Merge branch 'KelvinTegelaar:master' into master

ListGenericAllTenants/run.ps1

@@ -4,13 +4,13 @@ param([string]$QueueItem, $TriggerMetadata)
 # Write out the queue message and metadata to the information log.
 Write-Host "PowerShell queue trigger function processed work item: $QueueItem"
 $TableURLName = ($QueueItem.tolower().split('?').Split('/') | Select-Object -First 1).toString()
-$QueueKey = (Get-CippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey
+$QueueKey = (Invoke-ListCippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey
 Update-CippQueueEntry -RowKey $QueueKey -Status 'Started'
 $Table = Get-CIPPTable -TableName "cache$TableURLName"
 $fullUrl = "https://graph.microsoft.com/beta/$QueueItem"
 Get-CIPPAzDataTableEntity @Table | Remove-AzDataTableEntity @table
 
-$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { 
+$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel {
     $domainName = $_.defaultDomainName
     Import-Module CippCore
     try {
@@ -22,7 +22,7 @@ $RawGraphRequest = Get-Tenants | ForEach-Object -Parallel {
             Tenant     = $domainName
             CippStatus = "Could not connect to tenant. $($_.Exception.message)"
         }
-    } 
+    }
 }
 
 Update-CippQueueEntry -RowKey $QueueKey -Status 'Processing'

Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1

@@ -41,7 +41,7 @@ function Add-CIPPApplicationPermission {
     foreach ($Grant in $Grants) {
         try {
             $SettingsRequest = New-GraphPOSTRequest -body ($Grant | ConvertTo-Json) -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignedTo" -tenantid $Tenantfilter -type POST
-            $counter ++
+            $counter++
         } catch {
             $Results.add("Failed to grant $($Grant.appRoleId) to $($Grant.resourceId): $($_.Exception.Message)") | Out-Null
         }

Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1

@@ -0,0 +1,23 @@
+function Invoke-ListCippQueue {
+    # Input bindings are passed in via param block.
+    param($Request = $null, $TriggerMetadata)
+
+    if ($Request) {
+        $APIName = $TriggerMetadata.FunctionName
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+        # Write to the Azure Functions log stream.
+        Write-Host 'PowerShell HTTP trigger function processed a request.'
+    }
+
+    $CippQueue = Get-CippTable -TableName 'CippQueue'
+    $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue | Where-Object { ($_.Timestamp.DateTime) -ge (Get-Date).ToUniversalTime().AddHours(-1) } | Sort-Object -Property Timestamp -Descending
+    if ($request) {
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::OK
+                Body       = @($CippQueueData)
+            })
+    } else {
+        return $CippQueueData
+    }
+}

Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1

@@ -0,0 +1,18 @@
+function Invoke-RemoveCippQueue {
+    # Input bindings are passed in via param block.
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Write to the Azure Functions log stream.
+    Write-Host 'PowerShell HTTP trigger function processed a request.'
+
+    $CippQueue = Get-CippTable -TableName 'CippQueue'
+    Clear-AzDataTable @CippQueue
+
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @{Results = @('History cleared') }
+        })
+}

Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1

@@ -0,0 +1,23 @@
+function New-CippQueueEntry {
+    Param(
+        $Name,
+        $Link,
+        $Reference
+    )
+
+    $CippQueue = Get-CippTable -TableName CippQueue
+
+    $QueueEntry = @{
+        PartitionKey = 'CippQueue'
+        RowKey       = (New-Guid).Guid.ToString()
+        Name         = $Name
+        Link         = $Link
+        Reference    = $Reference
+        Status       = 'Queued'
+    }
+    $CippQueue.Entity = $QueueEntry
+
+    Add-CIPPAzDataTableEntity @CippQueue
+
+    $QueueEntry
+}

