From 51e131afb21e6703dfb5b5c7549a24c0a9b66a5f Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Sun, 20 Feb 2022 17:10:08 -0500 Subject: [PATCH 01/25] Add or update the Azure App Service build and deployment workflow config --- .github/workflows/master_cippcklru.yml | 29 ++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/master_cippcklru.yml diff --git a/.github/workflows/master_cippcklru.yml b/.github/workflows/master_cippcklru.yml new file mode 100644 index 000000000000..dff7ee3e3348 --- /dev/null +++ b/.github/workflows/master_cippcklru.yml @@ -0,0 +1,29 @@ +# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action +# More GitHub Actions for Azure: https://github.com/Azure/actions + +name: Build and deploy Powershell project to Azure Function App - cippcklru + +on: + push: + branches: + - master + workflow_dispatch: + +env: + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + +jobs: + build-and-deploy: + runs-on: windows-latest + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v2 + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: 'cippcklru' + slot-name: 'Production' + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_27B63F21821146D7B2D087D67F258F04 }} From 8dba35e28cbd5085fcd2dc02bd5a9560ad73a87a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 15 Aug 2022 10:25:45 -0400 Subject: [PATCH 02/25] Update master_cippcklru.yml dev testing --- .github/workflows/master_cippcklru.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/master_cippcklru.yml b/.github/workflows/master_cippcklru.yml index dff7ee3e3348..e7003914c17e 100644 --- a/.github/workflows/master_cippcklru.yml +++ b/.github/workflows/master_cippcklru.yml @@ -7,6 +7,7 @@ on: push: branches: - master + - dev workflow_dispatch: env: From 145586a721adf7d71c5f5971d81827e9be1b1387 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 23 Aug 2022 21:18:12 -0400 Subject: [PATCH 03/25] Update host.json enable logging --- host.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/host.json b/host.json index 010993d73c8f..c23881b1813b 100644 --- a/host.json +++ b/host.json @@ -8,7 +8,5 @@ "version": "[2.*, 3.0.0)" }, "extensions": {}, - "logging": { - "fileLoggingMode": "never" - } + "logging": {} } From 437e75b2d619ddbddd138224551eb552cd667d5f Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:11:07 -0500 Subject: [PATCH 04/25] Scheduled Updates Update CIPP-API automatically --- .github/workflows/upstream-merge.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/upstream-merge.yml diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml new file mode 100644 index 000000000000..1763db233bf7 --- /dev/null +++ b/.github/workflows/upstream-merge.yml @@ -0,0 +1,22 @@ +name: Scheduled CIPP Update +on: + schedule: + - cron: '50 11 * * 5' + # scheduled for 11:50 UTC every Friday + +jobs: + merge-upstream: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + ref: upstream # set the branch to merge to + fetch-depth: 0 + - name: Merge Upstream + uses: exions/merge-upstream@v1 + with: + upstream: KelvinTegelaar/CIPP-API # set the upstream repo + upstream-branch: master # set the upstream branch to merge from + branch: master # set the branch to merge to + From db0eed1cb28281ddb42a332c972f472f96203617 Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:26:34 -0500 Subject: [PATCH 05/25] Update upstream-merge.yml --- .github/workflows/upstream-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml index 1763db233bf7..3625416181df 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/upstream-merge.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout uses: actions/checkout@v2 with: - ref: upstream # set the branch to merge to + ref: main # set the branch to merge to fetch-depth: 0 - name: Merge Upstream uses: exions/merge-upstream@v1 From dce0363fdae30b5dd62d42b201ac142526537a00 Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:26:44 -0500 Subject: [PATCH 06/25] Update upstream-merge.yml --- .github/workflows/upstream-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml index 3625416181df..e4cfa028ec30 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/upstream-merge.