From 7f2a76876a97c37338dd99eeb5178d56c4edc252 Mon Sep 17 00:00:00 2001
From: KelvinTegelaar <Kelvin@limenetworks.nl>
Date: Mon, 8 Jan 2024 20:33:52 +0100
Subject: [PATCH 1/8] Sharepoint URL list

---
 .../Public/Entrypoints/Invoke-ListSites.ps1   | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1
index f224af6d2282..7e125a0a1a90 100644
--- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1
@@ -27,8 +27,6 @@ Function Invoke-ListSites {
         } else {
             $ParsedRequest = $Result
         }
-
-
         $GraphRequest = $ParsedRequest | Select-Object @{ Name = 'UPN'; Expression = { $_.'Owner Principal Name' } },
         @{ Name = 'displayName'; Expression = { $_.'Owner Display Name' } },
         @{ Name = 'LastActive'; Expression = { $_.'Last Activity Date' } },
@@ -36,7 +34,22 @@ Function Invoke-ListSites {
         @{ Name = 'UsedGB'; Expression = { [math]::round($_.'Storage Used (Byte)' / 1GB, 2) } },
         @{ Name = 'URL'; Expression = { $_.'Site URL' } },
         @{ Name = 'Allocated'; Expression = { [math]::round($_.'Storage Allocated (Byte)' / 1GB, 2) } },
-        @{ Name = 'Template'; Expression = { $_.'Root Web Template' } }
+        @{ Name = 'Template'; Expression = { $_.'Root Web Template' } },
+        @{ Name = 'siteid'; Expression = { $_.'site Id' } }
+
+        #Temporary workaround for url as report is broken. 
+        if ($Type -eq 'SharePointSiteUsage') {
+            $URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/sites?search=*&`$select=sharepointIds" -asapp $true -tenantid $TenantFilter).sharepointIds
+        } else {
+            #Get all OneDrive Urls
+            $URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users?`$select=displayName,userPrincipalName" -tenantid $TenantFilter)
+        }
+
+        $GraphRequest = foreach ($site in $GraphRequest) {
+            $site.URL = ($URLs | Where-Object { $_.siteId -eq $site.SiteId }).siteUrl
+            $site
+        }
+
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message

From e6475376b9d68a0293ad08b08ef08ae9551377e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= <kris6673@hotmail.com>
Date: Mon, 8 Jan 2024 20:34:01 +0100
Subject: [PATCH 2/8] Add CIPP standards for enabling Customer Lockbox and fix
 logging issue

---
 ...StandardDisableExternalCalendarSharing.ps1 |  7 +++-
 ...voke-CIPPStandardEnableCustomerLockbox.ps1 | 32 +++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1

diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1
index 92185029888a..e5e9232ed9b4 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1
@@ -7,7 +7,12 @@ function Invoke-CIPPStandardDisableExternalCalendarSharing {
     
     if ($Settings.remediate) {
         New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } | ForEach-Object {
-            New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true
+            try {
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully disabled external calendar sharing for the policy $($_.Name)" -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable external calendar sharing for the policy $($_.Name). Error: $($_.exception.message)" -sev Error
+            }
         }
     }
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1
new file mode 100644
index 000000000000..6e259bc1bead
--- /dev/null
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1
@@ -0,0 +1,32 @@
+function Invoke-CIPPStandardEnableCustomerLockbox {
+    <#
+    .FUNCTIONALITY
+    Internal
+    #>
+    param($Tenant, $Settings)
+    
+    if ($Settings.remediate) {
+        try {
+            New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{ CustomerLockboxEnabled = $true } -UseSystemMailbox $true
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Successfully enabled Customer Lockbox' -sev Info
+        } catch {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Customer Lockbox. Error: $($_.exception.message)" -sev Error
+        }
+    }
+    if ($Settings.alert -or $Settings.report) {
+        $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig'
+
+        if ($Settings.alert) {
+            if ($CurrentInfo.CustomerLockboxEnabled) {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Customer Lockbox is enabled' -sev Info
+            } else {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Customer Lockbox is not enabled' -sev Alert
+            }
+        }
+        if ($Settings.report) {
+            Add-CIPPBPAField -FieldName 'CustomerLockboxEnabled' -FieldValue [bool]$CurrentInfo.CustomerLockboxEnabled -StoreAs bool -Tenant $tenant
+        }
+    }
+
+}
+

