diff --git a/.github/workflows/PR_Branch_Check.yml b/.github/workflows/PR_Branch_Check.yml new file mode 100644 index 000000000000..2fd5b8e65249 --- /dev/null +++ b/.github/workflows/PR_Branch_Check.yml @@ -0,0 +1,62 @@ +name: PR Branch Check + +on: + # Using pull_request_target instead of pull_request for secure handling of fork PRs + pull_request_target: + # Only run on these PR events + types: [opened, synchronize, reopened] + # Only check PRs targeting these branches + branches: + - main + - master + +permissions: + pull-requests: write + issues: write + +jobs: + check-branch: + runs-on: ubuntu-latest + steps: + - name: Check and Comment on PR + # Only process fork PRs with specific branch conditions + # Must be a fork AND (source is main/master OR target is main/master) + if: | + github.event.pull_request.head.repo.fork == true && + ((github.event.pull_request.head.ref == 'main' || github.event.pull_request.head.ref == 'master') || + (github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'master')) + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + let message = ''; + + message += '🔄 If you are attempting to update your CIPP repo please follow the instructions at: https://docs.cipp.app/setup/self-hosting-guide/updating '; + message += '\n\n'; + + // Check if PR is targeting main/master + if (context.payload.pull_request.base.ref === 'main' || context.payload.pull_request.base.ref === 'master') { + message += '⚠️ PRs cannot target the main branch directly. If you are attempting to contribute code please PR to the dev branch.\n\n'; + } + + // Check if PR is from a fork's main/master branch + if (context.payload.pull_request.head.repo.fork && + (context.payload.pull_request.head.ref === 'main' || context.payload.pull_request.head.ref === 'master')) { + message += '⚠️ This PR cannot be merged because it originates from your fork\'s main/master branch. If you are attempting to contribute code please PR from your dev branch or another non-main/master branch.\n\n'; + } + + message += '🔒 This PR will now be automatically closed due to the above violation(s).'; + + // Post the comment + await github.rest.issues.createComment({ + ...context.repo, + issue_number: context.issue.number, + body: message + }); + + // Close the PR + await github.rest.pulls.update({ + ...context.repo, + pull_number: context.issue.number, + state: 'closed' + }); diff --git a/.github/workflows/dev_cippbcaom.yml b/.github/workflows/dev_cippbcaom.yml index 4b0517c5303b..c4bcf1198e74 100644 --- a/.github/workflows/dev_cippbcaom.yml +++ b/.github/workflows/dev_cippbcaom.yml @@ -27,4 +27,4 @@ jobs: app-name: 'cippbcaom' slot-name: 'Production' package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} - publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_56AD4FDD49354D0CAB4D9A9E868D2015 }} \ No newline at end of file + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_0FE8CACBBF7D409DAAF132988BECEC4B }} \ No newline at end of file diff --git a/.github/workflows/dev_cippjta72.yml b/.github/workflows/dev_cippjta72.yml new file mode 100644 index 000000000000..23c0cd3668d6 --- /dev/null +++ b/.github/workflows/dev_cippjta72.yml @@ -0,0 +1,30 @@ +# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action +# More GitHub Actions for Azure: https://github.com/Azure/actions + +name: Build and deploy Powershell project to Azure Function App - cippjta72 + +on: + push: + branches: + - dev + workflow_dispatch: + +env: + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + +jobs: + deploy: + runs-on: windows-latest + + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v4 + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: 'cippjta72' + slot-name: 'Production' + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_5B44448119C645C099EE192346D7433A }} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 index 760e4fe66791..3bd121c0c1c6 100644 --- a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 @@ -19,12 +19,14 @@ function Add-CIPPAzDataTableEntity { } catch [System.Exception] { if ($_.Exception.ErrorCode -eq 'PropertyValueTooLarge' -or $_.Exception.ErrorCode -eq 'EntityTooLarge' -or $_.Exception.ErrorCode -eq 'RequestBodyTooLarge') { try { + Write-Host 'Entity is too large. Splitting entity into multiple parts.' + Write-Information ($SingleEnt | ConvertTo-Json) $largePropertyNames = [System.Collections.Generic.List[string]]::new() $entitySize = 0 # Convert $SingleEnt to hashtable if it is a PSObject if ($SingleEnt -is [System.Management.Automation.PSCustomObject]) { - $SingleEnt = $SingleEnt | ConvertTo-Json -Depth 100 | ConvertFrom-Json -AsHashtable + $SingleEnt = $SingleEnt | ConvertTo-Json -Depth 100 -Compress | ConvertFrom-Json -AsHashtable } foreach ($key in $SingleEnt.Keys) { @@ -35,7 +37,7 @@ function Add-CIPPAzDataTableEntity { } } - if ($largePropertyNames.Count -gt 0) { + if (($largePropertyNames | Measure-Object).Count -gt 0) { $splitInfoList = [System.Collections.Generic.List[object]]::new() foreach ($largePropertyName in $largePropertyNames) { $dataString = $SingleEnt[$largePropertyName] @@ -45,20 +47,20 @@ function Add-CIPPAzDataTableEntity { $start = $i * $MaxSize $splitData.Add($dataString.Substring($start, [Math]::Min($MaxSize, $dataString.Length - $start))) > $null } - + $splitDataCount = ($splitData | Measure-Object).Count $splitPropertyNames = [System.Collections.Generic.List[object]]::new() - for ($i = 0; $i -lt $splitData.Count; $i++) { - $splitPropertyNames.Add("${largePropertyName}_Part$i") > $null + for ($i = 0; $i -lt $splitDataCount; $i++) { + $splitPropertyNames.Add("${largePropertyName}_Part$i") } $splitInfo = @{ OriginalHeader = $largePropertyName SplitHeaders = $splitPropertyNames } - $splitInfoList.Add($splitInfo) > $null + $splitInfoList.Add($splitInfo) $SingleEnt.Remove($largePropertyName) - for ($i = 0; $i -lt $splitData.Count; $i++) { + for ($i = 0; $i -lt $splitDataCount; $i++) { $SingleEnt[$splitPropertyNames[$i]] = $splitData[$i] } } @@ -67,7 +69,7 @@ function Add-CIPPAzDataTableEntity { } # Check if the entity is still too large - $entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json)) + $entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json -Compress)) if ($entitySize -gt $MaxRowSize) { $rows = [System.Collections.Generic.List[object]]::new() $originalPartitionKey = $SingleEnt.PartitionKey @@ -89,7 +91,7 @@ function Add-CIPPAzDataTableEntity { $propertiesToRemove = [System.Collections.Generic.List[object]]::new() foreach ($key in $SingleEnt.Keys) { - $newEntitySize = [System.Text.Encoding]::UTF8.GetByteCount($($newEntity | ConvertTo-Json)) + $newEntitySize = [System.Text.Encoding]::UTF8.GetByteCount($($newEntity | ConvertTo-Json -Compress)) if ($newEntitySize -lt $MaxRowSize) { $propertySize = [System.Text.Encoding]::UTF8.GetByteCount($SingleEnt[$key].ToString()) if ($propertySize -gt $MaxRowSize) { @@ -103,7 +105,7 @@ function Add-CIPPAzDataTableEntity { $splitPropertyNames = [System.Collections.Generic.List[object]]::new() for ($i = 0; $i -lt $splitData.Count; $i++) { - $splitPropertyNames.Add("${key}_Part$i") > $null + $splitPropertyNames.Add("${key}_Part$i") } for ($i = 0; $i -lt $splitData.Count; $i++) { @@ -112,7 +114,7 @@ function Add-CIPPAzDataTableEntity { } else { $newEntity[$key] = $SingleEnt[$key] } - $propertiesToRemove.Add($key) > $null + $propertiesToRemove.Add($key) } } @@ -120,21 +122,21 @@ function Add-CIPPAzDataTableEntity { $SingleEnt.Remove($prop) } - $rows.Add($newEntity) > $null - $entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json)) + $rows.Add($newEntity) + $entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json -Compress)) } - if ($SingleEnt.Count -gt 0) { + if (($SingleEnt | Measure-Object).Count -gt 0) { $SingleEnt['RowKey'] = "$($originalRowKey)-part$entityIndex" $SingleEnt['OriginalEntityId'] = $originalRowKey $SingleEnt['PartIndex'] = $entityIndex $SingleEnt['PartitionKey'] = $originalPartitionKey - $rows.Add($SingleEnt) > $null + $rows.Add($SingleEnt) } foreach ($row in $rows) { - Write-Information "current entity is $($row.RowKey) with $($row.PartitionKey). Our size is $([System.Text.Encoding]::UTF8.GetByteCount($($row | ConvertTo-Json)))" + Write-Information "current entity is $($row.RowKey) with $($row.PartitionKey). Our size is $([System.Text.Encoding]::UTF8.GetByteCount($($row | ConvertTo-Json -Compress)))" Add-AzDataTableEntity -Context $Context -Force:$Force -CreateTableIfNotExists:$CreateTableIfNotExists -Entity $row } } else { diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1 new file mode 100644 index 000000000000..6e9b3bbf387f --- /dev/null +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1 @@ -0,0 +1,33 @@ +function Get-CIPPAlertAppCertificateExpiry { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + Param ( + [Parameter(Mandatory = $false)] + [Alias('input')] + $InputValue, + $TenantFilter + ) + + try { + Write-Host "Checking app expire for $($TenantFilter)" + $appList = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,keyCredentials" -tenantid $TenantFilter + } catch { + return + } + + $AlertData = foreach ($App in $applist) { + Write-Host "checking $($App.displayName)" + if ($App.keyCredentials) { + foreach ($Credential in $App.keyCredentials) { + if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) { + Write-Host ("Application '{0}' has certificates expiring on {1}" -f $App.displayName, $Credential.endDateTime) + @{ DisplayName = $App.displayName; Expires = $Credential.endDateTime } + } + } + } + } + Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData +} diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppleTerms.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppleTerms.ps1 new file mode 100644 index 000000000000..3a1d0d6160c4 --- /dev/null +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppleTerms.ps1 @@ -0,0 +1,30 @@ +function Get-CIPPAlertAppleTerms { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + Param ( + [Parameter(Mandatory = $false)] + [Alias('input')] + $InputValue, + $TenantFilter + ) + + # 0 = Expired + # 1 = expired? + # 2 = unknown + # 3 = Terms & Conditions + # 4 = Warning + + try { + $appleterms = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings" -tenantid $TenantFilter + } catch { + return + } + + if ($appleterms.lastSyncErrorCode -eq 3) { + $AlertData = "New Apple Business Manager terms are ready to accept." + Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData + } +} diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 index a8c3ff745fd5..ebdf7ee55be8 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1 @@ -12,9 +12,7 @@ function Get-CIPPAlertDeviceCompliance { $TenantFilter ) try { - $AlertData = New-GraphGETRequest -uri "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$top=999" -tenantid $TenantFilter | Where-Object -Property complianceState -NE 'compliant' | ForEach-Object { - $_ | Select-Object -Property id, deviceName, deviceType, complianceState, lastReportedDateTime - } + $AlertData = New-GraphGETRequest -uri "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$filter=complianceState eq 'noncompliant'&`$select=id,deviceName,managedDeviceOwnerType,complianceState,lastSyncDateTime&`$top=999" -tenantid $TenantFilter Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData } catch { Write-AlertMessage -tenant $($TenantFilter) -message "Could not get compliance state for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)" diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 index d114a7426cc0..c8907e481339 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1 @@ -15,10 +15,14 @@ function Get-CIPPAlertInactiveLicensedUsers { try { $Lookup = (Get-Date).AddDays(-90).ToUniversalTime().ToString('o') - $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | Where-Object { $_.assignedLicenses.skuId -ne $null } + $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | + Where-Object { $null -ne $_.assignedLicenses.skuId } + + # true = only active users + if ($InputValue -eq $true) { $GraphRequest = $GraphRequest | Where-Object { $_.accountEnabled -eq $true } } $AlertData = foreach ($user in $GraphRequest) { $Message = 'User {0} has been inactive for 90 days, but still has a license assigned.' -f $user.UserPrincipalName - $user | Select-Object -Property userPrincipalname, signInActivity, @{Name = 'Message'; Expression = { $Message } } + $user | Select-Object -Property UserPrincipalName, signInActivity, @{Name = 'Message'; Expression = { $Message } } } Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 index 145d6c3b384f..e7e9ba47816e 100644 --- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 @@ -13,7 +13,7 @@ function Get-CIPPAlertNewAppApproval { ) try { $Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests?`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter - if ($Approvals.count -gt 1) { + if ($Approvals.count -gt 0) { $AlertData = "There are $($Approvals.count) App Approval(s) pending." Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData } diff --git a/Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1 b/Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1 index f3e1f525ac57..8bac3674e677 100644 --- a/Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1 @@ -18,13 +18,15 @@ function Get-CIPPRolePermissions { $Role = Get-CIPPAzDataTableEntity @Table -Filter $Filter if ($Role) { $Permissions = $Role.Permissions | ConvertFrom-Json + $AllowedTenants = if ($Role.AllowedTenants) { $Role.AllowedTenants | ConvertFrom-Json } else { @() } + $BlockedTenants = if ($Role.BlockedTenants) { $Role.BlockedTenants | ConvertFrom-Json } else { @() } [PSCustomObject]@{ Role = $Role.RowKey Permissions = $Permissions.PSObject.Properties.Value - AllowedTenants = if ($Role.AllowedTenants) { $Role.AllowedTenants | ConvertFrom-Json } else { @() } - BlockedTenants = if ($Role.BlockedTenants) { $Role.BlockedTenants | ConvertFrom-Json } else { @() } + AllowedTenants = @($AllowedTenants) + BlockedTenants = @($BlockedTenants) } } else { throw "Role $RoleName not found." } -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 index b221d89b7ea5..aa12f2741414 100644 --- a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 @@ -69,8 +69,8 @@ function Test-CIPPAccess { if ($PermissionsFound) { if ($TenantList.IsPresent) { $LimitedTenantList = foreach ($Permission in $PermissionSet) { - if (($Permission.AllowedTenants | Measure-Object).Count -eq 0 -and ($Permission.BlockedTenants | Measure-Object).Count -eq 0) { - return @('AllTenants') + if ((($Permission.AllowedTenants | Measure-Object).Count -eq 0 -or $Permission.AllowedTenants -contains 'AllTenants') -and (($Permission.BlockedTenants | Measure-Object).Count -eq 0)) { + @('AllTenants') } else { if ($Permission.AllowedTenants -contains 'AllTenants') { $Permission.AllowedTenants = $Tenants.customerId @@ -135,4 +135,4 @@ function Test-CIPPAccess { } else { return $true } -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 index 840145d08dee..4229e704b46f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 @@ -21,7 +21,7 @@ function Push-BPACollectData { $Table = Get-CippTable -tablename 'cachebpav2' $Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $TenantName.defaultDomainName -API $Item.Template if ($Rerun) { - Write-Host 'Detected rerun. Exiting cleanly' + Write-Host 'Detected rerun for BPA. Exiting cleanly' exit 0 } Write-Host "Working on BPA for $($TenantName.defaultDomainName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)" diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 index 2d8a0c7cd512..c64592b7aab2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 @@ -21,8 +21,8 @@ function Push-ListMailboxRulesQueue { } } if (($Rules | Measure-Object).Count -gt 0) { - foreach ($Rule in $Rules) { - $GraphRequest = [PSCustomObject]@{ + $GraphRequest = foreach ($Rule in $Rules) { + [PSCustomObject]@{ Rules = [string]($Rule | ConvertTo-Json) RowKey = [string](New-Guid).guid Tenant = [string]$domainName @@ -31,9 +31,9 @@ function Push-ListMailboxRulesQueue { } } else { - $Rules = @{ - Name = 'No rules found' - } | ConvertTo-Json + $Rules = @(@{ + Name = 'No rules found' + }) | ConvertTo-Json $GraphRequest = [PSCustomObject]@{ Rules = [string]$Rules RowKey = [string]$domainName diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 index 276c90519a39..27b206bbc513 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 @@ -12,7 +12,7 @@ function Push-CIPPStandard { $Standard = $Item.Standard $FunctionName = 'Invoke-CIPPStandard{0}' -f $Standard Write-Information "We'll be running $FunctionName" - $Rerun = Test-CIPPRerun -Type Standard -Tenant $Tenant -API $Standard + $Rerun = Test-CIPPRerun -Type Standard -Tenant $Tenant -API "$($Standard)_$($Item.templateId)" if ($Rerun) { Write-Information 'Detected rerun. Exiting cleanly' exit 0 diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-GetStandards.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-GetStandards.ps1 index fea482139854..df57ab77f885 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-GetStandards.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-GetStandards.ps1 @@ -16,6 +16,7 @@ function Push-GetStandards { Standard = $task.Standard Settings = $task.Settings QueueId = $Item.QueueId + templateId = $task.templateId QueueName = '{0} - {1}' -f $task.Standard, $Task.Tenant FunctionName = 'CIPPStandard' } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 new file mode 100644 index 000000000000..88080bdcf5b4 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1 @@ -0,0 +1,58 @@ + +function Invoke-ExecAzBobbyTables { + <# + .SYNOPSIS + Execute a AzBobbyTables function + .DESCRIPTION + This function is used to interact with Azure Tables. This is advanced functionality used for external integrations or SuperAdmin functionality. + .FUNCTIONALITY + Entrypoint + .ROLE + CIPP.SuperAdmin.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $AllowList = @( + 'Add-AzDataTableEntity' + 'Update-AzDataTableEntity' + 'Get-AzDataTableEntity' + 'Get-AzDataTable' + 'New-AzDataTable' + 'Remove-AzDataTableEntity' + 'Remove-AzDataTable' + ) + + $Function = $Request.Body.FunctionName + $Params = if ($Request.Body.Parameters) { + $Request.Body.Parameters | ConvertTo-Json -Compress -ErrorAction Stop | ConvertFrom-Json -AsHashtable + } else { + @{} + } + + if ($Function -in $AllowList) { + if ($Function -eq 'Get-AzDataTable') { + $Context = New-AzDataTableContext -ConnectionString $env:AzureWebJobsStorage + } else { + $Context = New-AzDataTableContext -ConnectionString $env:AzureWebJobsStorage -TableName $Request.Body.TableName + } + try { + $Results = & $Function -Context $Context @Params + if (!$Results) { + $Results = "Function $Function executed successfully" + } + $StatusCode = [HttpStatusCode]::OK + } catch { + $Results = $_.Exception.Message + $StatusCode = [HttpStatusCode]::InternalServerError + } + } else { + $Results = "Function $Function not found or not allowed" + $StatusCode = [HttpStatusCode]::NotFound + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = @($Results) + }) +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 index 053395d7d293..61905a757faf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 @@ -15,17 +15,19 @@ Function Invoke-ExecEditTemplate { try { $Table = Get-CippTable -tablename 'templates' - $Table.Force = $true $guid = $request.body.guid $JSON = ConvertTo-Json -Compress -Depth 100 -InputObject ($request.body | Select-Object * -ExcludeProperty GUID) - $Type = $request.Query.Type + $Type = $request.Body.Type if ($Type -eq 'IntuneTemplate') { Write-Host 'Intune Template' - Write-Host '' - $RawJSON = $request.body | Select-Object * -ExcludeProperty displayName, description, type, GUID | ConvertTo-Json -Depth 10 -Compress + $OriginalTemplate = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'IntuneTemplate' and GUID eq '$GUID'" + $OriginalTemplate = ($OriginalTemplate.JSON | ConvertFrom-Json -Depth 100) + $RawJSON = $OriginalTemplate.RAWJson Set-CIPPIntuneTemplate -RawJSON $RawJSON -GUID $GUID -DisplayName $Request.body.displayName -Description $Request.body.description -templateType $Request.body.type } else { + $Table.Force = $true + Add-CIPPAzDataTableEntity @Table -Entity @{ JSON = "$JSON" RowKey = "$GUID" diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/invoke-ListEmptyResults.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/invoke-ListEmptyResults.ps1 new file mode 100644 index 000000000000..c0497528c42a --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/invoke-ListEmptyResults.ps1 @@ -0,0 +1,19 @@ +using namespace System.Net + +Function invoke-ListEmptyResults { + <# + .FUNCTIONALITY + Entrypoint - Purposely lists an empty result + .ROLE + CIPP.Core + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = @() + }) + +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 index 700ff7065585..5e3726e5d73f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 @@ -17,7 +17,7 @@ Function Invoke-ExecAccessChecks { $LastRun = (Get-Date).ToUniversalTime() switch ($Request.Query.Type) { 'Permissions' { - if ($Request.Query.SkipCache -ne 'true') { + if ($Request.Query.SkipCache -ne 'true' -or $Request.Query.SkipCache -ne $true) { try { $Cache = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq 'AccessPermissions'" $Results = $Cache.Data | ConvertFrom-Json @@ -41,7 +41,7 @@ Function Invoke-ExecAccessChecks { $AccessChecks = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'TenantAccessChecks'" if (!$Request.Body.TenantId) { try { - $Tenants = Get-Tenants -IncludeErrors + $Tenants = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -ne $ENV:TenantID } $Results = foreach ($Tenant in $Tenants) { $TenantCheck = $AccessChecks | Where-Object -Property RowKey -EQ $Tenant.customerId | Select-Object -Property Data $TenantResult = [PSCustomObject]@{ @@ -81,8 +81,8 @@ Function Invoke-ExecAccessChecks { } } - if ($Request.Query.SkipCache -eq 'true') { - $null = Test-CIPPAccessTenant -ExecutingUser $Request.Headers.'x-ms-client-principal' + if ($Request.Query.SkipCache -eq 'true' -or $Request.Query.SkipCache -eq $true) { + $Message = Test-CIPPAccessTenant -ExecutingUser $Request.Headers.'x-ms-client-principal' } if ($Request.Body.TenantId) { @@ -93,7 +93,7 @@ Function Invoke-ExecAccessChecks { } 'GDAP' { - if (!$Request.Query.SkipCache -eq 'true') { + if (!$Request.Query.SkipCache -eq 'true' -or !