Skip to content

Commit

Permalink
Merge branch 'KelvinTegelaar:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
jtorSEVENP authored Feb 6, 2024
2 parents 88df880 + d1f3e07 commit 3371f39
Show file tree
Hide file tree
Showing 74 changed files with 968 additions and 752 deletions.
72 changes: 28 additions & 44 deletions DomainAnalyser_All/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@ try {
$ValidResolvers = @('Google', 'CloudFlare', 'Quad9')
if ($ValidResolvers -contains $Config.Resolver) {
$Resolver = $Config.Resolver
}
else {
} else {
$Resolver = 'Google'
$Config = @{
PartitionKey = 'Domains'
Expand All @@ -20,8 +19,7 @@ try {
}
Add-CIPPAzDataTableEntity @ConfigTable -Entity $Config -Force
}
}
catch {
} catch {
$Resolver = 'Google'
}
Set-DnsResolver -Resolver $Resolver
Expand All @@ -30,8 +28,7 @@ $Domain = $DomainObject.rowKey

try {
$Tenant = $DomainObject.TenantDetails | ConvertFrom-Json -ErrorAction Stop
}
catch {
} catch {
$Tenant = @{Tenant = 'None' }
}

Expand Down Expand Up @@ -90,15 +87,13 @@ $MXFailCount = $MXRecord.ValidationFails | Measure-Object | Select-Object -Expan
if ($MXFailCount -eq 0) {
$Result.MXPassTest = $true
$ScoreDomain += $Scores.MXRecommended
}
else {
} else {
$ScoreExplanation.Add('MX record did not pass validation') | Out-Null
}

if ([string]::IsNullOrEmpty($MXRecord.MailProvider)) {
$Result.MailProvider = 'Unknown'
}
else {
} else {
$Result.MailProvider = $MXRecord.MailProvider.Name
}

Expand All @@ -109,22 +104,19 @@ try {
$Result.ActualSPFRecord = $SPFRecord.Record
if ($SPFRecord.RecordCount -eq 1) {
$ScoreDomain += $Scores.SPFPresent
}
else {
} else {
$ScoreExplanation.Add('Multiple SPF records detected') | Out-Null
}
}
else {
} else {
$Result.ActualSPFRecord = 'No SPF Record'
$ScoreExplanation.Add('No SPF Record Found') | Out-Null
}
}
catch {
} catch {
$Message = 'SPF Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error
throw $Message
}

# Check SPF Record
$Result.SPFPassAll = $false

Expand All @@ -135,8 +127,7 @@ $SPFFailCount = $SPFRecord.ValidationFails | Measure-Object | Select-Object -Exp
if ($SPFFailCount -eq 0) {
$ScoreDomain += $Scores.SPFCorrectAll
$Result.SPFPassAll = $true
}
else {
} else {
$ScoreExplanation.Add('SPF record did not pass validation') | Out-Null
}

Expand All @@ -147,19 +138,18 @@ try {
If ([string]::IsNullOrEmpty($DMARCPolicy.Record)) {
$Result.DMARCPresent = $false
$ScoreExplanation.Add('No DMARC Records Found') | Out-Null
}
else {
} else {
$Result.DMARCPresent = $true
$ScoreDomain += $Scores.DMARCPresent

$Result.DMARCFullPolicy = $DMARCResults.Record
if ($DMARCPolicy.Policy -eq 'reject' -and $DMARCPolicy.SubdomainPolicy -eq 'reject') {
$Result.DMARCFullPolicy = $DMARCPolicy.Record
if ($DMARCPolicy.Policy -eq 'reject' -and $DMARCPolicy.SubdomainPolicy -eq 'reject') {
$Result.DMARCActionPolicy = 'Reject'
$ScoreDomain += $Scores.DMARCSetReject
}
if ($DMARCPolicy.Policy -eq 'none') {
if ($DMARCPolicy.Policy -eq 'none') {
$Result.DMARCActionPolicy = 'None'
$ScoreExplanation.Add('DMARC is not being enforced') | Out-Null
$ScoreExplanation.Add('DMARC is not being enforced') | Out-Null
}
if ($DMARCPolicy.Policy -eq 'quarantine') {
$Result.DMARCActionPolicy = 'Quarantine'
Expand All @@ -171,23 +161,20 @@ try {
if ($ReportEmailCount -gt 0) {
$Result.DMARCReportingActive = $true
$ScoreDomain += $Scores.DMARCReportingActive
}
else {
} else {
$Result.DMARCReportingActive = $False
$ScoreExplanation.Add('DMARC Reporting not Configured') | Out-Null
}