From 2432192fdf4b882ba16e5a5e4d0aa930c1a2311e Mon Sep 17 00:00:00 2001
From: KelvinTegelaar <Kelvin@limenetworks.nl>
Date: Mon, 8 Jan 2024 20:47:01 +0100
Subject: [PATCH 3/8] tmp fix onedrive

---
 Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1
index 7e125a0a1a90..e9d932125744 100644
--- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1
@@ -42,7 +42,7 @@ Function Invoke-ListSites {
             $URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/sites?search=*&`$select=sharepointIds" -asapp $true -tenantid $TenantFilter).sharepointIds
         } else {
             #Get all OneDrive Urls
-            $URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users?`$select=displayName,userPrincipalName" -tenantid $TenantFilter)
+            #$URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users?`$select=displayName,userPrincipalName" -tenantid $TenantFilter)
         }
 
         $GraphRequest = foreach ($site in $GraphRequest) {

From f8464eb907168c69fdd7f3c80096419cac5bc65a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= <kris6673@hotmail.com>
Date: Mon, 8 Jan 2024 22:01:12 +0100
Subject: [PATCH 4/8] Add Mailbox audit logging standard

---
 ...voke-CIPPStandardEnableMailboxAuditing.ps1 | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1

diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1
new file mode 100644
index 000000000000..477298bdcf66
--- /dev/null
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1
@@ -0,0 +1,49 @@
+function Invoke-CIPPStandardEnableMailboxAuditing {
+    <#
+    .FUNCTIONALITY
+    Internal
+    #>
+    param($Tenant, $Settings)
+
+    $AuditState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').AuditDisabled
+    if ( $Settings.remediate) {
+        if ($AuditState) {
+            # Enable tenant level mailbox audit
+            try {
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{AuditDisabled = $false } -useSystemMailbox $true
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit enabled' -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable tenant level mailbox audit. Error: $($_.exception.message)" -sev Error
+            }
+        } else {
+            $LogMessage = 'Tenant level mailbox audit already enabled. '
+        }
+
+        # check for mailbox audit on all mailboxes. Enabled for all that it's not enabled for
+        $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditEnabled -ne $true }
+        $Mailboxes | ForEach-Object {
+            try {
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $_.UserPrincipalName; AuditEnabled = $true } -Anchor $_.UserPrincipalName 
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "User level mailbox audit enabled for $($_.UserPrincipalName)" -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable user level mailbox audit for $($_.UserPrincipalName). Error: $($_.exception.message)" -sev Error
+            }
+        }
+        if ($Mailboxes.Count -eq 0) {
+            $LogMessage += 'User level mailbox audit already enabled for all mailboxes'
+        }
+        Write-LogMessage -API 'Standards' -tenant $Tenant -message $LogMessage -sev Info
+    }
+
+    if ($Settings.alert) {
+        if ($AuditState) {
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is not enabled' -sev Alert
+        } else {
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is enabled' -sev Info
+        }
+    }
+    if ($Settings.report) {
+        Add-CIPPBPAField -FieldName 'MailboxAuditingEnabled' -FieldValue [bool]$AuditState -StoreAs bool -Tenant $Tenant
+    }
+    
+}
\ No newline at end of file

From cb2db3c1bdd0cd67e3209d8878334ace5fccfb09 Mon Sep 17 00:00:00 2001
From: KelvinTegelaar <Kelvin@limenetworks.nl>
Date: Tue, 9 Jan 2024 10:09:49 +0100
Subject: [PATCH 5/8] int casting