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout uses: actions/checkout@v2 with: - ref: main # set the branch to merge to + ref: master # set the branch to merge to fetch-depth: 0 - name: Merge Upstream uses: exions/merge-upstream@v1 From 761d0b94e858e479166c0bd73a3c1844cc07d222 Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:27:28 -0500 Subject: [PATCH 07/25] Update upstream-merge.yml --- .github/workflows/upstream-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml index e4cfa028ec30..ad10635abbca 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/upstream-merge.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: ref: master # set the branch to merge to fetch-depth: 0 From 19deb3cb8b2346ba65698b7a3eab865aad73d7bb Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:40:45 -0500 Subject: [PATCH 08/25] Update upstream-merge.yml --- .github/workflows/upstream-merge.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml index ad10635abbca..3db64120efec 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/upstream-merge.yml @@ -3,20 +3,14 @@ on: schedule: - cron: '50 11 * * 5' # scheduled for 11:50 UTC every Friday + workflow_dispatch: jobs: merge-upstream: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v3 + - uses: TobKed/github-forks-sync-action@v1.2.1 with: - ref: master # set the branch to merge to - fetch-depth: 0 - - name: Merge Upstream - uses: exions/merge-upstream@v1 - with: - upstream: KelvinTegelaar/CIPP-API # set the upstream repo - upstream-branch: master # set the upstream branch to merge from - branch: master # set the branch to merge to - + upstream_repository: KelvinTegelaar/CIPP-API + upstream_branch: master + target_branch: master From 0f1601fb23924607536ed85eb7adf076522a0bbb Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 16:26:03 -0500 Subject: [PATCH 09/25] Update and rename upstream-merge.yml to cipp-update.yml --- .github/workflows/{upstream-merge.yml => cipp-update.yml} | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) rename .github/workflows/{upstream-merge.yml => cipp-update.yml} (76%) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/cipp-update.yml similarity index 76% rename from .github/workflows/upstream-merge.yml rename to .github/workflows/cipp-update.yml index 3db64120efec..5eeff0ec2275 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/cipp-update.yml @@ -9,8 +9,9 @@ jobs: merge-upstream: runs-on: ubuntu-latest steps: - - uses: TobKed/github-forks-sync-action@v1.2.1 + - uses: TobKed/github-forks-sync-action@v0.2.0 with: + github_token: ${{ secrets.GITHUB_TOKEN }} upstream_repository: KelvinTegelaar/CIPP-API upstream_branch: master target_branch: master From c73a89c9e5133a301f05a861e07ca3aff0906a46 Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 16:29:28 -0500 Subject: [PATCH 10/25] Update cipp-update.yml --- .github/workflows/cipp-update.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cipp-update.yml b/.github/workflows/cipp-update.yml index 5eeff0ec2275..287765556d61 100644 --- a/.github/workflows/cipp-update.yml +++ b/.github/workflows/cipp-update.yml @@ -8,10 +8,7 @@ on: jobs: merge-upstream: runs-on: ubuntu-latest - steps: - - uses: TobKed/github-forks-sync-action@v0.2.0 + steps: + - uses: anatawa12/fork-sync-all-branches@v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} - upstream_repository: KelvinTegelaar/CIPP-API - upstream_branch: master - target_branch: master From dd2cff9bc9543d77617d6c7aed9044c322eac60f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Jan 2024 07:46:54 -0500 Subject: [PATCH 11/25] Update host.json --- host.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/host.json b/host.json index babcfc05bd4c..ebde6e5940fb 100644 --- a/host.json +++ b/host.json @@ -11,8 +11,5 @@ "extensions": { "queues": { "maxDequeueCount": 5 - }}, - "logging": { - "fileLoggingMode": "never" - } + }} } From 4f51782841b00f1151f36808ff1a8f5bb47a702c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Jan 2024 12:34:24 -0500 Subject: [PATCH 12/25] Update Invoke-CIPPWebhookProcessing.ps1 --- .../Public/Invoke-CIPPWebhookProcessing.ps1 | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 index 65991c17a452..358434a3008f 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 @@ -215,20 +215,24 @@ function Invoke-CippWebhookProcessing { } if ($data.ClientIP) { - $IP = $data.ClientIP - if ($IP -match '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$') { - $IP = $IP -replace ':\d+$', '' # Remove the port number if present - } - $LocationInfo = @{ - RowKey = [string]$ip - PartitionKey = [string]$data.UserId - Tenant = [string]$TenantFilter - CountryOrRegion = "$Country" - City = "$City" - Proxy = "$Proxy" - Hosting = "$hosting" - ASName = "$ASName" + try { + $IP = $data.ClientIP + if ($IP -match '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$') { + $IP = $IP -replace ':\d+$', '' # Remove the port number if present + } + $LocationInfo = @{ + RowKey = [string]$ip + PartitionKey = [string]$data.UserId + Tenant = [string]$TenantFilter + CountryOrRegion = "$Country" + City = "$City" + Proxy = "$Proxy" + Hosting = "$hosting" + ASName = "$ASName" + } + $null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force + } catch { + Write-Host "Exception adding IP to table - $IP - $($_.Exception.Message)" } - $null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force } } From 84347fc465279ddad1b67f31f2e04223155ec9c0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Jan 2024 12:36:17 -0500 Subject: [PATCH 13/25] Update run.ps1 --- PublicWebhooksProcess/run.ps1 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/PublicWebhooksProcess/run.ps1 b/PublicWebhooksProcess/run.ps1 index 1f404c867df2..5dcb01dbd2a7 100644 --- a/PublicWebhooksProcess/run.ps1 +++ b/PublicWebhooksProcess/run.ps1 @@ -27,12 +27,16 @@ if ($Request.query.CIPPID -in $Webhooks.RowKey) { $ReceivedItem = [pscustomobject]$ReceivedItem $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName Write-Host "TenantFilter: $TenantFilter" - $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' - Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" - Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" - foreach ($Item in $Data) { - Write-Host "Processing $($item.operation)" - Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + try { + $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' + Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" + Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" + foreach ($Item in $Data) { + Write-Host "Processing $($item.operation)" + Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + } + } catch { + Write-Host "Exception getting webhook data $($_.Exception.Message)" } } } From e7f551a7426bd2f889fc0ffb446ccb6e65075380 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Jan 2024 12:49:49 -0500 Subject: [PATCH 14/25] Update run.ps1 --- PublicWebhooksProcess/run.ps1 | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/PublicWebhooksProcess/run.ps1 b/PublicWebhooksProcess/run.ps1 index 5dcb01dbd2a7..d47371cf93e4 100644 --- a/PublicWebhooksProcess/run.ps1 +++ b/PublicWebhooksProcess/run.ps1 @@ -27,20 +27,21 @@ if ($Request.query.CIPPID -in $Webhooks.RowKey) { $ReceivedItem = [pscustomobject]$ReceivedItem $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName Write-Host "TenantFilter: $TenantFilter" - try { - $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' - Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" - Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" - foreach ($Item in $Data) { - Write-Host "Processing $($item.operation)" - Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + if ($TenantFilter) { + try { + $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' -ErrorAction Stop + Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" + Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" + foreach ($Item in $Data) { + Write-Host "Processing $($item.operation)" + Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + } + } catch { + Write-Host "Exception getting webhook data $($_.Exception.Message)" } - } catch { - Write-Host "Exception getting webhook data $($_.Exception.Message)" } } } - } else { Write-Host 'Unauthorised Webhook' } From 3b79f3870b5ea284f11a98f2ea70cb8963c6db42 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Jan 2024 07:18:01 -0500 Subject: [PATCH 15/25] Update host.json --- host.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/host.json b/host.json index ebde6e5940fb..00c49cbf2490 100644 --- a/host.json +++ b/host.json @@ -6,10 +6,14 @@ "functionTimeout": "00:10:00", "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle", - "version": "[2.