Skip to content

Commit

Permalink
Merge pull request #22 from KelvinTegelaar/master
Browse files Browse the repository at this point in the history
[pull] master from KelvinTegelaar:master
  • Loading branch information
pull[bot] authored Jan 9, 2024
2 parents f528914 + 5192fe2 commit 44b9f85
Show file tree
Hide file tree
Showing 8 changed files with 115 additions and 11 deletions.
19 changes: 16 additions & 3 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -27,16 +27,29 @@ Function Invoke-ListSites {
} else {
$ParsedRequest = $Result
}


$GraphRequest = $ParsedRequest | Select-Object @{ Name = 'UPN'; Expression = { $_.'Owner Principal Name' } },
@{ Name = 'displayName'; Expression = { $_.'Owner Display Name' } },
@{ Name = 'LastActive'; Expression = { $_.'Last Activity Date' } },
@{ Name = 'FileCount'; Expression = { [int]$_.'File Count' } },
@{ Name = 'UsedGB'; Expression = { [math]::round($_.'Storage Used (Byte)' / 1GB, 2) } },
@{ Name = 'URL'; Expression = { $_.'Site URL' } },
@{ Name = 'Allocated'; Expression = { [math]::round($_.'Storage Allocated (Byte)' / 1GB, 2) } },
@{ Name = 'Template'; Expression = { $_.'Root Web Template' } }
@{ Name = 'Template'; Expression = { $_.'Root Web Template' } },
@{ Name = 'siteid'; Expression = { $_.'site Id' } }

#Temporary workaround for url as report is broken.
if ($Type -eq 'SharePointSiteUsage') {
$URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/sites?search=*&`$select=sharepointIds" -asapp $true -tenantid $TenantFilter).sharepointIds
} else {
#Get all OneDrive Urls
#$URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users?`$select=displayName,userPrincipalName" -tenantid $TenantFilter)
}

$GraphRequest = foreach ($site in $GraphRequest) {
$site.URL = ($URLs | Where-Object { $_.siteId -eq $site.SiteId }).siteUrl
$site
}

$StatusCode = [HttpStatusCode]::OK
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,12 @@ function Push-CIPPAlertExpiringLicenses {
$TriggerMetadata
)
try {
Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | Where-Object -Property 'TimeUntilRenew' -LT 29 | ForEach-Object {
Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | ForEach-Object {
$timeTorenew = [int64]$_.TimeUntilRenew
if ($timeTorenew -lt 30 -and $_.TimeUntilRenew -gt 0) {
Write-Host "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
}
}
} catch {
Write-AlertMessage -tenant $($QueueItem.tenant) -message "Error occurred: $(Get-NormalizedError -message $_.Exception.message)"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,12 @@ function Invoke-CIPPStandardDisableExternalCalendarSharing {

if ($Settings.remediate) {
New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } | ForEach-Object {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully disabled external calendar sharing for the policy $($_.Name)" -sev Info
} catch {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable external calendar sharing for the policy $($_.Name). Error: $($_.exception.message)" -sev Error
}
}
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
function Invoke-CIPPStandardEnableCustomerLockbox {
<#
.FUNCTIONALITY
Internal
#>
param($Tenant, $Settings)

if ($Settings.remediate) {
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{ CustomerLockboxEnabled = $true } -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Successfully enabled Customer Lockbox' -sev Info
} catch {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Customer Lockbox. Error: $($_.exception.message)" -sev Error
}
}
if ($Settings.alert -or $Settings.report) {
$CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig'

if ($Settings.alert) {
if ($CurrentInfo.CustomerLockboxEnabled) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Customer Lockbox is enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Customer Lockbox is not enabled' -sev Alert
}
}
if ($Settings.report) {
Add-CIPPBPAField -FieldName 'CustomerLockboxEnabled' -FieldValue [bool]$CurrentInfo.CustomerLockboxEnabled -StoreAs bool -Tenant $tenant
}
}

}

Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
function Invoke-CIPPStandardEnableMailboxAuditing {
<#
.FUNCTIONALITY
Internal
#>
param($Tenant, $Settings)

$AuditState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').AuditDisabled
if ( $Settings.remediate) {
if ($AuditState) {
# Enable tenant level mailbox audit
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{AuditDisabled = $false } -useSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit enabled' -sev Info
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable tenant level mailbox audit. Error: $($_.exception.message)" -sev Error
}
} else {
$LogMessage = 'Tenant level mailbox audit already enabled. '
}

# check for mailbox audit on all mailboxes. Enabled for all that it's not enabled for
$Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditEnabled -ne $true }
$Mailboxes | ForEach-Object {
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $_.UserPrincipalName; AuditEnabled = $true } -Anchor $_.UserPrincipalName
Write-LogMessage -API 'Standards' -tenant $Tenant -message "User level mailbox audit enabled for $($_.UserPrincipalName)" -sev Info
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable user level mailbox audit for $($_.UserPrincipalName). Error: $($_.exception.message)" -sev Error
}
}
if ($Mailboxes.Count -eq 0) {
$LogMessage += 'User level mailbox audit already enabled for all mailboxes'
}
Write-LogMessage -API 'Standards' -tenant $Tenant -message $LogMessage -sev Info
}

if ($Settings.alert) {
if ($AuditState) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is not enabled' -sev Alert
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is enabled' -sev Info
}
}
if ($Settings.report) {
Add-CIPPBPAField -FieldName 'MailboxAuditingEnabled' -FieldValue [bool]$AuditState -StoreAs bool -Tenant $Tenant
}

}
7 changes: 4 additions & 3 deletions PublicWebhooks/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -10,22 +10,23 @@ Write-Host 'Received request'
Write-Host "CIPPID: $($request.Query.CIPPID)"
$url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1
Write-Host $url
if ($Request.Query.CIPPID -in $Webhooks.RowKey) {
if ($Request.Query.CIPPID -in $Webhooks.RowKey -and $Webhooks.Resource -ne 'M365AuditLogs') {
Write-Host 'Found matching CIPPID'

if ($Request.query.ValidationToken -or $Request.body.validationCode) {
Write-Host 'Validation token received'
$body = $request.query.ValidationToken
} else {
Push-OutputBinding -Name QueueWebhook -Value $Request
$Body = 'Webhook Recieved'
$StatusCode = [HttpStatusCode]::OK
}
} else {
$body = 'This webhook is not authorized.'
$StatusCode = [HttpStatusCode]::Forbidden
}

# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
StatusCode = $StatusCode
Body = $body
})
2 changes: 1 addition & 1 deletion Scheduler_Timer/function.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"bindings": [
{
"name": "Timer",
"schedule": "0 */20 * * * *",
"schedule": "0 0 * * * *",
"direction": "in",
"type": "timerTrigger"
},
Expand Down
2 changes: 1 addition & 1 deletion version_latest.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
4.9.3
4.9.4

0 comments on commit 44b9f85

Please sign in to comment.