if ($DMARCPolicy.Percent -eq 100) {
$Result.DMARCPercentagePass = $true
$ScoreDomain += $Scores.DMARCPercentageGood
}
else {
} else {
$Result.DMARCPercentagePass = $false
$ScoreExplanation.Add('DMARC Not Checking All Messages') | Out-Null
$ScoreExplanation.Add('DMARC Not Checking All Messages') | Out-Null
}
}
}
catch {
} catch {
$Message = 'DMARC Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error
throw $Message
Expand All @@ -201,13 +188,11 @@ try {
if (($DNSSECFailCount + $DNSSECWarnCount) -eq 0) {
$Result.DNSSECPresent = $true
$ScoreDomain += $Scores.DNSSECPresent
}
else {
} else {
$Result.DNSSECPresent = $false
$ScoreExplanation.Add('DNSSEC Not Configured or Enabled') | Out-Null
$ScoreExplanation.Add('DNSSEC Not Configured or Enabled') | Out-Null
}
}
catch {
} catch {
$Message = 'DNSSEC Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error
throw $Message
Expand All @@ -216,27 +201,26 @@ catch {
# DKIM Check
try {
$DkimParams = @{
Domain = $Domain
Domain = $Domain
FallbackToMicrosoftSelectors = $true
}
if (![string]::IsNullOrEmpty($DomainObject.DkimSelectors)) {
$DkimParams.Selectors = $DomainObject.DkimSelectors | ConvertFrom-Json
}

$DkimRecord = Read-DkimRecord @DkimParams -ErrorAction Stop

$DkimRecordCount = $DkimRecord.Records | Measure-Object | Select-Object -ExpandProperty Count
$DkimFailCount = $DkimRecord.ValidationFails | Measure-Object | Select-Object -ExpandProperty Count
#$DkimWarnCount = $DkimRecord.ValidationWarns | Measure-Object | Select-Object -ExpandProperty Count
if ($DkimRecordCount -gt 0 -and $DkimFailCount -eq 0) {
$Result.DKIMEnabled = $true
$ScoreDomain += $Scores.DKIMActiveAndWorking
}
else {
} else {
$Result.DKIMEnabled = $false
$ScoreExplanation.Add('DKIM Not Configured') | Out-Null
$ScoreExplanation.Add('DKIM Not Configured') | Out-Null
}
}
catch {
} catch {
$Message = 'DKIM Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error
throw $Message
Expand Down
60 changes: 34 additions & 26 deletions ListMailboxRulesAllTenants/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -3,51 +3,59 @@ param([string] $QueueItem, $TriggerMetadata)

# Write out the queue message and metadata to the information log.
Write-Host "PowerShell queue trigger function processed work item: $QueueItem"
$Tenants = if ($QueueItem -ne "AllTenants") {

$Tenants = if ($QueueItem -ne 'AllTenants') {
[PSCustomObject]@{
defaultDomainName = $QueueItem
}
}
else {
} else {
Get-Tenants
}
$Tenants | ForEach-Object -Parallel {
$Tenants | ForEach-Object -Parallel {
$domainName = $_.defaultDomainName
Import-Module '.\Modules\CIPPcore'
Import-Module CippCore
Import-Module AzBobbyTables
$Table = Get-CIPPTable -TableName cachembxrules
try {

$Rules = New-ExoRequest -tenantid $domainName -cmdlet "Get-Mailbox" | ForEach-Object -Parallel {
New-ExoRequest -Anchor $_.UserPrincipalName -tenantid $domainName -cmdlet "Get-InboxRule" -cmdParams @{Mailbox = $_.GUID }
$Rules = New-ExoRequest -tenantid $domainName -cmdlet 'Get-Mailbox' -Select 'userPrincipalName,GUID' | ForEach-Object -Parallel {
Import-Module CippCore
$MbxRules = New-ExoRequest -Anchor $_.UserPrincipalName -tenantid $using:domainName -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $_.GUID }
foreach ($Rule in $MbxRules) {
$Rule | Add-Member -NotePropertyName 'UserPrincipalName' -NotePropertyValue $_.userPrincipalName
$Rule
}
}
foreach ($Rule in $Rules) {
$GraphRequest = @{
Rules = [string]($Rule | ConvertTo-Json)
RowKey = [string](New-Guid).guid
if (($Rules | Measure-Object).Count -gt 0) {
foreach ($Rule in $Rules) {
$GraphRequest = [PSCustomObject]@{
Rules = [string]($Rule | ConvertTo-Json)
RowKey = [string](New-Guid).guid
Tenant = [string]$domainName
PartitionKey = 'mailboxrules'
}

