Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] master from KelvinTegelaar:master #19

Merged
merged 43 commits into from
Sep 8, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
0a73a3f
Merge pull request #30 from KelvinTegelaar/dev
JohnDuprey Aug 27, 2023
66453c3
Remove Maintenance Scripts
JohnDuprey Aug 28, 2023
371a05b
Merge remote-tracking branch 'upstream/dev' into dev
JohnDuprey Aug 29, 2023
fc2698b
Update Dev Environment scripts
JohnDuprey Aug 29, 2023
7937a27
GraphHelper Bugfixes
JohnDuprey Aug 29, 2023
08fe7a4
Update GraphHelper.psm1
JohnDuprey Aug 29, 2023
a0ededc
Merge pull request #413 from johnduprey/dev
KelvinTegelaar Aug 29, 2023
f23b806
Get-Tenants update and bugfixes
JohnDuprey Aug 29, 2023
8726235
Merge branch 'KelvinTegelaar:dev' into dev
JohnDuprey Aug 29, 2023
49622f4
Update GraphHelper.psm1
JohnDuprey Aug 29, 2023
8d61c65
Improve error handling for settings page
JohnDuprey Aug 29, 2023
ec64cd1
added try catch
KelvinTegelaar Aug 30, 2023
075b9b5
outbound fix
KelvinTegelaar Aug 31, 2023
72781aa
typo correction
KelvinTegelaar Aug 31, 2023
0f502b5
Merge pull request #414 from johnduprey/dev
KelvinTegelaar Aug 31, 2023
621b565
Merge pull request #33 from KelvinTegelaar/dev
JohnDuprey Sep 3, 2023
33da841
Fix lighthouse tenant list
JohnDuprey Sep 3, 2023
a1c910a
Catch standards orchestrator errors
JohnDuprey Sep 3, 2023
0e6948e
Merge branch 'dev' of https://github.com/johnduprey/CIPP-API into dev
JohnDuprey Sep 3, 2023
cbe6985
Merge pull request #415 from johnduprey/dev
KelvinTegelaar Sep 5, 2023
0355061
Merge pull request #34 from KelvinTegelaar/dev
JohnDuprey Sep 5, 2023
e5b8519
add members csv
KelvinTegelaar Sep 6, 2023
3488c1c
edit user copy from bugfix
KelvinTegelaar Sep 6, 2023
9fbb0e0
default extractFields to array
KelvinTegelaar Sep 6, 2023
1dfef93
bool
KelvinTegelaar Sep 6, 2023
a957346
added edit template
KelvinTegelaar Sep 6, 2023
718c778
Merge remote-tracking branch 'upstream/dev' into dev
JohnDuprey Sep 7, 2023
93dd371
ListIntuneTemplates
JohnDuprey Sep 7, 2023
0e25f0f
BPA - Error Handling
JohnDuprey Sep 7, 2023
68d0635
Create Get-CIPPTenantCapabilities.ps1
JohnDuprey Sep 7, 2023
af91fb4
added multi select to offboarding wizard
KelvinTegelaar Sep 7, 2023
5478573
Merge remote-tracking branch 'upstream/dev' into dev
JohnDuprey Sep 7, 2023
7aacca0
corrected anchor mailbox and used user
KelvinTegelaar Sep 7, 2023
8c5169c
ListBPATemplates
JohnDuprey Sep 7, 2023
6adf27f
multi group improvements.
KelvinTegelaar Sep 7, 2023
45bd56b
Merge pull request #416 from johnduprey/dev
KelvinTegelaar Sep 7, 2023
569c730
fixed bug with empty properties in policy
KelvinTegelaar Sep 7, 2023
1b7fc36
New create onedrive shortcut
KelvinTegelaar Sep 7, 2023
be8ca10
fix function
KelvinTegelaar Sep 7, 2023
0698ea8
add username
KelvinTegelaar Sep 7, 2023
3da9c57
sharepoint url stuff
KelvinTegelaar Sep 7, 2023
66d3ee8
latest release
KelvinTegelaar Sep 8, 2023
eafc8a0
Merge pull request #417 from KelvinTegelaar/dev
KelvinTegelaar Sep 8, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions AddGroup/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -

$groupobj = $Request.body
$SelectedTenants = if ($Request.body.selectedTenants) { $request.body.selectedTenants.defaultDomainName } else { $Request.body.tenantid }

if ("AllTenants" -in $SelectedTenants) { $SelectedTenants = (Get-Tenants).defaultDomainName }

# Write to the Azure Functions log stream.
Write-Host "PowerShell HTTP trigger function processed a request."
Expand Down Expand Up @@ -44,13 +44,13 @@ $results = foreach ($tenant in $SelectedTenants) {
}
$GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet "New-DistributionGroup" -cmdParams $params
}
"Successfully created group."
"Successfully created group $($groupobj.displayname) for $($tenant)"
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id) " -Sev "Info"

}
catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Group creation API failed. $($_.Exception.Message)" -Sev "Error"
"Failed to create group. $($_.Exception.Message)"
"Failed to create group. $($groupobj.displayname) for $($tenant) $($_.Exception.Message)"

}
}
Expand Down
70 changes: 33 additions & 37 deletions BestPracticeAnalyser_All/run.ps1
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
param($tenant)

$TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $tenant
Set-Location (Get-Item $PSScriptRoot).Parent.FullName
$TemplatesLoc = Get-ChildItem "Config\*.BPATemplate.json"
$CippRoot = (Get-Item $PSScriptRoot).Parent.FullName
$TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json"
$Templates = $TemplatesLoc | ForEach-Object {
$Template = $(Get-Content $_) | ConvertFrom-Json
[PSCustomObject]@{
Expand All @@ -26,89 +26,85 @@ $AddRow = foreach ($Template in $templates) {
if ($Field.Where) { $filterscript = [scriptblock]::Create($Field.Where) } else { $filterscript = { $true } }
try {
switch ($field.API) {
"Graph" {
'Graph' {
$paramsField = @{
uri = $field.URL
tenantid = $TenantName.defaultDomainName
}
if ($Field.parameters) {
if ($Field.parameters.psobject.properties.name) {
$field.Parameters | ForEach-Object {
Write-Host "Doing: $($_.psobject.properties.name) with value $($_.psobject.properties.value)"
$paramsField.Add($_.psobject.properties.name, $_.psobject.properties.value)
$paramsField[$_.psobject.properties.name] = $_.psobject.properties.value
}
}
$FieldInfo = New-GraphGetRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
}
"Exchange" {
if ($field.Command -notlike "get-*") {
Write-LogMessage -API "BPA" -tenant $tenant -message "The BPA only supports get- exchange commands. A set or update command was used." -sev Error
'Exchange' {
if ($field.Command -notlike 'get-*') {
Write-LogMessage -API 'BPA' -tenant $tenant -message 'The BPA only supports get- exchange commands. A set or update command was used.' -sev Error
break
}
else {
} else {
$paramsField = @{
tenantid = $TenantName.defaultDomainName
cmdlet = $field.Command
}
if ($Field.Parameters) { $paramsfield.add('cmdparams', $field.parameters) }
$FieldInfo = New-ExoRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
if ($Field.Parameters) { $paramsfield.'cmdparams' = $field.parameters }
$FieldInfo = New-ExoRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
}
}
"CIPPFunction" {
if ($field.Command -notlike "get-CIPP*") {
Write-LogMessage -API "BPA" -tenant $tenant -message "The BPA only supports get-CIPP commands. A set or update command was used, or a command that is not allowed." -sev Error
'CIPPFunction' {
if ($field.Command -notlike 'get-CIPP*') {
Write-LogMessage -API 'BPA' -tenant $tenant -message 'The BPA only supports get-CIPP commands. A set or update command was used, or a command that is not allowed.' -sev Error
break
}
$paramsField = @{
TenantFilter = $TenantName.defaultDomainName
}
if ($field.parameters) {
if ($field.parameters.psobject.properties.name) {
$field.Parameters | ForEach-Object {
$paramsField.Add($_.psobject.properties.name, $_.psobject.properties.value)
$paramsField[$_.psobject.properties.name] = $_.psobject.properties.value
}
}
$FieldInfo = & $field.Command @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
$FieldInfo = & $field.Command @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
}
}
}
catch {
} catch {
Write-Host "Error getting $($field.Name) in $($field.api) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)"
Write-LogMessage -API "BPA" -tenant $tenant -message "Error getting $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
$fieldinfo = "FAILED"
$field.StoreAs = "string"
}
Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
$fieldinfo = 'FAILED'
$field.StoreAs = 'string'
}
try {
switch -Wildcard ($field.StoreAs) {
"*bool" {
'*bool' {
if ($field.ExtractFields.Count -gt 1) {
Write-LogMessage -API "BPA" -tenant $tenant -message "The BPA only supports 1 field for a bool. $($field.ExtractFields.Count) fields were specified." -sev Error
Write-LogMessage -API 'BPA' -tenant $tenant -message "The BPA only supports 1 field for a bool. $($field.ExtractFields.Count) fields were specified." -sev Error
break
}
if ($null -eq $FieldInfo.$($field.ExtractFields)) { $FieldInfo = $false }

