')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
}
$ButtonText = 'User Management'
$AfterButtonText = 'If this is incorrect, use the user management screen to unblock the users sign-in
'
@@ -91,7 +90,7 @@ function New-CIPPAlertTemplate {
if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
if ($LocationInfo) {
$LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
}
$ButtonText = 'User Management'
$AfterButtonText = 'If this is incorrect, use the user management screen to unblock the users sign-in
'
@@ -102,7 +101,7 @@ function New-CIPPAlertTemplate {
if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
if ($LocationInfo) {
$LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
}
$ButtonUrl = "$CIPPPURL/identity/administration/users?customerId=$($data.OrganizationId)"
$ButtonText = 'User Management'
@@ -110,12 +109,12 @@ function New-CIPPAlertTemplate {
}
'Remove Member from a role.' {
$Title = "$($TenantFilter) - Role change detected for $($data.ObjectId)"
- $Table = ($data.ModifiedProperties | ConvertTo-Html -Fragment | Out-String).Replace('', ' ')
+ $Table = ($data.CIPPModifiedProperties | ConvertFrom-Json | ConvertTo-Html -Fragment | Out-String).Replace('', ' ')
$IntroText = "$($data.UserId) has removed $($data.ObjectId) to the $(($data.ModifiedProperties | Where-Object -Property Name -EQ 'Role.DisplayName').NewValue) role. The information about the role can be found in the table below.
$Table"
if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
if ($LocationInfo) {
$LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
}
$ButtonUrl = "$CIPPPURL/identity/administration/roles?customerId=$($data.OrganizationId)"
$ButtonText = 'Role Management'
@@ -129,70 +128,13 @@ function New-CIPPAlertTemplate {
if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
if ($LocationInfo) {
$LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
}
$ButtonUrl = "$CIPPPURL/identity/administration/users?customerId=$($data.OrganizationId)"
$ButtonText = 'User Management'
$AfterButtonText = 'If this is incorrect, use the user management screen to unblock the users sign-in
'
}
- 'AdminLoggedIn' {
- $Table = ($TableObj | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- if ($Appname) { $AppName = $AppName.'Application Name' } else { $appName = $data.ApplicationId }
- $Title = "$($TenantFilter) - an admin account has logged on"
- $IntroText = "$($data.UserId) ($($data.Userkey)) has logged on from IP $($data.ClientIP) to the application $($Appname). See the table below for more information. $Table"
- if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
- if ($LocationInfo) {
- $LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
- }
- $ButtonUrl = "$CIPPPURL/identity/administration/ViewBec?userId=$($data.UserKey)&tenantDomain=$($data.OrganizationId)"
- $ButtonText = 'User Management'
- $AfterButtonText = 'If this is incorrect, use the user management screen to block the user and revoke the sessions
'
-
- }
- 'UserLoggedInFromUnknownLocation' {
- $Table = ($TableObj | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- if ($Appname) { $AppName = $AppName.'Application Name' } else { $appName = $data.ApplicationId }
- $Title = "$($TenantFilter) - a user has logged on from a potentially unsafe location"
- $IntroText = "$($data.UserId) ($($data.Userkey)) has logged on from IP $($data.ClientIP) to the application $($Appname). According to our database this is located in $($LocationInfo.Country) - $($LocationInfo.City).
You have set up alerts to be notified when this happens. See the table below for more info.$Table"
- if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
- if ($LocationInfo) {
- $LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
- }
- $ButtonUrl = "$CIPPPURL/identity/administration/ViewBec?userId=$($data.ObjectId)&tenantDomain=$($data.OrganizationId)"
- $ButtonText = 'User Management'
- $AfterButtonText = 'If this is incorrect, use the user management screen to block the user and revoke the sessions
'
- }
- 'BadRepIP' {
- $Table = ($TableObj | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- if ($Appname) { $AppName = $AppName.'Application Name' } else { $appName = $data.ApplicationId }
- $Title = "$($TenantFilter) - a user has logged on from a potentially unsafe location"
- $IntroText = "$($data.UserId) ($($data.Userkey)) has logged on from IP $($data.ClientIP) to the application $($Appname). According to our database this is located in $($LocationInfo.Country) - $($LocationInfo.City), but is a VPN, Proxy, or IP anonimizing service.
You have set up alerts to be notified when this happens. See the table below for more info.$Table"
- if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
- if ($LocationInfo) {
- $LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
- }
- $ButtonUrl = "$CIPPPURL/tenant/tools/geoiplookup?ip=$($data.ClientIP)&SearchNow=true&customerId=$($data.OrganizationId)"
- $ButtonText = 'Whitelist IP'
- $AfterButtonText = 'If this is incorrect, you can whitelist the following IP.
'
- }
- 'HostedIP' {
- $Table = ($TableObj | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- if ($Appname) { $AppName = $AppName.'Application Name' } else { $appName = $data.ApplicationId }
- $Title = "$($TenantFilter) - a user has logged on from a potentially unsafe location"
- $IntroText = "$($data.UserId) ($($data.Userkey)) has logged on from IP $($data.ClientIP) to the application $($Appname). According to our database this is located in $($LocationInfo.Country) - $($LocationInfo.City), but this IP is also belonging to a Hosting Provider, such as Microsoft, Google, or other cloud service.
You have set up alerts to be notified when this happens. See the table below for more info.$Table"
- if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
- if ($LocationInfo) {
- $LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
- }
- $ButtonUrl = "$CIPPPURL/tenant/tools/geoiplookup?ip=$($data.ClientIP)&SearchNow=true&customerId=$($data.OrganizationId)"
- $ButtonText = 'Whitelist IP'
- $AfterButtonText = 'If this is incorrect, you can whitelist the following IP.
'
- }
'Add service principal.' {
if ($Appname) { $AppName = $AppName.'Application Name' } else { $appName = $data.ApplicationId }
$Title = "$($TenantFilter) - Service Principal $($data.ObjectId) has been added."
@@ -200,7 +142,7 @@ function New-CIPPAlertTemplate {
if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
if ($LocationInfo) {
$LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
}
$IntroText = "$($data.ObjectId) has been added by $($data.UserId)."
$ButtonUrl = "$CIPPPURL/tenant/administration/enterprise-apps?customerId=?customerId=$($data.OrganizationId)"
@@ -209,25 +151,38 @@ function New-CIPPAlertTemplate {
'Remove service principal.' {
if ($Appname) { $AppName = $AppName.'Application Name' } else { $appName = $data.ApplicationId }
$Title = "$($TenantFilter) - Service Principal $($data.ObjectId) has been removed."
- $Table = ($data.ModifiedProperties | ConvertTo-Html -Fragment | Out-String).Replace('', ' ')
+ $Table = ($data.CIPPModifiedProperties | ConvertFrom-Json | ConvertTo-Html -Fragment | Out-String).Replace('', ' ')
if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
if ($LocationInfo) {
$LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
}
$IntroText = "$($data.ObjectId) has been added by $($data.UserId)."
$ButtonUrl = "$CIPPPURL/tenant/administration/enterprise-apps?customerId=?customerId=$($data.OrganizationId)"
$ButtonText = 'Enterprise Apps'
}
-
+ 'UserLoggedIn' {
+ $Table = ($data | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
+ if ($Appname) { $AppName = $AppName.'Application Name' } else { $appName = $data.ApplicationId }
+ $Title = "$($TenantFilter) - a user has logged on from a location you've set up to receive alerts for."
+ $IntroText = "$($data.UserId) ($($data.Userkey)) has logged on from IP $($data.ClientIP) to the application $($Appname). According to our database this is located in $($LocationInfo.Country) - $($LocationInfo.City).
You have set up alerts to be notified when this happens. See the table below for more info.$Table"
+ if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
+ if ($LocationInfo) {
+ $LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
+ }
+ $ButtonUrl = "$CIPPPURL/identity/administration/ViewBec?userId=$($data.ObjectId)&tenantDomain=$($data.OrganizationId)"
+ $ButtonText = 'User Management'
+ $AfterButtonText = 'If this is incorrect, use the user management screen to block the user and revoke the sessions
'
+ }
default {
$Title = 'A custom alert has occured'
$Table = ($data | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = "You have setup CIPP to send you a custom alert for the event $($Data.operation)
$Table"
+ $IntroText = "You have setup CIPP to send you a custom alert for the audit events that follow this filter: $($data.cippclause)
$Table"
if ($ActionResults) { $IntroText = $IntroText + "Based on the rule, the following actions have been taken: $($ActionResults -join '
' )
" }
if ($LocationInfo) {
$LocationTable = ($LocationInfo | ConvertTo-Html -Fragment -As List | Out-String).Replace('', ' ')
- $IntroText = $IntroText + "The location information for this IP is as follows:
$LocationTable"
+ $IntroText = $IntroText + "The (potential) location information for this IP is as follows:
$LocationTable"
}
$ButtonUrl = "$CIPPPURL/identity/administration/users?customerId=$($data.OrganizationId)"
$ButtonText = 'User Management'
diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1
index fa13c6b67e5f..10f92773ee22 100644
--- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1
+++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1
@@ -139,13 +139,13 @@ function New-CIPPCAPolicy {
$users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/users?$select=id,displayName' -tenantid $TenantFilter
$groups = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName' -tenantid $TenantFilter
- if ($JSONObj.conditions.users.includeUsers -notin 'All', 'None', 'GuestOrExternalUsers') { $JSONObj.conditions.users.includeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.includeUsers).id) }
+ if ($JSONObj.conditions.users.includeUsers -and $JSONObj.conditions.users.includeUsers -notin 'All', 'None', 'GuestOrExternalUsers') { $JSONObj.conditions.users.includeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.includeUsers).id) }
if ($JSONObj.conditions.users.excludeUsers) { $JSONObj.conditions.users.excludeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.excludeUsers).id) }
# Check the included and excluded groups
foreach ($groupType in 'includeGroups', 'excludeGroups') {
if ($JSONObj.conditions.users.PSObject.Properties.Name -contains $groupType) {
- $JSONObj.conditions.users.$groupType = Replace-GroupNameWithId -groupNames $JSONObj.conditions.users.$groupType
+ $JSONObj.conditions.users.$groupType = @(Replace-GroupNameWithId -groupNames $JSONObj.conditions.users.$groupType)
}
}
} catch {
@@ -155,7 +155,7 @@ function New-CIPPCAPolicy {
}
}
$JsonObj.PSObject.Properties.Remove('LocationInfo')
- $RawJSON = $JSONObj | ConvertTo-Json -Depth 10
+ $RawJSON = $JSONObj | ConvertTo-Json -Depth 10 -Compress
Write-Host $RawJSON