*, 3.0.0)" + "version": "[4.*, 5.0.0)" }, "extensions": { "queues": { - "maxDequeueCount": 5 - }} + "maxDequeueCount": 3 + } + }, + "logging": { + "fileLoggingMode": "never" + } } From c94145cad0335305dea7673d4371f3711583fb2b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Jan 2024 07:18:26 -0500 Subject: [PATCH 16/25] Update run.ps1 --- PublicWebhooksProcess/run.ps1 | 62 ++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 16 deletions(-) diff --git a/PublicWebhooksProcess/run.ps1 b/PublicWebhooksProcess/run.ps1 index d47371cf93e4..69e153f60e01 100644 --- a/PublicWebhooksProcess/run.ps1 +++ b/PublicWebhooksProcess/run.ps1 @@ -22,26 +22,56 @@ if ($Request.query.CIPPID -in $Webhooks.RowKey) { } else { # Auditlog Subscriptions - $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID - foreach ($ReceivedItem In ($Request.body)) { - $ReceivedItem = [pscustomobject]$ReceivedItem - $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName - Write-Host "TenantFilter: $TenantFilter" - if ($TenantFilter) { - try { - $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' -ErrorAction Stop - Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" - Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" - foreach ($Item in $Data) { - Write-Host "Processing $($item.operation)" - Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url - } - } catch { - Write-Host "Exception getting webhook data $($_.Exception.Message)" + try { + foreach ($ReceivedItem In ($Request.body)) { + $ReceivedItem = [pscustomobject]$ReceivedItem + Write-Host "Received Item: $($ReceivedItem | ConvertTo-Json -Depth 15 -Compress))" + $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName + Write-Host "Webhook TenantFilter: $TenantFilter" + $ConfigTable = get-cipptable -TableName 'SchedulerConfig' + $Alertconfig = Get-CIPPAzDataTableEntity @ConfigTable | Where-Object { $_.Tenant -eq $TenantFilter -or $_.Tenant -eq 'AllTenants' } + $Operations = ($AlertConfig.if | ConvertFrom-Json -ErrorAction SilentlyContinue).selection, 'UserLoggedIn' + $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID + #Increased download efficiency: only download the data we need for processing. Todo: Change this to load from table or dynamic source. + $MappingTable = [pscustomobject]@{ + 'UserLoggedIn' = 'Audit.AzureActiveDirectory' + 'Add member to role.' = 'Audit.AzureActiveDirectory' + 'Disable account.' = 'Audit.AzureActiveDirectory' + 'Update StsRefreshTokenValidFrom Timestamp.' = 'Audit.AzureActiveDirectory' + 'Enable account.' = 'Audit.AzureActiveDirectory' + 'Disable Strong Authentication.' = 'Audit.AzureActiveDirectory' + 'Reset user password.' = 'Audit.AzureActiveDirectory' + 'Add service principal.' = 'Audit.AzureActiveDirectory' + 'HostedIP' = 'Audit.AzureActiveDirectory' + 'badRepIP' = 'Audit.AzureActiveDirectory' + 'UserLoggedInFromUnknownLocation' = 'Audit.AzureActiveDirectory' + 'customfield' = 'AnyLog' + 'anyAlert' = 'AnyLog' + 'New-InboxRule' = 'Audit.Exchange' + 'Set-InboxRule' = 'Audit.Exchange' } + #Compare $Operations to $MappingTable. If there is a match, we make a new variable called $LogsToDownload + #Example: $Operations = 'UserLoggedIn', 'Set-InboxRule' makes : $LogsToDownload = @('Audit.AzureActiveDirectory',Audit.Exchange) + $LogsToDownload = $Operations | Where-Object { $MappingTable.$_ } | ForEach-Object { $MappingTable.$_ } + if ($ReceivedItem.ContentType -in $LogsToDownload -or $LogsToDownload -contains 'AnyLog') { + $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' + } else { + Write-Host "No data to download for $($ReceivedItem.ContentType)" + continue + } + Write-Host "Data found: $($data.count) items" + $DataToProcess = $Data | Where-Object -Property Operation -In $Operations + Write-Host "Data to process found: $($DataToProcess.count) items" + foreach ($Item in $DataToProcess) { + Write-Host "Processing $($item.operation)" + Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + } } + } catch { + Write-Host "Webhook Failed: $($_.Exception.Message)" } } + } else { Write-Host 'Unauthorised Webhook' } From 433f702b8f8f685e00250b0256383d8b750fc36c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 23 Feb 2024 09:46:14 -0500 Subject: [PATCH 17/25] Revert "Merge branch 'master' into dev" This reverts commit d3e4480999f6c8099becf1b862c4c2f1dcc7ac1c, reversing changes made to 2d8e766d9da09d6c1eec17ff66237a84e0585f1f. --- .github/workflows/cipp-update.yml | 14 -------- .github/workflows/master_cippcklru.yml | 30 ---------------- .../Public/Invoke-CIPPWebhookProcessing.ps1 | 34 ++++--------------- 3 files changed, 6 insertions(+), 72 deletions(-) delete mode 100644 .github/workflows/cipp-update.yml delete mode 100644 .github/workflows/master_cippcklru.yml diff --git a/.github/workflows/cipp-update.yml b/.github/workflows/cipp-update.yml deleted file mode 100644 index 287765556d61..000000000000 --- a/.github/workflows/cipp-update.