Merge pull request KelvinTegelaar#417 from KelvinTegelaar/dev

Dev to release

AddGroup/run.ps1

@@ -8,7 +8,7 @@ Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME  -
 
 $groupobj = $Request.body
 $SelectedTenants = if ($Request.body.selectedTenants) { $request.body.selectedTenants.defaultDomainName } else { $Request.body.tenantid }
-
+if ("AllTenants" -in $SelectedTenants) { $SelectedTenants = (Get-Tenants).defaultDomainName }
 
 # Write to the Azure Functions log stream.
 Write-Host "PowerShell HTTP trigger function processed a request."
@@ -44,13 +44,13 @@ $results = foreach ($tenant in $SelectedTenants) {
             }
             $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet "New-DistributionGroup" -cmdParams $params
         }
-        "Successfully created group."
+        "Successfully created group $($groupobj.displayname) for $($tenant)"
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id) " -Sev "Info"
 
     }
     catch {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Group creation API failed. $($_.Exception.Message)" -Sev "Error"
-        "Failed to create group. $($_.Exception.Message)"
+        "Failed to create group. $($groupobj.displayname) for $($tenant) $($_.Exception.Message)"
 
     }
 }

BestPracticeAnalyser_All/run.ps1

@@ -1,8 +1,8 @@
 param($tenant)
 
 $TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $tenant
-Set-Location (Get-Item $PSScriptRoot).Parent.FullName
-$TemplatesLoc = Get-ChildItem "Config\*.BPATemplate.json"
+$CippRoot = (Get-Item $PSScriptRoot).Parent.FullName
+$TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json"
 $Templates = $TemplatesLoc | ForEach-Object {
     $Template = $(Get-Content $_) | ConvertFrom-Json
     [PSCustomObject]@{
@@ -26,89 +26,85 @@ $AddRow = foreach ($Template in $templates) {
         if ($Field.Where) { $filterscript = [scriptblock]::Create($Field.Where) } else { $filterscript = { $true } }
         try {
             switch ($field.API) {
-                "Graph" { 
+                'Graph' {
                     $paramsField = @{
                         uri      = $field.URL
                         tenantid = $TenantName.defaultDomainName
                     }
-                    if ($Field.parameters) {
+                    if ($Field.parameters.psobject.properties.name) {
                         $field.Parameters | ForEach-Object {
                             Write-Host "Doing: $($_.psobject.properties.name) with value $($_.psobject.properties.value)"
-                            $paramsField.Add($_.psobject.properties.name, $_.psobject.properties.value)
+                            $paramsField[$_.psobject.properties.name] = $_.psobject.properties.value
                         }
                     }
                     $FieldInfo = New-GraphGetRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
                 }
-                "Exchange" {
-                    if ($field.Command -notlike "get-*") {
-                        Write-LogMessage  -API "BPA" -tenant $tenant -message "The BPA only supports get- exchange commands. A set or update command was used." -sev Error
+                'Exchange' {
+                    if ($field.Command -notlike 'get-*') {
+                        Write-LogMessage -API 'BPA' -tenant $tenant -message 'The BPA only supports get- exchange commands. A set or update command was used.' -sev Error
                         break
-                    }
-                    else {
+                    } else {
                         $paramsField = @{
                             tenantid = $TenantName.defaultDomainName
                             cmdlet   = $field.Command
                         }
-                        if ($Field.Parameters) { $paramsfield.add('cmdparams', $field.parameters) }
-                        $FieldInfo = New-ExoRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields 
+                        if ($Field.Parameters) { $paramsfield.'cmdparams' = $field.parameters }
+                        $FieldInfo = New-ExoRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
                     }
                 }
-                "CIPPFunction" {
-                    if ($field.Command -notlike "get-CIPP*") {
-                        Write-LogMessage  -API "BPA" -tenant $tenant -message "The BPA only supports get-CIPP commands. A set or update command was used, or a command that is not allowed." -sev Error
+                'CIPPFunction' {
+                    if ($field.Command -notlike 'get-CIPP*') {
+                        Write-LogMessage -API 'BPA' -tenant $tenant -message 'The BPA only supports get-CIPP commands. A set or update command was used, or a command that is not allowed.' -sev Error
                         break
                     }
                     $paramsField = @{
                         TenantFilter = $TenantName.defaultDomainName
                     }
-                    if ($field.parameters) {
+                    if ($field.parameters.psobject.properties.name) {
                         $field.Parameters | ForEach-Object {
-                            $paramsField.Add($_.psobject.properties.name, $_.psobject.properties.value)
+                            $paramsField[$_.psobject.properties.name] = $_.psobject.properties.value
                         }
                     }
-                    $FieldInfo = & $field.Command @paramsField | Where-Object $filterscript  | Select-Object $field.ExtractFields 
+                    $FieldInfo = & $field.Command @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
                 }
             }
-        }
-        catch {
+        } catch {
             Write-Host "Error getting $($field.Name) in $($field.api) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)"
-            Write-LogMessage -API "BPA" -tenant $tenant -message "Error getting $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
-            $fieldinfo = "FAILED"
-            $field.StoreAs = "string"
-        } 
+            Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
+            $fieldinfo = 'FAILED'
+            $field.StoreAs = 'string'
+        }
         try {
             switch -Wildcard ($field.StoreAs) {
-                "*bool" {
+                '*bool' {
                     if ($field.ExtractFields.Count -gt 1) {
-                        Write-LogMessage  -API "BPA" -tenant $tenant -message "The BPA only supports 1 field for a bool. $($field.ExtractFields.Count) fields were specified." -sev Error
+                        Write-LogMessage -API 'BPA' -tenant $tenant -message "The BPA only supports 1 field for a bool. $($field.ExtractFields.Count) fields were specified." -sev Error
                         break
                     }
                     if ($null -eq $FieldInfo.$($field.ExtractFields)) { $FieldInfo = $false }
 