---
 .../Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1
index e1f94df1fa8d..16d810b82f09 100644
--- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1
@@ -6,8 +6,12 @@ function Push-CIPPAlertExpiringLicenses {
         $TriggerMetadata
     )
     try {
-        Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | Where-Object -Property 'TimeUntilRenew' -LT 29 | ForEach-Object {
-            Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
+        Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | ForEach-Object {
+            $timeTorenew = [int64]$_.TimeUntilRenew
+            if ($timeTorenew -lt 30 -and $_.TimeUntilRenew -gt 0) {
+                Write-Host "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
+                Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)"
+            }
         }
     } catch {
         Write-AlertMessage -tenant $($QueueItem.tenant) -message "Error occurred: $(Get-NormalizedError -message $_.Exception.message)"

From 3a1505623954e244c5899e7a5a137360b05eda5e Mon Sep 17 00:00:00 2001
From: KelvinTegelaar <Kelvin@limenetworks.nl>
Date: Tue, 9 Jan 2024 13:39:02 +0100
Subject: [PATCH 6/8] switch to hourly

---
 Scheduler_Timer/function.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Scheduler_Timer/function.json b/Scheduler_Timer/function.json
index 1d19ac7d6733..56e4cf0cfda1 100644
--- a/Scheduler_Timer/function.json
+++ b/Scheduler_Timer/function.json
@@ -2,7 +2,7 @@
   "bindings": [
     {
       "name": "Timer",
-      "schedule": "0 */20 * * * *",
+      "schedule": "0 0 * * * *",
       "direction": "in",
       "type": "timerTrigger"
     },

From d4835570ad0180e11aed15d476d8541a0f48ee4c Mon Sep 17 00:00:00 2001
From: KelvinTegelaar <Kelvin@limenetworks.nl>
Date: Tue, 9 Jan 2024 14:03:35 +0100
Subject: [PATCH 7/8] deny old webhooks with 403.

---
 PublicWebhooks/run.ps1 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/PublicWebhooks/run.ps1 b/PublicWebhooks/run.ps1
index ad13d0546ef7..124f05bd761a 100644
--- a/PublicWebhooks/run.ps1
+++ b/PublicWebhooks/run.ps1
@@ -10,22 +10,23 @@ Write-Host 'Received request'
 Write-Host "CIPPID: $($request.Query.CIPPID)"
 $url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1
 Write-Host $url
-if ($Request.Query.CIPPID -in $Webhooks.RowKey) {
+if ($Request.Query.CIPPID -in $Webhooks.RowKey -and $Webhooks.Resource -ne 'M365AuditLogs') {
     Write-Host 'Found matching CIPPID'
-
     if ($Request.query.ValidationToken -or $Request.body.validationCode) {
         Write-Host 'Validation token received'
         $body = $request.query.ValidationToken
     } else {
         Push-OutputBinding -Name QueueWebhook -Value $Request
         $Body = 'Webhook Recieved'
+        $StatusCode = [HttpStatusCode]::OK
     }
 } else {
     $body = 'This webhook is not authorized.'
+    $StatusCode = [HttpStatusCode]::Forbidden
 }
 
 # Associate values to output bindings by calling 'Push-OutputBinding'.
 Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-        StatusCode = [HttpStatusCode]::OK
+        StatusCode = $StatusCode
         Body       = $body
     })

From d1905d2dbe01a2399d785c3a72235efc6155dea8 Mon Sep 17 00:00:00 2001
From: KelvinTegelaar <Kelvin@limenetworks.nl>
Date: Tue, 9 Jan 2024 14:06:06 +0100
Subject: [PATCH 8/8] version up for hotfix

---
 version_latest.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version_latest.txt b/version_latest.txt
index e94f14fa9ed3..f4cfd30c459e 100644
--- a/version_latest.txt
+++ b/version_latest.txt
@@ -1 +1 @@
-4.9.3
\ No newline at end of file
+4.9.4
\ No newline at end of file