$Request.Query.SkipCache -eq $true) { try { $Cache = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq 'GDAPRelationships'" $Results = $Cache.Data | ConvertFrom-Json @@ -114,12 +114,16 @@ Function Invoke-ExecAccessChecks { } } } + $Metadata = @{ + LastRun = $LastRun + } + if ($Message) { + $Metadata.AlertMessage = $Message + } $body = [pscustomobject]@{ 'Results' = $Results - 'Metadata' = @{ - 'LastRun' = $LastRun - } + 'Metadata' = $Metadata } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 index 2898b57c89ae..e07e8e139dca 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 @@ -41,7 +41,7 @@ Function Invoke-ExecRestoreBackup { $ht2 = @{} $line.psobject.properties | ForEach-Object { $ht2[$_.Name] = [string]$_.Value } $Table.Entity = $ht2 - Add-CIPPAzDataTableEntity @Table -Force + Add-AzDataTableEntity @Table -Force } Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Created backup' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 index 82363d390adb..fae7f8b60e5f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 @@ -11,29 +11,31 @@ Function Invoke-AddTransportRule { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExetutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExetutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, Comments, HasSenderOverride, ExceptIfHasSenderOverride, ExceptIfMessageContainsDataClassifications, MessageContainsDataClassifications + $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, HasSenderOverride, ExceptIfHasSenderOverride, ExceptIfMessageContainsDataClassifications, MessageContainsDataClassifications $Tenants = ($Request.body.selectedTenants).value - $Result = foreach ($Tenantfilter in $tenants) { - $Existing = New-ExoRequest -ErrorAction SilentlyContinue -tenantid $Tenantfilter -cmdlet 'Get-TransportRule' -useSystemMailbox $true | Where-Object -Property Identity -EQ $RequestParams.name + $Result = foreach ($tenantFilter in $tenants) { + $Existing = New-ExoRequest -ErrorAction SilentlyContinue -tenantid $tenantFilter -cmdlet 'Get-TransportRule' -useSystemMailbox $true | Where-Object -Property Identity -EQ $RequestParams.name try { if ($Existing) { Write-Host 'Found existing' $RequestParams | Add-Member -NotePropertyValue $RequestParams.name -NotePropertyName Identity - $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Set-TransportRule' -cmdParams ($RequestParams | Select-Object -Property * -ExcludeProperty UseLegacyRegex) -useSystemMailbox $true - "Successfully set transport rule for $tenantfilter." + $null = New-ExoRequest -tenantid $tenantFilter -cmdlet 'Set-TransportRule' -cmdParams ($RequestParams | Select-Object -Property * -ExcludeProperty UseLegacyRegex) -useSystemMailbox $true + "Successfully set transport rule for $tenantFilter." } else { Write-Host 'Creating new' - $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'New-TransportRule' -cmdParams $RequestParams -useSystemMailbox $true - "Successfully created transport rule for $tenantfilter." + $null = New-ExoRequest -tenantid $tenantFilter -cmdlet 'New-TransportRule' -cmdParams $RequestParams -useSystemMailbox $true + "Successfully created transport rule for $tenantFilter." } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Created transport rule for $($tenantfilter)" -sev Info + Write-LogMessage -user $ExetutingUser -API $APINAME -tenant $tenantFilter -message "Created transport rule for $($tenantFilter)" -sev Info } catch { - "Could not create transport rule for $($tenantfilter): $($_.Exception.message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Could not create transport rule for $($tenantfilter). Error:$($_.Exception.message)" -sev Error + $ErrorMessage = Get-CippException -Exception $_ + "Could not create transport rule for $($tenantFilter): $($ErrorMessage.NormalizedError)" + Write-LogMessage -user $ExetutingUser -API $APINAME -tenant $tenantFilter -message "Could not create transport rule for $($tenantFilter). Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 index 0f7fb738e6ff..9c176d7c8939 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 @@ -11,42 +11,44 @@ Function Invoke-AddTransportTemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - Write-Host ($request | ConvertTo-Json -Compress) + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + Write-Host ($request | ConvertTo-Json -Depth 10 -Compress) try { $GUID = (New-Guid).GUID $JSON = if ($request.body.PowerShellCommand) { Write-Host 'PowerShellCommand' $request.body.PowerShellCommand | ConvertFrom-Json - } - else { - ([pscustomobject]$Request.body | Select-Object Name, ActivationDate, ADComparisonAttribute, ADComparisonOperator, AddManagerAsRecipientType, AddToRecipients, AnyOfCcHeader, AnyOfCcHeaderMemberOf, AnyOfRecipientAddressContainsWords, AnyOfRecipientAddressMatchesPatterns, AnyOfToCcHeader, AnyOfToCcHeaderMemberOf, AnyOfToHeader, AnyOfToHeaderMemberOf, ApplyClassification, ApplyHtmlDisclaimerFallbackAction, ApplyHtmlDisclaimerLocation, ApplyHtmlDisclaimerText, ApplyOME, ApplyRightsProtectionCustomizationTemplate, ApplyRightsProtectionTemplate, AttachmentContainsWords, AttachmentExtensionMatchesWords, AttachmentHasExecutableContent, AttachmentIsPasswordProtected, AttachmentIsUnsupported, AttachmentMatchesPatterns, AttachmentNameMatchesPatterns, AttachmentProcessingLimitExceeded, AttachmentPropertyContainsWords, AttachmentSizeOver, BetweenMemberOf1, BetweenMemberOf2, BlindCopyTo, Comments, Confirm, ContentCharacterSetContainsWords, CopyTo, DeleteMessage, DlpPolicy, DomainController, Enabled, ExceptIfADComparisonAttribute, ExceptIfADComparisonOperator, ExceptIfAnyOfCcHeader, ExceptIfAnyOfCcHeaderMemberOf, ExceptIfAnyOfRecipientAddressContainsWords, ExceptIfAnyOfRecipientAddressMatchesPatterns, ExceptIfAnyOfToCcHeader, ExceptIfAnyOfToCcHeaderMemberOf, ExceptIfAnyOfToHeader, ExceptIfAnyOfToHeaderMemberOf, ExceptIfAttachmentContainsWords, ExceptIfAttachmentExtensionMatchesWords, ExceptIfAttachmentHasExecutableContent, ExceptIfAttachmentIsPasswordProtected, ExceptIfAttachmentIsUnsupported, ExceptIfAttachmentMatchesPatterns, ExceptIfAttachmentNameMatchesPatterns, ExceptIfAttachmentProcessingLimitExceeded, ExceptIfAttachmentPropertyContainsWords, ExceptIfAttachmentSizeOver, ExceptIfBetweenMemberOf1, ExceptIfBetweenMemberOf2, ExceptIfContentCharacterSetContainsWords, ExceptIfFrom, ExceptIfFromAddressContainsWords, ExceptIfFromAddressMatchesPatterns, ExceptIfFromMemberOf, ExceptIfFromScope, ExceptIfHasClassification, ExceptIfHasNoClassification, ExceptIfHasSenderOverride, ExceptIfHeaderContainsMessageHeader, ExceptIfHeaderContainsWords, ExceptIfHeaderMatchesMessageHeader, ExceptIfHeaderMatchesPatterns, ExceptIfManagerAddresses, ExceptIfManagerForEvaluatedUser, ExceptIfMessageContainsDataClassifications, ExceptIfMessageSizeOver, ExceptIfMessageTypeMatches, ExceptIfRecipientADAttributeContainsWords, ExceptIfRecipientADAttributeMatchesPatterns, ExceptIfRecipientAddressContainsWords, ExceptIfRecipientAddressMatchesPatterns, ExceptIfRecipientDomainIs, ExceptIfRecipientInSenderList, ExceptIfSCLOver, ExceptIfSenderADAttributeContainsWords, ExceptIfSenderADAttributeMatchesPatterns, ExceptIfSenderDomainIs, ExceptIfSenderInRecipientList, ExceptIfSenderIpRanges, ExceptIfSenderManagementRelationship, ExceptIfSentTo, ExceptIfSentToMemberOf, ExceptIfSentToScope, ExceptIfSubjectContainsWords, ExceptIfSubjectMatchesPatterns, ExceptIfSubjectOrBodyContainsWords, ExceptIfSubjectOrBodyMatchesPatterns, ExceptIfWithImportance, ExpiryDate, From, FromAddressContainsWords, FromAddressMatchesPatterns, FromMemberOf, FromScope, GenerateIncidentReport, GenerateNotification, HasClassification, HasNoClassification, HasSenderOverride, HeaderContainsMessageHeader, HeaderContainsWords, HeaderMatchesMessageHeader, HeaderMatchesPatterns, IncidentReportContent, IncidentReportOriginalMail, LogEventText, ManagerAddresses, ManagerForEvaluatedUser, MessageContainsDataClassifications, MessageSizeOver, MessageTypeMatches, Mode, ModerateMessageByManager, ModerateMessageByUser, NotifySender, PrependSubject, Quarantine, RecipientADAttributeContainsWords, RecipientADAttributeMatchesPatterns, RecipientAddressContainsWords, RecipientAddressMatchesPatterns, RecipientAddressType, RecipientDomainIs, RecipientInSenderList, RedirectMessageTo, RejectMessageEnhancedStatusCode, RejectMessageReasonText, RemoveHeader, RemoveOME, RemoveOMEv2, RemoveRMSAttachmentEncryption, RouteMessageOutboundConnector, RouteMessageOutboundRequireTls, RuleErrorAction, RuleSubType, SCLOver, SenderADAttributeContainsWords, SenderADAttributeMatchesPatterns, SenderAddressLocation, SenderDomainIs, SenderInRecipientList, SenderIpRanges, SenderManagementRelationship, SentTo, SentToMemberOf, SentToScope, SetAuditSeverity, SetHeaderName, SetHeaderValue, SetSCL, SmtpRejectMessageRejectStatusCode, SmtpRejectMessageRejectText, StopRuleProcessing, SubjectContainsWords, SubjectMatchesPatterns, SubjectOrBodyContainsWords, SubjectOrBodyMatchesPatterns, UseLegacyRegex, WithImportance ) | ForEach-Object { - $NonEmptyProperties = $_.psobject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name - $_ | Select-Object -Property $NonEmptyProperties - } + } else { + ([pscustomobject]$Request.body | Select-Object Name, ActivationDate, ADComparisonAttribute, ADComparisonOperator, AddManagerAsRecipientType, AddToRecipients, AnyOfCcHeader, AnyOfCcHeaderMemberOf, AnyOfRecipientAddressContainsWords, AnyOfRecipientAddressMatchesPatterns, AnyOfToCcHeader, AnyOfToCcHeaderMemberOf, AnyOfToHeader, AnyOfToHeaderMemberOf, ApplyClassification, ApplyHtmlDisclaimerFallbackAction, ApplyHtmlDisclaimerLocation, ApplyHtmlDisclaimerText, ApplyOME, ApplyRightsProtectionCustomizationTemplate, ApplyRightsProtectionTemplate, AttachmentContainsWords, AttachmentExtensionMatchesWords, AttachmentHasExecutableContent, AttachmentIsPasswordProtected, AttachmentIsUnsupported, AttachmentMatchesPatterns, AttachmentNameMatchesPatterns, AttachmentProcessingLimitExceeded, AttachmentPropertyContainsWords, AttachmentSizeOver, BetweenMemberOf1, BetweenMemberOf2, BlindCopyTo, Comments, Confirm, ContentCharacterSetContainsWords, CopyTo, DeleteMessage, DlpPolicy, DomainController, Enabled, ExceptIfADComparisonAttribute, ExceptIfADComparisonOperator, ExceptIfAnyOfCcHeader, ExceptIfAnyOfCcHeaderMemberOf, ExceptIfAnyOfRecipientAddressContainsWords, ExceptIfAnyOfRecipientAddressMatchesPatterns, ExceptIfAnyOfToCcHeader, ExceptIfAnyOfToCcHeaderMemberOf, ExceptIfAnyOfToHeader, ExceptIfAnyOfToHeaderMemberOf, ExceptIfAttachmentContainsWords, ExceptIfAttachmentExtensionMatchesWords, ExceptIfAttachmentHasExecutableContent, ExceptIfAttachmentIsPasswordProtected, ExceptIfAttachmentIsUnsupported, ExceptIfAttachmentMatchesPatterns, ExceptIfAttachmentNameMatchesPatterns, ExceptIfAttachmentProcessingLimitExceeded, ExceptIfAttachmentPropertyContainsWords, ExceptIfAttachmentSizeOver, ExceptIfBetweenMemberOf1, ExceptIfBetweenMemberOf2, ExceptIfContentCharacterSetContainsWords, ExceptIfFrom, ExceptIfFromAddressContainsWords, ExceptIfFromAddressMatchesPatterns, ExceptIfFromMemberOf, ExceptIfFromScope, ExceptIfHasClassification, ExceptIfHasNoClassification, ExceptIfHasSenderOverride, ExceptIfHeaderContainsMessageHeader, ExceptIfHeaderContainsWords, ExceptIfHeaderMatchesMessageHeader, ExceptIfHeaderMatchesPatterns, ExceptIfManagerAddresses, ExceptIfManagerForEvaluatedUser, ExceptIfMessageContainsDataClassifications, ExceptIfMessageSizeOver, ExceptIfMessageTypeMatches, ExceptIfRecipientADAttributeContainsWords, ExceptIfRecipientADAttributeMatchesPatterns, ExceptIfRecipientAddressContainsWords, ExceptIfRecipientAddressMatchesPatterns, ExceptIfRecipientDomainIs, ExceptIfRecipientInSenderList, ExceptIfSCLOver, ExceptIfSenderADAttributeContainsWords, ExceptIfSenderADAttributeMatchesPatterns, ExceptIfSenderDomainIs, ExceptIfSenderInRecipientList, ExceptIfSenderIpRanges, ExceptIfSenderManagementRelationship, ExceptIfSentTo, ExceptIfSentToMemberOf, ExceptIfSentToScope, ExceptIfSubjectContainsWords, ExceptIfSubjectMatchesPatterns, ExceptIfSubjectOrBodyContainsWords, ExceptIfSubjectOrBodyMatchesPatterns, ExceptIfWithImportance, ExpiryDate, From, FromAddressContainsWords, FromAddressMatchesPatterns, FromMemberOf, FromScope, GenerateIncidentReport, GenerateNotification, HasClassification, HasNoClassification, HasSenderOverride, HeaderContainsMessageHeader, HeaderContainsWords, HeaderMatchesMessageHeader, HeaderMatchesPatterns, IncidentReportContent, IncidentReportOriginalMail, LogEventText, ManagerAddresses, ManagerForEvaluatedUser, MessageContainsDataClassifications, MessageSizeOver, MessageTypeMatches, Mode, ModerateMessageByManager, ModerateMessageByUser, NotifySender, PrependSubject, Quarantine, RecipientADAttributeContainsWords, RecipientADAttributeMatchesPatterns, RecipientAddressContainsWords, RecipientAddressMatchesPatterns, RecipientAddressType, RecipientDomainIs, RecipientInSenderList, RedirectMessageTo, RejectMessageEnhancedStatusCode, RejectMessageReasonText, RemoveHeader, RemoveOME, RemoveOMEv2, RemoveRMSAttachmentEncryption, RouteMessageOutboundConnector, RouteMessageOutboundRequireTls, RuleErrorAction, RuleSubType, SCLOver, SenderADAttributeContainsWords, SenderADAttributeMatchesPatterns, SenderAddressLocation, SenderDomainIs, SenderInRecipientList, SenderIpRanges, SenderManagementRelationship, SentTo, SentToMemberOf, SentToScope, SetAuditSeverity, SetHeaderName, SetHeaderValue, SetSCL, SmtpRejectMessageRejectStatusCode, SmtpRejectMessageRejectText, StopRuleProcessing, SubjectContainsWords, SubjectMatchesPatterns, SubjectOrBodyContainsWords, SubjectOrBodyMatchesPatterns, UseLegacyRegex, WithImportance ) | + ForEach-Object { + $NonEmptyProperties = $_.PSObject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name + $_ | Select-Object -Property $NonEmptyProperties + } } $JSON = ($JSON | Select-Object @{n = 'name'; e = { $_.name } }, @{n = 'comments'; e = { $_.comments } }, * | ConvertTo-Json -Depth 10) $Table = Get-CippTable -tablename 'templates' $Table.Force = $true Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$json" + JSON = "$JSON" RowKey = "$GUID" PartitionKey = 'TransportTemplate' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' - $body = [pscustomobject]@{'Results' = 'Successfully added template' } - - } - catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create Transport Rule Template: $($_.Exception.Message)" -Sev 'Error' - $body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" } + Write-LogMessage -user $ExecutingUser -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug + $body = [pscustomobject]@{'Results' = "Created Transport Rule Template $($Request.body.name) with GUID $GUID" } + $StatusCode = [HttpStatusCode]::OK + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APINAME -message "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + $body = [pscustomobject]@{'Results' = "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" } + $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $body }) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 index 52837656b0e0..eb8f57c38f10 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 @@ -11,28 +11,33 @@ Function Invoke-EditTransportRule { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenantfilter = $request.Query.tenantfilter + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter + $Identity = $Request.Query.guid ?? $Request.body.guid + $State = $Request.Query.state ?? $Request.body.state $Params = @{ - Identity = $request.query.guid + Identity = $Identity } try { - $cmdlet = if ($request.query.state -eq 'enable') { 'Enable-TransportRule' } else { 'Disable-TransportRule' } - $null = New-ExoRequest -tenantid $Tenantfilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true - $Result = "Set transport rule $($Request.query.guid) to $($request.query.State)" - Write-LogMessage -user $User -API $APINAME -tenant $tenantfilter -message "Set transport rule $($Request.query.guid) to $($request.query.State)" -sev Info + $cmdlet = if ($State -eq 'enable') { 'Enable-TransportRule' } else { 'Disable-TransportRule' } + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true + $Result = "Set transport rule $($Identity) to $($State)" + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message $Result -sev Info + $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $tenantfilter -message "Failed setting transport rule $($Request.query.guid) to $($request.query.State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Failed setting transport rule $($Identity) to $($State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError + $StatusCode = [HttpStatusCode]::Forbidden } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = @{Results = $Result } }) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 index 7dac7da9c2fd..145a0ed7c46d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 @@ -11,22 +11,30 @@ Function Invoke-ExecHideFromGAL { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExecutingUser = $Request.headers.'x-ms-client-principal' + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + + # Support if the request is a POST or a GET. So to support legacy(GET) and new(POST) requests + $UserId = $Request.Query.ID ?? $Request.body.ID + $TenantFilter = $Request.Query.TenantFilter ?? $Request.body.tenantFilter + $Hidden = -not [string]::IsNullOrWhiteSpace($Request.Query.HideFromGAL) ? [System.Convert]::ToBoolean($Request.Query.HideFromGAL) : [System.Convert]::ToBoolean($Request.body.HideFromGAL) - $TenantFilter = $request.query.tenantfilter Try { - $Hidden = [System.Convert]::ToBoolean($Request.query.HideFromGal) - $HideResults = Set-CIPPHideFromGAL -tenantFilter $tenantFilter -userid $Request.query.ID -HideFromGAL $Hidden -ExecutingUser $request.headers.'x-ms-client-principal' -APIName 'ExecOffboardUser' + $HideResults = Set-CIPPHideFromGAL -tenantFilter $TenantFilter -UserID $UserId -hidefromgal $Hidden -ExecutingUser $ExecutingUser -APIName $APIName $Results = [pscustomobject]@{'Results' = $HideResults } + $StatusCode = [HttpStatusCode]::OK } catch { - $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Hide/UnHide from GAL failed: $($_.Exception.Message)" -Sev 'Error' + $ErrorMessage = Get-CippException -Exception $_ + $Results = [pscustomobject]@{'Results' = "Failed. $($ErrorMessage.NormalizedError)" } + $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $Results }) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 new file mode 100644 index 000000000000..993f894fed02 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 @@ -0,0 +1,34 @@ +using namespace System.Net + +Function Invoke-ListGlobalAddressList { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Exchange.Mailbox.Read + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter + + try { + $GAL = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Recipient' -cmdParams @{ResultSize = 'unlimited'; SortBy = 'DisplayName' } ` + -Select 'Identity, DisplayName, Alias, PrimarySmtpAddress, ExternalDirectoryObjectId, HiddenFromAddressListsEnabled, EmailAddresses, IsDirSynced, SKUAssigned, RecipientType, RecipientTypeDetails, AddressListMembership' | Select-Object -ExcludeProperty *odata*, *data.type* + $StatusCode = [HttpStatusCode]::OK + } catch { + $ErrorMessage = Get-CippException -Exception $_ + $StatusCode = [HttpStatusCode]::Forbidden + $GAL = $ErrorMessage.NormalizedError + } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = @($GAL) + }) + +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 index d019dc129e6f..d0e3c340a7b5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 @@ -24,6 +24,7 @@ Function Invoke-AddMSPApp { $InstallParams = [pscustomobject]$RMMApp.params switch ($rmmapp.RMMName.value) { 'datto' { + Write-Host 'test' $installcommandline = "powershell.exe -executionpolicy bypass .\install.ps1 -URL $($InstallParams.DattoURL) -GUID $($InstallParams.DattoGUID."$($tenant.customerId)")" $UninstallCommandLine = 'powershell.exe -executionpolicy bypass .\uninstall.ps1' } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 index 8000d6f46d2f..4af8ca501a15 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 @@ -13,14 +13,14 @@ Function Invoke-ExecAssignPolicy { $APIName = $TriggerMetadata.FunctionName Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenant = $request.query.tenantfilter - $ID = $request.query.id - $displayname = $request.query.Displayname - $AssignTo = if ($request.query.Assignto -ne 'on') { $request.query.Assignto } + $Tenant = $request.body.tenantfilter + $ID = $request.body.id + $displayname = $request.body.Displayname + $AssignTo = if ($request.body.Assignto -ne 'on') { $request.body.Assignto } $results = try { if ($AssignTo) { - $assign = Set-CIPPAssignedPolicy -PolicyId $ID -TenantFilter $tenant -GroupName $AssignTo -Type $Request.query.Type + $assign = Set-CIPPAssignedPolicy -PolicyId $ID -TenantFilter $tenant -GroupName $AssignTo -Type $Request.body.Type Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $AssignTo" -Sev 'Info' } "Successfully edited policy for $($Tenant)" diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 index 14101947635f..7fd95cdeb8f4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 @@ -11,29 +11,28 @@ Function Invoke-ExecDeviceDelete { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - # Interact with query parameters or the body of the request. + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + # Interact with body parameters or the body of the request. + $TenantFilter = $Request.body.tenantFilter ?? $Request.Query.tenantFilter + $Action = $Request.body.action ?? $Request.Query.action + $DeviceID = $Request.body.ID ?? $Request.Query.ID try { - $url = "https://graph.microsoft.com/beta/devices/$($request.query.id)" - if ($Request.query.action -eq 'delete') { - $ActionResult = New-GraphPOSTRequest -uri $url -type DELETE -tenantid $Request.Query.TenantFilter - } elseif ($Request.query.action -eq 'disable') { - $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": false }' - } elseif ($Request.query.action -eq 'enable') { - $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": true }' - } - Write-Host $ActionResult - $body = [pscustomobject]@{'Results' = "Executed action $($Request.query.action) on $($Request.query.id)" } + $Results = Set-CIPPDeviceState -Action $Action -DeviceID $DeviceID -TenantFilter $TenantFilter -ExecutingUser $ExecutingUser -APIName $APINAME + $StatusCode = [HttpStatusCode]::OK } catch { - $body = [pscustomobject]@{'Results' = "Failed to queue action $($Request.query.action) on $($request.query.id): $($_.Exception.Message)" } + $Results = $_.Exception.Message + $StatusCode = [HttpStatusCode]::BadRequest } + Write-Host $Results + $body = [pscustomobject]@{'Results' = "$Results" } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $body }) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index abe7fd5bf030..4ed2b204bfc1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -23,7 +23,7 @@ Function Invoke-EditUser { }) return } - $Results = [System.Collections.Generic.List[string]]::new() + $Results = [System.Collections.Generic.List[object]]::new() $licenses = ($UserObj.licenses).value $Aliases = if ($UserObj.AddedAliases) { ($UserObj.AddedAliases) -split '\s' } $AddToGroups = $Request.body.AddToGroups @@ -51,7 +51,7 @@ Function Invoke-EditUser { 'streetAddress' = $UserObj.streetAddress 'postalCode' = $UserObj.PostalCode 'companyName' = $UserObj.CompanyName - 'otherMails' = @($UserObj.otherMails) + 'otherMails' = $UserObj.otherMails ? @($UserObj.otherMails) : @() 'passwordProfile' = @{ 'forceChangePasswordNextSignIn' = [bool]$UserObj.MustChangePass } @@ -133,7 +133,7 @@ Function Invoke-EditUser { if ($Request.body.CopyFrom.value) { $CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $User -CopyFromId $Request.body.CopyFrom.value -UserID $UserPrincipalName -TenantFilter $UserObj.tenantFilter - $null = $results.AddRange($CopyFrom) + $null = $results.AddRange(@($CopyFrom)) } if ($AddToGroups) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 index 0dbf730fb00e..fad747bb3e2f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 @@ -129,7 +129,15 @@ Function Invoke-ListUserMailboxDetails { # Get forwarding address $ForwardingAddress = if ($MailboxDetailedRequest.ForwardingAddress) { - (New-GraphGetRequest -TenantId $TenantFilter -Uri "https://graph.microsoft.com/beta/users/$($MailboxDetailedRequest.ForwardingAddress)").UserPrincipalName + try { + (New-GraphGetRequest -TenantId $TenantFilter -Uri "https://graph.microsoft.com/beta/users/$($MailboxDetailedRequest.ForwardingAddress)").UserPrincipalName + } catch { + try { + '{0} ({1})' -f $MailboxDetailedRequest.ForwardingAddress, (($((New-GraphGetRequest -TenantId $TenantFilter -Uri "https://graph.microsoft.com/beta/users?