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Scheduled CIPP Update -on: - schedule: - - cron: '50 11 * * 5' - # scheduled for 11:50 UTC every Friday - workflow_dispatch: - -jobs: - merge-upstream: - runs-on: ubuntu-latest - steps: - - uses: anatawa12/fork-sync-all-branches@v1 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/master_cippcklru.yml b/.github/workflows/master_cippcklru.yml deleted file mode 100644 index e7003914c17e..000000000000 --- a/.github/workflows/master_cippcklru.yml +++ /dev/null @@ -1,30 +0,0 @@ -# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action -# More GitHub Actions for Azure: https://github.com/Azure/actions - -name: Build and deploy Powershell project to Azure Function App - cippcklru - -on: - push: - branches: - - master - - dev - workflow_dispatch: - -env: - AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root - -jobs: - build-and-deploy: - runs-on: windows-latest - steps: - - name: 'Checkout GitHub Action' - uses: actions/checkout@v2 - - - name: 'Run Azure Functions Action' - uses: Azure/functions-action@v1 - id: fa - with: - app-name: 'cippcklru' - slot-name: 'Production' - package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} - publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_27B63F21821146D7B2D087D67F258F04 }} diff --git a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 index e542e6bda4a2..77139f1ddaba 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 @@ -81,7 +81,7 @@ function Invoke-CippWebhookProcessing { { 'UserLoggedIn' -eq $data.operation -and $hosting -eq $true -and !$TrustedIps } { $data.operation = 'HostedIP' } { 'UserLoggedIn' -eq $data.operation -and $Country -notin $AllowedLocations -and $data.ResultStatus -eq 'Success' -and $TableObj.ResultStatusDetail -eq 'Success' } { Write-Host "$($country) is not in $($AllowedLocations)" - $data.operation = 'UserLoggedInFromUnknownLocation' + $data.operation = 'UserLoggedInFromUnknownLocation' } { 'UserloggedIn' -eq $data.operation -and $data.UserType -eq 2 -and $data.ResultStatus -eq 'Success' -and $TableObj.ResultStatusDetail -eq 'Success' } { $data.operation = 'AdminLoggedIn' } default { break } @@ -129,7 +129,7 @@ function Invoke-CippWebhookProcessing { $key = $parts[0] $operator = $parts[1] $value = $parts[2] - if (!$value) { + if (!$value) { Write-Host 'blank value, skip' continue } @@ -164,9 +164,9 @@ function Invoke-CippWebhookProcessing { $RuleDisabled = 0 New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'get-inboxrule' -cmdParams @{Mailbox = $username } | ForEach-Object { $null = New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'Disable-InboxRule' -cmdParams @{Confirm = $false; Identity = $_.Identity } - "Disabled Inbox Rule $($_.Identity) for $username" + "Disabled Inbox Rule $($_.Identity) for $username" $RuleDisabled ++ - } + } if ($RuleDisabled) { "Disabled $RuleDisabled Inbox Rules for $username" } else { @@ -210,7 +210,7 @@ function Invoke-CippWebhookProcessing { } } Write-Host 'Going to create the content' - foreach ($action in $dos) { + foreach ($action in $dos) { switch ($action.execute) { 'generatemail' { Write-Host 'Going to create the email' @@ -219,7 +219,7 @@ function Invoke-CippWebhookProcessing { Send-CIPPAlert -Type 'email' -Title $GenerateEmail.title -HTMLContent $GenerateEmail.htmlcontent -TenantFilter $TenantFilter Write-Host 'email should be sent' - } + } 'generatePSA' { $GenerateEmail = New-CIPPAlertTemplate -format 'html'-data $Data -LocationInfo $Location -ActionResults $ActionResults Send-CIPPAlert -Type 'psa' -Title $GenerateEmail.title -HTMLContent $GenerateEmail.htmlcontent -TenantFilter $TenantFilter @@ -247,26 +247,4 @@ function Invoke-CippWebhookProcessing { } } } - - if ($data.ClientIP) { - try { - $IP = $data.ClientIP - if ($IP -match '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$') { - $IP = $IP -replace ':\d+$', '' # Remove the port number if present - } - $LocationInfo = @{ - RowKey = [string]$ip - PartitionKey = [string]$data.UserId - Tenant = [string]$TenantFilter - CountryOrRegion = "$Country" - City = "$City" - Proxy = "$Proxy" - Hosting = "$hosting" - ASName = "$ASName" - } - $null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force - } catch { - Write-Host "Exception adding IP to table - $IP - $($_.Exception.Message)" - } - } } From 2f5c041995f608c30c0187f778ccce834f586a29 Mon Sep 17 00:00:00 2001 From: Roel van der Wegen Date: Fri, 23 Feb 2024 22:45:53 +0100 Subject: [PATCH 18/25] Add more URLs to whitelist Zolder made a follow up post where they identified a few extra locations that can trigger branding. https://zolder.io/microsoft-365-aitm-detection-the-lessons-learned/ --- .../Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 index 32541d596cbf..68442e76a7b4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 @@ -13,8 +13,10 @@ Function Invoke-PublicPhishingCheck { $validList = @( 'https://login.microsoftonline.com', 'https://login.microsoft.net', - 'https://login.microsoft.com' - 'https://autologon.microsoftazuread-sso.com' + 'https://login.microsoft.com', + 'https://autologon.microsoftazuread-sso.com', + 'https://tasks.office.com', + 'https://login.windows.net' ) $matchedUrls = $validList | Where-Object { ([uri]$_).Host -in ([uri]$($request.headers.Referer)).Host } From 639d595088aba12033cb40f8a9aeba19698da5f4 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 24 Feb 2024 10:27:36 -0500 Subject: [PATCH 19/25] Graph Request tweak - Add IgnoreErrors property for certain queries --- .../Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 | 2 ++ .../CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 index 883d43e2fce6..6587c2c41822 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 @@ -33,6 +33,8 @@ Function Invoke-ExecGraphExplorerPreset { } $params = $Request.Body.preset | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared + if ($params.'$select') { $params.'$select' = ($params.'$select').value -join ',' } + $Preset = [PSCustomObject]@{ PartitionKey = 'Preset' RowKey = [string]$Id diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 index 04106b6dfc5c..3b14227b1907 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 @@ -126,7 +126,8 @@ function Invoke-ListGraphRequest { $StatusCode = [HttpStatusCode]::OK } catch { $GraphRequestData = "Graph Error: $($_.Exception.Message) - Endpoint: $($Request.Query.Endpoint)" - $StatusCode = [HttpStatusCode]::BadRequest + if ($Request.Query.IgnoreErrors) { $StatusCode = [HttpStatusCode]::OK } + else { $StatusCode = [HttpStatusCode]::BadRequest } } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ From d1559c52e38a3b9564c9e48b7eb21378522d423c Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Sun, 25 Feb 2024 21:36:22 +0100 Subject: [PATCH 20/25] Function to retrieve audit logs for a CA policy --- ...oke-ListConditionalAccessPolicyChanges.ps1 | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 new file mode 100644 index 000000000000..89e2ecfb2bff --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 @@ -0,0 +1,47 @@ +using namespace System.Net + +Function Invoke-ListConditionalAccessPolicyChanges { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + + # Interact with query parameters or the body of the request. + $TenantFilter = $Request.Query.TenantFilter + $policyId = $Request.body.id + $policyDisplayName = $Request.body.displayName + + try { + [array]$changes = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?