try {
Write-Host 'Checking'
diff --git a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1
index 378df5a1cb48..f7d0eb366389 100644
--- a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1
+++ b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1
@@ -19,64 +19,48 @@ function New-CIPPGraphSubscription {
Write-Host "Operations are: $operations"
try {
if ($auditLogAPI) {
- $MappingTable = [pscustomobject]@{
- 'UserLoggedIn' = 'Audit.AzureActiveDirectory'
- 'Add member to role.' = 'Audit.AzureActiveDirectory'
- 'Disable account.' = 'Audit.AzureActiveDirectory'
- 'Update StsRefreshTokenValidFrom Timestamp.' = 'Audit.AzureActiveDirectory'
- 'Enable account.' = 'Audit.AzureActiveDirectory'
- 'Disable Strong Authentication.' = 'Audit.AzureActiveDirectory'
- 'Reset user password.' = 'Audit.AzureActiveDirectory'
- 'Add service principal.' = 'Audit.AzureActiveDirectory'
- 'HostedIP' = 'Audit.AzureActiveDirectory'
- 'badRepIP' = 'Audit.AzureActiveDirectory'
- 'UserLoggedInFromUnknownLocation' = 'Audit.AzureActiveDirectory'
- 'customfield' = 'AnyLog'
- 'anyAlert' = 'AnyLog'
- 'New-InboxRule' = 'Audit.Exchange'
- 'Set-InboxRule' = 'Audit.Exchange'
- }
- $EventTypes = $operations | Where-Object { $MappingTable.$_ } | ForEach-Object { $MappingTable.$_ }
- if ('anyLog' -in $EventTypes) { $EventTypes = @('Audit.AzureActiveDirectory', 'Audit.Exchange', 'Audit.SharePoint', 'Audit.General') }
- foreach ($EventType in $EventTypes) {
- $CIPPID = (New-Guid).GUID
- $Resource = $EventType
- $CIPPAuditURL = "$BaseURL/API/Publicwebhooks?EventType=$EventType&CIPPID=$CIPPID"
- $AuditLogParams = @{
- webhook = @{
- 'address' = $CIPPAuditURL
+ $CIPPID = (New-Guid).GUID
+ $Resource = $EventType
+ $CIPPAuditURL = "$BaseURL/API/Publicwebhooks?EventType=$EventType&CIPPID=$CIPPID&version=2"
+ $AuditLogParams = @{
+ webhook = @{
+ 'address' = $CIPPAuditURL
+ }
+ } | ConvertTo-Json
+ #List existing webhook subscriptions in table
+ $WebhookFilter = "PartitionKey eq '$($TenantFilter)' and Resource eq '$Resource' and Version eq '2'"
+ $ExistingWebhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter $WebhookFilter
+ $MatchedWebhook = $ExistingWebhooks
+ try {
+ if (!$MatchedWebhook) {
+ $WebhookRow = @{
+ PartitionKey = [string]$TenantFilter
+ RowKey = [string]$CIPPID
+ Resource = $Resource
+ Expiration = 'Does Not Expire'
+ WebhookNotificationUrl = [string]$CIPPAuditURL
+ Version = '2'
}
- } | ConvertTo-Json
- #List existing webhook subscriptions in table
- $WebhookFilter = "PartitionKey eq '$($TenantFilter)'"
- $ExistingWebhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter $WebhookFilter
- $MatchedWebhook = $ExistingWebhooks | Where-Object { $_.Resource -eq $Resource }
- try {
- if (!$MatchedWebhook) {
- $WebhookRow = @{
- PartitionKey = [string]$TenantFilter
- RowKey = [string]$CIPPID
- Resource = $Resource
- Expiration = 'Does Not Expire'
- WebhookNotificationUrl = [string]$CIPPAuditURL
- }
- Add-CIPPAzDataTableEntity @WebhookTable -Entity $WebhookRow
- Write-Host "Creating webhook subscription for $EventType"
- $AuditLog = New-GraphPOSTRequest -uri "https://manage.office.com/api/v1.0/$($TenantFilter)/activity/feed/subscriptions/start?contentType=$EventType&PublisherIdentifier=$($TenantFilter)" -tenantid $TenantFilter -type POST -scope 'https://manage.office.com/.default' -body $AuditLogparams -verbose
+ Add-CIPPAzDataTableEntity @WebhookTable -Entity $WebhookRow
+ Write-Host "Creating webhook subscription for $EventType"
- Write-LogMessage -user $ExecutingUser -API $APIName -message "Created Webhook subscription for $($TenantFilter) for the log $($EventType)" -Sev 'Info' -tenant $TenantFilter
- } else {
- Write-LogMessage -user $ExecutingUser -API $APIName -message "No webhook creation required for $($TenantFilter). Already exists" -Sev 'Info' -tenant $TenantFilter
- }
- } catch {
- if ($_.Exception.Message -like '*already exists*') {
- Write-LogMessage -user $ExecutingUser -API $APIName -message "Webhook subscription for $($TenantFilter) already exists" -Sev 'Info' -tenant $TenantFilter
- } else {
- Remove-AzDataTableEntity @WebhookTable -Entity @{ PartitionKey = $TenantFilter; RowKey = $CIPPID } | Out-Null
- Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to create Webhook Subscription for $($TenantFilter): $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter
- }
+ $AuditLog = New-GraphPOSTRequest -uri "https://manage.office.com/api/v1.0/$($TenantFilter)/activity/feed/subscriptions/start?contentType=$EventType&PublisherIdentifier=$($TenantFilter)" -tenantid $TenantFilter -type POST -scope 'https://manage.office.com/.default' -body $AuditLogparams -verbose
+ Write-LogMessage -user $ExecutingUser -API $APIName -message "Created Webhook subscription for $($TenantFilter) for the log $($EventType)" -Sev 'Info' -tenant $TenantFilter
+ } else {
+ Write-LogMessage -user $ExecutingUser -API $APIName -message "No webhook creation required for $($TenantFilter). Already exists" -Sev 'Info' -tenant $TenantFilter
+ }
+ return @{ success = $true; message = "Created Webhook subscription for $($TenantFilter) for the log $($EventType)" }
+ } catch {
+ if ($_.Exception.Message -like '*already exists*') {
+ return @{ success = $true; message = "Webhook exists for $($TenantFilter) for the log $($EventType)" }
+ Write-LogMessage -user $ExecutingUser -API $APIName -message "Webhook subscription for $($TenantFilter) already exists" -Sev 'Info' -tenant $TenantFilter
+ } else {
+ Remove-AzDataTableEntity @WebhookTable -Entity @{ PartitionKey = $TenantFilter; RowKey = $CIPPID } | Out-Null
+ Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to create Webhook Subscription for $($TenantFilter): $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter
+ return @{ success = $false; message = "Failed to create Webhook Subscription for $($TenantFilter): $($_.Exception.Message)" }
}
}
+
} elseif ($PartnerCenter.IsPresent) {
$WebhookFilter = "PartitionKey eq '$($env:TenantId)'"
$ExistingWebhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter $WebhookFilter
diff --git a/Modules/CIPPCore/Public/Remove-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/Remove-CIPPGraphSubscription.ps1
index 2847bdb24e99..88138b99ccc3 100644
--- a/Modules/CIPPCore/Public/Remove-CIPPGraphSubscription.ps1
+++ b/Modules/CIPPCore/Public/Remove-CIPPGraphSubscription.ps1
@@ -5,34 +5,52 @@ function Remove-CIPPGraphSubscription {
$CIPPID,
$APIName = 'Remove Graph Webhook',
$Type,
- $ExecutingUser
+ $EventType,
+ $ExecutingUser,
+ $Cleanup = $false
)
try {
- $WebhookTable = Get-CIPPTable -TableName webhookTable
- if ($type -eq 'AuditLog') {
- $WebhookRow = Get-CIPPAzDataTableEntity @WebhookTable | Where-Object { $_.PartitionKey -eq $TenantFilter }
+ if ($Cleanup) {
+ #list all subscriptions on the management API
+ $Subscriptions = New-GraphPOSTRequest -type GET -uri "https://manage.office.com/api/v1.0/$($TenantFilter)/activity/feed/subscriptions/list" -scope 'https://manage.office.com/.default' -tenantid $TenantFilter -verbose
+ foreach ($Sub in $Subscriptions | Where-Object { $_.webhook.address -like '*CIPP*' -and $_.webhook.address -notlike '*version=2*' }) {
+ Try {
+ $AuditLog = New-GraphPOSTRequest -uri "https://manage.office.com/api/v1.0/$($TenantFilter)/activity/feed/subscriptions/stop?contentType=$($sub.contentType)" -scope 'https://manage.office.com/.default' -tenantid $TenantFilter -type POST -body '{}' -verbose
+ Try {
+ $WebhookRow = Get-CIPPAzDataTableEntity @WebhookTable | Where-Object { $_.PartitionKey -eq $TenantFilter -and $_.Resource -eq $EventType -and $_.version -ne '2' }
+ $null = Remove-AzDataTableEntity @WebhookTable -Entity $Entity
+ } catch {
+ Write-LogMessage -user $ExecutingUser -API $APIName -message 'Deleted an audit log webhook that was already removed from CIPP' -Sev 'Info' -tenant $TenantFilter
+
+ }
+ } catch {
+ Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to cleanup old audit logs: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter
+ }
+ }
} else {
- $WebhookRow = Get-CIPPAzDataTableEntity @WebhookTable | Where-Object { $_.RowKey -eq $CIPPID }
- }
- $Entity = $WebhookRow | Select-Object PartitionKey, RowKey
- if ($Type -eq 'AuditLog') {
- try {
- foreach ($EventType in $WebhookRow.EventType) {
+ $WebhookTable = Get-CIPPTable -TableName webhookTable
+ if ($type -eq 'AuditLog') {
+ $WebhookRow = Get-CIPPAzDataTableEntity @WebhookTable | Where-Object { $_.PartitionKey -eq $TenantFilter -and $_.Resource -eq $EventType }
+ } else {
+ $WebhookRow = Get-CIPPAzDataTableEntity @WebhookTable | Where-Object { $_.RowKey -eq $CIPPID }
+ }
+ $Entity = $WebhookRow | Select-Object PartitionKey, RowKey
+ if ($Type -eq 'AuditLog') {
+ try {
$AuditLog = New-GraphPOSTRequest -uri "https://manage.office.com/api/v1.0/$($TenantFilter)/activity/feed/subscriptions/stop?contentType=$($EventType)" -scope 'https://manage.office.com/.default' -tenantid $TenantFilter -type POST -body '{}' -verbose
- }
- } catch {
- Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to remove webhook subscription at Microsoft's side: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter
+ } catch {
+ Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to remove webhook subscription at Microsoft's side: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter
+ }
+ $null = Remove-AzDataTableEntity @WebhookTable -Entity $Entity
+ } else {
+ $OldID = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscriptions' -tenantid $TenantFilter) | Where-Object { $_.notificationUrl -eq $WebhookRow.WebhookNotificationUrl }
+ $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/subscriptions/$($oldId.ID)" -tenantid $TenantFilter -type DELETE -body {} -Verbose
+ $null = Remove-AzDataTableEntity @WebhookTable -Entity $Entity
}
- $null = Remove-AzDataTableEntity @WebhookTable -Entity $Entity
- } else {
- $OldID = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscriptions' -tenantid $TenantFilter) | Where-Object { $_.notificationUrl -eq $WebhookRow.WebhookNotificationUrl }
- $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/subscriptions/$($oldId.ID)" -tenantid $TenantFilter -type DELETE -body {} -Verbose
- $null = Remove-AzDataTableEntity @WebhookTable -Entity $Entity
+ return "Removed webhook subscription to $($WebhookRow.resource) for $($TenantFilter)"
}
- return "Removed webhook subscription to $($WebhookRow.resource) for $($TenantFilter)"
-
} catch {
Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to renew Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter
return "Failed to remove Webhook Subscription $($GraphRequest.value.notificationUrl): $($_.Exception.Message)"
}
-}
\ No newline at end of file
+}
diff --git a/Modules/CIPPCore/Public/Remove-CIPPGroups.ps1 b/Modules/CIPPCore/Public/Remove-CIPPGroups.ps1
index aa9eeed5b90c..e37df34f2bf0 100644
--- a/Modules/CIPPCore/Public/Remove-CIPPGroups.ps1
+++ b/Modules/CIPPCore/Public/Remove-CIPPGroups.ps1
@@ -39,5 +39,9 @@ function Remove-CIPPGroups {
"Could not remove $($using:Username) from group $($Groupname): $($_.Exception.Message). This is likely because its a Dynamic Group or synched with active directory"
}
}
+ if (!$Returnval) {
+ $Returnval = "$($Username) is not a member of any groups."