`$filter=displayName eq '$($MailboxDetailedRequest.ForwardingAddress)'") | Select-Object -First 1 -ExpandProperty UserPrincipalName))) + } catch { + $MailboxDetailedRequest.ForwardingAddress + } + } } elseif ($MailboxDetailedRequest.ForwardingSmtpAddress -and $MailboxDetailedRequest.ForwardingAddress) { "$($MailboxDetailedRequest.ForwardingAddress) $($MailboxDetailedRequest.ForwardingSmtpAddress)" } else { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 index a8c4af96c998..4ea9b6d8a35a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 @@ -23,14 +23,7 @@ Function Invoke-ListUserMailboxRules { $TenantFilter = $Request.Query.TenantFilter $UserID = $Request.Query.UserID $UserEmail = if ([string]::IsNullOrWhiteSpace($Request.Query.userEmail)) { $UserID } else { $Request.Query.userEmail } - $GraphRequest = New-ExoRequest -Anchor $UserID -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{mailbox = $UserID; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' } | Select-Object - @{ Name = 'DisplayName'; Expression = { $_.displayName } }, - @{ Name = 'Description'; Expression = { $_.Description } }, - @{ Name = 'Redirect To'; Expression = { $_.RedirectTo } }, - @{ Name = 'Copy To Folder'; Expression = { $_.CopyToFolder } }, - @{ Name = 'Move To Folder'; Expression = { $_.MoveToFolder } }, - @{ Name = 'Soft Delete Message'; Expression = { $_.SoftDeleteMessage } }, - @{ Name = 'Delete Message'; Expression = { $_.DeleteMessage } } + $GraphRequest = New-ExoRequest -Anchor $UserID -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{mailbox = $UserID; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' } | Select-Object * -ExcludeProperty RuleIdentity } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -user $User -API $APINAME -message "Failed to retrieve mailbox rules $($UserEmail): $($ErrorMessage.NormalizedError) " -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 index 29b622550ef2..bf31040b83a8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 @@ -89,7 +89,7 @@ Function Invoke-ExecIncidentsList { if (!$body) { $StatusCode = [HttpStatusCode]::OK $body = [PSCustomObject]@{ - MSResults = ($GraphRequest | Where-Object -Property id -NE $null) + Results = @($GraphRequest | Where-Object -Property id -NE $null) } } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 index 35017077da0f..2d23640c9fcd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 @@ -44,12 +44,12 @@ Function Invoke-ListSites { @{ id = 'listAllSites' method = 'GET' - url = "sites/getAllSites?`$filter=$($Filter)&`$select=id,createdDateTime,description,name,displayName,isPersonalSite,lastModifiedDateTime,webUrl,siteCollection,sharepointIds" + url = "sites/getAllSites?`$filter=$($Filter)&`$select=id,createdDateTime,description,name,displayName,isPersonalSite,lastModifiedDateTime,webUrl,siteCollection,sharepointIds&`$top=999" } @{ id = 'usage' method = 'GET' - url = "reports/get$($type)Detail(period='D7')?`$format=application/json" + url = "reports/get$($type)Detail(period='D7')?`$format=application/json&`$top=999" } ) @@ -90,7 +90,11 @@ Function Invoke-ListSites { url = "sites/$($Site.siteId)/lists?`$select=id,name,list,parentReference" } } - $Requests = (New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($Requests) -asapp $true).body.value | Where-Object { $_.list.template -eq 'DocumentLibrary' } + try { + $Requests = (New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($Requests) -asapp $true).body.value | Where-Object { $_.list.template -eq 'DocumentLibrary' } + } catch { + Write-LogMessage -Message "Error getting auto map urls: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter -API 'ListSites' -LogData (Get-CippException -Exception $_) + } $GraphRequest = foreach ($Site in $GraphRequest) { $ListId = ($Requests | Where-Object { $_.parentReference.siteId -like "*$($Site.siteId)*" }).id $site.AutoMapUrl = "tenantId=$($TenantId)&webId={$($Site.webId)}&siteid={$($Site.siteId)}&webUrl=$($Site.webUrl)&listId={$($ListId)}" diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 index 11870bac1165..5dd1c14a4ede 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 @@ -21,12 +21,17 @@ Function Invoke-ListTeamsVoice { $TenantFilter = $Request.Query.TenantFilter $tenantid = (Get-Tenants | Where-Object -Property defaultDomainName -EQ $Request.Query.TenantFilter).customerId try { - $users = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$top=999&`$select=id,userPrincipalName,displayname" -tenantid $TenantFilter) + $users = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$top=999&`$select=id,userPrincipalName,displayName" -tenantid $TenantFilter) $skip = 0 $GraphRequest = do { $data = (New-TeamsAPIGetRequest -uri "https://api.interfaces.records.teams.microsoft.com/Skype.TelephoneNumberMgmt/Tenants/$($Tenantid)/telephone-numbers?skip=$($skip)&locale=en-US&top=999" -tenantid $TenantFilter).TelephoneNumbers | ForEach-Object { - $CompleteRequest = $_ | Select-Object *, 'AssignedTo', 'AcquisitionDate' -ErrorAction SilentlyContinue - $CompleteRequest.AcquisitionDate = $CompleteRequest.AcquisitionDate -split 'T' | Select-Object -First 1 + try { + $CompleteRequest = $_ | Select-Object *, 'AssignedTo', 'AcquisitionDate' -ErrorAction SilentlyContinue + $CompleteRequest.AcquisitionDate = $CompleteRequest.AcquisitionDate -split 'T' | Select-Object -First 1 + } catch { + $CompleteRequest = $_ | Select-Object *, 'AssignedTo' -ErrorAction SilentlyContinue + } + if ($CompleteRequest.TargetId -eq '00000000-0000-0000-0000-000000000000') { $CompleteRequest.AssignedTo = 'Unassigned' } else { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 index 50a3c1486f61..8fee5dbf56f8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListTenantOnboarding.ps1 @@ -22,15 +22,16 @@ function Invoke-ListTenantOnboarding { $TenantOnboarding.Logs = $Logs $TenantOnboarding }) + $Results = $Results | Sort-Object Timestamp -Descending $StatusCode = [HttpStatusCode]::OK } catch { - $ErrorMsg = Get-NormalizedError -message $($_.Exception.Message) - $Results = "Function Error: $($_.InvocationInfo.ScriptLineNumber) - $ErrorMsg" + $ErrorMessage = Get-CippException -Exception $_ + $Results = "Function Error: $($ErrorMessage.LineNumber) - $($ErrorMessage.NormalizedError)" $StatusCode = [HttpStatusCode]::BadRequest } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode - Body = $Results + Body = @($Results) }) -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 index fccb38d002ef..4227a6f78be8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 @@ -14,6 +14,7 @@ Function Invoke-ListTenants { Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantAccess = Test-CIPPAccess -Request $Request -TenantList + Write-Host "Tenant Access: $TenantAccess" if ($TenantAccess -notcontains 'AllTenants') { $AllTenantSelector = $false diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 index 889b79f232c6..922357511af4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 @@ -107,10 +107,10 @@ Function Invoke-ExecAddGDAPRole { $RoleMappings = [System.Collections.Generic.List[object]]::new() if ($ExistingRoleMappings) { - $RoleMappings.AddRange($ExistingRoleMappings) + $RoleMappings.AddRange(@($ExistingRoleMappings)) } if ($NewRoleMappings) { - $RoleMappings.AddRange($NewRoleMappings) + $RoleMappings.AddRange(@($NewRoleMappings)) } if ($Request.Body.templateId) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 index 71fa0635d60a..a901e108b61b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 @@ -31,7 +31,7 @@ Function Invoke-AddStandardsTemplate { } Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created CA Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' - $body = [pscustomobject]@{'Results' = 'Successfully added template' } + $body = [pscustomobject]@{'Results' = 'Successfully added template'; id = $GUID } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardConvert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardConvert.ps1 index 659ca385d93b..915ba2ef475b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardConvert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardConvert.ps1 @@ -204,7 +204,7 @@ function Invoke-ExecStandardConvert { $Converted | Add-Member -NotePropertyName 'createdAt' -NotePropertyValue ((Get-Date).ToUniversalTime()) -Force $Converted | Add-Member -NotePropertyName 'updatedBy' -NotePropertyValue 'System' -Force $Converted | Add-Member -NotePropertyName 'updatedAt' -NotePropertyValue (Get-Date).ToUniversalTime() -Force - $JSON = ConvertTo-Json -Depth 40 -InputObject $Converted + $JSON = ConvertTo-Json -Depth 100 -InputObject $Converted -Compress $Table = Get-CippTable -tablename 'templates' $Table.Force = $true diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 index 7ba2206daf02..74c88643ce89 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 @@ -26,7 +26,7 @@ Function Invoke-ExecStandardsRun { if ($Config -and $Config.state -eq $true) { if ($env:CIPP_PROCESSOR -ne 'true') { - + $ProcessorFunction = [PSCustomObject]@{ PartitionKey = 'Function' RowKey = "Invoke-CIPPStandardsRun-$tenantfilter" diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 index ca8b373bcadc..0df80f7d9f7a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 @@ -34,9 +34,9 @@ Function Invoke-ListBPA { if ($Request.query.tenantFilter -ne 'AllTenants' -and $Style -eq 'Tenant') { + $CustomerId = (Get-Tenants -TenantFilter $Request.query.tenantFilter).customerId $mergedObject = New-Object pscustomobject - - $Data = (Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq '$($Request.query.tenantFilter)'") | ForEach-Object { + $Data = (Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq '$CustomerId'") | ForEach-Object { $row = $_ $JSONFields | ForEach-Object { $jsonContent = $row.$_ @@ -48,6 +48,7 @@ Function Invoke-ListBPA { } } $row.PSObject.Properties | ForEach-Object { + Write-Host "Adding $($_.Name) to mergedObject" $mergedObject | Add-Member -NotePropertyName $_.Name -NotePropertyValue $_.Value -Force } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 index eaeba1486007..ebf7a663e342 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 @@ -15,10 +15,10 @@ Function Invoke-listStandardTemplates { $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object { $JSON = $_.JSON try { + $RowKey = $_.RowKey $data = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue } catch { - Write-Host "Could not load standard template: $($_.Exception.Message). Content of the template is: $($JSON)." - Write-Host "Template GUID: $($_.GUID)" + Write-Host "$($RowKey)" return } $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesTenant.ps1 index d894b6118af8..812a8c46b272 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesTenant.ps1 @@ -17,7 +17,11 @@ Function Invoke-ListBreachesTenant { } else { $filter = $null } - $usersResults = (Get-CIPPAzDataTableEntity @Table -Filter $filter).breaches | ConvertFrom-Json -ErrorAction SilentlyContinue + try { + $usersResults = (Get-CIPPAzDataTableEntity @Table -Filter $filter).breaches | ConvertFrom-Json -ErrorAction SilentlyContinue + } catch { + $usersResults = $null + } if ($usersResults -eq $null) { $usersResults = @() } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 index 01e7cacb254f..e61191283062 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 @@ -11,14 +11,12 @@ Function Invoke-ListDefenderTVM { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' - # Interact with query parameters or the body of the request. - $TenantFilter = $Request.Query.TenantFilter try { $GraphRequest = New-GraphgetRequest -tenantid $TenantFilter -uri "https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesByMachine?`$top=999" -scope 'https://api.securitycenter.microsoft.com/.default' | Group-Object cveid $GroupObj = foreach ($cve in $GraphRequest) { @@ -42,6 +40,7 @@ Function Invoke-ListDefenderTVM { $StatusCode = [HttpStatusCode]::Forbidden $GroupObj = $ErrorMessage } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 index 26d68ac580b7..cb763699e04c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 @@ -11,22 +11,21 @@ Function Invoke-ListDeletedItems { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $selectlist = 'id', 'accountEnabled', 'businessPhones', 'city', 'createdDateTime', 'companyName', 'country', 'department', 'displayName', 'faxNumber', 'givenName', 'isResourceAccount', 'jobTitle', 'mail', 'mailNickname', 'mobilePhone', 'onPremisesDistinguishedName', 'officeLocation', 'onPremisesLastSyncDateTime', 'otherMails', 'postalCode', 'preferredDataLocation', 'preferredLanguage', 'proxyAddresses', 'showInAddressList', 'state', 'streetAddress', 'surname', 'usageLocation', 'userPrincipalName', 'userType', 'assignedLicenses', 'onPremisesSyncEnabled', 'LicJoined', 'Aliases', 'primDomain' - - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' # Interact with query parameters or the body of the request. - $TenantFilter = $Request.Query.TenantFilter $Types = 'Application', 'User', 'Device', 'Group' $GraphRequest = foreach ($Type in $Types) { - (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/directory/deletedItems/microsoft.graph.$($Type)" -tenantid $TenantFilter) | Where-Object -Property '@odata.context' -NotLike '*graph.microsoft.com*' | Select-Object *, @{ Name = 'TargetType'; Expression = { $Type } } + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/directory/deletedItems/microsoft.graph.$($Type)" -tenantid $TenantFilter) | + Where-Object -Property '@odata.context' -NotLike '*graph.microsoft.com*' | + Select-Object *, @{ Name = 'TargetType'; Expression = { $Type } } } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK Body = @($GraphRequest) }) - } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index 8e65b6f27001..c2ad60650959 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -57,47 +57,48 @@ Function Invoke-ListIntunePolicy { $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter $GraphRequest = $BulkResults | ForEach-Object { - $URLName = $_.Id - $_.body.Value | ForEach-Object { - $policyTypeName = switch -Wildcard ($_.'assignments@odata.context') { - '*microsoft.graph.windowsIdentityProtectionConfiguration*' { 'Identity Protection' } - '*microsoft.graph.windows10EndpointProtectionConfiguration*' { 'Endpoint Protection' } - '*microsoft.graph.windows10CustomConfiguration*' { 'Custom' } - '*microsoft.graph.windows10DeviceFirmwareConfigurationInterface*' { 'Firmware Configuration' } - '*groupPolicyConfigurations*' { 'Administrative Templates' } - '*windowsDomainJoinConfiguration*' { 'Domain Join configuration' } - '*windowsUpdateForBusinessConfiguration*' { 'Update Configuration' } - '*windowsHealthMonitoringConfiguration*' { 'Health Monitoring' } - '*microsoft.graph.macOSGeneralDeviceConfiguration*' { 'MacOS Configuration' } - '*microsoft.graph.macOSEndpointProtectionConfiguration*' { 'MacOS Endpoint Protection' } - '*microsoft.graph.androidWorkProfileGeneralDeviceConfiguration*' { 'Android Configuration' } - default { $_.'assignments@odata.context' } - } - $Assignments = $_.assignments.target | Select-Object -Property '@odata.type', groupId - $PolicyAssignment = [System.Collections.Generic.List[string]]::new() - $PolicyExclude = [System.Collections.Generic.List[string]]::new() - ForEach ($target in $Assignments) { - switch ($target.'@odata.type') { - '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') } - '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') } - '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') } - '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') } - '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } - '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } - default { - $PolicyAssignment.Add($null) - $PolicyExclude.Add($null) + $URLName = $_.Id + $_.body.Value | ForEach-Object { + $policyTypeName = switch -Wildcard ($_.'assignments@odata.context') { + '*microsoft.graph.windowsIdentityProtectionConfiguration*' { 'Identity Protection' } + '*microsoft.graph.windows10EndpointProtectionConfiguration*' { 'Endpoint Protection' } + '*microsoft.graph.windows10CustomConfiguration*' { 'Custom' } + '*microsoft.graph.windows10DeviceFirmwareConfigurationInterface*' { 'Firmware Configuration' } + '*groupPolicyConfigurations*' { 'Administrative Templates' } + '*windowsDomainJoinConfiguration*' { 'Domain Join configuration' } + '*windowsUpdateForBusinessConfiguration*' { 'Update Configuration' } + '*windowsHealthMonitoringConfiguration*' { 'Health Monitoring' } + '*microsoft.graph.macOSGeneralDeviceConfiguration*' { 'MacOS Configuration' } + '*microsoft.graph.macOSEndpointProtectionConfiguration*' { 'MacOS Endpoint Protection' } + '*microsoft.graph.androidWorkProfileGeneralDeviceConfiguration*' { 'Android Configuration' } + default { $_.'assignments@odata.context' } + } + $Assignments = $_.assignments.target | Select-Object -Property '@odata.type', groupId + $PolicyAssignment = [System.Collections.Generic.List[string]]::new() + $PolicyExclude = [System.Collections.Generic.List[string]]::new() + ForEach ($target in $Assignments) { + switch ($target.'@odata.type') { + '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') } + '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') } + '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') } + '#microsoft.graph.allLicensedUsersAssignmentTarget' { $PolicyAssignment.Add('All Licenced Users') } + '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') } + '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } + '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } + default { + $PolicyAssignment.Add($null) + $PolicyExclude.Add($null) + } } } - } - if ($_.displayname -eq $null) { $_ | Add-Member -NotePropertyName displayName -NotePropertyValue $_.name } - $_ | Add-Member -NotePropertyName PolicyTypeName -NotePropertyValue $policyTypeName - $_ | Add-Member -NotePropertyName URLName -NotePropertyValue $URLName - $_ | Add-Member -NotePropertyName PolicyAssignment -NotePropertyValue ($PolicyAssignment -join ', ') - $_ | Add-Member -NotePropertyName PolicyExclude -NotePropertyValue ($PolicyExclude -join ', ') - $_ - } | Where-Object { $_.DisplayName -ne $null } - } + if ($_.displayname -eq $null) { $_ | Add-Member -NotePropertyName displayName -NotePropertyValue $_.name } + $_ | Add-Member -NotePropertyName PolicyTypeName -NotePropertyValue $policyTypeName + $_ | Add-Member -NotePropertyName URLName -NotePropertyValue $URLName + $_ | Add-Member -NotePropertyName PolicyAssignment -NotePropertyValue ($PolicyAssignment -join ', ') + $_ | Add-Member -NotePropertyName PolicyExclude -NotePropertyValue ($PolicyExclude -join ', ') + $_ + } | Where-Object { $_.DisplayName -ne $null } + } } $StatusCode = [HttpStatusCode]::OK } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 index 37ee1c5bc2a3..240d12d26d98 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 @@ -34,20 +34,25 @@ Function Invoke-ListIntuneTemplates { #List new policies $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'IntuneTemplate'" - $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter).JSON | ConvertFrom-Json + $RawTemplates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) if ($Request.query.View) { - $Templates = $Templates | ForEach-Object { - $data = $_.RAWJson | ConvertFrom-Json -Depth 100 - $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $_.Displayname -Force - $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $_.Description -Force - $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $_.Type -Force + $Templates = $RawTemplates | ForEach-Object { + $JSONData = $_.JSON | ConvertFrom-Json + $data = $JSONData.RAWJson | ConvertFrom-Json -Depth 100 + $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $JSONData.Displayname -Force + $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $JSONData.Description -Force + $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force $data } | Sort-Object -Property displayName + } else { + $Templates = $RawTemplates.JSON | ConvertFrom-Json } if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property guid -EQ $Request.query.id } + # Sort all output regardless of view condition + $Templates = $Templates | Sort-Object -Property displayName # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 index 6bb9ae19db44..570702815e40 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 @@ -10,13 +10,6 @@ Function Invoke-ListMailboxRules { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' - # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter @@ -26,11 +19,12 @@ Function Invoke-ListMailboxRules { } $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).Addhours(-1) + $Metadata = @{} if (!$Rows -or ($TenantFilter -eq 'AllTenants' -and ($Rows | Measure-Object).Count -eq 1)) { - $GraphRequest = [PSCustomObject]@{ - Tenant = 'Loading data. Please check back in 1 minute' - Licenses = 'Loading data. Please check back in 1 minute' + $Metadata = [PSCustomObject]@{ + QueueMessage = 'Loading data. Please check back in 1 minute' } + $GraphRequest = @() if ($TenantFilter -eq 'AllTenants') { $Tenants = Get-Tenants -IncludeErrors | Select-Object defaultDomainName @@ -57,15 +51,20 @@ Function Invoke-ListMailboxRules { $Rows = $Rows | Where-Object -Property Tenant -EQ $TenantFilter } $GraphRequest = $Rows | ForEach-Object { - $NewObj = $_.Rules | ConvertFrom-Json - $NewObj | Add-Member -NotePropertyName 'Tenant' -NotePropertyValue $_.Tenant + $NewObj = $_.Rules | ConvertFrom-Json -ErrorAction SilentlyContinue + $NewObj | Add-Member -NotePropertyName 'Tenant' -NotePropertyValue $_.Tenant -Force $NewObj } } + $Body = @{ + Results = @($GraphRequest) + Metadata = $Metadata + } + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK - Body = @($GraphRequest) + Body = $Body }) } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 index c69a160045ec..0be3e36c27e5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 @@ -20,7 +20,7 @@ Function Invoke-ListMailboxes { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter try { - $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress' + $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled,ExternalDirectoryObjectId' $ExoRequest = @{ tenantid = $TenantFilter cmdlet = 'Get-Mailbox' @@ -67,7 +67,9 @@ Function Invoke-ListMailboxes { @{ Name = 'AdditionalEmailAddresses'; Expression = { ($_.'EmailAddresses' | Where-Object { $_ -clike 'smtp:*' }).Replace('smtp:', '') -join ', ' } }, @{Name = 'ForwardingSmtpAddress'; Expression = { $_.'ForwardingSmtpAddress' -replace 'smtp:', '' } }, @{Name = 'InternalForwardingAddress'; Expression = { $_.'ForwardingAddress' } }, - DeliverToMailboxAndForward + DeliverToMailboxAndForward, + HiddenFromAddressListsEnabled, + ExternalDirectoryObjectId $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 index 5547efe9cfd2..c540e1803567 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 @@ -19,7 +19,7 @@ Function Invoke-ListSignIns { $Days = $Request.Query.Days ?? 