$Result.Add($field.Name, [bool]$FieldInfo.$($field.ExtractFields))
}
"JSON" {
if ($FieldInfo -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldInfo) }
'JSON' {
if ($FieldInfo -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldInfo -Compress) }
$Result.Add($field.Name, $JSONString)
}
"string" {
'string' {
$Result.Add($field.Name, [string]$FieldInfo)
}
}
}
catch {
Write-LogMessage -API "BPA" -tenant $tenant -message "Error storing $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
$Result.Add($field.Name, "FAILED")
} catch {
Write-LogMessage -API 'BPA' -tenant $tenant -message "Error storing $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
$Result.Add($field.Name, 'FAILED')
}

}

if ($Result) {
try {
Add-AzDataTableEntity @Table -Entity $Result -Force
}
catch {
Write-LogMessage -API "BPA" -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
} catch {
Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error

}
}
Expand Down
1 change: 1 addition & 0 deletions Cache_SAMSetup/SAMManifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,7 @@
{ "id": "2a60023f-3219-47ad-baa4-40e17cd02a1d", "type": "Role" },
{ "id": "338163d7-f101-4c92-94ba-ca46fe52447c", "type": "Role" },
{ "id": "cac88765-0581-4025-9725-5ebc13f729ee", "type": "Role" },
{ "id": "75359482-378d-4052-8f01-80520e7db3cd", "type": "Role" },
{ "id": "b27a61ec-b99c-4d6a-b126-c4375d08ae30", "type": "Scope" },
{ "id": "84bccea3-f856-4a8a-967b-dbe0a3d53a64", "type": "Scope" },
{ "id": "280b3b69-0437-44b1-bc20-3b2fca1ee3e9", "type": "Scope" },
Expand Down
12 changes: 6 additions & 6 deletions Config/CIPPDefaultTable.BPATemplate.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"name": "PasswordNeverExpires",
"API": "Graph",
"URL": "https://graph.microsoft.com/beta/domains",
"ExtractFields": "passwordValidityPeriodInDays",
"ExtractFields": ["passwordValidityPeriodInDays"],
"where": "$_.passwordValidityPeriodInDays -eq 2147483647",
"StoreAs": "bool",
"FrontendFields": [
Expand All @@ -21,7 +21,7 @@
"name": "OAuthAppConsent",
"API": "Graph",
"URL": "https://graph.microsoft.com/v1.0/policies/authorizationPolicy?$select=defaultUserRolePermissions",
"ExtractFields": "defaultuserrolepermissions",
"ExtractFields": ["defaultuserrolepermissions"],
"where": "'ManagePermissionGrantsForSelf.microsoft-user-default-legacy' -notin $_.defaultuserrolepermissions.permissionGrantPoliciesAssigned",
"StoreAs": "bool",
"FrontendFields": [
Expand All @@ -36,7 +36,7 @@
"name": "UnifiedAuditLog",
"API": "Exchange",
"Command": "Get-AdminAuditLogConfig",
"ExtractFields": "UnifiedAuditLogIngestionEnabled",
"ExtractFields": ["UnifiedAuditLogIngestionEnabled"],
"StoreAs": "bool",
"FrontendFields": [
{
Expand Down Expand Up @@ -65,7 +65,7 @@
"name": "TAPEnabled",
"API": "Graph",
"URL": "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/TemporaryAccessPass",
"ExtractFields": "State",
"ExtractFields": ["State"],
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -79,7 +79,7 @@
"name": "SecureDefaultState",
"API": "Graph",
"URL": "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy",
"ExtractFields": "IsEnabled",
"ExtractFields": ["IsEnabled"],
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -93,7 +93,7 @@
"name": "AnonymousPrivacyReports",
"API": "Graph",
"URL": "https://graph.microsoft.com/beta/admin/reportSettings",
"ExtractFields": "displayConcealedNames",
"ExtractFields": ["displayConcealedNames"],
"StoreAs": "bool",