+ Write-LogMessage -user $ExecutingUser -API $APIName -message "$($Username) is not a member of any groups" -Sev 'Info' -tenant $TenantFilter
+ }
return $Returnval
}
diff --git a/Modules/CIPPCore/Public/SAMManifest.json b/Modules/CIPPCore/Public/SAMManifest.json
index f4ee6e523f9a..4fce3279465c 100644
--- a/Modules/CIPPCore/Public/SAMManifest.json
+++ b/Modules/CIPPCore/Public/SAMManifest.json
@@ -154,7 +154,10 @@
{ "id": "b27a61ec-b99c-4d6a-b126-c4375d08ae30", "type": "Scope" },
{ "id": "84bccea3-f856-4a8a-967b-dbe0a3d53a64", "type": "Scope" },
{ "id": "280b3b69-0437-44b1-bc20-3b2fca1ee3e9", "type": "Scope" },
- { "id": "885f682f-a990-4bad-a642-36736a74b0c7", "type": "Scope" }
+ { "id": "885f682f-a990-4bad-a642-36736a74b0c7", "type": "Scope" },
+ { "id": "913b9306-0ce1-42b8-9137-6a7df690a760", "type": "Role"},
+ { "id": "cb8f45a0-5c2e-4ea1-b803-84b870a7d7ec", "type": "Scope"},
+ { "id": "4c06a06a-098a-4063-868e-5dfee3827264", "type": "Scope"}
]
},
{
diff --git a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1
index 3e5c4b7a680f..380e7b2a4b30 100644
--- a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1
+++ b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1
@@ -21,7 +21,8 @@ function Set-CIPPAuthenticationPolicy {
$CurrentInfo = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/$AuthenticationMethodId" -tenantid $Tenant
$CurrentInfo.state = $State
} catch {
- Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Could not get CurrentInfo for $AuthenticationMethodId. Error:$($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Could not get CurrentInfo for $AuthenticationMethodId. Error:$ErrorMessage" -sev Error
Return "Could not get CurrentInfo for $AuthenticationMethodId. Error:$($_.exception.message)"
}
@@ -117,7 +118,8 @@ function Set-CIPPAuthenticationPolicy {
return "Set $AuthenticationMethodId state to $State $OptionalLogMessage"
} catch {
- Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Failed to $State $AuthenticationMethodId Support: $($_.exception.message)" -sev Error -LogData (Get-CippException -Exception $_)
- return "Failed to $State $AuthenticationMethodId Support: $($_.exception.message)"
+ Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Failed to $State $AuthenticationMethodId Support: $ErrorMessage" -sev Error -LogData (Get-CippException -Exception $_)
+ return "Failed to $State $AuthenticationMethodId Support: $ErrorMessage"
}
}
\ No newline at end of file
diff --git a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1
index 1d36a83e29d6..d953ee938285 100644
--- a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1
+++ b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1
@@ -50,14 +50,18 @@ function Set-CIPPDefaultAPDeploymentProfile {
}
}
}
+ $Profiles = $Profiles[0]
}
if (!$Profiles) {
if ($PSCmdlet.ShouldProcess($displayName, 'Add Autopilot profile')) {
$GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles' -body $body -tenantid $tenantfilter
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $($tenantfilter) -message "Added Autopilot profile $($displayname)" -Sev 'Info'
}
+ } else {
+ $GraphRequest = $Profiles
}
- if ($AssignTo) {
+
+ if ($AssignTo -eq $true) {
$AssignBody = '{"target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}}'
if ($PSCmdlet.ShouldProcess($AssignTo, "Assign Autopilot profile $displayname")) {
$null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$($GraphRequest.id)/assignments" -tenantid $tenantfilter -type POST -body $AssignBody
diff --git a/Modules/CIPPCore/Public/Set-CIPPProfilePhoto.ps1 b/Modules/CIPPCore/Public/Set-CIPPProfilePhoto.ps1
new file mode 100644
index 000000000000..5ea431302eec
--- /dev/null
+++ b/Modules/CIPPCore/Public/Set-CIPPProfilePhoto.ps1
@@ -0,0 +1,21 @@
+function Set-CIPPProfilePhoto {
+ [CmdletBinding()]
+ param(
+ $TenantFilter,
+ $id,
+ [ValidateSet('users', 'groups', 'teams')]
+ $type = 'users',
+ $ContentType = 'image/png',
+ $PhotoBase64,
+ $executingUser
+ )
+ try {
+ $PhotoBytes = [Convert]::FromBase64String($PhotoBase64)
+ New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$type/$id/photo/`$value" -tenantid $tenantfilter -type PUT -body $PhotoBytes -ContentType $ContentType
+ "Successfully set profile photo for $id"
+ Write-LogMessage -user $executingUser -API 'Set-CIPPUserProfilePhoto' -message "Successfully set profile photo for $id" -Sev 'Info' -tenant $TenantFilter
+ } catch {
+ "Failed to set profile photo for $id : $_"
+ Write-LogMessage -user $executingUser -API 'Set-CIPPUserProfilePhoto' -message "Failed to set profile photo for $id : $_" -Sev 'Error' -tenant $TenantFilter
+ }
+}
\ No newline at end of file
diff --git a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1 b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1
index 11f4f51f1aaf..5b73e19eae98 100644
--- a/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1
+++ b/Modules/CIPPCore/Public/Standards/Get-CIPPStandards.ps1
@@ -1,7 +1,8 @@
function Get-CIPPStandards {
param(
[Parameter(Mandatory = $false)]
- [string]$TenantFilter = 'allTenants'
+ [string]$TenantFilter = 'allTenants',
+ [switch]$ListAllTenants
)
#Write-Host "Getting standards for tenant - $($tenantFilter)"
@@ -16,39 +17,60 @@ function Get-CIPPStandards {
$Tenants = $Tenants | Where-Object { $_.defaultDomainName -eq $TenantFilter -or $_.customerId -eq $TenantFilter }
}
- foreach ($Tenant in $Tenants) {
- #Write-Host "`r`n###### Tenant: $($Tenant.defaultDomainName)"
- $StandardsTenant = $Standards | Where-Object { $_.Tenant -eq $Tenant.defaultDomainName }
-
+ if ($ListAllTenants.IsPresent) {
$ComputedStandards = @{}
- if ($StandardsTenant.Standards.OverrideAllTenants.remediate -ne $true) {
- #Write-Host 'AllTenant Standards apply to this tenant.'
- foreach ($StandardName in $StandardsAllTenants.Standards.PSObject.Properties.Name) {
- $CurrentStandard = $StandardsAllTenants.Standards.$StandardName
- #Write-Host ($CurrentStandard | ConvertTo-Json -Depth 10)
- if ($CurrentStandard.remediate -eq $true -or $CurrentStandard.alert -eq $true -or $CurrentStandard.report -eq $true) {
- #Write-Host "AllTenant Standard $StandardName"
- $ComputedStandards[$StandardName] = $CurrentStandard
- }
+ foreach ($StandardName in $StandardsAllTenants.Standards.PSObject.Properties.Name) {
+ $CurrentStandard = $StandardsAllTenants.Standards.$StandardName
+ #Write-Host ($CurrentStandard | ConvertTo-Json -Depth 10)
+ if ($CurrentStandard.remediate -eq $true -or $CurrentStandard.alert -eq $true -or $CurrentStandard.report -eq $true) {
+ #Write-Host "AllTenant Standard $StandardName"
+ $ComputedStandards[$StandardName] = $CurrentStandard
+ }
+ }
+ foreach ($Standard in $ComputedStandards.Keys) {
+ [pscustomobject]@{
+ Tenant = 'AllTenants'
+ Standard = $Standard
+ Settings = $ComputedStandards.$Standard
}
}
+ } else {
+ foreach ($Tenant in $Tenants) {
+ #Write-Host "`r`n###### Tenant: $($Tenant.defaultDomainName)"
+ $StandardsTenant = $Standards | Where-Object { $_.Tenant -eq $Tenant.defaultDomainName }
+
+ $ComputedStandards = @{}
+ if ($StandardsTenant.Standards.OverrideAllTenants.remediate -ne $true) {
+ #Write-Host 'AllTenant Standards apply to this tenant.'
+ foreach ($StandardName in $StandardsAllTenants.Standards.PSObject.Properties.Name) {
+ $CurrentStandard = $StandardsAllTenants.Standards.$StandardName
+ #Write-Host ($CurrentStandard | ConvertTo-Json -Depth 10)
+ if ($CurrentStandard.remediate -eq $true -or $CurrentStandard.alert -eq $true -or $CurrentStandard.report -eq $true) {
+ #Write-Host "AllTenant Standard $StandardName"
+ $ComputedStandards[$StandardName] = $CurrentStandard
+ }
+ }
+ }
- foreach ($StandardName in $StandardsTenant.Standards.PSObject.Properties.Name) {
- if ($StandardName -eq 'OverrideAllTenants') { continue }
- $CurrentStandard = $StandardsTenant.Standards.$StandardName
+ foreach ($StandardName in $StandardsTenant.Standards.PSObject.Properties.Name) {
+ if ($StandardName -eq 'OverrideAllTenants') { continue }
+ $CurrentStandard = $StandardsTenant.Standards.$StandardName
- if ($CurrentStandard.remediate -eq $true -or $CurrentStandard.alert -eq $true -or $CurrentStandard.report -eq $true) {
- if (!$ComputedStandards[$StandardName] ) {
- #Write-Host "Applying tenant level $StandardName"
- $ComputedStandards[$StandardName] = $CurrentStandard
- } else {
- foreach ($Setting in $CurrentStandard.PSObject.Properties.Name) {
- if ($CurrentStandard.$Setting -ne $false -and $CurrentStandard.$Setting -ne $ComputedStandards[$StandardName].$($Setting) -and [string]::IsNullOrEmpty($CurrentStandard.$Setting)) {
- #Write-Host "Overriding $Setting for $StandardName at tenant level"
- if ($ComputedStandards[$StandardName].PSObject.Properties.Name -contains $Setting) {
- $ComputedStandards[$StandardName].$($Setting) = $CurrentStandard.$Setting
- } else {
- $ComputedStandards[$StandardName] | Add-Member -NotePropertyName $Setting -NotePropertyValue $CurrentStandard.$Setting
+ if ($CurrentStandard.remediate -eq $true -or $CurrentStandard.alert -eq $true -or $CurrentStandard.report -eq $true) {
+ #Write-Host "`r`nTenant: $StandardName"
+ if (!$ComputedStandards[$StandardName] ) {
+ #Write-Host "Applying tenant level $StandardName"
+ $ComputedStandards[$StandardName] = $CurrentStandard
+ } else {
+ foreach ($Setting in $CurrentStandard.PSObject.Properties.Name) {
+ #Write-Host "$Setting - Current: $($CurrentStandard.$Setting) | Computed: $($ComputedStandards[$StandardName].$($Setting))"
+ if ($CurrentStandard.$Setting -ne $false -and $CurrentStandard.$Setting -ne $ComputedStandards[$StandardName].$($Setting) -and ![string]::IsNullOrEmpty($CurrentStandard.$Setting)) {
+ #Write-Host "Overriding $Setting for $StandardName at tenant level"
+ if ($ComputedStandards[$StandardName].PSObject.Properties.Name -contains $Setting) {
+ $ComputedStandards[$StandardName].$($Setting) = $CurrentStandard.$Setting
+ } else {
+ $ComputedStandards[$StandardName] | Add-Member -NotePropertyName $Setting -NotePropertyValue $CurrentStandard.$Setting
+ }
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAPConfig.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAPConfig.ps1
index 84f58505ea12..6311c6680421 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAPConfig.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAPConfig.ps1
@@ -4,18 +4,19 @@ function Invoke-CIPPStandardAPConfig {
Internal
#>
param($Tenant, $Settings)
- If ($Settings.remediate -eq $true) {
+ If ($Settings.remediate -eq $true) {
$APINAME = 'Standards'
try {
Write-Host $($settings | ConvertTo-Json -Depth 100)
if ($settings.NotLocalAdmin -eq $true) { $usertype = 'Standard' } else { $usertype = 'Administrator' }
$DeploymentMode = if ($settings.DeploymentMode -eq 'true') { 'shared' } else { 'singleUser' }
- Set-CIPPDefaultAPDeploymentProfile -tenantFilter $tenant -displayname $settings.DisplayName -description $settings.Description -usertype $usertype -DeploymentMode $DeploymentMode -assignto $settings.AssignTo -devicenameTemplate $Settings.DeviceNameTemplate -allowWhiteGlove $Settings.allowWhiteGlove -CollectHash $Settings.CollectHash -hideChangeAccount $Settings.HideChangeAccount -hidePrivacy $Settings.HidePrivacy -hideTerms $Settings.HideTerms -Autokeyboard $Settings.Autokeyboard
+ Set-CIPPDefaultAPDeploymentProfile -tenantFilter $tenant -displayname $settings.DisplayName -description $settings.Description -usertype $usertype -DeploymentMode $DeploymentMode -assignto $settings.Assignto -devicenameTemplate $Settings.DeviceNameTemplate -allowWhiteGlove $Settings.allowWhiteGlove -CollectHash $Settings.CollectHash -hideChangeAccount $Settings.HideChangeAccount -hidePrivacy $Settings.HidePrivacy -hideTerms $Settings.HideTerms -Autokeyboard $Settings.Autokeyboard
} catch {
- #Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create Default Autopilot config: $($_.exception.message)" -sev 'Error'
- throw $_.Exception.Message
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ #Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create Default Autopilot config: $ErrorMessage" -sev 'Error'
+ throw $ErrorMessage
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAPESP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAPESP.ps1
index 5d40bdfdfaba..2749ec946573 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAPESP.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAPESP.ps1
@@ -9,7 +9,8 @@ function Invoke-CIPPStandardAPESP {
try {
Set-CIPPDefaultAPEnrollment -TenantFilter $Tenant -ShowProgress $Settings.ShowProgress -BlockDevice $Settings.blockDevice -AllowReset $Settings.AllowReset -EnableLog $Settings.EnableLog -ErrorMessage $Settings.ErrorMessage -TimeOutInMinutes $Settings.TimeOutInMinutes -AllowFail $Settings.AllowFail -OBEEOnly $Settings.OBEEOnly
} catch {
- throw $_.Exception.Message
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ throw $ErrorMessage
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1
index 11093e73a29e..90d632232fe6 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1
@@ -23,7 +23,8 @@ function Invoke-CIPPStandardActivityBasedTimeout {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Activity Based Timeout is already enabled' -sev Info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Activity Based Timeout $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Activity Based Timeout $ErrorMessage" -sev Error
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1
index ec489153cf4e..b4673244d148 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1
@@ -32,7 +32,8 @@ function Invoke-CIPPStandardAddDKIM {
$BatchResults | ForEach-Object {
if ($_.error) {
$ErrorCounter ++
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DKIM. Error: $($_.Exception.Message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.error
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DKIM. Error: $ErrorMessage" -sev Error
}
}
# Set-domains
@@ -48,7 +49,8 @@ function Invoke-CIPPStandardAddDKIM {
$BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray @($Request) -useSystemMailbox $true
$BatchResults | ForEach-Object {
if ($_.error) {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set DKIM. Error: $($_.Exception.Message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.error
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set DKIM. Error: $ErrorMessage" -sev Error
$ErrorCounter ++
}
@@ -72,7 +74,7 @@ function Invoke-CIPPStandardAddDKIM {
}
if ($Settings.report -eq $true) {
- if ($null -eq $NewDomains -and $null -eq $SetDomains) { $DKIMState = $true } else { $DKIMState = $false }
+ $DKIMState = if ($null -eq $NewDomains -and $null -eq $SetDomains) { $true } else { $false }
Add-CIPPBPAField -FieldName 'DKIM' -FieldValue $DKIMState -StoreAs bool -Tenant $tenant
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1
index f703045ad91f..411342e5ab3e 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1
@@ -15,7 +15,8 @@ function Invoke-CIPPStandardAnonReportDisable {
New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -Type patch -Body '{"displayConcealedNames": false}' -ContentType 'application/json' -AsApp $true
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports Disabled.' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable anonymous reports. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable anonymous reports. Error: $ErrorMessage" -sev Error
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1
index fa1707346122..b96e9f47ec89 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1
@@ -27,7 +27,7 @@ function Invoke-CIPPStandardAntiPhishPolicy {
($CurrentState.MailboxIntelligenceQuarantineTag -eq $Settings.MailboxIntelligenceQuarantineTag)
if ($Settings.remediate -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy already correctly configured' -sev Info
} else {
$cmdparams = @{
@@ -57,7 +57,8 @@ function Invoke-CIPPStandardAntiPhishPolicy {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Policy' -sev Info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Policy. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Policy. Error: $ErrorMessage" -sev Error
}
}
}
@@ -65,7 +66,7 @@ function Invoke-CIPPStandardAntiPhishPolicy {
if ($Settings.alert -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is not enabled' -sev Alert
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1
index 3db0920e1538..e969b5ae062d 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1
@@ -6,7 +6,7 @@ function Invoke-CIPPStandardAtpPolicyForO365 {
param($Tenant, $Settings)
$AtpPolicyForO365State = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AtpPolicyForO365' |
- Select-Object EnableATPForSPOTeamsODB, EnableSafeDocs, AllowSafeDocsOpen
+ Select-Object EnableATPForSPOTeamsODB, EnableSafeDocs, AllowSafeDocsOpen
$StateIsCorrect = if (
($AtpPolicyForO365State.EnableATPForSPOTeamsODB -eq $true) -and
@@ -15,27 +15,28 @@ function Invoke-CIPPStandardAtpPolicyForO365 {
) { $true } else { $false }
if ($Settings.remediate -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 already set.' -sev Info
} else {
$cmdparams = @{
EnableATPForSPOTeamsODB = $true
- EnableSafeDocs = $true
- AllowSafeDocsOpen = $Settings.AllowSafeDocsOpen
+ EnableSafeDocs = $true
+ AllowSafeDocsOpen = $Settings.AllowSafeDocsOpen
}
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Atp Policy For O365' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set Atp Policy For O365. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set Atp Policy For O365. Error: $ErrorMessage" -sev Error
}
}
}
if ($Settings.alert -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 is enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 is not enabled' -sev Alert
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1
index 80e6f0ca9a5c..fb68e60d11c7 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1
@@ -42,6 +42,7 @@ function Invoke-CIPPStandardAuditLog {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log is not enabled' -sev Alert
}
}
+
if ($Settings.report -eq $true) {
Add-CIPPBPAField -FieldName 'AuditLog' -FieldValue $AuditLogEnabled -StoreAs bool -Tenant $tenant
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1
index e7eb7107ee26..1763b0f83171 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1
@@ -7,6 +7,8 @@ function Invoke-CIPPStandardAutoExpandArchive {
$CurrentState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').AutoExpandingArchiveEnabled
If ($Settings.remediate -eq $true) {
+ Write-Host 'Time to remediate'
+
if ($CurrentState) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Auto Expanding Archive is already enabled.' -sev Info
} else {
@@ -14,7 +16,8 @@ function Invoke-CIPPStandardAutoExpandArchive {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{AutoExpandingArchive = $true }
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Added Auto Expanding Archive.' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Auto Expanding Archives. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Auto Expanding Archives. Error: $ErrorMessage" -sev Error
}
}
}
@@ -29,6 +32,7 @@ function Invoke-CIPPStandardAutoExpandArchive {
}
if ($Settings.report -eq $true) {
+
Add-CIPPBPAField -FieldName 'AutoExpandingArchive' -FieldValue $CurrentState -StoreAs bool -Tenant $tenant
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1
new file mode 100644
index 000000000000..0fa6ed4b3813
--- /dev/null
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardBranding.ps1
@@ -0,0 +1,70 @@
+function Invoke-CIPPStandardBranding {
+ <#
+ .FUNCTIONALITY
+ Internal
+ #>
+
+ param($Tenant, $Settings)
+ $TenantId = Get-Tenants | Where-Object -Property defaultDomainName -EQ $Tenant
+
+ try {
+ $CurrentState = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$($TenantId.customerId)/branding/localizations/0" -tenantID $Tenant -AsApp $true
+ } catch {
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Could not get the branding for $Tenant. This tenant might not have premium licenses available: $ErrorMessage" -Sev Error
+ }
+
+ $StateIsCorrect = ($CurrentState.signInPageText -eq $Settings.signInPageText) -and
+ ($CurrentState.usernameHintText -eq $Settings.usernameHintText) -and
+ ($CurrentState.loginPageTextVisibilitySettings.hideAccountResetCredentials -eq $Settings.hideAccountResetCredentials) -and
+ ($CurrentState.loginPageLayoutConfiguration.layoutTemplateType -eq $Settings.layoutTemplateType) -and
+ ($CurrentState.loginPageLayoutConfiguration.isHeaderShown -eq $Settings.isHeaderShown) -and
+ ($CurrentState.loginPageLayoutConfiguration.isFooterShown -eq $Settings.isFooterShown)
+
+ If ($Settings.remediate -eq $true) {
+ if ($StateIsCorrect -eq $true) {
+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Branding is already applied correctly." -Sev Info
+ } else {
+ try {
+ $GraphRequest = @{
+ tenantID = $Tenant
+ uri = "https://graph.microsoft.com/beta/organization/$($TenantId.customerId)/branding/localizations/0"
+ AsApp = $true
+ Type = 'PATCH'
+ ContentType = 'application/json; charset=utf-8'
+ Body = [pscustomobject]@{
+ signInPageText = $Settings.signInPageText
+ usernameHintText = $Settings.usernameHintText
+ loginPageTextVisibilitySettings = [pscustomobject]@{
+ hideAccountResetCredentials = $Settings.hideAccountResetCredentials
+ }
+ loginPageLayoutConfiguration = [pscustomobject]@{
+ layoutTemplateType = $Settings.layoutTemplateType
+ isHeaderShown = $Settings.isHeaderShown
+ isFooterShown = $Settings.isFooterShown
+ }
+ } | ConvertTo-Json -Compress
+ }
+ New-GraphPostRequest @GraphRequest
+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Successfully updated branding." -Sev Info
+ } catch {
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to update branding. Error: $($ErrorMessage)" -Sev Error
+ }
+ }
+
+ }
+
+ If ($Settings.alert -eq $true) {
+
+ if ($StateIsCorrect -eq $true) {
+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Branding is correctly set.' -Sev Info
+ } else {
+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Branding is incorrectly set.' -Sev Alert
+ }
+ }
+
+ If ($Settings.report -eq $true) {
+ Add-CIPPBPAField -FieldName 'Branding' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $Tenant
+ }
+}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccess.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccess.ps1
index fb7e177126b2..4e7a3b0b34e0 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccess.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccess.ps1
@@ -16,7 +16,8 @@ function Invoke-CIPPStandardConditionalAccess {
$JSONObj = (Get-AzDataTableEntity @Table -Filter $Filter).JSON
$CAPolicy = New-CIPPCAPolicy -TenantFilter $tenant -state $request.body.NewState -RawJSON $JSONObj -Overwrite $true -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' -ReplacePattern 'displayName'
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update conditional access rule $($JSONObj.displayName): $($_.exception.message)" -sev 'Error'
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update conditional access rule $($JSONObj.displayName). Error: $ErrorMessage" -sev 'Error'
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1
index c430a8d42358..0407d9b3555e 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1
@@ -4,7 +4,8 @@ function Invoke-CIPPStandardDelegateSentItems {
Internal
#>
param($Tenant, $Settings)
- $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('UserMailbox', 'SharedMailbox') } | Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false }
+ $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('UserMailbox', 'SharedMailbox') } |
+ Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false }
If ($Settings.remediate -eq $true) {
@@ -21,12 +22,14 @@ function Invoke-CIPPStandardDelegateSentItems {
$BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray $Request
$BatchResults | ForEach-Object {
if ($_.error) {
- Write-Host "Failed to apply Delegate Sent Items Style to $($_.target) Error: $($_.error)"
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style to $($_.error.target) Error: $($_.error)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.error
+ Write-Host "Failed to apply Delegate Sent Items Style to $($_.target) Error: $ErrorMessage"
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style to $($_.error.target) Error: $ErrorMessage" -sev Error
}
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style. Error: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style already enabled.' -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1
index 830b8e9d3b5d..902e545d8a30 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1
@@ -8,6 +8,8 @@ function Invoke-CIPPStandardDeletedUserRentention {
$StateSetCorrectly = if ($CurrentInfo.deletedUserPersonalSiteRetentionPeriodInDays -eq 365) { $true } else { $false }
If ($Settings.remediate -eq $true) {
+ Write-Host 'Time to remediate'
+
if ($StateSetCorrectly -eq $false) {
try {
$body = '{"deletedUserPersonalSiteRetentionPeriodInDays": 365}'
@@ -15,7 +17,8 @@ function Invoke-CIPPStandardDeletedUserRentention {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Set deleted user rentention of OneDrive to 1 year' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set deleted user rentention of OneDrive to 1 year: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set deleted user rentention of OneDrive to 1 year. Error: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Deleted user rentention of OneDrive is already set to 1 year' -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1
index 2b7e9454583c..d080ca55f0c5 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1
@@ -4,7 +4,10 @@ function Invoke-CIPPStandardDisableAddShortcutsToOneDrive {
Internal
#>
param($Tenant, $Settings)
+
If ($Settings.remediate -eq $true) {
+ Write-Host 'Time to remediate'
+
function GetTenantRequestXml {
return @'
param($Tenant, $Settings)
- $CurrentSetting = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true
-
+ try {
+ # TODO This does not work without Global Admin permissions for some reason. Throws an "EXCEPTION: Tenant admin role is required" error. -Bobby
+ $CurrentSetting = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$Tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true
+ } catch {
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to get Viva insights settings. Error: $ErrorMessage" -sev Error
+ Exit
+ }
+
If ($Settings.remediate -eq $true) {
-
+ Write-Host 'Time to remediate'
+
if ($CurrentSetting.isEnabledInOrganization -eq $false) {
- Write-LogMessage -API 'Standards' -tenant $tenant -message 'Viva is already disabled.' -sev Info
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Viva is already disabled.' -sev Info
} else {
try {
- # TODO This does not work. Throws an "EXCEPTION: Tenant admin role is required" error. Cant figure out how to fix -Bobby
- New-GraphPOSTRequest -Uri "https://graph.microsoft.com/beta/organization/$tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true -Type PATCH -Body '{"isEnabledInOrganization": false}' -ContentType 'application/json'
- Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Viva insights' -sev Info
+ # TODO This does not work without Global Admin permissions for some reason. Throws an "EXCEPTION: Tenant admin role is required" error. -Bobby
+ New-GraphPOSTRequest -Uri "https://graph.microsoft.com/beta/organization/$Tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true -Type PATCH -Body '{"isEnabledInOrganization": false}' -ContentType 'application/json'
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Disabled Viva insights' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Viva for all users. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Viva for all users. Error: $ErrorMessage" -sev Error
}
}
}
@@ -24,14 +33,14 @@ function Invoke-CIPPStandardDisableViva {
if ($Settings.alert -eq $true) {