7 try { - if ($Request.Query.failedLogonsOnly) { + if ($Request.Query.failedLogonsOnly -eq 'true' -or $Request.Query.failedLogonsOnly -eq $true) { $FailedLogons = ' and (status/errorCode eq 50126)' } diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 index 613b0fdc0555..d62dcb8fd8ed 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 @@ -19,6 +19,12 @@ function Start-CIPPStatsTimer { $CIPPRoot = (Get-Item $ModuleBase).Parent.Parent.FullName $APIVersion = Get-Content "$CIPPRoot\version_latest.txt" | Out-String + $Table = Get-CIPPTable -TableName Extensionsconfig + try { + $RawExt = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -Depth 10 -ErrorAction Stop + } catch { + $RawExt = @{} + } $SendingObject = [PSCustomObject]@{ rgid = $env:WEBSITE_SITE_NAME @@ -26,6 +32,14 @@ function Start-CIPPStatsTimer { RunningVersionAPI = $APIVersion.trim() CountOfTotalTenants = $tenantcount uid = $env:TenantID + CIPPAPI = $RawExt.CIPPAPI.Enabled + Hudu = $RawExt.Hudu.Enabled + Sherweb = $RawExt.Sherweb.Enabled + Gradient = $RawExt.Gradient.Enabled + NinjaOne = $RawExt.NinjaOne.Enabled + haloPSA = $RawExt.haloPSA.Enabled + HIBP = $RawExt.HIBP.Enabled + PWPush = $RawExt.PWPush.Enabled } | ConvertTo-Json Invoke-RestMethod -Uri 'https://management.cipp.app/api/stats' -Method POST -Body $SendingObject -ContentType 'application/json' diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 index c613c9370b7b..3018d7abf23d 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-CippSamPermissions.ps1 @@ -112,7 +112,11 @@ function Get-CippSamPermissions { $Table = Get-CippTable -tablename 'AppPermissions' $SavedPermissions = Get-CippAzDataTableEntity @Table -Filter "PartitionKey eq 'CIPP-SAM' and RowKey eq 'CIPP-SAM'" if ($SavedPermissions.Permissions) { - $SavedPermissions.Permissions = $SavedPermissions.Permissions | ConvertFrom-Json + try { + $SavedPermissions.Permissions = $SavedPermissions.Permissions | ConvertFrom-Json -ErrorAction Stop + } catch { + $SavedPermissions.Permissions = [PSCustomObject]@{} + } } else { $SavedPermissions = @{ Permissions = [PSCustomObject]@{} @@ -174,7 +178,11 @@ function Get-CippSamPermissions { 'UpdatedBy' = 'CIPP' } $Table = Get-CIPPTable -TableName 'AppPermissions' - $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + try { + $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + } catch { + Write-Error "Failed to save the CIPP-SAM permissions: $($_.Exception.Message)" + } } if (!$NoDiff.IsPresent -and $SamAppPermissions.Type -eq 'Table') { diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index 4774292f150d..6cd3bd8bb5c6 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -121,6 +121,7 @@ function Get-Tenants { } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -API 'Get-Tenants' -message "Tried adding $($LatestRelationship.customerId) to tenant list but failed to get domains - $($_.Exception.Message)" -Sev 'Critical' -LogData $ErrorMessage + $Domain = 'Invalid' } finally { $defaultDomainName = $Domain $initialDomainName = $Domain diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 index bfda5b393a75..d0502b973082 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1 @@ -44,7 +44,8 @@ function New-GraphBulkRequest { } foreach ($MoreData in $ReturnedData.Responses | Where-Object { $_.body.'@odata.nextLink' }) { Write-Host 'Getting more' - $AdditionalValues = New-GraphGetRequest -ComplexFilter -uri $MoreData.body.'@odata.nextLink' -tenantid $tenantid -NoAuthCheck:$NoAuthCheck + Write-Host $MoreData.body.'@odata.nextLink' + $AdditionalValues = New-GraphGetRequest -ComplexFilter -uri $MoreData.body.'@odata.nextLink' -tenantid $tenantid -NoAuthCheck $NoAuthCheck -scope $scope -AsApp $asapp $NewValues = [System.Collections.Generic.List[PSCustomObject]]$MoreData.body.value $AdditionalValues | ForEach-Object { $NewValues.add($_) } $MoreData.body.value = $NewValues diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 index a949da45936e..9f340b1fb0ae 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 @@ -8,7 +8,7 @@ function New-GraphGetRequest { [string]$uri, [string]$tenantid, [string]$scope, - [bool]$AsApp, + $AsApp, [bool]$noPagination, $NoAuthCheck = $false, [bool]$skipTokenCache, diff --git a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 index fdfd48276292..ea1e553903fe 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 @@ -19,7 +19,8 @@ function Invoke-CIPPStandardsRun { if ($Force.IsPresent) { Write-Host 'Clearing Rerun Cache' foreach ($Task in $AllTasks) { - $null = Test-CIPPRerun -Type Standard -Tenant $Task.Tenant -API $Task.Standard -Clear + Write-Host "Clearing $($Task.Standard)_$($TemplateID)" + $null = Test-CIPPRerun -Type Standard -Tenant $Task.Tenant -API "$($Task.Standard)_$($TemplateID)" -Clear } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 index ef22fb63ce82..767f49448c3a 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 @@ -14,7 +14,7 @@ Function Invoke-RemoveQueuedApp { $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $ID = $request.query.id + $ID = $request.body.id try { $Table = Get-CippTable -tablename 'apps' $Filter = "PartitionKey eq 'apps' and RowKey eq '$id'" @@ -25,7 +25,7 @@ Function Invoke-RemoveQueuedApp { } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -user $User -API $APINAME -message "Failed to remove application queue for $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage - $body = [pscustomobject]@{'Results' = 'Failed to remove standard)' } + $body = [pscustomobject]@{'Results' = "Failed to remove item. $(Get-NormalizedError -message $_.Exception.Message)" } } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 index 8db570555836..fceb370fd81b 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 @@ -11,29 +11,32 @@ Function Invoke-RemoveTransportRule { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenantfilter = $request.Query.tenantfilter + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APIName -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter + $Identity = $Request.Query.guid ?? $Request.body.guid $Params = @{ - Identity = $request.query.guid + Identity = $Identity } try { $cmdlet = 'Remove-TransportRule' - $null = New-ExoRequest -tenantid $Tenantfilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true - $Result = "Deleted $($Request.query.guid)" - Write-LogMessage -user $User -API $APIName -tenant $tenantfilter -message "Deleted transport rule $($Request.query.guid)" -sev Debug + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet $cmdlet -cmdParams $Params -UseSystemMailbox $true + $Result = "Deleted $($Identity)" + Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Deleted transport rule $($Identity)" -Sev Info + $StatusCode = [HttpStatusCode]::OK } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception - Write-LogMessage -user $User -API $APIName -tenant $tenantfilter -message "Failed deleting transport rule $($Request.query.guid). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage - $Result = $ErrorMessage + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Failed deleting transport rule $($Identity). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + $Result = $ErrorMessage.NormalizedError + $StatusCode = [HttpStatusCode]::Forbidden } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = @{Results = $Result } + StatusCode = $StatusCode + Body = @{ Results = $Result } }) - } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 index 997c150e47f8..1f32522ecddf 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 @@ -14,7 +14,7 @@ Function Invoke-RemoveTransportRuleTemplate { $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $ID = $request.query.id + $ID = $request.query.id ?? $request.body.id try { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'TransportTemplate' and RowKey eq '$id'" diff --git a/Modules/CIPPCore/Public/New-CIPPBackup.ps1 b/Modules/CIPPCore/Public/New-CIPPBackup.ps1 index 7e068a1fde90..09d441fcbde9 100644 --- a/Modules/CIPPCore/Public/New-CIPPBackup.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPBackup.ps1 @@ -21,6 +21,8 @@ function New-CIPPBackup { 'standards' 'SchedulerConfig' 'Extensions' + 'WebhookRules' + 'ScheduledTasks' ) $CSVfile = foreach ($CSVTable in $BackupTables) { $Table = Get-CippTable -tablename $CSVTable diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 index 3d5f1981d32a..10f1e81d45dc 100644 --- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 @@ -58,6 +58,7 @@ function New-CIPPCAPolicy { #Remove context as it does not belong in the payload. try { $JsonObj.grantControls.PSObject.Properties.Remove('authenticationStrength@odata.context') + $JSONObj.templateId ? $JSONObj.PSObject.Properties.Remove('templateId') : $null if ($JSONObj.conditions.users.excludeGuestsOrExternalUsers.externalTenants.Members) { $JsonObj.conditions.users.excludeGuestsOrExternalUsers.externalTenants.PSObject.Properties.Remove('@odata.context') } diff --git a/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 b/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 index 550c9400f551..bdc0c0cb1409 100644 --- a/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 @@ -38,8 +38,8 @@ function Set-CIPPCopyGroupMembers { '@odata.id' = $ODataBind } | ConvertTo-Json -Compress - $Success = [System.Collections.Generic.List[string]]::new() - $Errors = [System.Collections.Generic.List[string]]::new() + $Success = [System.Collections.Generic.List[object]]::new() + $Errors = [System.Collections.Generic.List[object]]::new() $Memberships = $CopyFromMemberships | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.group' -and $_.groupTypes -notcontains 'DynamicMembership' -and $_.onPremisesSyncEnabled -ne $true -and $_.visibility -ne 'Public' -and $CurrentMemberships.id -notcontains $_.id } $ScheduleExchangeGroupTask = $false foreach ($MailGroup in $Memberships) { diff --git a/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 b/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 new file mode 100644 index 000000000000..f9740fb591a7 --- /dev/null +++ b/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 @@ -0,0 +1,79 @@ +function Set-CIPPDeviceState { + <# + .SYNOPSIS + Sets or modifies the state of a device in Microsoft Graph. + + .DESCRIPTION + This function allows you to enable, disable, or delete a device by making + corresponding requests to the Microsoft Graph API. It logs the result + and returns a success or error message based on the outcome. + + .PARAMETER Action + Specifies the action to perform on the device. Valid actions are: + - Enable: Enable the device + - Disable: Disable the device + - Delete: Remove the device from the tenant + + .PARAMETER DeviceID + Specifies the unique identifier (Object ID) of the device to be managed. + + .PARAMETER TenantFilter + Specifies the tenant ID or domain against which to perform the operation. + + .PARAMETER ExecutingUser + Specifies the user who initiated the request for logging purposes. + + .PARAMETER APIName + Specifies the name of the API call for logging purposes. Defaults to 'Set Device State'. + + .EXAMPLE + Set-CIPPDeviceState -Action Enable -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com" -ExecutingUser "admin@contoso.onmicrosoft.com" + + This command enables the specified device within the given tenant. + + .EXAMPLE + Set-CIPPDeviceState -Action Delete -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com" + + This command removes the specified device from the tenant. +#> + param ( + [Parameter(Mandatory = $true)][ValidateSet('Enable', 'Disable', 'Delete')]$Action, + + [ValidateScript({ + if ([Guid]::TryParse($_, [ref] [Guid]::Empty)) { + $true + } else { + throw 'DeviceID must be a valid GUID.' + } + })] + [Parameter(Mandatory = $true)]$DeviceID, + + [Parameter(Mandatory = $true)]$TenantFilter, + $ExecutingUser, + $APIName = 'Set Device State' + ) + $Url = "https://graph.microsoft.com/beta/devices/$($DeviceID)" + + try { + switch ($Action) { + 'Delete' { + $ActionResult = New-GraphPOSTRequest -uri $Url -type DELETE -tenantid $TenantFilter + } + 'Disable' { + $ActionResult = New-GraphPOSTRequest -uri $Url -type PATCH -tenantid $TenantFilter -body '{"accountEnabled": false }' + } + 'Enable' { + $ActionResult = New-GraphPOSTRequest -uri $Url -type PATCH -tenantid $TenantFilter -body '{"accountEnabled": true }' + } + } + Write-Host $ActionResult + Write-LogMessage -user $ExecutingUser -API $APIName -message "Executed action $($Action) on $($DeviceID)" -Sev Info + return "Executed action $($Action) on $($DeviceID)" + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + throw "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" + } + + +} diff --git a/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 b/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 index 13c70a474602..be63ce724782 100644 --- a/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 @@ -1,20 +1,20 @@ function Set-CIPPHideFromGAL { [CmdletBinding()] param ( - $userid, - $tenantFilter, + $UserId, + $TenantFilter, $APIName = 'Hide From Address List', [bool]$HideFromGAL, $ExecutingUser ) $Text = if ($HideFromGAL) { 'hidden' } else { 'unhidden' } try { - $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-mailbox' -cmdParams @{Identity = $userid ; HiddenFromAddressListsEnabled = $HideFromGAL } - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($tenantfilter) -message "$($userid) $Text from GAL" -Sev 'Info' - return "Successfully $Text $($userid) from GAL." + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $UserId ; HiddenFromAddressListsEnabled = $HideFromGAL } + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($Tenantfilter) -message "$($UserId) $Text from GAL" -Sev Info + return "Successfully $Text $($UserId) from GAL." } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not hide $($userid) from address list. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage - return "Could not hide $($userid) from address list. Error: $($ErrorMessage.NormalizedError)" + Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + return "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 index b216c5b56672..1f0f707ee267 100644 --- a/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 @@ -7,7 +7,7 @@ function Set-CIPPIntuneTemplate { $Description, $templateType ) - + Write-Host "Received $DisplayName, $Description, $RawJSON, $templateType" if (!$DisplayName) { throw 'You must enter a displayname' } if ($null -eq ($RawJSON | ConvertFrom-Json)) { throw 'the JSON is invalid' } diff --git a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 index 0f5cbca25204..4bf96e3b2787 100644 --- a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 +++ b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 @@ -1,4 +1,3 @@ - function Get-CIPPStandards { param( [Parameter(Mandatory = $false)] @@ -13,11 +12,16 @@ function Get-CIPPStandards { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'StandardsTemplateV2'" - $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ConvertFrom-Json | Where-Object { + $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ForEach-Object { + #in the string $_, replace the word 'action' by the word 'Action'. + try { + $_ -replace 'Action', 'action' | ConvertFrom-Json -InputObject $_ -ErrorAction SilentlyContinue + } catch { + } + } | Where-Object { $_.GUID -like $TemplateId -and $_.runManually -eq $runManually } - $AllTenantsList = Get-Tenants if ($TenantFilter -ne 'allTenants') { $AllTenantsList = $AllTenantsList | Where-Object { @@ -36,30 +40,39 @@ function Get-CIPPStandards { $Standards = $Template.standards foreach ($StandardName in $Standards.PSObject.Properties.Name) { $CurrentStandard = $Standards.$StandardName.PSObject.Copy() + $CurrentStandard | Add-Member -NotePropertyName 'TemplateId' -NotePropertyValue $Template.GUID -Force + $Actions = $CurrentStandard.action.value if ($Actions -contains 'Remediate' -or $Actions -contains 'warn' -or $Actions -contains 'Report') { if (-not $ComputedStandards.Contains($StandardName)) { $ComputedStandards[$StandardName] = $CurrentStandard } else { - $ComputedStandards[$StandardName] = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard.TemplateId = $CurrentStandard.TemplateId + $ComputedStandards[$StandardName] = $MergedStandard } } } } foreach ($Standard in $ComputedStandards.Keys) { - $Normalized = ConvertTo-CippStandardObject $ComputedStandards[$Standard] + $TempCopy = $ComputedStandards[$Standard].PSObject.Copy() + $TempCopy.PSObject.Properties.Remove('TemplateId') + + $Normalized = ConvertTo-CippStandardObject $TempCopy + [pscustomobject]@{ - Tenant = 'AllTenants' - Standard = $Standard - Settings = $Normalized + Tenant = 'AllTenants' + Standard = $Standard + Settings = $Normalized + TemplateId = $ComputedStandards[$Standard].TemplateId } } } else { foreach ($Tenant in $AllTenantsList) { $TenantName = $Tenant.defaultDomainName - # Determine applicable templates + $ApplicableTemplates = $Templates | ForEach-Object { $template = $_ $tenantFilterValues = $template.tenantFilter | ForEach-Object { $_.value } @@ -74,7 +87,6 @@ function Get-CIPPStandards { if ($tenantFilterValues -contains 'AllTenants' -and (-not ($excludedTenantValues -contains $TenantName))) { $AllTenantsApplicable = $true } - if ($tenantFilterValues -contains $TenantName) { $TenantSpecificApplicable = $true } @@ -84,57 +96,64 @@ function Get-CIPPStandards { } } - # Separate AllTenants and Tenant-Specific templates $AllTenantTemplatesSet = $ApplicableTemplates | Where-Object { $_.tenantFilter.value -contains 'AllTenants' } - $TenantSpecificTemplatesSet = $ApplicableTemplates | Where-Object { $_.tenantFilter.value -notcontains 'AllTenants' } $ComputedStandards = [ordered]@{} - # First merge AllTenants templates foreach ($Template in $AllTenantTemplatesSet) { $Standards = $Template.standards foreach ($StandardName in $Standards.PSObject.Properties.Name) { $CurrentStandard = $Standards.$StandardName.PSObject.Copy() + $CurrentStandard | Add-Member -NotePropertyName 'TemplateId' -NotePropertyValue $Template.GUID -Force + $Actions = $CurrentStandard.action.value if ($Actions -contains 'Remediate' -or $Actions -contains 'warn' -or $Actions -contains 'Report') { if (-not $ComputedStandards.Contains($StandardName)) { $ComputedStandards[$StandardName] = $CurrentStandard } else { - $ComputedStandards[$StandardName] = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard.TemplateId = $CurrentStandard.TemplateId + $ComputedStandards[$StandardName] = $MergedStandard } } } } - # Then merge Tenant-Specific templates (overriding AllTenants where needed) foreach ($Template in $TenantSpecificTemplatesSet) { $Standards = $Template.standards foreach ($StandardName in $Standards.PSObject.Properties.Name) { $CurrentStandard = $Standards.$StandardName.PSObject.Copy() + $CurrentStandard | Add-Member -NotePropertyName 'TemplateId' -NotePropertyValue $Template.GUID -Force + $Actions = $CurrentStandard.action.value | Where-Object { $_ -in 'Remediate', 'warn', 'report' } if ($Actions -contains 'Remediate' -or $Actions -contains 'warn' -or $Actions -contains 'Report') { if (-not $ComputedStandards.Contains($StandardName)) { $ComputedStandards[$StandardName] = $CurrentStandard } else { - # Tenant-specific overrides any previous AllTenants settings - $ComputedStandards[$StandardName] = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard = Merge-CippStandards $ComputedStandards[$StandardName] $CurrentStandard + $MergedStandard.TemplateId = $CurrentStandard.TemplateId + $ComputedStandards[$StandardName] = $MergedStandard } } } } - # Normalize and output foreach ($Standard in $ComputedStandards.Keys) { - $Normalized = ConvertTo-CippStandardObject $ComputedStandards[$Standard] + $TempCopy = $ComputedStandards[$Standard].PSObject.Copy() + $TempCopy.PSObject.Properties.Remove('TemplateId') + + $Normalized = ConvertTo-CippStandardObject $TempCopy + [pscustomobject]@{ - Tenant = $TenantName - Standard = $Standard - Settings = $Normalized + Tenant = $TenantName + Standard = $Standard + Settings = $Normalized + TemplateId = $ComputedStandards[$Standard].TemplateId } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 index cd1495d5300b..ad6778144a6a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 @@ -17,7 +17,7 @@ function Invoke-CIPPStandardActivityBasedTimeout { "CIS" "spo_idle_session_timeout" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.ActivityBasedTimeout.timeout","values":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.ActivityBasedTimeout.timeout","options":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -27,7 +27,7 @@ function Invoke-CIPPStandardActivityBasedTimeout { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 index 338019dd8faf..df9c1b8c58e5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardAddDKIM { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 index b22029ba886c..1eeaae1b89fb 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardAnonReportDisable { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 index d8e819072ba0..888a7fca3608 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 @@ -24,18 +24,18 @@ function Invoke-CIPPStandardAntiPhishPolicy { "mdo_phishthresholdlevel" ADDEDCOMPONENT {"type":"number","label":"Phishing email threshold. (Default 1)","name":"standards.AntiPhishPolicy.PhishThresholdLevel","default":1} - {"type":"boolean","label":"Show first contact safety tip","name":"standards.AntiPhishPolicy.EnableFirstContactSafetyTips","default":true} - {"type":"boolean","label":"Show user impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarUsersSafetyTips","default":true} - {"type":"boolean","label":"Show domain impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarDomainsSafetyTips","default":true} - {"type":"boolean","label":"Show user impersonation unusual characters safety tip","name":"standards.AntiPhishPolicy.EnableUnusualCharactersSafetyTips","default":true} - {"type":"Select","label":"If the message is detected as spoof by spoof intelligence","name":"standards.AntiPhishPolicy.AuthenticationFailAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move to Junk Folder","value":"MoveToJmf"}]} - {"type":"Select","label":"Quarantine policy for Spoof","name":"standards.AntiPhishPolicy.SpoofQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"If a message is detected as user impersonation","name":"standards.AntiPhishPolicy.TargetedUserProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} - {"type":"Select","label":"Quarantine policy for user impersonation","name":"standards.AntiPhishPolicy.TargetedUserQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"If a message is detected as domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} - {"type":"Select","label":"Quarantine policy for domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainQuarantineTag","values":[{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"},{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"}]} - {"type":"Select","label":"If Mailbox Intelligence detects an impersonated user","name":"standards.AntiPhishPolicy.MailboxIntelligenceProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} - {"type":"Select","label":"Apply quarantine policy","name":"standards.AntiPhishPolicy.MailboxIntelligenceQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"switch","label":"Show first contact safety tip","name":"standards.AntiPhishPolicy.EnableFirstContactSafetyTips","default":true} + {"type":"switch","label":"Show user impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarUsersSafetyTips","default":true} + {"type":"switch","label":"Show domain impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarDomainsSafetyTips","default":true} + {"type":"switch","label":"Show user impersonation unusual characters safety tip","name":"standards.AntiPhishPolicy.EnableUnusualCharactersSafetyTips","default":true} + {"type":"select","multiple":false,"label":"If