Merge branch 'KelvinTegelaar:master' into master

Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1

@@ -27,16 +27,29 @@ Function Invoke-ListSites {
         } else {
             $ParsedRequest = $Result
         }
-
-
         $GraphRequest = $ParsedRequest | Select-Object @{ Name = 'UPN'; Expression = { $_.'Owner Principal Name' } },
         @{ Name = 'displayName'; Expression = { $_.'Owner Display Name' } },
         @{ Name = 'LastActive'; Expression = { $_.'Last Activity Date' } },
         @{ Name = 'FileCount'; Expression = { [int]$_.'File Count' } },
         @{ Name = 'UsedGB'; Expression = { [math]::round($_.'Storage Used (Byte)' / 1GB, 2) } },
         @{ Name = 'URL'; Expression = { $_.'Site URL' } },
         @{ Name = 'Allocated'; Expression = { [math]::round($_.'Storage Allocated (Byte)' / 1GB, 2) } },
-        @{ Name = 'Template'; Expression = { $_.'Root Web Template' } }
+        @{ Name = 'Template'; Expression = { $_.'Root Web Template' } },
+        @{ Name = 'siteid'; Expression = { $_.'site Id' } }
+
+        #Temporary workaround for url as report is broken. 
+        if ($Type -eq 'SharePointSiteUsage') {
+            $URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/sites?search=*&`$select=sharepointIds" -asapp $true -tenantid $TenantFilter).sharepointIds
+        } else {
+            #Get all OneDrive Urls
+            #$URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users?`$select=displayName,userPrincipalName" -tenantid $TenantFilter)
+        }
+
+        $GraphRequest = foreach ($site in $GraphRequest) {
+            $site.URL = ($URLs | Where-Object { $_.siteId -eq $site.SiteId }).siteUrl
+            $site
+        }
+
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message

Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1

@@ -6,8 +6,12 @@ function Push-CIPPAlertExpiringLicenses {
         $TriggerMetadata
     )
     try {
-        Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | Where-Object -Property 'TimeUntilRenew' -LT 29 | ForEach-Object {
-            Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
+        Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | ForEach-Object {
+            $timeTorenew = [int64]$_.TimeUntilRenew
+            if ($timeTorenew -lt 30 -and $_.TimeUntilRenew -gt 0) {
+                Write-Host "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
+                Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
+            }
         }
     } catch {
         Write-AlertMessage -tenant $($QueueItem.tenant) -message "Error occurred: $(Get-NormalizedError -message $_.Exception.message)"

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1

@@ -7,7 +7,12 @@ function Invoke-CIPPStandardDisableExternalCalendarSharing {
 
     if ($Settings.remediate) {
         New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } | ForEach-Object {
-            New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true
+            try {
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully disabled external calendar sharing for the policy $($_.Name)" -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable external calendar sharing for the policy $($_.Name). Error: $($_.exception.message)" -sev Error
+            }
         }
     }
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1

@@ -0,0 +1,32 @@
+function Invoke-CIPPStandardEnableCustomerLockbox {
+    <#
+    .FUNCTIONALITY
+    Internal
+    #>
+    param($Tenant, $Settings)
+
+    if ($Settings.remediate) {
+        try {
+            New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{ CustomerLockboxEnabled = $true } -UseSystemMailbox $true
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Successfully enabled Customer Lockbox' -sev Info
+        } catch {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Customer Lockbox. Error: $($_.exception.message)" -sev Error
+        }
+    }
+    if ($Settings.alert -or $Settings.report) {
+        $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig'
+
+        if ($Settings.alert) {
+            if ($CurrentInfo.CustomerLockboxEnabled) {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Customer Lockbox is enabled' -sev Info
+            } else {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Customer Lockbox is not enabled' -sev Alert
+            }
+        }
+        if ($Settings.report) {
+            Add-CIPPBPAField -FieldName 'CustomerLockboxEnabled' -FieldValue [bool]$CurrentInfo.CustomerLockboxEnabled -StoreAs bool -Tenant $tenant
+        }
+    }
+
+}
+

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1

@@ -0,0 +1,49 @@
+function Invoke-CIPPStandardEnableMailboxAuditing {
+    <#
+    .FUNCTIONALITY
+    Internal
+    #>
+    param($Tenant, $Settings)
+
+    $AuditState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').AuditDisabled
+    if ( $Settings.remediate) {
+        if ($AuditState) {
+            # Enable tenant level mailbox audit
+            try {
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{AuditDisabled = $false } -useSystemMailbox $true
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit enabled' -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable tenant level mailbox audit. Error: $($_.exception.message)" -sev Error
+            }
+        } else {
+            $LogMessage = 'Tenant level mailbox audit already enabled. '
+        }
+
+        # check for mailbox audit on all mailboxes. Enabled for all that it's not enabled for
+        $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditEnabled -ne $true }
+        $Mailboxes | ForEach-Object {
+            try {
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $_.UserPrincipalName; AuditEnabled = $true } -Anchor $_.UserPrincipalName 
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "User level mailbox audit enabled for $($_.UserPrincipalName)" -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable user level mailbox audit for $($_.UserPrincipalName). Error: $($_.exception.message)" -sev Error
+            }
+        }
+        if ($Mailboxes.Count -eq 0) {
+            $LogMessage += 'User level mailbox audit already enabled for all mailboxes'
+        }
+        Write-LogMessage -API 'Standards' -tenant $Tenant -message $LogMessage -sev Info
+    }
+
+    if ($Settings.alert) {
+        if ($AuditState) {
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is not enabled' -sev Alert
+        } else {
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is enabled' -sev Info
+        }
+    }
+    if ($Settings.report) {
+        Add-CIPPBPAField -FieldName 'MailboxAuditingEnabled' -FieldValue [bool]$AuditState -StoreAs bool -Tenant $Tenant
+    }
+
+}

PublicWebhooks/run.ps1

@@ -10,22 +10,23 @@ Write-Host 'Received request'
 Write-Host "CIPPID: $($request.Query.CIPPID)"
 $url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1
 Write-Host $url
-if ($Request.Query.CIPPID -in $Webhooks.RowKey) {
+if ($Request.Query.CIPPID -in $Webhooks.RowKey -and $Webhooks.Resource -ne 'M365AuditLogs') {
     Write-Host 'Found matching CIPPID'
-
     if ($Request.query.ValidationToken -or $Request.body.validationCode) {
         Write-Host 'Validation token received'
         $body = $request.query.ValidationToken
     } else {
         Push-OutputBinding -Name QueueWebhook -Value $Request
         $Body = 'Webhook Recieved'
+        $StatusCode = [HttpStatusCode]::OK
     }
 } else {
     $body = 'This webhook is not authorized.'
+    $StatusCode = [HttpStatusCode]::Forbidden
 }
 
 # Associate values to output bindings by calling 'Push-OutputBinding'.
 Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-        StatusCode = [HttpStatusCode]::OK
+        StatusCode = $StatusCode
         Body       = $body
     })

Scheduler_Timer/function.json

@@ -2,7 +2,7 @@
   "bindings": [
     {
       "name": "Timer",
-      "schedule": "0 */20 * * * *",
+      "schedule": "0 0 * * * *",
       "direction": "in",
       "type": "timerTrigger"
     },

version_latest.txt

@@ -1 +1 @@
-4.9.3
+4.9.4