if ($CurrentSetting.isEnabledInOrganization -eq $false) {
- Write-LogMessage -API 'Standards' -tenant $tenant -message 'Viva is disabled' -sev Info
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Viva is disabled' -sev Info
} else {
- Write-LogMessage -API 'Standards' -tenant $tenant -message 'Viva is not disabled' -sev Alert
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Viva is not disabled' -sev Alert
}
}
if ($Settings.report -eq $true) {
- Add-CIPPBPAField -FieldName 'DisableViva' -FieldValue $CurrentSetting.isEnabledInOrganization -StoreAs bool -Tenant $tenant
+ Add-CIPPBPAField -FieldName 'DisableViva' -FieldValue $CurrentSetting.isEnabledInOrganization -StoreAs bool -Tenant $Tenant
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1
index 604cc6044665..835d6a9dfe94 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableAppConsentRequests.ps1
@@ -61,7 +61,8 @@ function Invoke-CIPPStandardEnableAppConsentRequests {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Enabled App consent admin requests for the following roles: $RoleNames" -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable App consent admin requests. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable App consent admin requests. Error: $ErrorMessage" -sev Error
}
}
if ($Settings.alert -eq $true) {
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1
index 891f0b02f04c..a7d8bd090172 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1
@@ -15,10 +15,9 @@ function Invoke-CIPPStandardEnableCustomerLockbox {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{ CustomerLockboxEnabled = $true } -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Successfully enabled Customer Lockbox' -sev Info
}
- } catch [System.Management.Automation.RuntimeException] {
- Write-LogMessage -API 'Standards' -tenant $tenant -message 'Failed to enable Customer Lockbox. E5 license required' -sev Error
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Customer Lockbox. Error: $($_.Exception.Message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Customer Lockbox. Error: $ErrorMessage" -sev Error
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1
index f115d78ed483..516af7e005ed 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1
@@ -10,21 +10,22 @@ function Invoke-CIPPStandardEnableMailTips {
if ($Settings.remediate -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All MailTips are already enabled.' -sev Info
} else {
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdparams @{ MailTipsAllTipsEnabled = $true; MailTipsExternalRecipientsTipsEnabled = $true; MailTipsGroupMetricsEnabled = $true; MailTipsLargeAudienceThreshold = $Settings.MailTipsLargeAudienceThreshold }
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Enabled all MailTips' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable all MailTips. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable all MailTips. Error: $ErrorMessage" -sev Error
}
}
}
if ($Settings.alert -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All MailTips are enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Not all MailTips are enabled' -sev Alert
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1
index 4e8bce44e202..460569529242 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1
@@ -14,7 +14,8 @@ function Invoke-CIPPStandardEnableMailboxAuditing {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit enabled' -sev Info
$LogMessage = 'Tenant level mailbox audit enabled. '
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable tenant level mailbox audit. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable tenant level mailbox audit. Error: $ErrorMessage" -sev Error
}
} else {
$LogMessage = 'Tenant level mailbox audit already enabled. '
@@ -34,8 +35,9 @@ function Invoke-CIPPStandardEnableMailboxAuditing {
$BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray $Request
$BatchResults | ForEach-Object {
if ($_.error) {
- Write-Host "Failed to enable user level mailbox audit for $($_.target). Error: $($_.error)"
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable user level mailbox audit for $($_.target). Error: $($_.error)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.error
+ Write-Host "Failed to enable user level mailbox audit for $($_.target). Error: $ErrorMessage"
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable user level mailbox audit for $($_.target). Error: $ErrorMessage" -sev Error
}
}
@@ -54,8 +56,9 @@ function Invoke-CIPPStandardEnableMailboxAuditing {
$BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray $Request
$BatchResults | ForEach-Object {
if ($_.error) {
- Write-Host "Failed to disable mailbox audit bypass for $($_.target). Error: $($_.error)"
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable mailbox audit bypass for $($_.target). Error: $($_.error)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.error
+ Write-Host "Failed to disable mailbox audit bypass for $($_.target). Error: $ErrorMessage"
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable mailbox audit bypass for $($_.target). Error: $ErrorMessage" -sev Error
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1
index 6bdfb84af353..92e387dc07ef 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableOnlineArchiving.ps1
@@ -29,12 +29,14 @@ function Invoke-CIPPStandardEnableOnlineArchiving {
$BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray $Request
$BatchResults | ForEach-Object {
if ($_.error) {
- Write-Host "Failed to Enable Online Archiving for $($_.Target). Error: $($_.error)"
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to Enable Online Archiving for $($_.Target). Error: $($_.error)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.error
+ Write-Host "Failed to Enable Online Archiving for $($_.Target). Error: $ErrorMessage"
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to Enable Online Archiving for $($_.Target). Error: $ErrorMessage" -sev Error
}
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to Enable Online Archiving for all accounts. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to Enable Online Archiving for all accounts. Error: $ErrorMessage" -sev Error
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExConnector.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExConnector.ps1
index c3fa08403a21..275cda358879 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExConnector.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExConnector.ps1
@@ -23,7 +23,8 @@ function Invoke-CIPPStandardExConnector {
Write-LogMessage -API $APINAME -tenant $Tenant -message "Created transport rule for $($Tenant, $Settings)" -sev info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Exchange Connector Rule: $($_.exception.message)" -sev 'Error'
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Exchange Connector Rule: $ErrorMessage" -sev 'Error'
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1
index 46b5a16b03dc..321c13c46ad8 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1
@@ -31,7 +31,8 @@ function Invoke-CIPPStandardExcludedfileExt {
$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message "Added $($Settings.ext) to excluded synced files" -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add $($Settings.ext) to excluded synced files: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add $($Settings.ext) to excluded synced files: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Excluded synced files already contains $($Settings.ext)" -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1
index 6b94e6084f49..56b2338a6b8c 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1
@@ -22,7 +22,8 @@ function Invoke-CIPPStandardExternalMFATrusted {
$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/default' -Type patch -Body $NewBody -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message "Set External MFA Trusted to $StateMessage." -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set External MFA Trusted to $StateMessage. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set External MFA Trusted to $StateMessage. Error: $ErrorMessage" -sev Error
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1
new file mode 100644
index 000000000000..3f8d24cf35b8
--- /dev/null
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGlobalQuarantineNotifications.ps1
@@ -0,0 +1,58 @@
+function Invoke-CIPPStandardGlobalQuarantineNotifications {
+ <#
+ .FUNCTIONALITY
+ Internal
+ #>
+ param ($Tenant, $Settings)
+
+ # Exit if invalid state in the frontend is selected
+ try {
+ $WantedState = [timespan]$Settings.NotificationInterval
+ } catch {
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Invalid state selected for Global Quarantine Notifications. Error: $ErrorMessage" -sev Error
+ Exit
+ }
+
+ $CurrentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-QuarantinePolicy' -cmdParams @{ QuarantinePolicyType = 'GlobalQuarantinePolicy' }
+
+ # This might take the cake on ugly hacky stuff i've done,
+ # but i just cant understand why the API returns the values it does and not a timespan like the equivalent powershell command does
+ # If you know why, please let me know -Bobby
+ $CurrentState.EndUserSpamNotificationFrequency = switch ($CurrentState.EndUserSpamNotificationFrequency) {
+ 'PT4H' { New-TimeSpan -Hours 4 }
+ 'P1D' { New-TimeSpan -Days 1 }
+ 'P7D' { New-TimeSpan -Days 7 }
+ Default { $null }
+ }
+
+ if ($Settings.remediate -eq $true) {
+
+ Write-Host 'Time to remediate'
+ if ($CurrentState.EndUserSpamNotificationFrequency -eq $WantedState) {
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Global Quarantine Notifications are already set to the desired value of $WantedState" -sev Info
+ } else {
+ try {
+ New-ExoRequest -tenantid $Tenant -cmdlet 'Set-QuarantinePolicy' -cmdParams @{Identity = $CurrentState.Identity; EndUserSpamNotificationFrequency = [string]$WantedState } -useSystemmailbox $true
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Set Global Quarantine Notifications to $WantedState" -sev Info
+ } catch {
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set Global Quarantine Notifications to $WantedState. Error: $ErrorMessage" -sev Error
+ }
+ }
+ }
+
+ if ($Settings.alert -eq $true) {
+
+ if ($CurrentState.EndUserSpamNotificationFrequency -eq $WantedState) {
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Global Quarantine Notifications are set to the desired value of $WantedState" -sev Info
+ } else {
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Global Quarantine Notifications are not set to the desired value of $WantedState" -sev Alert
+ }
+ }
+
+ if ($Settings.report -eq $true) {
+
+ Add-CIPPBPAField -FieldName 'GlobalQuarantineNotificationsSet' -FieldValue [string]$CurrentState.EndUserSpamNotificationFrequency -StoreAs string -Tenant $tenant
+ }
+}
\ No newline at end of file
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1
index 9c90f355a04c..0249bc747b42 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1
@@ -58,7 +58,8 @@ function Invoke-CIPPStandardGroupTemplate {
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create group: $($_.exception.message)" -sev 'Error'
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create group: $ErrorMessage" -sev 'Error'
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1
index ac65df6ff388..5a78adfa373a 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1
@@ -108,7 +108,8 @@ function Invoke-CIPPStandardIntuneTemplate {
}
Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully added Intune Template policy for $($Tenant)" -sev 'Info'
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Intune Template: $($_.exception.message)" -sev 'Error'
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Intune Template: $ErrorMessage" -sev 'Error'
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1
index bbd3bcc18b08..563e76cdc4ff 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1
@@ -30,10 +30,12 @@ function Invoke-CIPPStandardMailContacts {
New-GraphPostRequest -tenantid $tenant -Uri "https://graph.microsoft.com/v1.0/organization/$($TenantID.id)" -asApp $true -Type patch -Body (ConvertTo-Json -InputObject $body) -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Contact emails set.' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set contact emails: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set contact emails: $ErrorMessage" -sev Error
}
}
}
+
if ($Settings.alert -eq $true) {
if ($CurrentInfo.marketingNotificationEmails -eq $Contacts.MarketingContact) {
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1
index 614ca0d32442..178c5b048861 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1
@@ -23,18 +23,18 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
if ($Settings.remediate -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Malware Filter Policy already correctly configured' -sev Info
} else {
$cmdparams = @{
- EnableFileFilter = $true
- FileTypeAction = $Settings.FileTypeAction
- ZapEnabled = $true
- QuarantineTag = $Settings.QuarantineTag
- EnableInternalSenderAdminNotifications = $Settings.EnableInternalSenderAdminNotifications
- InternalSenderAdminAddress = $Settings.InternalSenderAdminAddress
- EnableExternalSenderAdminNotifications = $Settings.EnableExternalSenderAdminNotifications
- ExternalSenderAdminAddress = $Settings.ExternalSenderAdminAddress
+ EnableFileFilter = $true
+ FileTypeAction = $Settings.FileTypeAction
+ ZapEnabled = $true
+ QuarantineTag = $Settings.QuarantineTag
+ EnableInternalSenderAdminNotifications = $Settings.EnableInternalSenderAdminNotifications
+ InternalSenderAdminAddress = $Settings.InternalSenderAdminAddress
+ EnableExternalSenderAdminNotifications = $Settings.EnableExternalSenderAdminNotifications
+ ExternalSenderAdminAddress = $Settings.ExternalSenderAdminAddress
}
try {