the message is detected as spoof by spoof intelligence","name":"standards.AntiPhishPolicy.AuthenticationFailAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move to Junk Folder","value":"MoveToJmf"}]} + {"type":"select","multiple":false,"label":"Quarantine policy for Spoof","name":"standards.AntiPhishPolicy.SpoofQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"select","multiple":false,"label":"If a message is detected as user impersonation","name":"standards.AntiPhishPolicy.TargetedUserProtectionAction","options":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} + {"type":"select","multiple":false,"label":"Quarantine policy for user impersonation","name":"standards.AntiPhishPolicy.TargetedUserQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"select","multiple":false,"label":"If a message is detected as domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainProtectionAction","options":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} + {"type":"select","multiple":false,"label":"Quarantine policy for domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainQuarantineTag","options":[{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"},{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"}]} + {"type":"select","multiple":false,"label":"If Mailbox Intelligence detects an impersonated user","name":"standards.AntiPhishPolicy.MailboxIntelligenceProtectionAction","options":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]} + {"type":"select","multiple":false,"label":"Apply quarantine policy","name":"standards.AntiPhishPolicy.MailboxIntelligenceQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -45,7 +45,7 @@ function Invoke-CIPPStandardAntiPhishPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 index 8bc576d56eb1..bd9b80c3c0c3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardAppDeploy { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.AppDeploy.appids","label":"Application IDs, comma separated"} + {"type":"textField","name":"standards.AppDeploy.appids","label":"Application IDs, comma separated"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardAppDeploy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 index 7ed7a78334c9..510c9fdf9e08 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 @@ -7,8 +7,8 @@ function Invoke-CIPPStandardAtpPolicyForO365 { .SYNOPSIS (Label) Default Atp Policy For O365 .DESCRIPTION - (Helptext) This creates a Atp policy that enables Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams. - (DocsDescription) This creates a Atp policy that enables Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams. + (Helptext) This creates a Atp policy that enables Defender for Office 365 for SharePoint, OneDrive and Microsoft Teams. + (DocsDescription) This creates a Atp policy that enables Defender for Office 365 for SharePoint, OneDrive and Microsoft Teams. .NOTES CAT Defender Standards @@ -16,7 +16,7 @@ function Invoke-CIPPStandardAtpPolicyForO365 { "lowimpact" "CIS" ADDEDCOMPONENT - {"type":"boolean","label":"Allow people to click through Protected View even if Safe Documents identified the file as malicious","name":"standards.AtpPolicyForO365.AllowSafeDocsOpen","default":false} + {"type":"switch","label":"Allow people to click through Protected View even if Safe Documents identified the file as malicious","name":"standards.AtpPolicyForO365.AllowSafeDocsOpen","default":false,"required":false} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardAtpPolicyForO365 { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 index 86f8805e3247..3c5243f8e732 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardAuditLog { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 index e746e10799ea..a7bf50586167 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardAutoExpandArchive { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 index 77f42776c954..738ef7844b91 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBookings.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardBookings { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.Bookings.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.Bookings.state","options":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardBookings { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 index 41e4616c230c..6c28b2d8baf5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 @@ -15,12 +15,12 @@ function Invoke-CIPPStandardBranding { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.Branding.signInPageText","label":"Sign-in page text"} - {"type":"input","name":"standards.Branding.usernameHintText","label":"Username hint Text"} - {"type":"boolean","name":"standards.Branding.hideAccountResetCredentials","label":"Hide self-service password reset"} - {"type":"Select","label":"Visual Template","name":"standards.Branding.layoutTemplateType","values":[{"label":"Full-screen background","value":"default"},{"label":"Partial-screen background","value":"verticalSplit"}]} - {"type":"boolean","name":"standards.Branding.isHeaderShown","label":"Show header"} - {"type":"boolean","name":"standards.Branding.isFooterShown","label":"Show footer"} + {"type":"textField","name":"standards.Branding.signInPageText","label":"Sign-in page text","required":false} + {"type":"textField","name":"standards.Branding.usernameHintText","label":"Username hint Text","required":false} + {"type":"switch","name":"standards.Branding.hideAccountResetCredentials","label":"Hide self-service password reset"} + {"type":"select","multiple":false,"label":"Visual Template","name":"standards.Branding.layoutTemplateType","options":[{"label":"Full-screen background","value":"default"},{"label":"Partial-screen background","value":"verticalSplit"}]} + {"type":"switch","name":"standards.Branding.isHeaderShown","label":"Show header"} + {"type":"switch","name":"standards.Branding.isFooterShown","label":"Show footer"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -29,7 +29,7 @@ function Invoke-CIPPStandardBranding { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1 index b4e94b12f969..384c50ee66e2 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardCloudMessageRecall { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.CloudMessageRecall.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.CloudMessageRecall.state","options":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardCloudMessageRecall { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 index 384a13d1814e..51182481cfa2 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 @@ -1,7 +1,30 @@ function Invoke-CIPPStandardConditionalAccessTemplate { <# .FUNCTIONALITY - Internal + Internal + .COMPONENT + (APIName) ConditionalAccessTemplate + .SYNOPSIS + (Label) Conditional Access Template + .DESCRIPTION + (Helptext) Manage conditional access policies for better security. + (DocsDescription) Manage conditional access policies for better security. + .NOTES + CAT + Templates + MULTIPLE + True + DISABLEDFEATURES + + IMPACT + High + ADDEDCOMPONENT + {"type":"autoComplete","name":"TemplateList","multiple":false,"label":"Select Conditional Access Template","api":{"url":"/api/ListCATemplates","labelField":"displayName","valueField":"GUID","queryKey":"ListCATemplates"}} + {"name":"state","label":"What state should we deploy this template in?","type":"radio","options":[{"value":"donotchange","label":"Do not change state"},{"value":"Enabled","label":"Set to enabled"},{"value":"Disabled","label":"Set to disabled"},{"value":"enabledForReportingButNotEnforced","label":"Set to report only"}]} + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/ #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'ConditionalAccess' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 index 0a50dd6bcc86..0bb37f43d770 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 @@ -23,17 +23,28 @@ function Invoke-CIPPStandardDelegateSentItems { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) #$Rerun -Type Standard -Tenant $Tenant -API 'DelegateSentItems' -Settings $Settings + # Backwards compatibility for Pre 7.0.5 + if ([string]::IsNullOrWhiteSpace($Settings.IncludeUserMailboxes)) { + $Settings.IncludeUserMailboxes = $true + } + + if ($Settings.IncludeUserMailboxes -eq $true) { + $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('UserMailbox', 'SharedMailbox') } -Select 'Identity,UserPrincipalName,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled' | + Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false } + } else { + $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('SharedMailbox') } -Select 'Identity,UserPrincipalName,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled' | + Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false } + } + - $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('UserMailbox', 'SharedMailbox') } | - Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false } - Write-Host "Mailboxes: $($Mailboxes.count)" + Write-Host "Mailboxes: $($Mailboxes.Count)" If ($Settings.remediate -eq $true) { Write-Host 'Time to remediate' @@ -47,34 +58,34 @@ function Invoke-CIPPStandardDelegateSentItems { } } } - $BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray @($Request) + $BatchResults = New-ExoBulkRequest -tenantid $Tenant -cmdletArray @($Request) $BatchResults | ForEach-Object { if ($_.error) { - $ErrorMessage = Get-NormalizedError -Message $_.error - Write-Host "Failed to apply Delegate Sent Items Style to $($_.target) Error: $ErrorMessage" - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style to $($_.error.target) Error: $ErrorMessage" -sev Error + $ErrorMessage = Get-CippException -Exception $_.error + Write-Host "Failed to apply Delegate Sent Items Style to $($_.target) Error: $($ErrorMessage.NormalizedError)" + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to apply Delegate Sent Items Style to $($_.error.target) Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } } - Write-LogMessage -API 'Standards' -tenant $tenant -message "Delegate Sent Items Style applied for $($Mailboxes.count - $BatchResults.Error.Count) mailboxes" -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Delegate Sent Items Style applied for $($Mailboxes.Count - $BatchResults.Error.Count) mailboxes" -sev Info } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style. Error: $ErrorMessage" -sev Error + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to apply Delegate Sent Items Style. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style already enabled.' -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Delegate Sent Items Style already enabled.' -sev Info } } if ($Settings.alert -eq $true) { if ($null -eq $Mailboxes) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style is enabled for all mailboxes' -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Delegate Sent Items Style is enabled for all mailboxes' -sev Info } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Delegate Sent Items Style is not enabled for $($Mailboxes.count) mailboxes" -sev Alert + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Delegate Sent Items Style is not enabled for $($Mailboxes.Count) mailboxes" -sev Alert } } if ($Settings.report -eq $true) { $Filtered = $Mailboxes | Select-Object -Property UserPrincipalName, MessageCopyForSendOnBehalfEnabled, MessageCopyForSentAsEnabled - Add-CIPPBPAField -FieldName 'DelegateSentItems' -FieldValue $Filtered -StoreAs json -Tenant $tenant + Add-CIPPBPAField -FieldName 'DelegateSentItems' -FieldValue $Filtered -StoreAs json -Tenant $Tenant } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 index 54308b5f7a9f..0d90e2a0e4ff 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardDeletedUserRentention { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","name":"standards.DeletedUserRentention.Days","label":"Retention time (Default 30 days)","values":[{"label":"30 days","value":"30"},{"label":"90 days","value":"90"},{"label":"1 year","value":"365"},{"label":"2 years","value":"730"},{"label":"3 years","value":"1095"},{"label":"4 years","value":"1460"},{"label":"5 years","value":"1825"},{"label":"6 years","value":"2190"},{"label":"7 years","value":"2555"},{"label":"8 years","value":"2920"},{"label":"9 years","value":"3285"},{"label":"10 years","value":"3650"}]} + {"type":"select","multiple":false,"name":"standards.DeletedUserRentention.Days","label":"Retention time (Default 30 days)","options":[{"label":"30 days","value":"30"},{"label":"90 days","value":"90"},{"label":"1 year","value":"365"},{"label":"2 years","value":"730"},{"label":"3 years","value":"1095"},{"label":"4 years","value":"1460"},{"label":"5 years","value":"1825"},{"label":"6 years","value":"2190"},{"label":"7 years","value":"2555"},{"label":"8 years","value":"2920"},{"label":"9 years","value":"3285"},{"label":"10 years","value":"3650"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardDeletedUserRentention { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 index 0b6ef68a16bb..a09a7fa3daf7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardDisableAddShortcutsToOneDrive { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"Add Shortcuts To OneDrive button state","name":"standards.DisableAddShortcutsToOneDrive.state","values":[{"label":"Disabled","value":"true"},{"label":"Enabled","value":"false"}]} + {"type":"autoComplete","multiple":false,"label":"Add Shortcuts To OneDrive button state","name":"standards.DisableAddShortcutsToOneDrive.state","options":[{"label":"Disabled","value":"true"},{"label":"Enabled","value":"false"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardDisableAddShortcutsToOneDrive { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 index 8d66e0d16441..d0061c46b32d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardDisableAdditionalStorageProviders { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 index 246bc951d3f2..ac75add64456 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardDisableAppCreation { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 index 279366265065..73c9716025cf 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP { .SYNOPSIS (Label) Disable SMTP Basic Authentication .DESCRIPTION - (Helptext) Disables SMTP AUTH for the organization and all users. This is the default for new tenants. + (Helptext) Disables SMTP AUTH for the organization and all users. This is the default for new tenants. (DocsDescription) Disables SMTP basic authentication for the tenant and all users with it explicitly enabled. .NOTES CAT @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 index a23c3b7b2610..1f9d537a015e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 @@ -7,8 +7,8 @@ function Invoke-CIPPStandardDisableEmail { .SYNOPSIS (Label) Disables Email as an MFA method .DESCRIPTION - (Helptext) This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead promts them to create a Microsoft account. - (DocsDescription) This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead promts them to create a Microsoft account. + (Helptext) This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead prompts them to create a Microsoft account. + (DocsDescription) This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead prompts them to create a Microsoft account. .NOTES CAT Entra (AAD) Standards @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableEmail { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 index c8cf1818902f..f920de3c18d7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardDisableExternalCalendarSharing { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 index ed98f8f5378d..55c188bda32e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableGuestDirectory { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 index 4ef37eab9c29..32e3d2a345a4 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableGuests { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 index 01dedb2141f1..ceb53907e1e0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPStandardDisableM365GroupUsers { .SYNOPSIS (Label) Disable M365 Group creation by users .DESCRIPTION - (Helptext) Restricts M365 group creation to certain admin roles. This disables the ability to create Teams, Sharepoint sites, Planner, etc + (Helptext) Restricts M365 group creation to certain admin roles. This disables the ability to create Teams, SharePoint sites, Planner, etc (DocsDescription) Users by default are allowed to create M365 groups. This restricts M365 group creation to certain admin roles. This disables the ability to create Teams, SharePoint sites, Planner, etc .NOTES CAT @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableM365GroupUsers { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1 index d72f7dd493fb..b6507d5710e5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardDisableOutlookAddins { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 index c508ea8beea4..2c9a435131d7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardDisableReshare { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 index 929b56e27df7..a948d1d13213 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableSMS { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 index 4e3c6d546ff0..55fa4af4371d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableSecurityGroupUsers { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1 index 331879a3b7b1..4567b9d99a72 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.DisableSelfServiceLicenses.Exclusions","label":"License Ids to exclude from this standard"} + {"type":"textField","name":"standards.DisableSelfServiceLicenses.Exclusions","label":"License Ids to exclude from this standard","required":false} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1 index dda4ba27b51b..37b894544638 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardDisableSharePointLegacyAuth { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 index 5b92504f7938..7a42cc0ec788 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardDisableSharedMailbox { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTNEF.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTNEF.ps1 index 2b544afad213..4ad21eb72c6c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTNEF.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTNEF.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableTNEF { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param ($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 index 00b0b1380422..1a2ebea5f2f0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPStandardDisableTenantCreation { .SYNOPSIS (Label) Disable M365 Tenant creation by users .DESCRIPTION - (Helptext) Restricts creation of M365 tenants to the Global Administrator or Tenant Creator roles. + (Helptext) Restricts creation of M365 tenants to the Global Administrator or Tenant Creator roles. (DocsDescription) Users by default are allowed to create M365 tenants. This disables that so only admins can create new M365 tenants. .NOTES CAT @@ -25,7 +25,7 @@ function Invoke-CIPPStandardDisableTenantCreation { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 index 4b0c9b4287b9..9f2d1a96dfde 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableUserSiteCreate { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 index ed80354f77eb..c44565c5b519 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableViva { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 index d3de8e7f02dc..619b3e11c50b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisableVoice { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 index 27b1e9c67362..8d1d0ae0b990 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardDisablex509Certificate { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEXODisableAutoForwarding.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEXODisableAutoForwarding.ps1 index bbfb458bab6f..8705dcd630cb 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEXODisableAutoForwarding.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEXODisableAutoForwarding.ps1 @@ -27,7 +27,7 @@ function Invoke-CIPPStandardEXODisableAutoForwarding { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 index c11dde73038f..dd64008cff74 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardEnableAppConsentRequests { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 index 666fd5f9ce27..7434e8035e07 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardEnableCustomerLockbox { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 index deee9286eaf4..8b71a8f1963a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnableFIDO2 { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 index 9a79fbbc3711..a55d5410612d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnableHardwareOAuth { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1 index a9ec00f799e7..cdea9bd134b1 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnableLitigationHold { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 index eb46db683cf9..e5211d2eda92 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 @@ -27,7 +27,7 @@ function Invoke-CIPPStandardEnableMailTips { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 index 160019c15e88..dac3185d381a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardEnableMailboxAuditing { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 index 29083290b99a..9a28cea18c9c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnableOnlineArchiving { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 index 915bf8ecc044..fda0d9fa90b0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnablePronouns.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardEnablePronouns { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param ($Tenant, $Settings) @@ -33,8 +33,8 @@ function Invoke-CIPPStandardEnablePronouns { try { $CurrentState = New-GraphGetRequest -Uri $Uri -tenantid $Tenant } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not get CurrentState for Pronouns. Error: $ErrorMessage" -sev Error + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not get CurrentState for Pronouns. Error: $($ErrorMessage.NormalizedError)" -sev Error Return } Write-Host $CurrentState diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 index dc204f253833..f28b6984c1c9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardExcludedfileExt { TAG "highimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.ExcludedfileExt.ext","label":"Extensions, Comma separated"} + {"type":"textField","name":"standards.ExcludedfileExt.ext","label":"Extensions, Comma separated"} IMPACT High Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardExcludedfileExt { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 index bc133d544d89..95f28b7c2cd9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardExternalMFATrusted { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.ExternalMFATrusted.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.ExternalMFATrusted.state","options":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardExternalMFATrusted { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardFocusedInbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardFocusedInbox.ps1 index e7e625e88253..adface2383c8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardFocusedInbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardFocusedInbox.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardFocusedInbox { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.FocusedInbox.state","values":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.FocusedInbox.