                     $Result.Add($field.Name, [bool]$FieldInfo.$($field.ExtractFields))
                 }
-                "JSON" {
-                    if ($FieldInfo -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldInfo) }
+                'JSON' {
+                    if ($FieldInfo -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldInfo -Compress) }
                     $Result.Add($field.Name, $JSONString)
                 }
-                "string" {
+                'string' {
                     $Result.Add($field.Name, [string]$FieldInfo)
                 }
             }
-        }
-        catch {
-            Write-LogMessage -API "BPA" -tenant $tenant -message "Error storing $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
-            $Result.Add($field.Name, "FAILED")
+        } catch {
+            Write-LogMessage -API 'BPA' -tenant $tenant -message "Error storing $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
+            $Result.Add($field.Name, 'FAILED')
         }
 
     }
- 
+
     if ($Result) {
         try {
             Add-AzDataTableEntity @Table -Entity $Result -Force
-        }
-        catch {
-            Write-LogMessage -API "BPA" -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
+        } catch {
+            Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
 
         }
     }

Cache_SAMSetup/SAMManifest.json

@@ -149,6 +149,7 @@
         { "id": "2a60023f-3219-47ad-baa4-40e17cd02a1d", "type": "Role" },
         { "id": "338163d7-f101-4c92-94ba-ca46fe52447c", "type": "Role" },
         { "id": "cac88765-0581-4025-9725-5ebc13f729ee", "type": "Role" },
+        { "id": "75359482-378d-4052-8f01-80520e7db3cd", "type": "Role" },
         { "id": "b27a61ec-b99c-4d6a-b126-c4375d08ae30", "type": "Scope" },
         { "id": "84bccea3-f856-4a8a-967b-dbe0a3d53a64", "type": "Scope" },
         { "id": "280b3b69-0437-44b1-bc20-3b2fca1ee3e9", "type": "Scope" },