@@ -48,14 +48,15 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Malware Filter Policy' -sev Info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter Policy. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter Policy. Error: $ErrorMessage" -sev Error
}
}
}
if ($Settings.alert -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Malware Filter Policy is enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Malware Filter Policy is not enabled' -sev Alert
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1
index d8ac22ff9cc1..473a75ab15c7 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1
@@ -21,7 +21,8 @@ function Invoke-CIPPStandardNudgeMFA {
$CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.state = $Settings.state
$CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.snoozeDurationInDays = $Settings.snoozeDurationInDays
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to $($Settings.state) Authenticator App Nudge: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to $($Settings.state) Authenticator App Nudge: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Authenticator App Nudge is already set to $($Settings.state) with a snooze duration of $($Settings.snoozeDurationInDays)" -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1
index 6f7f89afa33f..235feac18ab3 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1
@@ -5,6 +5,7 @@ function Invoke-CIPPStandardOauthConsent {
#>
param($tenant, $settings)
$State = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -tenantid $tenant
+ $StateIsCorrect = if ($State.permissionGrantPolicyIdsAssignedToDefaultUserRole -eq 'managePermissionGrantsForSelf.cipp-consent-policy') { $true } else { $false }
If ($Settings.remediate -eq $true) {
$AllowedAppIdsForTenant = $Settings.AllowedApps -split ','
@@ -31,19 +32,19 @@ function Invoke-CIPPStandardOauthConsent {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode has been enabled.' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Application Consent Mode Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Application Consent Mode Error: $ErrorMessage" -sev Error
}
}
if ($Settings.alert -eq $true) {
- if ($State.permissionGrantPolicyIdsAssignedToDefaultUserRole -eq 'managePermissionGrantsForSelf.cipp-consent-policy') {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode is enabled.' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode is not enabled.' -sev Alert
}
}
if ($Settings.report -eq $true) {
- if ($State.permissionGrantPolicyIdsAssignedToDefaultUserRole -eq 'managePermissionGrantsForSelf.cipp-consent-policy') { $UserQuota = $true } else { $UserQuota = $false }
- Add-CIPPBPAField -FieldName 'OauthConsent' -FieldValue $UserQuota -StoreAs bool -Tenant $tenant
+ Add-CIPPBPAField -FieldName 'OauthConsent' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1
index f9acb24fd399..42814d48cfb6 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1
@@ -13,7 +13,8 @@ function Invoke-CIPPStandardOauthConsentLowSec {
}
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode(microsoft-user-default-low) has been enabled.' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Application Consent Mode (microsoft-user-default-low) Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Application Consent Mode (microsoft-user-default-low) Error: $ErrorMessage" -sev Error
}
}
if ($Settings.alert -eq $true) {
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1
index 5c2d82854118..a786a7d044b8 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1
@@ -14,7 +14,8 @@ function Invoke-CIPPStandardOutBoundSpamAlert {
New-ExoRequest -tenantid $tenant -cmdlet 'Set-HostedOutboundSpamFilterPolicy' -cmdparams @{ Identity = 'Default'; NotifyOutboundSpam = $true; NotifyOutboundSpamRecipients = $Contacts } -useSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $tenant -message "Set outbound spam filter alert to $($Contacts)" -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set outbound spam contact to $($Contacts). $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set outbound spam contact to $($Contacts). $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Outbound spam filter alert is already set to $($CurrentInfo.NotifyOutboundSpamRecipients)" -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1
index 02c2b337e7d0..22a46a14a2e4 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1
@@ -32,7 +32,8 @@ function Invoke-CIPPStandardPWcompanionAppAllowedState {
(New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -Type patch -Body $body -ContentType 'application/json')
Write-LogMessage -API 'Standards' -tenant $tenant -message "Set companionAppAllowedState to $($Settings.state)." -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set companionAppAllowedState to $($Settings.state). Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set companionAppAllowedState to $($Settings.state). Error: $ErrorMessage" -sev Error
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1
index b6e28f20a7b3..1e0daba708c2 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1
@@ -21,7 +21,8 @@ function Invoke-CIPPStandardPasswordExpireDisabled {
New-GraphPostRequest -type Patch -tenantid $Tenant -uri "https://graph.microsoft.com/v1.0/domains/$($_.id)" -body $Body
Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled Password Expiration for $($_.id)." -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Password Expiration for $($_.id). Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Password Expiration for $($_.id). Error: $ErrorMessage" -sev Error
}
}
} else {
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1
index 8e8a764c65bd..8d0e37ffe6b0 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishProtection.ps1
@@ -39,7 +39,8 @@ function Invoke-CIPPStandardPhishProtection {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled Logon Screen Phishing Protection system' -sev Info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set Logon Screen Phishing Protection System for $($Tenant): $($_.Exception.Message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set Logon Screen Phishing Protection System for $($Tenant): $ErrorMessage" -sev Error
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1
index b6eb1bcbd322..e149d3aec70d 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1
@@ -14,7 +14,8 @@ function Invoke-CIPPStandardRotateDKIM {
(New-ExoRequest -tenantid $tenant -cmdlet 'Rotate-DkimSigningConfig' -cmdparams @{ KeySize = 2048; Identity = $_.Identity } -useSystemMailbox $true)
Write-LogMessage -API 'Standards' -tenant $tenant -message "Rotated DKIM for $($_.Identity)" -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to rotate DKIM Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to rotate DKIM Error: $ErrorMessage" -sev Error
}
}
} else {
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1
index dcfea2914646..24d6c424d036 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1
@@ -19,7 +19,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy {
if ($Settings.remediate -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy already correctly configured' -sev Info
} else {
$cmdparams = @{
@@ -40,14 +40,15 @@ function Invoke-CIPPStandardSafeAttachmentPolicy {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Safe Attachment Policy' -sev Info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Safe Attachment Policy. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Safe Attachment Policy. Error: $ErrorMessage" -sev Error
}
}
}
if ($Settings.alert -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy is enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy is not enabled' -sev Alert
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1
index 9fb55e32e795..65471148d7c8 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1
@@ -25,20 +25,20 @@ function Invoke-CIPPStandardSafeLinksPolicy {
if ($Settings.remediate -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'SafeLink Policy already correctly configured' -sev Info
} else {
$cmdparams = @{
- EnableSafeLinksForEmail = $true
- EnableSafeLinksForTeams = $true
- EnableSafeLinksForOffice = $true
- TrackClicks = $true
- ScanUrls = $true
- EnableForInternalSenders = $true
- DeliverMessageAfterScan = $true
- AllowClickThrough = $Settings.AllowClickThrough
- DisableUrlRewrite = $Settings.DisableUrlRewrite
- EnableOrganizationBranding = $Settings.EnableOrganizationBranding
+ EnableSafeLinksForEmail = $true
+ EnableSafeLinksForTeams = $true
+ EnableSafeLinksForOffice = $true
+ TrackClicks = $true
+ ScanUrls = $true
+ EnableForInternalSenders = $true
+ DeliverMessageAfterScan = $true
+ AllowClickThrough = $Settings.AllowClickThrough
+ DisableUrlRewrite = $Settings.DisableUrlRewrite
+ EnableOrganizationBranding = $Settings.EnableOrganizationBranding
}
try {
@@ -52,14 +52,15 @@ function Invoke-CIPPStandardSafeLinksPolicy {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created SafeLink Policy' -sev Info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create SafeLink Policy. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create SafeLink Policy. Error: $ErrorMessage" -sev Error
}
}
}
if ($Settings.alert -eq $true) {
- if ($StateIsCorrect) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'SafeLink Policy is enabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'SafeLink Policy is not enabled' -sev Alert
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1
index 04a5a63543c2..4f01cbc8b55f 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1
@@ -7,17 +7,31 @@ function Invoke-CIPPStandardSafeSendersDisable {
If ($Settings.remediate -eq $true) {
try {
- $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' | ForEach-Object {
- try {
- $username = $_.UserPrincipalName
- New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxJunkEmailConfiguration' -cmdParams @{Identity = $_.GUID ; TrustedRecipientsAndDomains = $null } -anchor $username
- } catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not disbale SafeSenders list for $($username): $($_.Exception.message)" -sev Warn
+ $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -select 'UserPrincipalName'
+ $Request = $Mailboxes | ForEach-Object {
+ @{
+ CmdletInput = @{
+ CmdletName = 'Set-MailboxJunkEmailConfiguration'
+ Parameters = @{
+ Identity = $_.UserPrincipalName
+ TrustedRecipientsAndDomains = $null
+ }
+ }
+ }
+ }
+
+ $BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray $Request
+ $BatchResults | ForEach-Object {
+ if ($_.error) {
+ $ErrorMessage = Get-NormalizedError -Message $_.error
+ Write-Host "Failed to Disable SafeSenders for $($_.target). Error: $ErrorMessage"
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to Disable SafeSenders for $($_.target). Error: $ErrorMessage" -sev Error
}
}
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Safe Senders disabled' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SafeSenders. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SafeSenders. Error: $ErrorMessage" -sev Error
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1
index 3b5d2acb4001..10b41322367d 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1
@@ -15,7 +15,8 @@ function Invoke-CIPPStandardSecurityDefaults {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled Security Defaults.' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Security Defaults. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Security Defaults. Error: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Security Defaults is already enabled.' -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1
index b98708679fa1..ce7d56f76454 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1
@@ -13,7 +13,8 @@ function Invoke-CIPPStandardSendFromAlias {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Send from alias enabled.' -sev Info
$CurrentInfo = $true
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable send from alias. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable send from alias. Error: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Send from alias is already enabled.' -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1
index 90924c9028bd..ef65fb0b9c56 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1
@@ -27,7 +27,8 @@ function Invoke-CIPPStandardSendReceiveLimitTenant {
}
Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully set the tenant send($($Settings.SendLimit)MB) and receive($($Settings.ReceiveLimit)MB) limits" -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set the tenant send and receive limits. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set the tenant send and receive limits. Error: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message "The tenant send($($Settings.SendLimit)MB) and receive($($Settings.ReceiveLimit)MB) limits are already set correctly" -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1
index f18f805ce086..54acd8ffed62 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1
@@ -19,7 +19,8 @@ function Invoke-CIPPStandardSpoofWarn {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ExternalInOutlook' -cmdParams @{ Enabled = $status; }
Write-LogMessage -API 'Standards' -tenant $tenant -message "Outlook external spoof warnings set to $status." -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set Outlook external spoof warnings to $status. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set Outlook external spoof warnings to $status. Error: $ErrorMessage" -sev Error
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1
index 2388bdaa7a85..a9bb46c8f53e 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTenantDefaultTimezone.ps1
@@ -6,25 +6,27 @@ function Invoke-CIPPStandardTenantDefaultTimezone {
param($Tenant, $Settings)
$CurrentState = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true
- $StateIsCorrect = $CurrentState.tenantDefaultTimezone -eq $Settings.Timezone