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardFocusedInbox { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 index b282c7301cd3..8b1fd25e48b3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardGlobalQuarantineNotifications { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.GlobalQuarantineNotifications.NotificationInterval","values":[{"label":"4 hours","value":"04:00:00"},{"label":"1 day/Daily","value":"1.00:00:00"},{"label":"7 days/Weekly","value":"7.00:00:00"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.GlobalQuarantineNotifications.NotificationInterval","options":[{"label":"4 hours","value":"04:00:00"},{"label":"1 day/Daily","value":"1.00:00:00"},{"label":"7 days/Weekly","value":"7.00:00:00"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardGlobalQuarantineNotifications { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param ($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 index 032aac507abc..cb20b7d7fae9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 @@ -1,7 +1,29 @@ function Invoke-CIPPStandardGroupTemplate { <# .FUNCTIONALITY - Internal + Internal + .COMPONENT + (APIName) GroupTemplate + .SYNOPSIS + (Label) Group Template + .DESCRIPTION + (Helptext) Deploy and manage group templates. + (DocsDescription) Deploy and manage group templates. + .NOTES + MULTI + True + CAT + Templates + DISABLEDFEATURES + + IMPACT + Medium + ADDEDCOMPONENT + {"type":"autoComplete","name":"groupTemplate","label":"Select Group Template","api":{"url":"/api/ListGroupTemplates","labelField":"Displayname","valueField":"GUID","queryKey":"ListGroupTemplates"}} + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/ #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'GroupTemplate' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 index dfa296eb106a..e9df84d6f574 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 @@ -5,23 +5,26 @@ function Invoke-CIPPStandardGuestInvite { .COMPONENT (APIName) GuestInvite .SYNOPSIS - (Label) Guest Invite settings + (Label) Guest Invite setting .DESCRIPTION (Helptext) This setting controls who can invite guests to your directory to collaborate on resources secured by your company, such as SharePoint sites or Azure resources. (DocsDescription) This setting controls who can invite guests to your directory to collaborate on resources secured by your company, such as SharePoint sites or Azure resources. .NOTES CAT - InTune Standards + Entra (AAD) Standards TAG - "highimpact" + "mediumimpact" ADDEDCOMPONENT + {"type":"autoComplete","multiple":false,"label":"Who can send invites?","name":"standards.GuestInvite.allowInvitesFrom","options":[{"label":"Everyone","value":"everyone"},{"label":"Admins, Guest inviters and All Members","value":"adminsGuestInvitersAndAllMembers"},{"label":"Admins and Guest inviters","value":"adminsAndGuestInviters"},{"label":"None","value":"none"}]} IMPACT - High Impact + Medium Impact + POWERSHELLEQUIVALENT + RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 index 25d4b1e8eb58..e946ef49cc4f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 @@ -5,23 +5,27 @@ function Invoke-CIPPStandardIntuneComplianceSettings { .COMPONENT (APIName) IntuneComplianceSettings .SYNOPSIS - (Label) InTune Compliance settings + (Label) Set Intune Compliance Settings .DESCRIPTION (Helptext) Sets the mark devices with no compliance policy assigned as compliance/non compliant and Compliance status validity period. (DocsDescription) Sets the mark devices with no compliance policy assigned as compliance/non compliant and Compliance status validity period. .NOTES CAT - InTune Standards + Intune Standards TAG "lowimpact" ADDEDCOMPONENT + {"type":"autoComplete","multiple":false,"name":"standards.IntuneComplianceSettings.secureByDefault","label":"Mark devices with no compliance policy as","options":[{"label":"Compliant","value":"false"},{"label":"Non-Compliant","value":"true"}]} + {"type":"number","name":"standards.IntuneComplianceSettings.deviceComplianceCheckinThresholdDays","label":"Compliance status validity period (days)"} IMPACT Low Impact + POWERSHELLEQUIVALENT + RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 index 953836f15d83..3963933db0e4 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 @@ -1,7 +1,31 @@ function Invoke-CIPPStandardIntuneTemplate { <# .FUNCTIONALITY - Internal + Internal + .COMPONENT + (APIName) IntuneTemplate + .SYNOPSIS + (Label) Intune Template + .DESCRIPTION + (Helptext) Deploy and manage Intune templates across devices. + (DocsDescription) Deploy and manage Intune templates across devices. + .NOTES + CAT + Templates + MULTIPLE + True + DISABLEDFEATURES + + IMPACT + High + ADDEDCOMPONENT + {"type":"autoComplete","multiple":false,"name":"TemplateList","label":"Select Intune Template","api":{"url":"/api/ListIntuneTemplates","labelField":"Displayname","valueField":"GUID","queryKey":"languages"}} + {"name":"AssignTo","label":"Who should this template be assigned to?","type":"radio","options":[{"label":"Do not assign","value":"On"},{"label":"Assign to all users","value":"allLicensedUsers"},{"label":"Assign to all devices","value":"AllDevices"},{"label":"Assign to all users and devices","value":"AllDevicesAndUsers"},{"label":"Assign to Custom Group","value":"customGroup"}]} + {"type":"textField","required":false,"name":"customGroup","label":"Enter the custom group name if you selected 'Assign to Custom Group'. Wildcards are allowed."} + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/ #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'intuneTemplate' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardLegacyMFACleanup.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardLegacyMFACleanup.ps1 index aed46df835f2..018cc262c0ef 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardLegacyMFACleanup.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardLegacyMFACleanup.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardLegacyMFACleanup { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 index b161378639ce..28ad1f65a291 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 @@ -15,10 +15,10 @@ function Invoke-CIPPStandardMailContacts { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.MailContacts.GeneralContact","label":"General Contact"} - {"type":"input","name":"standards.MailContacts.SecurityContact","label":"Security Contact"} - {"type":"input","name":"standards.MailContacts.MarketingContact","label":"Marketing Contact"} - {"type":"input","name":"standards.MailContacts.TechContact","label":"Technical Contact"} + {"type":"textField","name":"standards.MailContacts.GeneralContact","label":"General Contact","required":false} + {"type":"textField","name":"standards.MailContacts.SecurityContact","label":"Security Contact","required":false} + {"type":"textField","name":"standards.MailContacts.MarketingContact","label":"Marketing Contact","required":false} + {"type":"textField","name":"standards.MailContacts.TechContact","label":"Technical Contact","required":false} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -27,7 +27,7 @@ function Invoke-CIPPStandardMailContacts { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 index 8992d680904c..e34a7124f8e5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 @@ -19,13 +19,13 @@ function Invoke-CIPPStandardMalwareFilterPolicy { "mdo_zapphish" "mdo_zapmalware" ADDEDCOMPONENT - {"type":"Select","label":"FileTypeAction","name":"standards.MalwareFilterPolicy.FileTypeAction","values":[{"label":"Reject","value":"Reject"},{"label":"Quarantine the message","value":"Quarantine"}]} - {"type":"input","name":"standards.MalwareFilterPolicy.OptionalFileTypes","label":"Optional File Types, Comma separated"} - {"type":"Select","label":"QuarantineTag","name":"standards.MalwareFilterPolicy.QuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"boolean","label":"Enable Internal Sender Admin Notifications","name":"standards.MalwareFilterPolicy.EnableInternalSenderAdminNotifications"} - {"type":"input","name":"standards.MalwareFilterPolicy.InternalSenderAdminAddress","label":"Internal Sender Admin Address"} - {"type":"boolean","label":"Enable External Sender Admin Notifications","name":"standards.MalwareFilterPolicy.EnableExternalSenderAdminNotifications"} - {"type":"input","name":"standards.MalwareFilterPolicy.ExternalSenderAdminAddress","label":"External Sender Admin Address"} + {"type":"select","multiple":false,"label":"FileTypeAction","name":"standards.MalwareFilterPolicy.FileTypeAction","options":[{"label":"Reject","value":"Reject"},{"label":"Quarantine the message","value":"Quarantine"}]} + {"type":"textField","name":"standards.MalwareFilterPolicy.OptionalFileTypes","required":false,"label":"Optional File Types, Comma separated"} + {"type":"select","multiple":false,"label":"QuarantineTag","name":"standards.MalwareFilterPolicy.QuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"switch","label":"Enable Internal Sender Admin Notifications","required":false,"name":"standards.MalwareFilterPolicy.EnableInternalSenderAdminNotifications"} + {"type":"textField","name":"standards.MalwareFilterPolicy.InternalSenderAdminAddress","required":false,"label":"Internal Sender Admin Address"} + {"type":"switch","label":"Enable External Sender Admin Notifications","required":false,"name":"standards.MalwareFilterPolicy.EnableExternalSenderAdminNotifications"} + {"type":"textField","name":"standards.MalwareFilterPolicy.ExternalSenderAdminAddress","required":false,"label":"External Sender Admin Address"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -35,7 +35,7 @@ function Invoke-CIPPStandardMalwareFilterPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 index 0c65a52ac51c..4126811842e8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardMessageExpiration { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 index 6ff2826da936..b00f525d0fef 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardNudgeMFA { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.NudgeMFA.state","values":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.NudgeMFA.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} {"type":"number","name":"standards.NudgeMFA.snoozeDurationInDays","label":"Number of days to allow users to skip registering Authenticator (0-14, default is 1)","default":1} IMPACT Low Impact @@ -25,7 +25,7 @@ function Invoke-CIPPStandardNudgeMFA { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 index 92d7f64d612f..5df66cd46ca5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 @@ -16,7 +16,7 @@ function Invoke-CIPPStandardOauthConsent { "mediumimpact" "CIS" ADDEDCOMPONENT - {"type":"input","name":"standards.OauthConsent.AllowedApps","label":"Allowed application IDs, comma separated"} + {"type":"textField","name":"standards.OauthConsent.AllowedApps","label":"Allowed application IDs, comma separated","required":false} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardOauthConsent { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($tenant, $settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 index d336e2d7528b..e43a57367058 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardOauthConsentLowSec { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 index 316fd3495bab..4c6230c0b28c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 @@ -16,7 +16,7 @@ function Invoke-CIPPStandardOutBoundSpamAlert { "lowimpact" "CIS" ADDEDCOMPONENT - {"type":"input","name":"standards.OutBoundSpamAlert.OutboundSpamContact","label":"Outbound spam contact"} + {"type":"textField","name":"standards.OutBoundSpamAlert.OutboundSpamContact","label":"Outbound spam contact"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardOutBoundSpamAlert { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 index cc104b002d9a..4116d53897c6 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardPWcompanionAppAllowedState { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.PWcompanionAppAllowedState.state","values":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.PWcompanionAppAllowedState.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardPWcompanionAppAllowedState { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 index a6936f2346d2..1c7005cb470f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardPWdisplayAppInformationRequiredState { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 index cf62c6c9ed55..fd6d68613ace 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardPasswordExpireDisabled { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 index e0aa9df16f0c..21a802bc079c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardPerUserMFA { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 index e07f2e3c4dcf..4cd025548e72 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 @@ -18,7 +18,7 @@ function Invoke-CIPPStandardPhishProtection { IMPACT Low Impact DISABLEDFEATURES - + POWERSHELLEQUIVALENT Portal only RECOMMENDEDBY @@ -26,7 +26,7 @@ function Invoke-CIPPStandardPhishProtection { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 new file mode 100644 index 000000000000..1c0472b3749b --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardProfilePhotos.ps1 @@ -0,0 +1,108 @@ +function Invoke-CIPPStandardProfilePhotos { + <# + .FUNCTIONALITY + Internal + .COMPONENT + (APIName) ProfilePhotos + .SYNOPSIS + (Label) Allow users to set profile photos + .DESCRIPTION + (Helptext) Controls whether users can set their own profile photos in Microsoft 365 + (DocsDescription) Controls whether users can set their own profile photos in Microsoft 365. When disabled, only User and Global administrators can update profile photos for users. + .NOTES + CAT + Global Standards + TAG + "lowimpact" + ADDEDCOMPONENT + {"type":"select","multiple":false,"label":"Select value","name":"standards.ProfilePhotos.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + IMPACT + Low Impact + POWERSHELLEQUIVALENT + Set-OrganizationConfig -ProfilePhotoOptions EnablePhotos and Update-MgBetaAdminPeople + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + #> + + param($Tenant, $Settings) + + # Input validation + if ([string]::IsNullOrWhiteSpace($Settings.state)) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'ProfilePhotos: Invalid state parameter set' -sev Error + Return + } + + # true if wanted state is enabled, false if disabled + $DesiredState = $Settings.state -eq 'enabled' + + <# + HACK This does not work, as the API endpoint is not available via GDAP it seems? It works in the Graph Explorer, but not here. + The error is: "Authorization failed because of missing requirement(s)." + I'm keeping the code here for now, so it's much easier to re-enable if Microsoft makes it possible someday. -Bobby + #> + + # Get current Graph policy state + # $Uri = 'https://graph.microsoft.com/beta/admin/people/photoUpdateSettings' + # $CurrentGraphState = New-GraphGetRequest -uri $Uri -tenantid $Tenant + # $UsersCanChangePhotos = if (($CurrentGraphState.allowedRoles -contains 'fe930be7-5e62-47db-91af-98c3a49a38b1' -and $CurrentGraphState.allowedRoles -contains '62e90394-69f5-4237-9190-012177145e10') -or + # $null -ne $CurrentGraphState.allowedRoles) { $false } else { $true } + # $GraphStateCorrect = $UsersCanChangePhotos -eq $DesiredState + + + # Get current OWA mailbox policy state + $CurrentOWAState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OwaMailboxPolicy' -cmdParams @{Identity = 'OwaMailboxPolicy-Default' } -Select 'Identity,SetPhotoEnabled' + $OWAStateCorrect = $CurrentOWAState.SetPhotoEnabled -eq $DesiredState + # $CurrentStatesCorrect = $GraphStateCorrect -eq $true -and $OWAStateCorrect -eq $true + $CurrentStatesCorrect = $OWAStateCorrect -eq $true + + if ($Settings.remediate -eq $true) { + Write-Host 'Time to remediate' + + if ($CurrentStatesCorrect -eq $false) { + Write-Host 'Settings are not correct' + try { + if ($Settings.state -eq 'enabled') { + Write-Host 'Enabling' + # Enable photo updates + $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OwaMailboxPolicy' -cmdParams @{Identity = $CurrentOWAState.Identity; SetPhotoEnabled = $true } -useSystemMailbox $true + # $null = New-GraphRequest -uri $Uri -tenant $Tenant -type DELETE + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set Profile photo settings to $($Settings.state)" -sev Info + + } else { + Write-Host 'Disabling' + # Disable photo updates + $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OwaMailboxPolicy' -cmdParams @{Identity = $CurrentOWAState.Identity; SetPhotoEnabled = $false } -useSystemMailbox $true + + # $body = @{ + # source = 'cloud' + # allowedRoles = @( + # 'fe930be7-5e62-47db-91af-98c3a49a38b1', # Global admin + # '62e90394-69f5-4237-9190-012177145e10' # User admin + # ) + # } + # $body = ConvertTo-Json -InputObject $body -Depth 5 -Compress + # $null = New-GraphPostRequest -uri $Uri -tenant $Tenant -body $body -type PATCH -AsApp $true + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set Profile photo settings to $($Settings.state)" -sev Info + } + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set profile photo settings to $($Settings.state). Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage + } + } else { + Write-Host 'Settings are correct' + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Profile photo settings are already set to the desired state: $($Settings.state)" -sev Info + } + } + + if ($Settings.alert -eq $true) { + if ($CurrentStatesCorrect -eq $false) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Profile photo settings do not match desired state: $($Settings.state)" -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Profile photo settings match desired state: $($Settings.state)" -sev Alert + } + } + + if ($Settings.report -eq $true) { + Add-CIPPBPAField -FieldName 'ProfilePhotos' -FieldValue $CurrentStatesCorrect -StoreAs bool -Tenant $Tenant + } +} diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 index 9dba79606f3f..3040ef1f155e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardQuarantineRequestAlert { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.QuarantineRequestAlert.NotifyUser","label":"E-mail to receive the alert"} + {"type":"textField","name":"standards.QuarantineRequestAlert.NotifyUser","label":"E-mail to receive the alert"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardQuarantineRequestAlert { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param ($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 index e5e04e8e136a..47776ea2f17f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardRotateDKIM { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 index 0531386edce1..bd016f0f9ba8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSPAzureB2B { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 index e27cc33a94ee..c9f44c0c8a21 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSPDirectSharing { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 index b499216b3bf6..7ee1f747340b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardSPDisableLegacyWorkflows { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'SPDisableLegacyWorkflows' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 index 383f77ae20d0..76e9a1682200 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSPDisallowInfectedFiles { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 index ded1d34833c5..05b078a5e62e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardSPEmailAttestation { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 index 6957bee42020..02589cf0c61e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 @@ -26,7 +26,7 @@ function Invoke-CIPPStandardSPExternalUserExpiration { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPSyncButtonState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPSyncButtonState.ps1 index 11029ff97972..4b54a8b44ad3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPSyncButtonState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPSyncButtonState.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardSPSyncButtonState { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"SharePoint Sync Button state","name":"standards.SPSyncButtonState.state","values":[{"label":"Disabled","value":"true"},{"label":"Enabled","value":"false"}]} + {"type":"autoComplete","multiple":false,"label":"SharePoint Sync Button state","name":"standards.SPSyncButtonState.state","options":[{"label":"Disabled","value":"true"},{"label":"Enabled","value":"false"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardSPSyncButtonState { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 index 5ac64c7887c6..a35f420cf73f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 @@ -19,10 +19,10 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { "mdo_commonattachmentsfilter" "mdo_safeattachmentpolicy" ADDEDCOMPONENT - {"type":"Select","label":"Action","name":"standards.SafeAttachmentPolicy.Action","values":[{"label":"Allow","value":"Allow"},{"label":"Block","value":"Block"},{"label":"DynamicDelivery","value":"DynamicDelivery"}]} - {"type":"Select","label":"QuarantineTag","name":"standards.SafeAttachmentPolicy.QuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"boolean","label":"Redirect","name":"standards.SafeAttachmentPolicy.Redirect"} - {"type":"input","name":"standards.SafeAttachmentPolicy.RedirectAddress","label":"Redirect Address"} + {"type":"select","multiple":false,"label":"Action","name":"standards.SafeAttachmentPolicy.Action","options":[{"label":"Allow","value":"Allow"},{"label":"Block","value":"Block"},{"label":"DynamicDelivery","value":"DynamicDelivery"}]} + {"type":"select","multiple":false,"label":"QuarantineTag","name":"standards.SafeAttachmentPolicy.QuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"switch","label":"Redirect","name":"standards.SafeAttachmentPolicy.Redirect"} + {"type":"textField","name":"standards.SafeAttachmentPolicy.RedirectAddress","label":"Redirect Address","required":false} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -32,7 +32,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 index d692297f26b6..b9b9823cf47c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 @@ -18,9 +18,9 @@ function Invoke-CIPPStandardSafeLinksPolicy { "mdo_safelinksforemail" "mdo_safelinksforOfficeApps" ADDEDCOMPONENT - {"type":"boolean","label":"AllowClickThrough","name":"standards.SafeLinksPolicy.AllowClickThrough"} - {"type":"boolean","label":"DisableUrlRewrite","name":"standards.SafeLinksPolicy.DisableUrlRewrite"} - {"type":"boolean","label":"EnableOrganizationBranding","name":"standards.SafeLinksPolicy.EnableOrganizationBranding"} + {"type":"switch","label":"AllowClickThrough","name":"standards.SafeLinksPolicy.AllowClickThrough"} + {"type":"switch","label":"DisableUrlRewrite","name":"standards.SafeLinksPolicy.DisableUrlRewrite"} + {"type":"switch","label":"EnableOrganizationBranding","name":"standards.SafeLinksPolicy.EnableOrganizationBranding"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -30,7 +30,7 @@ function Invoke-CIPPStandardSafeLinksPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 index fd70ad3b2f77..283bc4d5a267 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 @@ -16,7 +16,7 @@ function Invoke-CIPPStandardSafeSendersDisable { "mediumimpact" ADDEDCOMPONENT DISABLEDFEATURES - + IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSafeSendersDisable { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 index 916e42043fa7..3a43c05d0222 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardSecurityDefaults { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 index 051d46d2a0cb..4084650d240e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardSendFromAlias { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 index a0997a9869da..a2ce48171f59 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 @@ -25,7 +25,7 @@ function Invoke-CIPPStandardSendReceiveLimitTenant { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardShortenMeetings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardShortenMeetings.ps1 index fdd67d8dbfa1..c1469596a27e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardShortenMeetings.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardShortenMeetings.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardShortenMeetings { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.ShortenMeetings.ShortenEventScopeDefault","values":[{"label":"Disabled/None","value":"None"},{"label":"End early","value":"EndEarly"},{"label":"Start late","value":"StartLate"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.ShortenMeetings.ShortenEventScopeDefault","options":[{"label":"Disabled/None","value":"None"},{"label":"End early","value":"EndEarly"},{"label":"Start late","value":"StartLate"}]} {"type":"number","name":"standards.ShortenMeetings.DefaultMinutesToReduceShortEventsBy","label":"Minutes to reduce short calendar events by (Default is 5)","default":5} {"type":"number","name":"standards.ShortenMeetings.DefaultMinutesToReduceLongEventsBy","label":"Minutes to reduce long calendar events by (Default is 10)","default":10} IMPACT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardShortenMeetings { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 index b4de133595e8..4e4bd537aa5e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 @@ -16,15 +16,15 @@ function Invoke-CIPPStandardSpamFilterPolicy { "mediumimpact" ADDEDCOMPONENT {"type":"number","label":"Bulk email threshold (Default 7)","name":"standards.SpamFilterPolicy.BulkThreshold","default":7} - {"type":"Select","label":"Spam Action","name":"standards.SpamFilterPolicy.SpamAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} - {"type":"Select","label":"Spam Quarantine Tag","name":"standards.SpamFilterPolicy.SpamQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"High Confidence Spam Action","name":"standards.SpamFilterPolicy.HighConfidenceSpamAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} - {"type":"Select","label":"High Confidence Spam Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidenceSpamQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"Bulk Spam Action","name":"standards.SpamFilterPolicy.BulkSpamAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} - {"type":"Select","label":"Bulk Quarantine Tag","name":"standards.SpamFilterPolicy.BulkQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"Phish Spam Action","name":"standards.SpamFilterPolicy.PhishSpamAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} - {"type":"Select","label":"Phish Quarantine Tag","name":"standards.SpamFilterPolicy.PhishQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} - {"type":"Select","label":"High Confidence Phish Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidencePhishQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"Spam Action","name":"standards.SpamFilterPolicy.SpamAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} + {"type":"autoComplete","multiple":false,"label":"Spam Quarantine Tag","name":"standards.SpamFilterPolicy.SpamQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"High Confidence Spam Action","name":"standards.SpamFilterPolicy.HighConfidenceSpamAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} + {"type":"autoComplete","multiple":false,"label":"High Confidence Spam Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidenceSpamQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"Bulk Spam Action","name":"standards.SpamFilterPolicy.BulkSpamAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} + {"type":"autoComplete","multiple":false,"label":"Bulk Quarantine Tag","name":"standards.SpamFilterPolicy.BulkQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"Phish Spam Action","name":"standards.SpamFilterPolicy.PhishSpamAction","options":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move message to Junk Email folder","value":"MoveToJmf"}]} + {"type":"autoComplete","multiple":false,"label":"Phish Quarantine Tag","name":"standards.SpamFilterPolicy.PhishQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} + {"type":"autoComplete","multiple":false,"label":"High Confidence Phish Quarantine Tag","name":"standards.SpamFilterPolicy.HighConfidencePhishQuarantineTag","options":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -33,7 +33,7 @@ function Invoke-CIPPStandardSpamFilterPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/defender-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 index b8487b3d5889..a9ba02025ac7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 @@ -16,7 +16,7 @@ function Invoke-CIPPStandardSpoofWarn { "lowimpact" "CIS" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.SpoofWarn.state","values":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.SpoofWarn.state","options":[{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardSpoofWarn { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 new file mode 100644 index 000000000000..fbb236903975 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardStaleEntraDevices.ps1 @@ -0,0 +1,75 @@ +function Invoke-CIPPStandardStaleEntraDevices { + <# + .FUNCTIONALITY + Internal + .COMPONENT + (APIName) StaleEntraDevices + .SYNOPSIS + (Label) Cleanup stale Entra devices + .DESCRIPTION + (Helptext) Cleans up Entra devices that have not connected/signed in for the specified number of days. + (DocsDescription) Cleans up Entra devices that have not connected/signed in for the specified number of days. First disables and later deletes the devices. More info can be found in the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices) + .NOTES + CAT + Entra (AAD) Standards + TAG + "highimpact" + "CIS" + ADDEDCOMPONENT + {"type":"number","name":"standards.StaleEntraDevices.deviceAgeThreshold","label":"Days before stale(Dont set below 30)"} + DISABLEDFEATURES + + IMPACT + High Impact + POWERSHELLEQUIVALENT + Remove-MgDevice, Update-MgDevice or Graph API + RECOMMENDEDBY + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact + #> + + param($Tenant, $Settings) + + # Get all Entra devices + $AllDevices = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/devices' -tenantid $Tenant | Where-Object { $null -ne $_.approximateLastSignInDateTime } + $Date = (Get-Date).AddDays( - [int]$Settings.deviceAgeThreshold) + $StaleDevices = $AllDevices | Where-Object { $_.approximateLastSignInDateTime -lt $Date } + + If ($Settings.remediate -eq $true) { + + Write-Host 'Remediation not implemented yet' + # TODO: Implement remediation. For others in the future that want to try this: + # Good MS guide on what to watch out for https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices#clean-up-stale-devices + # https://learn.microsoft.com/en-us/graph/api/device-list?view=graph-rest-beta&tabs=http + # Properties to look at: + # approximateLastSignInDateTime: For knowing when the device last signed in + # enrollmentProfileName and operatingSystem: For knowing if it's an AutoPilot device + # managementType or isManaged: For knowing if it's an Intune managed device. If it is, should be removed from Intune also. Stale intune standard could prossibly be used for this. + # profileType: For knowing if it's only registered or also managed + # accountEnabled: For knowing if the device is disabled or not + + } + + + if ($Settings.alert -eq $true) { + + if ($StaleDevices.Count -gt 0) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "$($StaleDevices.Count) Stale devices found" -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'No stale devices found' -sev Info + } + } + + + if ($Settings.report -eq $true) { + + if ($StaleDevices.Count -gt 0) { + $StaleReport = ConvertTo-Json -InputObject ($StaleDevices | Select-Object -Property displayName, id, approximateLastSignInDateTime, accountEnabled, enrollmentProfileName, operatingSystem, managementType, profileType) -Depth 10 -Compress + Add-CIPPBPAField -FieldName 'StaleEntraDevices' -FieldValue $StaleReport -StoreAs json -Tenant $Tenant + } else { + Add-CIPPBPAField -FieldName 'StaleEntraDevices' -FieldValue $true -StoreAs bool -Tenant $Tenant + } + } +} diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 index eb72868d0ce9..925916f948e8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPStandardTAP { .SYNOPSIS (Label) Enable Temporary Access Passwords .DESCRIPTION - (Helptext) Enables TAP and sets the default TAP lifetime to 1 hour. This configuration also allows you to select is a TAP is single use or multi-logon. + (Helptext) Enables TAP and sets the default TAP lifetime to 1 hour. This configuration also allows you to select if a TAP is single use or multi-logon. (DocsDescription) Enables Temporary Password generation for the tenant. .NOTES CAT @@ -15,7 +15,7 @@ function Invoke-CIPPStandardTAP { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select TAP Lifetime","name":"standards.TAP.config","values":[{"label":"Only Once","value":"true"},{"label":"Multiple Logons","value":"false"}]} + {"type":"select","multiple":false,"label":"Select TAP Lifetime","name":"standards.TAP.config","options":[{"label":"Only Once","value":"true"},{"label":"Multiple Logons","value":"false"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardTAP { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEmailIntegration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEmailIntegration.ps1 index 0d80dcc1947f..d5a1a5db6b41 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEmailIntegration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEmailIntegration.ps1 @@ -15,7 +15,7 @@ Function Invoke-CIPPStandardTeamsEmailIntegration { TAG "lowimpact" ADDEDCOMPONENT - {"type":"boolean","name":"standards.TeamsEmailIntegration.AllowEmailIntoChannel","label":"Allow channel emails"} + {"type":"switch","name":"standards.TeamsEmailIntegration.AllowEmailIntoChannel","label":"Allow channel emails"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -25,7 +25,7 @@ Function Invoke-CIPPStandardTeamsEmailIntegration { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 index adcf29f0fde1..64e4ad948181 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 @@ -2,6 +2,29 @@ Function Invoke-CIPPStandardTeamsEnrollUser { <# .FUNCTIONALITY Internal + .COMPONENT + (APIName) TeamsEnrollUser + .SYNOPSIS + (Label) Default voice and face enrollment + .DESCRIPTION + (Helptext) Controls whether users with this policy can set the voice profile capture and enrollment through the Recognition tab in their Teams client settings. + (DocsDescription) Controls whether users with this policy can set the voice profile capture and enrollment through the Recognition tab in their Teams client settings. + .NOTES + CAT + Teams Standards + TAG + "lowimpact" + ADDEDCOMPONENT + {"type":"autoComplete","name":"standards.TeamsEnrollUser.EnrollUserOverride","label":"Voice and Face Enrollment","options":[{"label":"Disabled","value":"Disabled"},{"label":"Enabled","value":"Enabled"}]} + IMPACT + Low Impact + POWERSHELLEQUIVALENT + Set-CsTeamsMeetingPolicy -Identity Global -EnrollUserOverride \$false + RECOMMENDEDBY + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalAccessPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalAccessPolicy.ps1 index 195addd804f4..3c79a6fd30be 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalAccessPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalAccessPolicy.ps1 @@ -15,9 +15,9 @@ Function Invoke-CIPPStandardTeamsExternalAccessPolicy { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"boolean","name":"standards.TeamsExternalAccessPolicy.EnableFederationAccess","label":"Allow communication from trusted organizations"} - {"type":"boolean","name":"standards.TeamsExternalAccessPolicy.EnablePublicCloudAccess","label":"Allow user to communicate with Skype users"} - {"type":"boolean","name":"standards.TeamsExternalAccessPolicy.EnableTeamsConsumerAccess","label":"Allow communication with unmanaged Teams accounts"} + {"type":"switch","name":"standards.TeamsExternalAccessPolicy.EnableFederationAccess","label":"Allow communication from trusted organizations"} + {"type":"switch","name":"standards.TeamsExternalAccessPolicy.EnablePublicCloudAccess","label":"Allow user to communicate with Skype users"} + {"type":"switch","name":"standards.TeamsExternalAccessPolicy.EnableTeamsConsumerAccess","label":"Allow communication with unmanaged Teams accounts"} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ Function Invoke-CIPPStandardTeamsExternalAccessPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalFileSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalFileSharing.ps1 index dc21121c0e3f..1fc934983092 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalFileSharing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsExternalFileSharing.ps1 @@ -15,11 +15,11 @@ Function Invoke-CIPPStandardTeamsExternalFileSharing { TAG "lowimpact" ADDEDCOMPONENT - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowGoogleDrive","label":"Allow Google Drive"} - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowShareFile","label":"Allow ShareFile"} - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowBox","label":"Allow Box"} - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowDropBox","label":"Allow Dropbox"} - {"type":"boolean","name":"standards.TeamsExternalFileSharing.AllowEgnyte","label":"Allow Egnyte"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowGoogleDrive","label":"Allow Google Drive"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowShareFile","label":"Allow ShareFile"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowBox","label":"Allow Box"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowDropBox","label":"Allow Dropbox"} + {"type":"switch","name":"standards.TeamsExternalFileSharing.AllowEgnyte","label":"Allow Egnyte"} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -29,7 +29,7 @@ Function Invoke-CIPPStandardTeamsExternalFileSharing { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 index 13a4705338c3..930bff06c4db 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 @@ -15,10 +15,10 @@ Function Invoke-CIPPStandardTeamsFederationConfiguration { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"boolean","name":"standards.TeamsFederationConfiguration.AllowTeamsConsumer","label":"Allow users to communicate with other organizations"} - {"type":"boolean","name":"standards.TeamsFederationConfiguration.AllowPublicUsers","label":"Allow users to communicate with Skype Users"} - {"type":"Select","name":"standards.TeamsFederationConfiguration.DomainControl","label":"Communication Mode","values":[{"label":"Allow all external domains","value":"AllowAllExternal"},{"label":"Block all external domains","value":"BlockAllExternal"},{"label":"Allow specific external domains","value":"AllowSpecificExternal"},{"label":"Block specific external domains","value":"BlockSpecificExternal"}]} - {"type":"input","name":"standards.TeamsFederationConfiguration.DomainList","label":"Domains, Comma separated"} + {"type":"switch","name":"standards.TeamsFederationConfiguration.AllowTeamsConsumer","label":"Allow users to communicate with other organizations"} + {"type":"switch","name":"standards.TeamsFederationConfiguration.AllowPublicUsers","label":"Allow users to communicate with Skype Users"} + {"type":"autoComplete","multiple":false,"name":"standards.TeamsFederationConfiguration.DomainControl","label":"Communication Mode","options":[{"label":"Allow all external domains","value":"AllowAllExternal"},{"label":"Block all external domains","value":"BlockAllExternal"},{"label":"Allow specific external domains","value":"AllowSpecificExternal"},{"label":"Block specific external domains","value":"BlockSpecificExternal"}]} + {"type":"textField","name":"standards.TeamsFederationConfiguration.DomainList","label":"Domains, Comma separated","required":false} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -27,7 +27,7 @@ Function Invoke-CIPPStandardTeamsFederationConfiguration { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 index 4357b39bcb88..5827f007b0f1 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 @@ -15,7 +15,9 @@ Function Invoke-CIPPStandardTeamsGlobalMeetingPolicy { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","name":"standards.TeamsGlobalMeetingPolicy.DesignatedPresenterRoleMode","label":"Default value of the `Who can present?`","values":[{"label":"EveryoneUserOverride","value":"EveryoneUserOverride"},{"label":"EveryoneInCompanyUserOverride","value":"EveryoneInCompanyUserOverride"},{"label":"EveryoneInSameAndFederatedCompanyUserOverride","value":"EveryoneInSameAndFederatedCompanyUserOverride"},{"label":"OrganizerOnlyUserOverride","value":"OrganizerOnlyUserOverride"}]} + {"type":"autoComplete","multiple":false,"name":"standards.TeamsGlobalMeetingPolicy.DesignatedPresenterRoleMode","label":"Default value of the `Who can present?`","options":[{"label":"EveryoneUserOverride","value":"EveryoneUserOverride"},{"label":"EveryoneInCompanyUserOverride","value":"EveryoneInCompanyUserOverride"},{"label":"EveryoneInSameAndFederatedCompanyUserOverride","value":"EveryoneInSameAndFederatedCompanyUserOverride"},{"label":"OrganizerOnlyUserOverride","value":"OrganizerOnlyUserOverride"}]} + {"type":"switch","name":"standards.TeamsGlobalMeetingPolicy.AllowAnonymousUsersToJoinMeeting","label":"Allow anonymous users to join meeting"} + {"type":"autoComplete","multiple":false,"name":"standards.TeamsGlobalMeetingPolicy.MeetingChatEnabledType","label":"Meeting chat policy","options":[{"label":"On for everyone","value":"Enabled"},{"label":"On for everyone but anonymous users","value":"EnabledExceptAnonymous"},{"label":"Off for everyone","value":"Disabled"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -25,7 +27,7 @@ Function Invoke-CIPPStandardTeamsGlobalMeetingPolicy { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#low-impact #> ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'TeamsGlobalMeetingPolicy' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingsByDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingsByDefault.ps1 index 93a2a288845b..6c14e3df7ebf 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingsByDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingsByDefault.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardTeamsMeetingsByDefault { TAG "lowimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.TeamsMeetingsByDefault.state","values":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} + {"type":"select","multiple":false,"label":"Select value","name":"standards.TeamsMeetingsByDefault.state","options":[{"label":"Enabled","value":"true"},{"label":"Disabled","value":"false"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -24,7 +24,7 @@ function Invoke-CIPPStandardTeamsMeetingsByDefault { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 index 8a2d229288ca..cb0a7c4d796b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 @@ -4,11 +4,35 @@ Function Invoke-CIPPStandardTeamsMessagingPolicy { Internal .COMPONENT (APIName) TeamsMessagingPolicy - .NOTES + .SYNOPSIS + (Label) Global Messaging Policy for Microsoft Teams + .DESCRIPTION + (Helptext) Sets the properties of the Global messaging policy. + (DocsDescription) Sets the properties of the Global messaging policy. Messaging policies control which chat and channel messaging features are available to users in Teams. + .NOTES + CAT + Teams Standards + TAG + "mediumimpact" + ADDEDCOMPONENT + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowOwnerDeleteMessage","label":"Allow Owner to Delete Messages","default":false} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowUserDeleteMessage","label":"Allow User to Delete Messages","default":true} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowUserEditMessage","label":"Allow User to Edit Messages","default":true} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowUserDeleteChat","label":"Allow User to Delete Chats","default":true} + {"type":"autoComplete","multiple":false,"name":"standards.TeamsMessagingPolicy.ReadReceiptsEnabledType","label":"Read Receipts Enabled Type","options":[{"label":"User controlled","value":"UserPreference"},{"label":"Turned on for everyone","value":"Everyone"},{"label":"Turned off for everyone","value":"None"}]} + {"type":"switch","name":"standards.TeamsMessagingPolicy.CreateCustomEmojis","label":"Allow Creating Custom Emojis","default":true} + {"type":"switch","name":"standards.TeamsMessagingPolicy.DeleteCustomEmojis","label":"Allow Deleting Custom Emojis","default":false} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowSecurityEndUserReporting","label":"Allow reporting message as security concern","default":true} + {"type":"switch","name":"standards.TeamsMessagingPolicy.AllowCommunicationComplianceEndUserReporting","label":"Allow reporting message as inappropriate content","default":true} + IMPACT + Medium Impact + POWERSHELLEQUIVALENT + Set-CsTeamsMessagingPolicy + RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/teams-standards#medium-impact #> ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'TeamsMessagingPolicy' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 index cbc223e26374..73b7d7e97614 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 @@ -24,7 +24,7 @@ function Invoke-CIPPStandardTenantDefaultTimezone { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 index 9586aeb3cd6d..0b2a2096aa89 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 @@ -1,7 +1,27 @@ function Invoke-CIPPStandardTransportRuleTemplate { <# .FUNCTIONALITY - Internal + Internal + .COMPONENT + (APIName) TransportRuleTemplate + .SYNOPSIS + (Label) Transport Rule Template + .DESCRIPTION + (Helptext) Deploy transport rules to manage email flow. + (DocsDescription) Deploy transport rules to manage email flow. + .NOTES + CAT + Templates + DISABLEDFEATURES + + IMPACT + Medium + ADDEDCOMPONENT + {"type":"autoComplete","name":"transportRuleTemplate","label":"Select Transport Rule Template","api":{"url":"/api/ListTransportRulesTemplates","labelField":"name","valueField":"GUID","queryKey":"ListTransportRulesTemplates"}} + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/ #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'TransportRuleTemplate' diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 index 5548e1f0b6c5..333de3e01992 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardUndoOauth { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 index 985d040aab8e..265d37507f8b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 @@ -15,8 +15,8 @@ function Invoke-CIPPStandardUserSubmissions { TAG "mediumimpact" ADDEDCOMPONENT - {"type":"Select","label":"Select value","name":"standards.UserSubmissions.state","values":[{"label":"Enabled","value":"enable"},{"label":"Disabled","value":"disable"}]} - {"type":"input","name":"standards.UserSubmissions.email","label":"Destination email