diff --git a/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 index 6f8379cf0936..2de463c0c811 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 @@ -58,7 +58,7 @@ function Invoke-CIPPOffboardingJob { } } { $_.'RemoveLicenses' -eq 'true' } { - Remove-CIPPLicense -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName + Remove-CIPPLicense -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName -Schedule } { $_.'Deleteuser' -eq 'true' } { diff --git a/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 b/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 index b84663a55468..6bf266fc7a7a 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 @@ -5,32 +5,57 @@ function Remove-CIPPLicense { $userid, $username, $APIName = 'Remove License', - $TenantFilter + $TenantFilter, + [switch]$Schedule ) - try { - $ConvertTable = Import-Csv ConversionTable.csv - $User = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($userid)" -tenantid $tenantFilter - if (!$username) { $username = $User.userPrincipalName } - $CurrentLicenses = $User.assignedlicenses.skuid - $ConvertedLicense = $(($ConvertTable | Where-Object { $_.guid -in $CurrentLicenses }).'Product_Display_Name' | Sort-Object -Unique) -join ', ' - if ($CurrentLicenses) { - $LicensePayload = [PSCustomObject]@{ - addLicenses = @() - removeLicenses = @($CurrentLicenses) + if ($Schedule.IsPresent) { + $ScheduledTask = @{ + TenantFilter = $TenantFilter + Name = "Remove License: $Username" + Command = @{ + value = 'Remove-CIPPLicense' } - if ($PSCmdlet.ShouldProcess($userid, "Remove licenses: $ConvertedLicense")) { - $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/assignlicense" -tenantid $tenantFilter -type POST -body (ConvertTo-Json -InputObject $LicensePayload -Compress -Depth 5) -verbose - Write-LogMessage -user $ExecutingUser -API $APIName -message "Removed licenses for $($username): $ConvertedLicense" -Sev 'Info' -tenant $TenantFilter + Parameters = [pscustomobject]@{ + userid = $userid + username = $username + APIName = 'Scheduled License Removal' + ExecutingUser = $ExecutingUser } - return "Removed licenses for $($Username): $ConvertedLicense" - } else { - Write-LogMessage -user $ExecutingUser -API $APIName -message "No licenses to remove for $username" -Sev 'Info' -tenant $TenantFilter - return "No licenses to remove for $username" + ScheduledTime = [int64](([datetime]::UtcNow).AddMinutes(5) - (Get-Date '1/1/1970')).TotalSeconds + PostExecution = @{ + Webhook = $false + Email = $false + PSA = $false + } + } + Add-CIPPScheduledTask -Task $ScheduledTask -hidden $false + return "Scheduled license removal for $username" + } else { + try { + $ConvertTable = Import-Csv ConversionTable.csv + $User = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($userid)" -tenantid $tenantFilter + if (!$username) { $username = $User.userPrincipalName } + $CurrentLicenses = $User.assignedlicenses.skuid + $ConvertedLicense = $(($ConvertTable | Where-Object { $_.guid -in $CurrentLicenses }).'Product_Display_Name' | Sort-Object -Unique) -join ', ' + if ($CurrentLicenses) { + $LicensePayload = [PSCustomObject]@{ + addLicenses = @() + removeLicenses = @($CurrentLicenses) + } + if ($PSCmdlet.ShouldProcess($userid, "Remove licenses: $ConvertedLicense")) { + $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/assignlicense" -tenantid $tenantFilter -type POST -body (ConvertTo-Json -InputObject $LicensePayload -Compress -Depth 5) -verbose + Write-LogMessage -user $ExecutingUser -API $APIName -message "Removed licenses for $($username): $ConvertedLicense" -Sev 'Info' -tenant $TenantFilter + } + return "Removed licenses for $($Username): $ConvertedLicense" + } else { + Write-LogMessage -user $ExecutingUser -API $APIName -message "No licenses to remove for $username" -Sev 'Info' -tenant $TenantFilter + return "No licenses to remove for $username" + } + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not remove license for $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + return "Could not remove license for $($username). Error: $($ErrorMessage.NormalizedError)" } - } catch { - $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not remove license for $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage - return "Could not remove license for $($username). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 index 8e1517c6f5b1..c58a9a3dd7cf 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 @@ -51,11 +51,11 @@ function Invoke-CIPPStandardAntiPhishPolicy { param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'AntiPhishPolicy' - $PolicyName = 'Default Anti-Phishing Policy' + $PolicyName = @('Default Anti-Phishing Policy', 'Office365 AntiPhish Default (Default)') $CurrentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishPolicy' | - Where-Object -Property Name -EQ $PolicyName | - Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, AuthenticationFailAction, SpoofQuarantineTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag, TargetedUserProtectionAction, TargetedUserQuarantineTag, TargetedDomainProtectionAction, TargetedDomainQuarantineTag, EnableOrganizationDomainsProtection + Where-Object -Property Name -In $PolicyName | + Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, AuthenticationFailAction, SpoofQuarantineTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag, TargetedUserProtectionAction, TargetedUserQuarantineTag, TargetedDomainProtectionAction, TargetedDomainQuarantineTag, EnableOrganizationDomainsProtection $StateIsCorrect = ($CurrentState.Name -eq $PolicyName) -and ($CurrentState.Enabled -eq $true) -and @@ -82,8 +82,8 @@ function Invoke-CIPPStandardAntiPhishPolicy { $AcceptedDomains = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AcceptedDomain' $RuleState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishRule' | - Where-Object -Property Name -EQ "CIPP $PolicyName" | - Select-Object Name, AntiPhishPolicy, Priority, RecipientDomainIs + Where-Object -Property Name -EQ "CIPP $PolicyName" | + Select-Object Name, AntiPhishPolicy, Priority, RecipientDomainIs $RuleStateIsCorrect = ($RuleState.Name -eq "CIPP $PolicyName") -and ($RuleState.AntiPhishPolicy -eq $PolicyName) -and diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 index 3a8d431f56a2..4b0c9b4287b9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 @@ -33,31 +33,32 @@ function Invoke-CIPPStandardDisableUserSiteCreate { If ($Settings.remediate -eq $true) { - if ($CurrentInfo.isSiteCreationEnabled) { + if ($CurrentInfo.isSiteCreationEnabled -or $CurrentInfo.isSiteCreationUIEnabled) { try { - $body = '{"isSiteCreationEnabled": false}' + $body = '{"isSiteCreationEnabled": false, "isSiteCreationUIEnabled": false}' $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites' -sev Info + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites and adjusted UI setting' -sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $ErrorMessage" -sev Error } } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites' -sev Info + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites and UI setting is adjusted' -sev Info } } if ($Settings.alert -eq $true) { - if ($CurrentInfo.isSiteCreationEnabled -eq $false) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites' -sev Info + if ($CurrentInfo.isSiteCreationEnabled -eq $false -and $CurrentInfo.isSiteCreationUIEnabled -eq $false) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites and UI setting is disabled' -sev Info } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites' -sev Alert + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites or UI setting is enabled' -sev Alert } } if ($Settings.report -eq $true) { Add-CIPPBPAField -FieldName 'DisableUserSiteCreate' -FieldValue $CurrentInfo.isSiteCreationEnabled -StoreAs bool -Tenant $tenant + Add-CIPPBPAField -FieldName 'DisableUserSiteCreateUI' -FieldValue $CurrentInfo.isSiteCreationUIEnabled -StoreAs bool -Tenant $tenant } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 index 27e1bfb25e80..ee90cb769e04 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 @@ -38,9 +38,9 @@ Function Invoke-CIPPStandardTeamsGlobalMeetingPolicy { $StateIsCorrect = ($CurrentState.AllowAnonymousUsersToJoinMeeting -eq $false) -and ($CurrentState.AllowAnonymousUsersToStartMeeting -eq $false) -and ($CurrentState.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests') -and - ($CurrentState.AllowPSTNUsersToBypassLobby -eq $false) - ($CurrentState.MeetingChatEnabledType -eq 'EnabledExceptAnonymous') - ($CurrentState.DesignatedPresenterRoleMode -eq $Settings.DesignatedPresenterRoleMode) + ($CurrentState.AllowPSTNUsersToBypassLobby -eq $false) -and + ($CurrentState.MeetingChatEnabledType -eq 'EnabledExceptAnonymous') -and + ($CurrentState.DesignatedPresenterRoleMode -eq $Settings.DesignatedPresenterRoleMode) -and ($CurrentState.AllowExternalParticipantGiveRequestControl -eq $false) if ($Settings.remediate -eq $true) { diff --git a/Package.zip b/Package.zip deleted file mode 100644 index d19ab5d49d84..000000000000 Binary files a/Package.zip and /dev/null differ