}
} else {
$Rules = @{
Name = 'No rules found'
} | ConvertTo-Json
$GraphRequest = [PSCustomObject]@{
Rules = [string]$Rules
RowKey = [string]$domainName
Tenant = [string]$domainName
PartitionKey = 'mailboxrules'
}
$Table = Get-CIPPTable -TableName cachembxrules
Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
}
}
catch {
} catch {
$Rules = @{
Name = "Could not connect to tenant $($_.Exception.message)"
} | ConvertTo-Json
$GraphRequest = @{
$GraphRequest = [PSCustomObject]@{
Rules = [string]$Rules
RowKey = [string]$domainName
Tenant = [string]$domainName

PartitionKey = 'mailboxrules'
}
$Table = Get-CIPPTable -TableName cachembxrules
Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
}
Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
}



$Table = Get-CIPPTable -TableName cachembxrules
Write-Host "$($GraphRequest.RowKey) - $($GraphRequest.tenant)"
Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
29 changes: 29 additions & 0 deletions Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
function Add-CIPPGroupMember(
[string]$ExecutingUser,
[string]$GroupType,
[string]$GroupId,
[string]$Member,
[string]$TenantFilter,
[string]$APIName = 'Add Group Member'
) {
try {
if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) }
$MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $TenantFilter).id
$addmemberbody = "{ `"[email protected]`": $(ConvertTo-Json @($MemberIDs)) }"
if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
$Params = @{ Identity = $GroupId; Member = $member; BypassSecurityGroupManagerCheck = $true }
New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
} else {
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $addmemberbody -Verbose
}
$Message = "Successfully added user $($Member) to $GroupId."
Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
return $message
return
} catch {
$message = "Failed to add user $($Member) to $($GroupId): $($_.Exception.Message)"
Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $message -Sev 'error'
return $message
}

}
4 changes: 2 additions & 2 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ Function Invoke-AddAlert {
$params = @{
TenantFilter = $_.defaultDomainName
auditLogAPI = $true
operations = 'Audit.AzureActiveDirectory,Audit.Exchange,Audit.SharePoint,Audit.General'
operations = $Request.body.ifs.selection
BaseURL = $URL
ExecutingUser = $Request.headers.'x-ms-client-principal'
}
Expand All @@ -73,7 +73,7 @@ Function Invoke-AddAlert {
$params = @{
TenantFilter = $tenant
auditLogAPI = $true
operations = 'Audit.AzureActiveDirectory,Audit.Exchange,Audit.SharePoint,Audit.General'
operations = $Request.body.ifs.selection
BaseURL = $URL
ExecutingUser = $Request.headers.'x-ms-client-principal'
}
Expand Down
14 changes: 6 additions & 8 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-AddCATemplate.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,8 @@ Function Invoke-AddCATemplate {
try {
$GUID = (New-Guid).GUID
$JSON = if ($request.body.rawjson) {
([pscustomobject]$request.body.rawjson) | ConvertFrom-Json
}
else {
ConvertFrom-Json -InputObject ([pscustomobject]$request.body.rawjson)
} else {
([pscustomobject]$Request.body) | ForEach-Object {
$NonEmptyProperties = $_.psobject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name
$_ | Select-Object -Property $NonEmptyProperties
Expand All @@ -44,7 +43,7 @@ Function Invoke-AddCATemplate {

$JSON | Add-Member -NotePropertyName 'LocationInfo' -NotePropertyValue @($IncludeJSON, $ExcludeJSON)

$JSON = ($JSON | ConvertTo-Json -Depth 100)
$JSON = (ConvertTo-Json -Depth 100 -InputObject $JSON )
$Table = Get-CippTable -tablename 'templates'
$Table.Force = $true
Add-CIPPAzDataTableEntity @Table -Entity @{
Expand All @@ -53,12 +52,11 @@ Function Invoke-AddCATemplate {
PartitionKey = 'CATemplate'
GUID = "$GUID"
}
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev 'Debug'
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created CA Template $($Request.body.name) with GUID $GUID" -Sev 'Debug'
$body = [pscustomobject]@{'Results' = 'Successfully added template' }

}
catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create Transport Rule Template: $($_.Exception.Message)" -Sev 'Error'
} catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create CA Template: $($_.Exception.Message)" -Sev 'Error'
$body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" }
}

Expand Down
Loading

0 comments on commit 3371f39

Please sign in to comment.