-EditGroup {
         if ($RemoveMembers) {
             $RemoveMembers | ForEach-Object { 
                 $member = $_
+                if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) }
                 if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
                     $Params = @{ Identity = $userobj.groupid; Member = $member ; BypassSecurityGroupManagerCheck = $true }
                     New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true

Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1

@@ -33,6 +33,8 @@ Function Invoke-ExecGraphExplorerPreset {
     }
 
     $params = $Request.Body.preset | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared
+    if ($params.'$select') { $params.'$select' = ($params.'$select').value -join ',' }
+
     $Preset = [PSCustomObject]@{
         PartitionKey = 'Preset'
         RowKey       = [string]$Id

Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1

@@ -0,0 +1,47 @@
+using namespace System.Net
+
+Function Invoke-ListConditionalAccessPolicyChanges {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Write to the Azure Functions log stream.
+    Write-Host 'PowerShell HTTP trigger function processed a request.'
+
+    # Interact with query parameters or the body of the request.
+    $TenantFilter = $Request.Query.TenantFilter
+    $policyId = $Request.body.id
+    $policyDisplayName = $Request.body.displayName
+
+    try {
+        [array]$changes = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?`$filter=targetResources/any(s:s/id eq '$($policyId)')" -tenantid $TenantFilter | ForEach-Object {
+            [pscustomobject]@{
+                policy = $policyDisplayName
+                policyId = $policyId
+                typeFriendlyName = $_.activityDisplayName
+                type = $_.operationType
+                initiatedBy = if ($_.initiatedBy.user.userPrincipalName) { $_.initiatedBy.user.userPrincipalName } else { $_.initiatedBy.app.displayName }
+                date = $_.activityDateTime
+                oldValue = ($_.targetResources[0].modifiedProperties.oldValue | ConvertFrom-Json) # targetResources is an array, can we ever get more than 1 object in it?
+                newValue = ($_.targetResources[0].modifiedProperties.newValue | ConvertFrom-Json)
+            }
+        }
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $StatusCode = [HttpStatusCode]::BadRequest
+        Write-Host $($_.Exception.message)
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -message "Failed to request audit logs for policy $($policyDisplayName): $($_.Exception.message)" -Sev "Error" -tenant $TenantFilter
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+        StatusCode = $StatusCode
+        Body       = $changes
+    })
+}

Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1

@@ -126,7 +126,8 @@ function Invoke-ListGraphRequest {
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $GraphRequestData = "Graph Error: $($_.Exception.Message) - Endpoint: $($Request.Query.Endpoint)"
-        $StatusCode = [HttpStatusCode]::BadRequest
+        if ($Request.Query.IgnoreErrors) { $StatusCode = [HttpStatusCode]::OK }
+        else { $StatusCode = [HttpStatusCode]::BadRequest }
     }
 
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{

Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1

@@ -13,8 +13,10 @@ Function Invoke-PublicPhishingCheck {
     $validList = @(
         'https://login.microsoftonline.com',
         'https://login.microsoft.net',
-        'https://login.microsoft.com'
-        'https://autologon.microsoftazuread-sso.com'
+        'https://login.microsoft.com',
+        'https://autologon.microsoftazuread-sso.com',
+        'https://tasks.office.com',
+        'https://login.windows.net'
     )
 
     $matchedUrls = $validList | Where-Object { ([uri]$_).Host -in ([uri]$($request.headers.Referer)).Host }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1

@@ -10,9 +10,9 @@ function Invoke-CIPPStandardunmanagedSync {
 
         if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $false) {
             try {
-                $body = '{"isUnmanagedSyncAppForTenantRestricted": true}'
-                $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Sync for unmanaged devices' -sev Info
+                #$body = '{"isUnmanagedSyncAppForTenantRestricted": true}'
+                #$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'The unmanaged Sync standard has been temporarily disabled.' -sev Info
             } catch {
                 Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Sync for unmanaged devices: $($_.exception.message)" -sev Error
             }

Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1

@@ -2060,7 +2060,11 @@ function Invoke-NinjaOneTenantSync {
                 # Unused Licenses
                 $WidgetData.add([PSCustomObject]@{
                         Value       = $(
-                            $BPAUnusedLicenses = (($BpaData.Unusedlicenses | ConvertFrom-Json -ErrorAction SilentlyContinue).availableUnits | Measure-Object -Sum).sum
+                            try {
+                                $BPAUnusedLicenses = (($BpaData.Unusedlicenses | ConvertFrom-Json -ErrorAction SilentlyContinue).availableUnits | Measure-Object -Sum).sum
+                            } catch {
+                                $BPAUnusedLicenses = 'Failed to retrieve unused licenses'
+                            }
                             if ($BPAUnusedLicenses -ne 0) {
                                 $ResultColour = '#D53948'
                             } else {

version_latest.txt

@@ -1 +1 @@
-5.2.0
+5.2.1