"where": "$_.displayConcealedNames -eq $false",
"FrontendFields": [
Expand Down
22 changes: 11 additions & 11 deletions Config/CIPPDefaultTenantPage.BPATemplate.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"Fields": [
{
"name": "PasswordNeverExpires",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -17,7 +17,7 @@
},
{
"name": "OAuthAppConsent",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -30,7 +30,7 @@
},
{
"name": "UnifiedAuditLog",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -43,7 +43,7 @@
},
{
"name": "MFANudgeState",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -56,7 +56,7 @@
},
{
"name": "TAPEnabled",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -69,7 +69,7 @@
},
{
"name": "SecureDefaultState",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -82,7 +82,7 @@
},
{
"name": "AnonymousPrivacyReports",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -95,7 +95,7 @@
},
{
"name": "MessageCopyforSentAsDisabled",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "JSON",
"FrontendFields": [
{
Expand All @@ -108,7 +108,7 @@
},
{
"name": "SharedMailboxeswithenabledusers",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "JSON",
"FrontendFields": [
{
Expand All @@ -121,7 +121,7 @@
},
{
"name": "Unusedlicenses",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "JSON",
"FrontendFields": [
{
Expand All @@ -134,7 +134,7 @@
},
{
"name": "CurrentSecureScore",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "JSON",
"FrontendFields": [
{
Expand Down
2 changes: 1 addition & 1 deletion EditUser/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ catch {
}

if ($Request.body.CopyFrom -ne "") {
$CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $request.headers.'x-ms-client-principal' -tenantid $Userobj.tenantid -CopyFromId $Request.body.CopyFrom -UserID $user -TenantFilter $Userobj.tenantid
$CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $request.headers.'x-ms-client-principal' -tenantid $Userobj.tenantid -CopyFromId $Request.body.CopyFrom -UserID $UserprincipalName -TenantFilter $Userobj.tenantid
$results.AddRange($CopyFrom)
}
$body = @{"Results" = @($results) }
Expand Down
10 changes: 7 additions & 3 deletions ExecCPVPermissions/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,17 @@ $GraphRequest = $ExpectedPermissions.requiredResourceAccess | ForEach-Object {
}
}

try {
$ourSVCPrincipal = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($ENV:applicationid)')" -tenantid $Tenantfilter
$CurrentRoles = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignments" -tenantid $tenantfilter

$ourSVCPrincipal = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($ENV:applicationid)')" -tenantid $Tenantfilter

}
catch {
#this try catch exists because of 500 errors when the app principal does not exist. :)
}
# if the app svc principal exists, consent app permissions
$apps = $ExpectedPermissions
#get current roles
$CurrentRoles = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignments" -tenantid $tenantfilter
#If
$Grants = foreach ($App in $apps.requiredResourceAccess) {
try {
Expand Down
19 changes: 19 additions & 0 deletions ExecEditTemplate/function.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"bindings": [
{
"authLevel": "anonymous",
"type": "httpTrigger",
"direction": "in",
"name": "Request",
"methods": [
"get",
"post"
]
},
{
"type": "http",
"direction": "out",
"name": "Response"
}
]
}
Loading
Loading