Modules/CIPPCore/Public/CippQueue/Update-CippQueueEntry.ps1

@@ -0,0 +1,29 @@
+function Update-CippQueueEntry {
+    Param(
+        [Parameter(Mandatory = $true)]
+        $RowKey,
+        $Status,
+        $Name
+    )
+
+    $CippQueue = Get-CippTable -TableName CippQueue
+
+    if ($RowKey) {
+        $QueueEntry = Get-CIPPAzDataTableEntity @CippQueue -Filter ("RowKey eq '{0}'" -f $RowKey)
+
+        if ($QueueEntry) {
+            if ($Status) {
+                $QueueEntry.Status = $Status
+            }
+            if ($Name) {
+                $QueueEntry.Name = $Name
+            }
+            Update-AzDataTableEntity @CippQueue -Entity $QueueEntry
+            $QueueEntry
+        } else {
+            return $false
+        }
+    } else {
+        return $false
+    }
+}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1

@@ -0,0 +1,18 @@
+function Push-UpdateTenants {
+    Param($Item)
+    $QueueReference = 'UpdateTenants'
+    $RunningQueue = Invoke-ListCippQueue | Where-Object { $_.Reference -eq $QueueReference -and $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' }
+    if ($RunningQueue) {
+        Write-Host 'Update Tenants already running'
+        return
+    }
+    $Queue = New-CippQueueEntry -Name 'Update Tenants' -Reference $QueueReference
+    try {
+        Update-CippQueueEntry -RowKey $Queue.RowKey -Status 'Running'
+        Get-Tenants | Out-Null
+        Update-CippQueueEntry -RowKey $Queue.RowKey -Status 'Completed'
+    } catch {
+        Write-Host "Queue Error: $($_.Exception.Message)"
+        Update-CippQueueEntry -RowKey $Queue.RowKey -Status 'Failed'
+    }
+}

Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 → Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1

@@ -18,7 +18,7 @@ Function Invoke-ExecMailTest {
             'CheckConfig' {
                 $GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true
                 $AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token
-                $Me = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=displayName,proxyAddresses' -NoAuthCheck $true
+                $Me = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=displayName,userPrincipalName,proxyAddresses' -NoAuthCheck $true
                 if ($AccessTokenDetails.Scope -contains 'Mail.Read') {
                     $Message = 'Mail.Read - Delegated was found in the token scope.'
                     $HasMailRead = $true
@@ -27,35 +27,43 @@ Function Invoke-ExecMailTest {
                     $HasMailRead = $false
                 }
 
+                if ($Me.proxyAddresses) {
+                    $Emails = $Me.proxyAddresses | Select-Object @{n = 'Address'; exp = { ($_ -split ':')[1] } }, @{n = 'IsPrimary'; exp = { $_ -cmatch 'SMTP' } }
+                } else {
+                    $Emails = @(@{ Address = $Me.userPrincipalName; IsPrimary = $true })
+                }
+
                 $Body = [PSCustomObject]@{
                     Message       = $Message
                     HasMailRead   = $HasMailRead
                     MailUser      = $Me.displayName
-                    MailAddresses = $Me.proxyAddresses | Select-Object @{n = 'Address'; exp = { ($_ -split ':')[1] } }, @{n = 'IsPrimary'; exp = { $_ -cmatch 'SMTP' } }
+                    MailAddresses = @($Emails)
                 }
             }
             default {
                 $Messages = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/mailFolders/Inbox/messages?`$select=receivedDateTime,subject,sender,internetMessageHeaders,webLink" -NoAuthCheck $true
                 $Results = foreach ($Message in $Messages) {
-                    $AuthResult = ($Message.internetMessageHeaders | Where-Object -Property name -EQ 'Authentication-Results').value
-                    $AuthResult = $AuthResult -split ';\s*'
-                    $AuthResult = $AuthResult | ForEach-Object {
-                        if ($_ -match '^(?<Name>.+?)=\s*(?<Status>.+?)\s(?<Info>.+)$') {
-                            [PSCustomObject]@{
-                                Name   = $Matches.Name
-                                Status = $Matches.Status
-                                Info   = $Matches.Info
+                    if ($Message.receivedDateTime) {
+                        $AuthResult = ($Message.internetMessageHeaders | Where-Object -Property name -EQ 'Authentication-Results').value
+                        $AuthResult = $AuthResult -split ';\s*'
+                        $AuthResult = $AuthResult | ForEach-Object {
+                            if ($_ -match '^(?<Name>.+?)=\s*(?<Status>.+?)\s(?<Info>.+)$') {
+                                [PSCustomObject]@{
+                                    Name   = $Matches.Name
+                                    Status = $Matches.Status
+                                    Info   = $Matches.Info
+                                }
                             }
                         }
-                    }
-                    [PSCustomObject]@{
-                        Received   = $Message.receivedDateTime
-                        Subject    = $Message.subject
-                        Sender     = $Message.sender.emailAddress.name
-                        From       = $Message.sender.emailAddress.address
-                        Link       = $Message.webLink
-                        Headers    = $Message.internetMessageHeaders 
-                        AuthResult = $AuthResult
+                        [PSCustomObject]@{
+                            Received   = $Message.receivedDateTime
+                            Subject    = $Message.subject
+                            Sender     = $Message.sender.emailAddress.name
+                            From       = $Message.sender.emailAddress.address
+                            Link       = $Message.webLink
+                            Headers    = $Message.internetMessageHeaders
+                            AuthResult = $AuthResult
+                        }
                     }
                 }
                 $Body = [PSCustomObject]@{

Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenants.ps1 → Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1

@@ -21,16 +21,22 @@ Function Invoke-ListTenants {
                 StatusCode = [HttpStatusCode]::OK
                 Body       = $GraphRequest
             })
+        $InputObject = [PSCustomObject]@{
+            OrchestratorName = 'UpdateTenantsOrchestrator'
+            Batch            = @(@{'FunctionName' = 'UpdateTenants' })
+        }
+        #Write-Host ($InputObject | ConvertTo-Json)
+        $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5)
         exit
     }
 
     try {
         $tenantfilter = $Request.Query.TenantFilter
-        $Tenants = Get-Tenants -IncludeErrors
+        $Tenants = Get-Tenants -IncludeErrors -SkipDomains
 
         if ($null -eq $TenantFilter -or $TenantFilter -eq 'null') {
             $TenantList = [system.collections.generic.list[object]]::new()
-            if ($Request.Query.AllTenantSelector -eq $true) { 
+            if ($Request.Query.AllTenantSelector -eq $true) {
                 $TenantList.Add(@{
                         customerId        = 'AllTenants'
                         defaultDomainName = 'AllTenants'
@@ -55,7 +61,7 @@ Function Invoke-ListTenants {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $Tenantfilter -API $APINAME -message 'Listed Tenant Details' -Sev 'Debug'
     } catch {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $Tenantfilter -API $APINAME -message "List Tenant failed. The error is: $($_.Exception.Message)" -Sev 'Error'
-        $body = [pscustomobject]@{ 
+        $body = [pscustomobject]@{
             'Results'         = "Failed to retrieve tenants: $($_.Exception.Message)"
             defaultDomainName = ''
             displayName       = 'Failed to retrieve tenants. Perform a permission check.'
@@ -68,6 +74,6 @@ Function Invoke-ListTenants {
             StatusCode = [HttpStatusCode]::OK
             Body       = @($Body)
         })
-    
+
 
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1

@@ -0,0 +1,31 @@
+using namespace System.Net
+
+Function Invoke-ExecDeleteGDAPRelationship {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with query parameters or the body of the request.
+    $GDAPID = $request.query.GDAPId
+    try {
+        $DELETE = New-GraphPostRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($GDAPID)/requests" -type POST -body '{"action":"terminate"}' -tenantid $env:TenantID
+        $Results = [pscustomobject]@{'Results' = "Success. GDAP relationship for $($GDAPID) been revoked" }
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Success. GDAP relationship for $($GDAPID) been revoked" -Sev 'Info'
+
+    } catch {
+        $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" }
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Results
+        })
+
+}