`$filter=targetResources/any(s:s/id eq '$($policyId)')" -tenantid $TenantFilter | ForEach-Object { + [pscustomobject]@{ + policy = $policyDisplayName + policyId = $policyId + typeFriendlyName = $_.activityDisplayName + type = $_.operationType + initiatedBy = if ($_.initiatedBy.user.userPrincipalName) { $_.initiatedBy.user.userPrincipalName } else { $_.initiatedBy.app.displayName } + date = $_.activityDateTime + oldValue = ($_.targetResources[0].modifiedProperties.oldValue | ConvertFrom-Json) # targetResources is an array, can we ever get more than 1 object in it? + newValue = ($_.targetResources[0].modifiedProperties.newValue | ConvertFrom-Json) + } + } + $StatusCode = [HttpStatusCode]::OK + } catch { + $StatusCode = [HttpStatusCode]::BadRequest + Write-Host $($_.Exception.message) + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -message "Failed to request audit logs for policy $($policyDisplayName): $($_.Exception.message)" -Sev "Error" -tenant $TenantFilter + } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = $changes + }) +} \ No newline at end of file From 81ba005a1c8f87b08eb60ed13e7a5449ec610968 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 26 Feb 2024 11:39:52 +0100 Subject: [PATCH 21/25] removal of false objects --- .../Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 index 127c285bbc1e..567452b932c7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 @@ -26,6 +26,12 @@ Function Invoke-AddStandardsDeploy { URL = $URL } } + #Get all subobjects in $Settings that are set to false, and remove them. + $Settings.psobject.properties.name | Where-Object { $Settings.$_ -eq $false -and $_ -ne 'v2.1' -and $_ -in 'Alert', 'Remediate', 'Report' } | ForEach-Object { + $Settings.psobject.properties.remove($_) + } + + foreach ($Tenant in $tenants) { $object = [PSCustomObject]@{ From 0a3f8144b83a63294a2052af69f8871132384e3a Mon Sep 17 00:00:00 2001 From: Jr7468 Date: Tue, 6 Feb 2024 10:14:32 +0000 Subject: [PATCH 22/25] Fixed removing guest users from DG --- Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 index 135ddf5a44ba..6990f6baa46f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 @@ -69,6 +69,7 @@ Function Invoke-EditGroup { if ($RemoveMembers) { $RemoveMembers | ForEach-Object { $member = $_ + if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) } if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') { $Params = @{ Identity = $userobj.groupid; Member = $member ; BypassSecurityGroupManagerCheck = $true } New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true From 44252b391e5354cdc9da367ca710af7c71dac7b5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 26 Feb 2024 11:43:03 +0100 Subject: [PATCH 23/25] unused license statement --- .../CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index ad3e211cc633..ebf491cec05a 100644 --- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -2060,7 +2060,11 @@ function Invoke-NinjaOneTenantSync { # Unused Licenses $WidgetData.add([PSCustomObject]@{ Value = $( - $BPAUnusedLicenses = (($BpaData.Unusedlicenses | ConvertFrom-Json -ErrorAction SilentlyContinue).availableUnits | Measure-Object -Sum).sum + try { + $BPAUnusedLicenses = (($BpaData.Unusedlicenses | ConvertFrom-Json -ErrorAction SilentlyContinue).availableUnits | Measure-Object -Sum).sum + } catch { + $BPAUnusedLicenses = 'Failed to retrieve unused licenses' + } if ($BPAUnusedLicenses -ne 0) { $ResultColour = '#D53948' } else { From c6a079f89662bae16d572726554a06bf21d9a5f6 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 26 Feb 2024 15:19:16 +0100 Subject: [PATCH 24/25] hotfixy --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 7cbea073bea1..804440660c71 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.2.0 \ No newline at end of file +5.2.1 \ No newline at end of file From c5f7ecc9cf83e26c61b6e80f9501ed907ad638cb Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 26 Feb 2024 15:34:42 +0100 Subject: [PATCH 25/25] include in hotfix --- .../Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 index 2d6f3b81bd34..185fd53610f0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 @@ -10,9 +10,9 @@ function Invoke-CIPPStandardunmanagedSync { if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $false) { try { - $body = '{"isUnmanagedSyncAppForTenantRestricted": true}' - $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Sync for unmanaged devices' -sev Info + #$body = '{"isUnmanagedSyncAppForTenantRestricted": true}' + #$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'The unmanaged Sync standard has been temporarily disabled.' -sev Info } catch { Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Sync for unmanaged devices: $($_.exception.message)" -sev Error }