+ $ExpectedTimezone = $Settings.Timezone.value
+ $StateIsCorrect = $CurrentState.tenantDefaultTimezone -eq $ExpectedTimezone
If ($Settings.remediate -eq $true) {
- if ($StateIsCorrect) {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Tenant Default Timezone is already set to $($Settings.Timezone)" -sev Info
+ if ($StateIsCorrect -eq $true) {
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Tenant Default Timezone is already set to $ExpectedTimezone" -sev Info
} else {
try {
- New-GraphPostRequest -tenantid $tenant -uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type PATCH -Body "{`"tenantDefaultTimezone`": `"$($Settings.Timezone)`"}" -ContentType 'application/json'
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Updated Tenant Default Timezone to $($Settings.Timezone)" -sev Info
+ New-GraphPostRequest -tenantid $tenant -uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type PATCH -Body "{`"tenantDefaultTimezone`": `"$ExpectedTimezone`"}" -ContentType 'application/json'
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully updated Tenant Default Timezone to $ExpectedTimezone" -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set Tenant Default Timezone. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set Tenant Default Timezone. Error: $ErrorMessage" -sev Error
}
}
}
if ($Settings.alert -eq $true) {
- if ($StateIsCorrect) {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Tenant Default Timezone is set to $($Settings.Timezone)." -sev Info
+ if ($StateIsCorrect -eq $true) {
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Tenant Default Timezone is set to $ExpectedTimezone." -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Tenant Default Timezone is not set to the desired value.' -sev Alert
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1
index 7158f550154d..83372682cbac 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTransportRuleTemplate.ps1
@@ -28,7 +28,8 @@ function Invoke-CIPPStandardTransportRuleTemplate {
Write-LogMessage -API $APINAME -tenant $Tenant -message "Created transport rule for $($tenantfilter)" -sev 'Debug'
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not create transport rule for $($tenantfilter): $($_.Exception.message)" -sev 'Error'
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not create transport rule for $($tenantfilter): $ErrorMessage" -sev 'Error'
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1
index 6607f851d480..51cef2225307 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1
@@ -6,7 +6,6 @@ function Invoke-CIPPStandardUndoOauth {
param($Tenant, $Settings)
$CurrentState = New-GraphGetRequest -tenantid $Tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy?$select=permissionGrantPolicyIdsAssignedToDefaultUserRole'
$State = if ($CurrentState.permissionGrantPolicyIdsAssignedToDefaultUserRole -eq 'ManagePermissionGrantsForSelf.microsoft-user-default-legacy') { $true } else { $false }
- $State
If ($Settings.remediate -eq $true) {
@@ -18,7 +17,8 @@ function Invoke-CIPPStandardUndoOauth {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode has been disabled.' -sev Info
$CurrentState.permissionGrantPolicyIdsAssignedToDefaultUserRole = 'ManagePermissionGrantsForSelf.microsoft-user-default-legacy'
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set Application Consent Mode to disabled. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set Application Consent Mode to disabled. Error: $ErrorMessage" -sev Error
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1
index 44401e0aba6e..c4c15c525441 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1
@@ -24,7 +24,8 @@ function Invoke-CIPPStandardUserSubmissions {
Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set User Submission policy to $status. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set User Submission policy to $status. Error: $ErrorMessage" -sev Error
}
} else {
# Policy is not set correctly, disable the policy.
@@ -36,7 +37,8 @@ function Invoke-CIPPStandardUserSubmissions {
Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set User Submission policy to $status. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set User Submission policy to $status. Error: $ErrorMessage" -sev Error
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1
index 829a18543092..6c94488a32d8 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1
@@ -36,12 +36,14 @@ function Invoke-CIPPStandardcalDefault {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug
$SuccessCounter++
} catch {
- Write-Host "Setting cal failed: $($_.exception.message)"
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-Host "Setting cal failed: $ErrorMessage"
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error
}
}
} catch {
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $ErrorMessage" -sev Error
}
$processedMailboxes++
if ($processedMailboxes % 25 -eq 0) {
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1
index 6f93e4160d97..8b1203113522 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1
@@ -14,7 +14,8 @@ function Invoke-CIPPStandarddisableMacSync {
New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Mac OneDrive Sync' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Mac OneDrive Sync: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Mac OneDrive Sync: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Mac OneDrive Sync is already disabled' -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardfwdAdminAlerts.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardfwdAdminAlerts.ps1
index c3bfc78d2819..344e75fd3e19 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardfwdAdminAlerts.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardfwdAdminAlerts.ps1
@@ -6,6 +6,6 @@ function Invoke-CIPPStandardfwdAdminAlerts {
param($Tenant, $Settings)
If ($Settings.remediate -eq $true) {
- #This isn't done yet.
+ # TODO This isn't done yet.
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1
index 446dd5036cd0..e261dbfb859c 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1
@@ -5,31 +5,36 @@ function Invoke-CIPPStandardintuneDeviceReg {
#>
param($Tenant, $Settings)
$PreviousSetting = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -tenantid $Tenant
+ $StateIsCorrect = if ($PreviousSetting.userDeviceQuota -eq $Settings.max) { $true } else { $false }
If ($Settings.remediate -eq $true) {
+
if ($PreviousSetting.userDeviceQuota -eq $Settings.max) {
Write-LogMessage -API 'Standards' -tenant $tenant -message "User device quota is already set to $($Settings.max)" -sev Info
} else {
try {
$PreviousSetting.userDeviceQuota = $Settings.max
- $Newbody = ConvertTo-Json -Compress -InputObject $PreviousSetting
+ $Newbody = ConvertTo-Json -Compress -InputObject $PreviousSetting -Depth 5
$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $NewBody -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message "Set user device quota to $($Settings.max)" -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set user device quota to $($Settings.max) : $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set user device quota to $($Settings.max) : $ErrorMessage" -sev Error
}
}
}
+
if ($Settings.alert -eq $true) {
- if ($PreviousSetting.userDeviceQuota -eq $Settings.max) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $tenant -message "User device quota is set to $($Settings.max)" -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message "User device quota is not set to $($Settings.max)" -sev Alert
}
}
+
if ($Settings.report -eq $true) {
- if ($PreviousSetting.userDeviceQuota -eq $Settings.max) { $UserQuota = $true } else { $UserQuota = $false }
- Add-CIPPBPAField -FieldName 'intuneDeviceReg' -FieldValue $UserQuota -StoreAs bool -Tenant $tenant
+
+ Add-CIPPBPAField -FieldName 'intuneDeviceReg' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1
index b0b188aac679..8f5a1dc0ef46 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1
@@ -5,6 +5,7 @@ function Invoke-CIPPStandardintuneDeviceRetirementDays {
#>
param($Tenant, $Settings)
$CurrentInfo = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/deviceManagement/managedDeviceCleanupSettings' -tenantid $Tenant)
+ $StateIsCorrect = if ($PreviousSetting.DeviceInactivityBeforeRetirementInDays -eq $Settings.days) { $true } else { $false }
If ($Settings.remediate -eq $true) {
@@ -16,14 +17,15 @@ function Invoke-CIPPStandardintuneDeviceRetirementDays {
(New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/deviceManagement/managedDeviceCleanupSettings' -Type PATCH -Body $body -ContentType 'application/json')
Write-LogMessage -API 'Standards' -tenant $tenant -message "Enabled DeviceInactivityBeforeRetirementInDays for $($Settings.days) days." -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DeviceInactivityBeforeRetirementInDays. Error: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DeviceInactivityBeforeRetirementInDays. Error: $ErrorMessage" -sev Error
}
}
}
if ($Settings.alert -eq $true) {
- if ($CurrentInfo.DeviceInactivityBeforeRetirementInDays -eq $Settings.days) {
+ if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'DeviceInactivityBeforeRetirementInDays is enabled.' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'DeviceInactivityBeforeRetirementInDays is not enabled.' -sev Alert
@@ -31,8 +33,7 @@ function Invoke-CIPPStandardintuneDeviceRetirementDays {
}
if ($Settings.report -eq $true) {
- $UserQuota = if ($PreviousSetting.DeviceInactivityBeforeRetirementInDays -eq $Settings.days) { $true } else { $false }
- Add-CIPPBPAField -FieldName 'intuneDeviceRetirementDays' -FieldValue $UserQuota -StoreAs bool -Tenant $tenant
+ Add-CIPPBPAField -FieldName 'intuneDeviceRetirementDays' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1
index 4fb519f8ffe2..9698085e6cb7 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1
@@ -17,7 +17,8 @@ function Invoke-CIPPStandardintuneRequireMFA {
New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $NewBody -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Set required to use MFA when joining/registering Entra Devices' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set require to use MFA when joining/registering Entra Devices: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set require to use MFA when joining/registering Entra Devices: $ErrorMessage" -sev Error
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1
index ee3a5e14611c..84f24cffa73d 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1
@@ -17,8 +17,9 @@ function Invoke-CIPPStandardlaps {
New-GraphPostRequest -tenantid $Tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $NewBody -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'LAPS has been enabled.' -sev Info
} catch {
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
$PreviousSetting.localAdminPassword.isEnabled = $false
- Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable LAPS: $($_.exception.message)" -sev Error
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable LAPS: $ErrorMessage" -sev Error
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1
index 9dc1dac6e9fa..cbe6519ce66f 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1
@@ -20,7 +20,8 @@ function Invoke-CIPPStandardsharingCapability {
$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body "{`"sharingCapability`":`"$($Settings.Level)`"}" -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message "Set sharing level to $($Settings.Level) from $($CurrentInfo.sharingCapability)" -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set sharing level to $($Settings.Level): $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set sharing level to $($Settings.Level): $ErrorMessage" -sev Error
}
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1
index 48df11eb0840..8a234d8eff2a 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1
@@ -14,7 +14,8 @@ function Invoke-CIPPStandardunmanagedSync {
#$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message 'The unmanaged Sync standard has been temporarily disabled.' -sev Info
} catch {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Sync for unmanaged devices: $($_.exception.message)" -sev Error
+ $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Sync for unmanaged devices: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Sync for unmanaged devices is already disabled' -sev Info
diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1
index 110f2fde20e4..f8a83a85bcaf 100644
--- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1
+++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1
@@ -7,6 +7,7 @@ function Test-CIPPAccessPermissions {
)
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Started permissions check' -Sev 'Debug'
$Messages = [System.Collections.Generic.List[string]]::new()
+ $ErrorMessages = [System.Collections.Generic.List[string]]::new()
$MissingPermissions = [System.Collections.Generic.List[string]]::new()
$Links = [System.Collections.Generic.List[object]]::new()
$AccessTokenDetails = [PSCustomObject]@{
@@ -41,7 +42,7 @@ function Test-CIPPAccessPermissions {
Write-Host 'Setting success to false due to nonmaching token.'
$Success = $false
- $Messages.Add('Your refresh token does not match key vault, clear your cache or wait 30 minutes.') | Out-Null
+ $ErrorMessages.Add('Your refresh token does not match key vault, clear your cache or wait 30 minutes.') | Out-Null
$Links.Add([PSCustomObject]@{
Text = 'Clear Token Cache'
Href = 'https://docs.cipp.app/setup/installation/cleartokencache'
@@ -69,7 +70,7 @@ function Test-CIPPAccessPermissions {
}
if ($AccessTokenDetails.Name -eq '') {
- $Messages.Add('Your refresh token is invalid, check for line breaks or missing characters.') | Out-Null
+ $ErrorMessages.Add('Your refresh token is invalid, check for line breaks or missing characters.') | Out-Null
Write-Host 'Setting success to false invalid token.'
