Merge pull request #24 from KelvinTegelaar/master

[pull] master from KelvinTegelaar:master

CIPPActivityFunction/function.json

@@ -0,0 +1,16 @@
+{
+  "scriptFile": "../Modules/CippEntryPoints/CippEntryPoints.psm1",
+  "entryPoint": "Receive-CippActivityTrigger",
+  "bindings": [
+    {
+      "name": "Item",
+      "type": "activityTrigger",
+      "direction": "in"
+    },
+    {
+      "name": "starter",
+      "type": "durableClient",
+      "direction": "in"
+    }
+  ]
+}

CIPPOrchestrator/function.json

@@ -0,0 +1,11 @@
+{
+  "scriptFile": "../Modules/CippEntryPoints/CippEntryPoints.psm1",
+  "entryPoint": "Receive-CippOrchestrationTrigger",
+  "bindings": [
+    {
+      "name": "Context",
+      "type": "orchestrationTrigger",
+      "direction": "in"
+    }
+  ]
+}

DomainAnalyser_All/run.ps1

@@ -52,6 +52,7 @@ $Result = [PSCustomObject]@{
     DNSSECPresent        = ''
     MailProvider         = ''
     DKIMEnabled          = ''
+    DKIMRecords          = ''
     Score                = ''
     MaximumScore         = 160
     ScorePercentage      = ''
@@ -218,6 +219,7 @@ try {
     if ($DkimRecordCount -gt 0 -and $DkimFailCount -eq 0) {
         $Result.DKIMEnabled = $true
         $ScoreDomain += $Scores.DKIMActiveAndWorking
+        $Result.DKIMRecords = $DkimRecord.Records | Select-Object Selector, Record
     } else {
         $Result.DKIMEnabled = $false
         $ScoreExplanation.Add('DKIM Not Configured') | Out-Null

ExecScheduledCommand/run.ps1

@@ -19,7 +19,7 @@ try {
     if ($results -is [String]) {
         $results = @{ Results = $results }
     }
-    if ($results -is [array]) {
+    if ($results -is [array] -and $results[0] -is [string]) {
         $results = $results | Where-Object { $_ -is [string] }
         $results = $results | ForEach-Object { @{ Results = $_ } }
     }

Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1

@@ -32,7 +32,7 @@ Function Invoke-AddAlert {
                     MFAAlertUsers     = [bool]$Request.body.MFAAlertUsers
                     NewGA             = [bool]$Request.body.NewGA
                     NewRole           = [bool]$Request.body.NewRole
-                    QuotaUsed         = [bool]$Request.body.QuotaUsed
+                    QuotaUsed         = [int]$Request.body.QuotaUsedQuota
                     UnusedLicenses    = [bool]$Request.body.UnusedLicenses
                     OverusedLicenses  = [bool]$Request.body.OverusedLicenses
                     AppSecretExpiry   = [bool]$Request.body.AppSecretExpiry
@@ -41,7 +41,7 @@ Function Invoke-AddAlert {
                     DepTokenExpiry    = [bool]$Request.body.DepTokenExpiry
                     NoCAConfig        = [bool]$Request.body.NoCAConfig
                     SecDefaultsUpsell = [bool]$Request.body.SecDefaultsUpsell
-                    SharePointQuota   = [bool]$Request.body.SharePointQuota
+                    SharePointQuota   = [int]$Request.body.SharePointQuotaQuota
                     ExpiringLicenses  = [bool]$Request.body.ExpiringLicenses
                     type              = 'Alert'
                     RowKey            = $TenantID

Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnector.ps1

@@ -18,12 +18,12 @@ Function Invoke-AddExConnector {
     $Result = foreach ($Tenantfilter in $tenants) {
         try {
             $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet "New-$($ConnectorType)connector" -cmdParams $RequestParams 
-            "Successfully created transport rule for $Tenantfilter."
-            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Created transport rule for $($Tenantfilter)" -sev 'Info'
+            "Successfully created Connector for $Tenantfilter."
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Created Connector for $($Tenantfilter)" -sev 'Info'
         }
         catch {
-            "Could not create created transport rule for $($Tenantfilter): $($_.Exception.message)"
-            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Could not create created transport rule for $($Tenantfilter): $($_.Exception.message)" -sev 'Error'
+            "Could not create created Connector for $($Tenantfilter): $($_.Exception.message)"
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Could not create created Connector for $($Tenantfilter): $($_.Exception.message)" -sev 'Error'
         }
     }
 

Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1

@@ -14,13 +14,16 @@ Function Invoke-ExecDeviceDelete {
     # Interact with query parameters or the body of the request.
 
 
-    try {   
+    try {
         $url = "https://graph.microsoft.com/beta/devices/$($request.query.id)"
         if ($Request.query.action -eq 'delete') {
             $ActionResult = New-GraphPOSTRequest -uri $url -type DELETE -tenantid $Request.Query.TenantFilter
-        } else {
+        } elseif ($Request.query.action -eq 'disable') {
             $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": false }'
+        } elseif ($Request.query.action -eq 'enable') {
+            $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": true }'
         }
+        Write-Host $ActionResult
         $body = [pscustomobject]@{'Results' = "Executed action $($Request.query.action) on $($Request.query.id)" }
     } catch {
         $body = [pscustomobject]@{'Results' = "Failed to queue action $($Request.query.action) on $($request.query.id): $($_.Exception.Message)" }

Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSigninLogs.ps1

@@ -40,9 +40,14 @@ Function Invoke-ListUserSigninLogs {
         @{ Name = 'FailureReason'; Expression = { $_.status.failureReason } },
         @{ Name = 'FullDetails'; Expression = { $_ } }
         # Associate values to output bindings by calling 'Push-OutputBinding'.
+        if ($GraphRequest.FullDetails -eq $null) {
+            $GraphRequest = $null
+        } else {
+            $GraphRequest = @($GraphRequest)
+        }
         Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
                 StatusCode = [HttpStatusCode]::OK
-                Body       = @($GraphRequest)
+                Body       = $GraphRequest
             })
     } catch {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to retrieve Sign In report: $($_.Exception.message) " -Sev 'Error' -tenant $TenantFilter

Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAdminPassword.ps1

@@ -3,17 +3,16 @@ function Push-CIPPAlertAdminPassword {
     [CmdletBinding()]
     param(
         [Parameter(Mandatory = $true)]
-        [pscustomobject]$QueueItem,
-        $TriggerMetadata
+        [pscustomobject]$Item
     )
     try {
-        New-GraphGETRequest -uri "https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments?`$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'&`$expand=principal" -tenantid $($QueueItem.tenant) | Where-Object { ($_.principalOrganizationId -EQ $QueueItem.tenantid) -and ($_.principal.'@odata.type' -eq '#microsoft.graph.user') } | ForEach-Object {
-            $LastChanges = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users/$($_.principalId)?`$select=UserPrincipalName,lastPasswordChangeDateTime" -tenant $($QueueItem.tenant)
+        New-GraphGETRequest -uri "https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments?`$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'&`$expand=principal" -tenantid $($Item.tenant) | Where-Object { ($_.principalOrganizationId -EQ $Item.tenantid) -and ($_.principal.'@odata.type' -eq '#microsoft.graph.user') } | ForEach-Object {
+            $LastChanges = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users/$($_.principalId)?`$select=UserPrincipalName,lastPasswordChangeDateTime" -tenant $($Item.tenant)
             if ($LastChanges.LastPasswordChangeDateTime -gt (Get-Date).AddDays(-1)) {
-                Write-AlertMessage -tenant $($QueueItem.tenant) -message "Admin password has been changed for $($LastChanges.UserPrincipalName) in last 24 hours"
+                Write-AlertMessage -tenant $($Item.tenant) -message "Admin password has been changed for $($LastChanges.UserPrincipalName) in last 24 hours"
             }
         }
     } catch {
-        Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get admin password changes for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)"
+        Write-AlertMessage -tenant $($Item.tenant) -message "Could not get admin password changes for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)"
     }
 }

Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1

@@ -2,26 +2,25 @@ function Push-CIPPAlertApnCertExpiry {
     [CmdletBinding()]
     Param (
         [Parameter(Mandatory = $true)]
-        $QueueItem,
-        $TriggerMetadata
+        $Item
     )
     $LastRunTable = Get-CIPPTable -Table AlertLastRun
 
     try {
-        $Filter = "RowKey eq 'ApnCertExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid
+        $Filter = "RowKey eq 'ApnCertExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid
         $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter
         $Yesterday = (Get-Date).AddDays(-1)
         if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) {
             try {
-                $Apn = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/applePushNotificationCertificate' -tenantid $QueueItem.tenant
+                $Apn = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/applePushNotificationCertificate' -tenantid $Item.tenant
                 if ($Apn.expirationDateTime -lt (Get-Date).AddDays(30) -and $Apn.expirationDateTime -gt (Get-Date).AddDays(-7)) {
-                    Write-AlertMessage -tenant $($QueueItem.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime)
+                    Write-AlertMessage -tenant $($Item.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime)
                 }
             } catch {}
         }
         $LastRun = @{
             RowKey       = 'ApnCertExpiry'
-            PartitionKey = $QueueItem.tenantid
+            PartitionKey = $Item.tenantid
         }
         Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force
     } catch {

Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1

@@ -2,39 +2,38 @@ function Push-CIPPAlertAppSecretExpiry {
     [CmdletBinding()]
     Param (
         [Parameter(Mandatory = $true)]
-        $QueueItem,
-        $TriggerMetadata
+        $Item
     )
     $LastRunTable = Get-CIPPTable -Table AlertLastRun
 
-    
+
     try {
-        $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid
+        $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid
         $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter
         $Yesterday = (Get-Date).AddDays(-1)
         if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) {
-            Write-Host "Checking app expire for $($QueueItem.tenant)"
-            New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,passwordCredentials" -tenantid $QueueItem.tenant | ForEach-Object {
+            Write-Host "Checking app expire for $($Item.tenant)"
+            New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,passwordCredentials" -tenantid $Item.tenant | ForEach-Object {
                 foreach ($App in $_) {
                     Write-Host "checking $($App.displayName)"
                     if ($App.passwordCredentials) {
                         foreach ($Credential in $App.passwordCredentials) {
                             if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) {
                                 Write-Host ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime)
-                                Write-AlertMessage -tenant $($QueueItem.tenant) -message ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime)
+                                Write-AlertMessage -tenant $($Item.tenant) -message ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime)
                             }
                         }
                     }
                 }
             }
             $LastRun = @{
                 RowKey       = 'AppSecretExpiry'
-                PartitionKey = $QueueItem.tenantid
+                PartitionKey = $Item.tenantid
             }
             Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force
         }
     } catch {
-        
+
     }
 }
 

Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderMalware.ps1

@@ -3,14 +3,13 @@ function Push-CIPPAlertDefenderMalware {
     [CmdletBinding()]
     param(
         [Parameter(Mandatory = $true)]
-        $QueueItem,
-        $TriggerMetadata
+        $Item
     )
     try {
-        New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsDeviceMalwareStates?`$top=999&`$filter=tenantId eq '$($QueueItem.tenantid)'" | Where-Object { $_.malwareThreatState -eq 'Active' } | ForEach-Object {
-            Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.managedDeviceName): Malware found and active. Severity: $($_.MalwareSeverity). Malware name: $($_.MalwareDisplayName)"
+        New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsDeviceMalwareStates?`$top=999&`$filter=tenantId eq '$($Item.tenantid)'" | Where-Object { $_.malwareThreatState -eq 'Active' } | ForEach-Object {
+            Write-AlertMessage -tenant $($Item.tenant) -message "$($_.managedDeviceName): Malware found and active. Severity: $($_.MalwareSeverity). Malware name: $($_.MalwareDisplayName)"
         }
     } catch {
-        Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get malware data for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)"
+        Write-AlertMessage -tenant $($Item.tenant) -message "Could not get malware data for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)"
     }
 }

Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderStatus.ps1

@@ -1,16 +1,14 @@
-
 function Push-CIPPAlertDefenderStatus {
     [CmdletBinding()]
     param(
         [Parameter(Mandatory = $true)]
-        $QueueItem,
-        $TriggerMetadata
+        $Item
     )
     try {
-        New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsProtectionStates?`$top=999&`$filter=tenantId eq '$($QueueItem.tenantid)'" | Where-Object { $_.realTimeProtectionEnabled -eq $false -or $_.MalwareprotectionEnabled -eq $false } | ForEach-Object {
-            Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.managedDeviceName) - Real Time Protection: $($_.realTimeProtectionEnabled) & Malware Protection: $($_.MalwareprotectionEnabled)"
+        New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsProtectionStates?`$top=999&`$filter=tenantId eq '$($Item.tenantid)'" | Where-Object { $_.realTimeProtectionEnabled -eq $false -or $_.MalwareprotectionEnabled -eq $false } | ForEach-Object {
+            Write-AlertMessage -tenant $($Item.tenant) -message "$($_.managedDeviceName) - Real Time Protection: $($_.realTimeProtectionEnabled) & Malware Protection: $($_.MalwareprotectionEnabled)"
         }
     } catch {
-        Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get defender status for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)"
+        Write-AlertMessage -tenant $($Item.tenant) -message "Could not get defender status for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)"
     }
 }

Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1

@@ -2,27 +2,26 @@ function Push-CIPPAlertDepTokenExpiry {
     [CmdletBinding()]
     Param (
         [Parameter(Mandatory = $true)]
-        $QueueItem,
-        $TriggerMetadata
+        $Item
     )
     $LastRunTable = Get-CIPPTable -Table AlertLastRun
 
     try {
-        $Filter = "RowKey eq 'DepTokenExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid
+        $Filter = "RowKey eq 'DepTokenExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid
         $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter
         $Yesterday = (Get-Date).AddDays(-1)
         if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) {
             try {
-                $DepTokens = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings' -tenantid $QueueItem.tenant).value
+                $DepTokens = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings' -tenantid $Item.tenant).value
                 foreach ($Dep in $DepTokens) {
                     if ($Dep.tokenExpirationDateTime -lt (Get-Date).AddDays(30) -and $Dep.tokenExpirationDateTime -gt (Get-Date).AddDays(-7)) {
-                        Write-AlertMessage -tenant $($QueueItem.tenant) -message ('Apple Device Enrollment Program token expiring on {0}' -f $Dep.tokenExpirationDateTime)
+                        Write-AlertMessage -tenant $($Item.tenant) -message ('Apple Device Enrollment Program token expiring on {0}' -f $Dep.tokenExpirationDateTime)
                     }
                 }
             } catch {}
             $LastRun = @{
                 RowKey       = 'DepTokenExpiry'
-                PartitionKey = $QueueItem.tenantid
+                PartitionKey = $Item.tenantid
             }
             Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force
         }

Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1

@@ -2,15 +2,14 @@ function Push-CIPPAlertExpiringLicenses {
     [CmdletBinding()]
     Param (
         [Parameter(Mandatory = $true)]
-        $QueueItem,
-        $TriggerMetadata
+        $Item
     )
     try {
-        Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | ForEach-Object {
+        Get-CIPPLicenseOverview -TenantFilter $Item.tenant | ForEach-Object {
             $timeTorenew = [int64]$_.TimeUntilRenew
             if ($timeTorenew -lt 30 -and $_.TimeUntilRenew -gt 0) {
                 Write-Host "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
-                Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
+                Write-AlertMessage -tenant $($Item.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
             }
         }
     } catch {