address"} + {"type":"select","multiple":false,"label":"Select value","name":"standards.UserSubmissions.state","options":[{"label":"Enabled","value":"enable"},{"label":"Disabled","value":"disable"}]} + {"type":"textField","name":"standards.UserSubmissions.email","required":false,"label":"Destination email address"} IMPACT Medium Impact POWERSHELLEQUIVALENT @@ -25,7 +25,7 @@ function Invoke-CIPPStandardUserSubmissions { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 index 15bd3658b861..6035ca8d04dc 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardallowOAuthTokens { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 index 7f5d0a442113..9b9441b9e951 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardallowOTPTokens { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 index dd859ddc4738..cbb3e14e1329 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 @@ -15,9 +15,9 @@ function Invoke-CIPPStandardcalDefault { TAG "lowimpact" DISABLEDFEATURES - + ADDEDCOMPONENT - {"type":"Select","label":"Select Sharing Level","name":"standards.calDefault.permissionlevel","values":[{"label":"Owner - The user can create, read, edit, and delete all items in the folder, and create subfolders. The user is both folder owner and folder contact.","value":"Owner"},{"label":"Publishing Editor - The user can create, read, edit, and delete all items in the folder, and create subfolders.","value":"PublishingEditor"},{"label":"Editor - The user can create items in the folder. The contents of the folder do not appear.","value":"Editor"},{"label":"Publishing Author. The user can read, create all items/subfolders. Can modify and delete only items they create.","value":"PublishingAuthor"},{"label":"Author - The user can create and read items, and modify and delete items that they create.","value":"Author"},{"label":"Non Editing Author - The user has full read access and create items. Can can delete only own items.","value":"NonEditingAuthor"},{"label":"Reviewer - The user can read all items in the folder.","value":"Reviewer"},{"label":"Contributor - The user can create items and folders.","value":"Contributor"},{"label":"Availability Only - Indicates that the user can view only free/busy time within the calendar.","value":"AvailabilityOnly"},{"label":"Limited Details - The user can view free/busy time within the calendar and the subject and location of appointments.","value":"LimitedDetails"},{"label":"None - The user has no permissions on the folder.","value":"none"}]} + {"type":"select","multiple":false,"label":"Select Sharing Level","name":"standards.calDefault.permissionlevel","options":[{"label":"Owner - The user can create, read, edit, and delete all items in the folder, and create subfolders. The user is both folder owner and folder contact.","value":"Owner"},{"label":"Publishing Editor - The user can create, read, edit, and delete all items in the folder, and create subfolders.","value":"PublishingEditor"},{"label":"Editor - The user can create items in the folder. The contents of the folder do not appear.","value":"Editor"},{"label":"Publishing Author. The user can read, create all items/subfolders. Can modify and delete only items they create.","value":"PublishingAuthor"},{"label":"Author - The user can create and read items, and modify and delete items that they create.","value":"Author"},{"label":"Non Editing Author - The user has full read access and create items. Can can delete only own items.","value":"NonEditingAuthor"},{"label":"Reviewer - The user can read all items in the folder.","value":"Reviewer"},{"label":"Contributor - The user can create items and folders.","value":"Contributor"},{"label":"Availability Only - Indicates that the user can view only free/busy time within the calendar.","value":"AvailabilityOnly"},{"label":"Limited Details - The user can view free/busy time within the calendar and the subject and location of appointments.","value":"LimitedDetails"},{"label":"None - The user has no permissions on the folder.","value":"none"}]} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardcalDefault { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact #> param($Tenant, $Settings, $QueueItem) @@ -64,44 +64,44 @@ function Invoke-CIPPStandardcalDefault { $Mailbox = $_ try { New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxFolderStatistics' -cmdParams @{identity = $Mailbox.UserPrincipalName; FolderScope = 'Calendar' } -Anchor $Mailbox.UserPrincipalName | Where-Object { $_.FolderType -eq 'Calendar' } | - ForEach-Object { - try { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdparams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug - $SuccessCounter++ - } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-Host "Setting cal failed: $ErrorMessage" - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error + ForEach-Object { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdparams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug + $SuccessCounter++ + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + Write-Host "Setting cal failed: $ErrorMessage" + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error + } } + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error } - } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error - } - $processedMailboxes++ - if ($processedMailboxes % 25 -eq 0) { - $LastRun = @{ - RowKey = 'calDefaults' - PartitionKey = $Tenant - totalMailboxes = $TotalMailboxes - processedMailboxes = $processedMailboxes - currentSuccessCount = $SuccessCounter + $processedMailboxes++ + if ($processedMailboxes % 25 -eq 0) { + $LastRun = @{ + RowKey = 'calDefaults' + PartitionKey = $Tenant + totalMailboxes = $TotalMailboxes + processedMailboxes = $processedMailboxes + currentSuccessCount = $SuccessCounter + } + Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force + Write-Host "Processed $processedMailboxes mailboxes" } - Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force - Write-Host "Processed $processedMailboxes mailboxes" } - } - $LastRun = @{ - RowKey = 'calDefaults' - PartitionKey = $Tenant - totalMailboxes = $TotalMailboxes - processedMailboxes = $processedMailboxes - currentSuccessCount = $SuccessCounter - } - Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force + $LastRun = @{ + RowKey = 'calDefaults' + PartitionKey = $Tenant + totalMailboxes = $TotalMailboxes + processedMailboxes = $processedMailboxes + currentSuccessCount = $SuccessCounter + } + Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter out of $TotalMailboxes mailboxes." -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter out of $TotalMailboxes mailboxes." -sev Info + } } -} diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 index aeb24bbe8d7a..dc6b2184a4d5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandarddisableMacSync { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneBrandingProfile.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneBrandingProfile.ps1 index c4e9be0222af..420f3c11498f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneBrandingProfile.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneBrandingProfile.ps1 @@ -15,16 +15,16 @@ function Invoke-CIPPStandardintuneBrandingProfile { TAG "lowimpact" ADDEDCOMPONENT - {"type":"input","name":"standards.intuneBrandingProfile.displayName","label":"Organization name"} - {"type":"boolean","name":"standards.intuneBrandingProfile.showLogo","label":"Show logo"} - {"type":"boolean","name":"standards.intuneBrandingProfile.showDisplayNameNextToLogo","label":"Show organization name next to logo"} - {"type":"input","name":"standards.intuneBrandingProfile.contactITName","label":"Contact IT name"} - {"type":"input","name":"standards.intuneBrandingProfile.contactITPhoneNumber","label":"Contact IT phone number"} - {"type":"input","name":"standards.intuneBrandingProfile.contactITEmailAddress","label":"Contact IT email address"} - {"type":"input","name":"standards.intuneBrandingProfile.contactITNotes","label":"Contact IT notes"} - {"type":"input","name":"standards.intuneBrandingProfile.onlineSupportSiteName","label":"Online support site name"} - {"type":"input","name":"standards.intuneBrandingProfile.onlineSupportSiteUrl","label":"Online support site URL"} - {"type":"input","name":"standards.intuneBrandingProfile.privacyUrl","label":"Privacy statement URL"} + {"type":"textField","name":"standards.intuneBrandingProfile.displayName","label":"Organization name","required":false} + {"type":"switch","name":"standards.intuneBrandingProfile.showLogo","label":"Show logo"} + {"type":"switch","name":"standards.intuneBrandingProfile.showDisplayNameNextToLogo","label":"Show organization name next to logo","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.contactITName","label":"Contact IT name","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.contactITPhoneNumber","label":"Contact IT phone number","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.contactITEmailAddress","label":"Contact IT email address","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.contactITNotes","label":"Contact IT notes","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.onlineSupportSiteName","label":"Online support site name","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.onlineSupportSiteUrl","label":"Online support site URL","required":false} + {"type":"textField","name":"standards.intuneBrandingProfile.privacyUrl","label":"Privacy statement URL","required":false} IMPACT Low Impact POWERSHELLEQUIVALENT @@ -33,7 +33,7 @@ function Invoke-CIPPStandardintuneBrandingProfile { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 index beb6174fbdcc..f6840bafc092 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 @@ -24,7 +24,7 @@ function Invoke-CIPPStandardintuneDeviceReg { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 index 6e8792d71df7..3cab0708f09d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 @@ -24,7 +24,7 @@ function Invoke-CIPPStandardintuneDeviceRetirementDays { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 index 143acbc4e2f5..9939dd0005c6 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 @@ -22,7 +22,7 @@ function Invoke-CIPPStandardintuneRequireMFA { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/intune-standards#medium-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 index 307e631cd868..da89f92a6795 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardlaps { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#low-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 index a8c962b2f0a0..277263b94e61 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 @@ -5,10 +5,10 @@ function Invoke-CIPPStandardsharingCapability { .COMPONENT (APIName) sharingCapability .SYNOPSIS - (Label) Set Sharing Level for OneDrive and Sharepoint + (Label) Set Sharing Level for OneDrive and SharePoint .DESCRIPTION - (Helptext) Sets the default sharing level for OneDrive and Sharepoint. This is a tenant wide setting and overrules any settings set on the site level - (DocsDescription) Sets the default sharing level for OneDrive and Sharepoint. This is a tenant wide setting and overrules any settings set on the site level + (Helptext) Sets the default sharing level for OneDrive and SharePoint. This is a tenant wide setting and overrules any settings set on the site level + (DocsDescription) Sets the default sharing level for OneDrive and SharePoint. This is a tenant wide setting and overrules any settings set on the site level .NOTES CAT SharePoint Standards @@ -16,7 +16,7 @@ function Invoke-CIPPStandardsharingCapability { "highimpact" "CIS" ADDEDCOMPONENT - {"type":"Select","label":"Select Sharing Level","name":"standards.sharingCapability.Level","values":[{"label":"Users can share only with people in the organization. No external sharing is allowed.","value":"disabled"},{"label":"Users can share with new and existing guests. Guests must sign in or provide a verification code.","value":"externalUserSharingOnly"},{"label":"Users can share with anyone by using links that do not require sign-in.","value":"externalUserAndGuestSharing"},{"label":"Users can share with existing guests (those already in the directory of the organization).","value":"existingExternalUserSharingOnly"}]} + {"type":"select","multiple":false,"label":"Select Sharing Level","name":"standards.sharingCapability.Level","options":[{"label":"Users can share only with people in the organization. No external sharing is allowed.","value":"disabled"},{"label":"Users can share with new and existing guests. Guests must sign in or provide a verification code.","value":"externalUserSharingOnly"},{"label":"Users can share with anyone by using links that do not require sign-in.","value":"externalUserAndGuestSharing"},{"label":"Users can share with existing guests (those already in the directory of the organization).","value":"existingExternalUserSharingOnly"}]} IMPACT High Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardsharingCapability { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingDomainRestriction.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingDomainRestriction.ps1 index 9ea89a31897b..098b0ef3e17e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingDomainRestriction.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingDomainRestriction.ps1 @@ -16,8 +16,8 @@ function Invoke-CIPPStandardsharingDomainRestriction { "highimpact" "CIS" ADDEDCOMPONENT - {"type":"Select","name":"standards.sharingDomainRestriction.Mode","label":"Limit external sharing by domains","values":[{"label":"Off","value":"none"},{"label":"Restrict sharing to specific domains","value":"allowList"},{"label":"Block sharing to specific domains","value":"blockList"}]} - {"type":"input","name":"standards.sharingDomainRestriction.Domains","label":"Domains to allow/block, comma separated"} + {"type":"select","multiple":false,"name":"standards.sharingDomainRestriction.Mode","label":"Limit external sharing by domains","options":[{"label":"Off","value":"none"},{"label":"Restrict sharing to specific domains","value":"allowList"},{"label":"Block sharing to specific domains","value":"blockList"}]} + {"type":"textField","name":"standards.sharingDomainRestriction.Domains","label":"Domains to allow/block, comma separated","required":false} IMPACT High Impact POWERSHELLEQUIVALENT @@ -26,7 +26,7 @@ function Invoke-CIPPStandardsharingDomainRestriction { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 index 4e2ad5693119..416af1a6ded7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 @@ -23,7 +23,7 @@ function Invoke-CIPPStandardunmanagedSync { UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK - https://docs.cipp.app/user-documentation/tenant/standards/edit-standards + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/sharepoint-standards#high-impact #> param($Tenant, $Settings) diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index 176167ea597f..a47643c18b7c 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -128,7 +128,7 @@ function Test-CIPPAccessPermissions { $Messages.Add('You have all the required permissions.') | Out-Null } - $LastUpdate = $GraphPermissions.Timestamp + $LastUpdate = [DateTime]::SpecifyKind($GraphPermissions.Timestamp.DateTime, [DateTimeKind]::Utc) $CpvTable = Get-CippTable -tablename 'cpvtenants' $CpvRefresh = Get-CippAzDataTableEntity @CpvTable -Filter "PartitionKey eq 'Tenant'" $TenantList = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantID -and $_.Excluded -eq $false } @@ -182,7 +182,9 @@ function Test-CIPPAccessPermissions { Data = [string](ConvertTo-Json -InputObject $AccessCheck -Depth 10 -Compress) } } - Add-CIPPAzDataTableEntity @Table -Entity $Data -Force + try { + Add-CIPPAzDataTableEntity @Table -Entity $Data -Force + } catch {} return $AccessCheck } diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 index d5b3b06098c3..575993740ca6 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 @@ -133,7 +133,11 @@ function Test-CIPPAccessTenant { Data = [string]($Results | ConvertTo-Json -Depth 10 -Compress) } $Table = Get-CIPPTable -TableName 'AccessChecks' - $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + try { + $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + } catch { + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant.defaultDomainName -message "Failed to add access check for $($Tenant.customerId): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_) + } } return $Results diff --git a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 index 5fe7a789ed03..09cf46fe35c4 100644 --- a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 @@ -107,6 +107,7 @@ function Test-CIPPGDAPRelationships { $Table = Get-CIPPTable -TableName AccessChecks $Data = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'AccessCheck' and RowKey eq 'GDAPRelationships'" + if ($Data) { $Data.Data = [string](ConvertTo-Json -InputObject $GDAPRelationships -Depth 10 -Compress) } else { @@ -116,7 +117,9 @@ function Test-CIPPGDAPRelationships { Data = [string](ConvertTo-Json -InputObject $GDAPRelationships -Depth 10 -Compress) } } - Add-CIPPAzDataTableEntity @Table -Entity $Data -Force + try { + Add-CIPPAzDataTableEntity @Table -Entity $Data -Force + } catch {} return $GDAPRelationships } diff --git a/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 b/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 index 38aa26b88cf8..ec2d5dacbea0 100644 --- a/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 +++ b/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 @@ -4,7 +4,7 @@ function Get-HIBPAuth { $Secret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'HIBP' and RowKey eq 'HIBP'").APIKey } else { $null = Connect-AzAccount -Identity - $VaultName = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] + $VaultName = $WEBSITE_OWNER_NAME -like '3e625d35-bf18-4e55*' ? 'hibp-kv' : ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] $Secret = Get-AzKeyVaultSecret -VaultName $VaultName -Name 'HIBP' -AsPlainText } diff --git a/Modules/CippExtensions/Public/HIBP/New-BreachTenantSearch.ps1 b/Modules/CippExtensions/Public/HIBP/New-BreachTenantSearch.ps1 index 7d26f97dc242..96ce636256d0 100644 --- a/Modules/CippExtensions/Public/HIBP/New-BreachTenantSearch.ps1 +++ b/Modules/CippExtensions/Public/HIBP/New-BreachTenantSearch.ps1 @@ -23,7 +23,7 @@ function New-BreachTenantSearch { @{ RowKey = $domain.domain PartitionKey = $TenantFilter - breaches = "$($LatestBreach.Result | ConvertTo-Json)" + breaches = "$($LatestBreach.Result | ConvertTo-Json -Depth 10 -Compress)" sum = $SumOfBreaches } } diff --git a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 index 05c2f9b1e78f..433bbe8547f5 100644 --- a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 @@ -12,6 +12,12 @@ function Connect-HuduAPI { $null = Connect-AzAccount -Identity $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'Hudu' -AsPlainText) } + # Add logic to check if we're using CloudFlare Tunnel (if Hudu.CFEnabled checkbox is checked from Extensions.json). If the checkbox is checked, pull CloudFlare ClientID and API Key and add as a header + if ($Configuration.CFEnabled) { + $CFClientID = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareClientID' -AsPlainText) + $CFAPIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareAPIKey' -AsPlainText) + New-HuduCustomHeaders -Headers @{"CF-Access-Client-Id" = "$CFClientID"; "CF-Access-Client-Secret" = "$CFAPIKey"} + } New-HuduBaseURL -BaseURL $Configuration.BaseURL New-HuduAPIKey -ApiKey $APIKey } diff --git a/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 b/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 index 803643885117..f30721b8d303 100644 --- a/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 @@ -83,7 +83,7 @@ function Invoke-HuduExtensionSync { try { if (![string]::IsNullOrEmpty($DeviceLayoutId)) { - $null = Add-HuduAssetLayoutM365Field -AssetLayoutId $DeviceLayoutId + $null = Add-HuduAssetLayoutField -AssetLayoutId $DeviceLayoutId $CreateDevices = $Configuration.CreateMissingDevices $DesktopsLayout = Get-HuduAssetLayouts -Id $DeviceLayoutId if ($DesktopsLayout.id) { diff --git a/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 b/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 index 0a29234f0071..566bf8c3cb45 100644 --- a/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 +++ b/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 @@ -1,11 +1,11 @@ function New-PwPushLink { - [CmdletBinding()] + [CmdletBinding(SupportsShouldProcess)] Param( $Payload ) $Table = Get-CIPPTable -TableName Extensionsconfig $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).PWPush - if ($Configuration.Enabled) { + if ($Configuration.Enabled -eq $true) { Set-PwPushConfig -Configuration $Configuration $PushParams = @{ Payload = $Payload @@ -14,15 +14,17 @@ function New-PwPushLink { if ($Configuration.ExpireAfterViews) { $PushParams.ExpireAfterViews = $Configuration.ExpireAfterViews } if ($Configuration.DeletableByViewer) { $PushParams.DeletableByViewer = $Configuration.DeletableByViewer } try { - $Link = New-Push @PushParams | Select-Object Link, LinkRetrievalStep - if ($Configuration.RetrievalStep) { - $Link.Link = $Link.LinkRetrievalStep + if ($PSCmdlet.ShouldProcess('Create a new PwPush link')) { + $Link = New-Push @PushParams + if ($Configuration.RetrievalStep) { + return $Link.LinkRetrievalStep + } + return $Link.Link } - $Link | Select-Object -ExpandProperty Link } catch { $LogData = [PSCustomObject]@{ - 'Response' = $Link - 'Exception' = Get-CippException -Exception $_ + 'Response' = $Link + 'Exception' = Get-CippException -Exception $_ } Write-LogMessage -API PwPush -Message "Failed to create a new PwPush link: $($_.Exception.Message)" -Sev 'Error' -LogData $LogData throw 'Failed to create a new PwPush link, check the log book for more details' diff --git a/Tools/Update-StandardsComments.ps1 b/Tools/Update-StandardsComments.ps1 index c47bb4d4a6cb..c3d7c9cc30f1 100644 --- a/Tools/Update-StandardsComments.ps1 +++ b/Tools/Update-StandardsComments.ps1 @@ -118,7 +118,25 @@ foreach ($Standard in $StandardsInfo) { $NewComment.Add(" Run the Tools\Update-StandardsComments.ps1 script to update this comment block`r`n") # -Online help link $NewComment.Add(" .LINK`r`n") - $NewComment.Add(" https://docs.cipp.app/user-documentation/tenant/standards/edit-standards`r`n") + $DocsLink = 'https://docs.cipp.app/user-documentation/tenant/standards/list-standards/' + + switch ($Standard.cat) { + 'Global Standards' { $DocsLink += 'global-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Entra (AAD) Standards' { $DocsLink += 'entra-aad-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Exchange Standards' { $DocsLink += 'exchange-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Defender Standards' { $DocsLink += 'defender-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Intune Standards' { $DocsLink += 'intune-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'SharePoint Standards' { $DocsLink += 'sharepoint-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + 'Teams Standards' { $DocsLink += 'teams-standards#' + $Standard.impact.ToLower() -replace ' ', '-' } + Default {} + } + + switch ($Standard.impact) { + condition { } + Default {} + } + + $NewComment.Add(" $DocsLink`r`n") $NewComment.Add(' #>') # Write the new comment block to the file diff --git a/version_latest.txt b/version_latest.txt index 2be8aeb6b143..a3fcc7121bba 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -7.0.5 +7.1.0