$Success = $false
@@ -77,7 +78,7 @@ function Test-CIPPAccessPermissions {
if ($AccessTokenDetails.AuthMethods -contains 'mfa') {
$Messages.Add('Your access token contains the MFA claim.') | Out-Null
} else {
- $Messages.Add('Your access token does not contain the MFA claim, Refresh your SAM tokens.') | Out-Null
+ $ErrorMessages.Add('Your access token does not contain the MFA claim, Refresh your SAM tokens.') | Out-Null
Write-Host 'Setting success to False due to invalid list of claims.'
$Success = $false
@@ -108,15 +109,19 @@ function Test-CIPPAccessPermissions {
} catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Permissions check failed: $($_) " -Sev 'Error'
- $Messages.Add("We could not connect to the API to retrieve the permissions. There might be a problem with the secure application model configuration. The returned error is: $(Get-NormalizedError -message $_)") | Out-Null
+ $ErrorMessages.Add("We could not connect to the API to retrieve the permissions. There might be a problem with the secure application model configuration. The returned error is: $(Get-NormalizedError -message $_)") | Out-Null
Write-Host 'Setting success to False due to not being able to connect.'
$Success = $false
}
+ if ($Success -eq $true) {
+ $Messages.Add('No service account issues have been found. CIPP is ready for use.') | Out-Null
+ }
return [PSCustomObject]@{
AccessTokenDetails = $AccessTokenDetails
Messages = @($Messages)
+ ErrorMessages = @($ErrorMessages)
MissingPermissions = @($MissingPermissions)
Links = @($Links)
Success = $Success
diff --git a/Modules/CippExtensions/NinjaOne/Get-NinjaOneToken.ps1 b/Modules/CippExtensions/NinjaOne/Get-NinjaOneToken.ps1
index 0b1692148531..d4cb86838ed5 100644
--- a/Modules/CippExtensions/NinjaOne/Get-NinjaOneToken.ps1
+++ b/Modules/CippExtensions/NinjaOne/Get-NinjaOneToken.ps1
@@ -1,13 +1,18 @@
function Get-NinjaOneToken {
[CmdletBinding()]
param (
- $Configuration
+ $Configuration
)
if (!$ENV:NinjaClientSecret) {
- $null = Connect-AzAccount -Identity
- $ClientSecret = (Get-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name 'NinjaOne' -AsPlainText)
+ if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+ $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
+ $ClientSecret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'NinjaOne' and RowKey eq 'NinjaOne'").APIKey
+ } else {
+ $null = Connect-AzAccount -Identity
+ $ClientSecret = (Get-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name 'NinjaOne' -AsPlainText)
+ }
} else {
$ClientSecret = $ENV:NinjaClientSecret
}
@@ -21,7 +26,7 @@ function Get-NinjaOneToken {
}
try {
-
+
$token = Invoke-RestMethod -Uri "https://$($Configuration.Instance -replace '/ws','')/ws/oauth/token" -Method Post -Body $body -ContentType 'application/x-www-form-urlencoded'
} catch {
$Message = if ($_.ErrorDetails.Message) {
@@ -29,7 +34,7 @@ function Get-NinjaOneToken {
} else {
$_.Exception.message
}
- Write-LogMessage -Message $Message -sev error -API 'NinjaOne'
+ Write-LogMessage -Message $Message -sev error -API 'NinjaOne'
}
return $token
diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1
index bdc8a35137c7..1faf7d92c833 100644
--- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1
+++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1
@@ -32,11 +32,6 @@ function Invoke-NinjaOneExtensionScheduler {
if ($Null -eq $LastRunTime -or $LastRunTime -le (Get-Date).addhours(-25) -or $TimeSetting -eq $CurrentInterval) {
Write-Host 'Executing'
$Batch = foreach ($Tenant in $TenantsToProcess | Sort-Object lastEndTime) {
- <#Push-OutputBinding -Name NinjaProcess -Value @{
- 'NinjaAction' = 'SyncTenant'
- 'MappedTenant' = $Tenant
- }
- Start-Sleep -Seconds 1#>
[PSCustomObject]@{
'NinjaAction' = 'SyncTenant'
'MappedTenant' = $Tenant
@@ -79,10 +74,6 @@ function Invoke-NinjaOneExtensionScheduler {
}
$CatchupTenants = $TenantsToProcess | Where-Object { (((($_.lastEndTime -eq $Null) -or ($_.lastStartTime -gt $_.lastEndTime)) -and ($_.lastStartTime -lt (Get-Date).AddMinutes(-30)))) -or ($_.lastStartTime -lt $LastRunTime) }
$Batch = foreach ($Tenant in $CatchupTenants) {
- #Push-OutputBinding -Name NinjaProcess -Value @{
- # 'NinjaAction' = 'SyncTenant'
- # 'MappedTenant' = $Tenant
- #}
[PSCustomObject]@{
NinjaAction = 'SyncTenant'
MappedTenant = $Tenant
diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneOrgMapping.ps1
index 3f3faeccef0e..6ea239b73e36 100644
--- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneOrgMapping.ps1
+++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneOrgMapping.ps1
@@ -94,12 +94,6 @@ function Invoke-NinjaOneOrgMapping {
# Now Let match on remaining Tenants
$Batch = Foreach ($Tenant in $Tenants | Where-Object { $_.customerId -notin $MatchedM365Tenants.customerId }) {
- <#Push-OutputBinding -Name NinjaProcess -Value @{
- 'NinjaAction' = 'AutoMapTenant'
- 'M365Tenant' = $Tenant
- 'NinjaOrgs' = $NinjaOrgs | Where-Object { $_.id -notin $MatchedNinjaOrgs }
- 'NinjaDevices' = $ParsedNinjaDevices
- }#>
[PSCustomObject]@{
'NinjaAction' = 'AutoMapTenant'
'M365Tenant' = $Tenant
diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneSync.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneSync.ps1
index 26e372124a99..5567ddb7c1b8 100644
--- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneSync.ps1
+++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneSync.ps1
@@ -8,11 +8,6 @@ function Invoke-NinjaOneSync {
$Batch = foreach ($Tenant in $TenantsToProcess) {
- <#Push-OutputBinding -Name NinjaProcess -Value @{
- 'NinjaAction' = 'SyncTenant'
- 'MappedTenant' = $Tenant
- }
- Start-Sleep -Seconds 1#>
[PSCustomObject]@{
'NinjaAction' = 'SyncTenant'
'MappedTenant' = $Tenant
diff --git a/Modules/CippExtensions/Private/Get-HaloToken.ps1 b/Modules/CippExtensions/Private/Get-HaloToken.ps1
index 0c26b909eec5..5c407c02a5f0 100644
--- a/Modules/CippExtensions/Private/Get-HaloToken.ps1
+++ b/Modules/CippExtensions/Private/Get-HaloToken.ps1
@@ -3,14 +3,21 @@ function Get-HaloToken {
param (
$Configuration
)
- if ($Configuration.ClientId) {
- $null = Connect-AzAccount -Identity
+ if (![string]::IsNullOrEmpty($Configuration.ClientID)) {
+ if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+ $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
+ $Secret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'HaloPSA' and RowKey eq 'HaloPSA'").APIKey
+ } else {
+ $null = Connect-AzAccount -Identity
+ $Secret = Get-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name 'HaloPSA' -AsPlainText
+ }
$body = @{
grant_type = 'client_credentials'
- client_id = $Configuration.ClientId
- client_secret = (Get-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name 'HaloPSA' -AsPlainText)
+ client_id = $Configuration.ClientID
+ client_secret = $Secret
scope = 'all'
}
+ Write-Host ($body | ConvertTo-Json)
if ($Configuration.Tenant -ne 'None') { $Tenant = "?tenant=$($Configuration.Tenant)" }
$token = Invoke-RestMethod -Uri "$($Configuration.AuthURL)/token$Tenant" -Method Post -Body $body -ContentType 'application/x-www-form-urlencoded'
return $token
diff --git a/Scheduler_Extensions/function.json b/Scheduler_Extensions/function.json
index 7474f0f13334..c178a68af69f 100644
--- a/Scheduler_Extensions/function.json
+++ b/Scheduler_Extensions/function.json
@@ -6,12 +6,6 @@
"direction": "in",
"type": "timerTrigger"
},
- {
- "type": "queue",
- "direction": "out",
- "name": "NinjaProcess",
- "queueName": "NinjaOneQueue"
- },
{
"name": "starter",
"type": "durableClient",
diff --git a/Scheduler_GetQueue/run.ps1 b/Scheduler_GetQueue/run.ps1
index eed2fb079169..87d355d1476c 100644
--- a/Scheduler_GetQueue/run.ps1
+++ b/Scheduler_GetQueue/run.ps1
@@ -10,6 +10,7 @@ $Tasks = foreach ($Tenant in $Tenants) {
Tag = 'SingleTenant'
TenantID = $Tenant.tenantid
Type = $Tenant.type
+ RowKey = $Tenant.RowKey
}
} else {
Write-Information 'All tenants, doing them all'
@@ -20,6 +21,7 @@ $Tasks = foreach ($Tenant in $Tenants) {
Tag = 'AllTenants'
TenantID = $t.customerId
Type = $Tenant.type
+ RowKey = $Tenant.RowKey
}
}
}
@@ -34,6 +36,7 @@ $Batch = foreach ($Task in $Tasks) {
Tag = $task.tag
Type = $task.type
QueueId = $Queue.RowKey
+ SchedulerRow = $Task.RowKey
QueueName = '{0} - {1}' -f $Task.Type, $task.tenant
FunctionName = "Scheduler$($Task.Type)"
}
diff --git a/UpdatePermissions/run.ps1 b/UpdatePermissions/run.ps1
index 84f10e0cbce3..00ea3b7e9ad2 100644
--- a/UpdatePermissions/run.ps1
+++ b/UpdatePermissions/run.ps1
@@ -2,14 +2,15 @@
param($Timer)
try {
- $Tenants = Get-Tenants -IncludeAll -TriggerRefresh | Where-Object { $_.customerId -ne $env:TenantId -and $_.Excluded -eq $false } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ }
+ $Tenants = Get-Tenants -IncludeAll -TriggerRefresh | Where-Object { $_.customerId -ne $env:TenantId -and $_.Excluded -eq $false }
+ $Queue = New-CippQueueEntry -Name 'Update Permissions' -TotalTasks ($Tenants | Measure-Object).Count
+ $TenantBatch = $Tenants | Select-Object defaultDomainName, customerId, displayName, @{n = 'FunctionName'; exp = { 'UpdatePermissionsQueue' } }, @{n = 'QueueId'; exp = { $Queue.RowKey } }
if (($Tenants | Measure-Object).Count -gt 0) {
$InputObject = [PSCustomObject]@{
OrchestratorName = 'UpdatePermissionsOrchestrator'
- Batch = @($Tenants)
+ Batch = @($TenantBatch)
}
- #Write-Host ($InputObject | ConvertTo-Json)
$InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
Write-Host "Started permissions orchestration with ID = '$InstanceId'"
}
diff --git a/Z_CIPPHttpTrigger/function.json b/Z_CIPPHttpTrigger/function.json
index a77f42a0ea97..179d246817ff 100644
--- a/Z_CIPPHttpTrigger/function.json
+++ b/Z_CIPPHttpTrigger/function.json
@@ -39,12 +39,6 @@
"name": "gradientqueue",
"queueName": "billqueue"
},
- {
- "type": "queue",
- "direction": "out",
- "name": "NinjaProcess",
- "queueName": "NinjaOneQueue"
- },
{
"type": "queue",
"direction": "out",
diff --git a/version_latest.txt b/version_latest.txt
index 25c1b355a168..3b867ccd76c3 100644
--- a/version_latest.txt
+++ b/version_latest.txt
@@ -1 +1 @@
-5.6.3
\ No newline at end of file
+5.7.0
\ No newline at end of file