Config/CIPPDefaultTable.BPATemplate.json

@@ -6,7 +6,7 @@
       "name": "PasswordNeverExpires",
       "API": "Graph",
       "URL": "https://graph.microsoft.com/beta/domains",
-      "ExtractFields": "passwordValidityPeriodInDays",
+      "ExtractFields": ["passwordValidityPeriodInDays"],
       "where": "$_.passwordValidityPeriodInDays -eq 2147483647",
       "StoreAs": "bool",
       "FrontendFields": [
@@ -21,7 +21,7 @@
       "name": "OAuthAppConsent",
       "API": "Graph",
       "URL": "https://graph.microsoft.com/v1.0/policies/authorizationPolicy?$select=defaultUserRolePermissions",
-      "ExtractFields": "defaultuserrolepermissions",
+      "ExtractFields": ["defaultuserrolepermissions"],
       "where": "'ManagePermissionGrantsForSelf.microsoft-user-default-legacy' -notin $_.defaultuserrolepermissions.permissionGrantPoliciesAssigned",
       "StoreAs": "bool",
       "FrontendFields": [
@@ -36,7 +36,7 @@
       "name": "UnifiedAuditLog",
       "API": "Exchange",
       "Command": "Get-AdminAuditLogConfig",
-      "ExtractFields": "UnifiedAuditLogIngestionEnabled",
+      "ExtractFields": ["UnifiedAuditLogIngestionEnabled"],
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -65,7 +65,7 @@
       "name": "TAPEnabled",
       "API": "Graph",
       "URL": "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/TemporaryAccessPass",
-      "ExtractFields": "State",
+      "ExtractFields": ["State"],
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -79,7 +79,7 @@
       "name": "SecureDefaultState",
       "API": "Graph",
       "URL": "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy",
-      "ExtractFields": "IsEnabled",
+      "ExtractFields": ["IsEnabled"],
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -93,7 +93,7 @@
       "name": "AnonymousPrivacyReports",
       "API": "Graph",
       "URL": "https://graph.microsoft.com/beta/admin/reportSettings",
-      "ExtractFields": "displayConcealedNames",
+      "ExtractFields": ["displayConcealedNames"],
       "StoreAs": "bool",
       "where": "$_.displayConcealedNames -eq $false",
       "FrontendFields": [

Config/CIPPDefaultTenantPage.BPATemplate.json

@@ -4,7 +4,7 @@
   "Fields": [
     {
       "name": "PasswordNeverExpires",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -17,7 +17,7 @@
     },
     {
       "name": "OAuthAppConsent",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -30,7 +30,7 @@
     },
     {
       "name": "UnifiedAuditLog",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -43,7 +43,7 @@
     },
     {
       "name": "MFANudgeState",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -56,7 +56,7 @@
     },
     {
       "name": "TAPEnabled",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -69,7 +69,7 @@
     },
     {
       "name": "SecureDefaultState",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -82,7 +82,7 @@
     },
     {
       "name": "AnonymousPrivacyReports",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "bool",
       "FrontendFields": [
         {
@@ -95,7 +95,7 @@
     },
     {
       "name": "MessageCopyforSentAsDisabled",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "JSON",
       "FrontendFields": [
         {
@@ -108,7 +108,7 @@
     },
     {
       "name": "SharedMailboxeswithenabledusers",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "JSON",
       "FrontendFields": [
         {
@@ -121,7 +121,7 @@
     },
     {
       "name": "Unusedlicenses",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "JSON",
       "FrontendFields": [
         {
@@ -134,7 +134,7 @@
     },
     {
       "name": "CurrentSecureScore",
-      "UseExistingInfo": "true",
+      "UseExistingInfo": true,
       "StoreAs": "JSON",
       "FrontendFields": [
         {

EditUser/run.ps1

@@ -99,7 +99,7 @@ catch {
 }
 
 if ($Request.body.CopyFrom -ne "") {
-    $CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $request.headers.'x-ms-client-principal' -tenantid $Userobj.tenantid -CopyFromId $Request.body.CopyFrom -UserID $user -TenantFilter  $Userobj.tenantid
+    $CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $request.headers.'x-ms-client-principal' -tenantid $Userobj.tenantid -CopyFromId $Request.body.CopyFrom -UserID  $UserprincipalName -TenantFilter  $Userobj.tenantid
     $results.AddRange($CopyFrom)
 }
 $body = @{"Results" = @($results) }

ExecCPVPermissions/run.ps1

@@ -58,13 +58,17 @@ $GraphRequest = $ExpectedPermissions.requiredResourceAccess | ForEach-Object {
     }
 }
 
+try {
+    $ourSVCPrincipal = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($ENV:applicationid)')" -tenantid $Tenantfilter
+    $CurrentRoles = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignments" -tenantid $tenantfilter
 
-$ourSVCPrincipal = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($ENV:applicationid)')" -tenantid $Tenantfilter
-
+}
+catch {
+    #this try catch exists because of 500 errors when the app principal does not exist. :)
+}
 # if the app svc principal exists, consent app permissions
 $apps = $ExpectedPermissions 
 #get current roles
-$CurrentRoles = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignments" -tenantid $tenantfilter
 #If 
 $Grants = foreach ($App in $apps.requiredResourceAccess) {
     try {

ExecEditTemplate/function.json

@@ -0,0 +1,19 @@
+{
+  "bindings": [
+    {
+      "authLevel": "anonymous",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "Request",
+      "methods": [
+        "get",
+        "post"
+      ]
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "Response"
+    }
+  ]
+}