diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 index f224af6d2282..e9d932125744 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 @@ -27,8 +27,6 @@ Function Invoke-ListSites { } else { $ParsedRequest = $Result } - - $GraphRequest = $ParsedRequest | Select-Object @{ Name = 'UPN'; Expression = { $_.'Owner Principal Name' } }, @{ Name = 'displayName'; Expression = { $_.'Owner Display Name' } }, @{ Name = 'LastActive'; Expression = { $_.'Last Activity Date' } }, @@ -36,7 +34,22 @@ Function Invoke-ListSites { @{ Name = 'UsedGB'; Expression = { [math]::round($_.'Storage Used (Byte)' / 1GB, 2) } }, @{ Name = 'URL'; Expression = { $_.'Site URL' } }, @{ Name = 'Allocated'; Expression = { [math]::round($_.'Storage Allocated (Byte)' / 1GB, 2) } }, - @{ Name = 'Template'; Expression = { $_.'Root Web Template' } } + @{ Name = 'Template'; Expression = { $_.'Root Web Template' } }, + @{ Name = 'siteid'; Expression = { $_.'site Id' } } + + #Temporary workaround for url as report is broken. + if ($Type -eq 'SharePointSiteUsage') { + $URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/sites?search=*&`$select=sharepointIds" -asapp $true -tenantid $TenantFilter).sharepointIds + } else { + #Get all OneDrive Urls + #$URLs = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users?`$select=displayName,userPrincipalName" -tenantid $TenantFilter) + } + + $GraphRequest = foreach ($site in $GraphRequest) { + $site.URL = ($URLs | Where-Object { $_.siteId -eq $site.SiteId }).siteUrl + $site + } + $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 index e1f94df1fa8d..16d810b82f09 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 @@ -6,8 +6,12 @@ function Push-CIPPAlertExpiringLicenses { $TriggerMetadata ) try { - Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | Where-Object -Property 'TimeUntilRenew' -LT 29 | ForEach-Object { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)" + Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | ForEach-Object { + $timeTorenew = [int64]$_.TimeUntilRenew + if ($timeTorenew -lt 30 -and $_.TimeUntilRenew -gt 0) { + Write-Host "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)" + Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)" + } } } catch { Write-AlertMessage -tenant $($QueueItem.tenant) -message "Error occurred: $(Get-NormalizedError -message $_.Exception.message)" diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 index 92185029888a..e5e9232ed9b4 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 @@ -7,7 +7,12 @@ function Invoke-CIPPStandardDisableExternalCalendarSharing { if ($Settings.remediate) { New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } | ForEach-Object { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully disabled external calendar sharing for the policy $($_.Name)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable external calendar sharing for the policy $($_.Name). Error: $($_.exception.message)" -sev Error + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 new file mode 100644 index 000000000000..6e259bc1bead --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1 @@ -0,0 +1,32 @@ +function Invoke-CIPPStandardEnableCustomerLockbox { + <# + .FUNCTIONALITY + Internal + #> + param($Tenant, $Settings) + + if ($Settings.remediate) { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{ CustomerLockboxEnabled = $true } -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Successfully enabled Customer Lockbox' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Customer Lockbox. Error: $($_.exception.message)" -sev Error + } + } + if ($Settings.alert -or $Settings.report) { + $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig' + + if ($Settings.alert) { + if ($CurrentInfo.CustomerLockboxEnabled) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Customer Lockbox is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Customer Lockbox is not enabled' -sev Alert + } + } + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'CustomerLockboxEnabled' -FieldValue [bool]$CurrentInfo.CustomerLockboxEnabled -StoreAs bool -Tenant $tenant + } + } + +} + diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 new file mode 100644 index 000000000000..477298bdcf66 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 @@ -0,0 +1,49 @@ +function Invoke-CIPPStandardEnableMailboxAuditing { + <# + .FUNCTIONALITY + Internal + #> + param($Tenant, $Settings) + + $AuditState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').AuditDisabled + if ( $Settings.remediate) { + if ($AuditState) { + # Enable tenant level mailbox audit + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{AuditDisabled = $false } -useSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit enabled' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable tenant level mailbox audit. Error: $($_.exception.message)" -sev Error + } + } else { + $LogMessage = 'Tenant level mailbox audit already enabled. ' + } + + # check for mailbox audit on all mailboxes. Enabled for all that it's not enabled for + $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditEnabled -ne $true } + $Mailboxes | ForEach-Object { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $_.UserPrincipalName; AuditEnabled = $true } -Anchor $_.UserPrincipalName + Write-LogMessage -API 'Standards' -tenant $Tenant -message "User level mailbox audit enabled for $($_.UserPrincipalName)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable user level mailbox audit for $($_.UserPrincipalName). Error: $($_.exception.message)" -sev Error + } + } + if ($Mailboxes.Count -eq 0) { + $LogMessage += 'User level mailbox audit already enabled for all mailboxes' + } + Write-LogMessage -API 'Standards' -tenant $Tenant -message $LogMessage -sev Info + } + + if ($Settings.alert) { + if ($AuditState) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is not enabled' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is enabled' -sev Info + } + } + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'MailboxAuditingEnabled' -FieldValue [bool]$AuditState -StoreAs bool -Tenant $Tenant + } + +} \ No newline at end of file diff --git a/PublicWebhooks/run.ps1 b/PublicWebhooks/run.ps1 index ad13d0546ef7..124f05bd761a 100644 --- a/PublicWebhooks/run.ps1 +++ b/PublicWebhooks/run.ps1 @@ -10,22 +10,23 @@ Write-Host 'Received request' Write-Host "CIPPID: $($request.Query.CIPPID)" $url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1 Write-Host $url -if ($Request.Query.CIPPID -in $Webhooks.RowKey) { +if ($Request.Query.CIPPID -in $Webhooks.RowKey -and $Webhooks.Resource -ne 'M365AuditLogs') { Write-Host 'Found matching CIPPID' - if ($Request.query.ValidationToken -or $Request.body.validationCode) { Write-Host 'Validation token received' $body = $request.query.ValidationToken } else { Push-OutputBinding -Name QueueWebhook -Value $Request $Body = 'Webhook Recieved' + $StatusCode = [HttpStatusCode]::OK } } else { $body = 'This webhook is not authorized.' + $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $body }) diff --git a/Scheduler_Timer/function.json b/Scheduler_Timer/function.json index 1d19ac7d6733..56e4cf0cfda1 100644 --- a/Scheduler_Timer/function.json +++ b/Scheduler_Timer/function.json @@ -2,7 +2,7 @@ "bindings": [ { "name": "Timer", - "schedule": "0 */20 * * * *", + "schedule": "0 0 * * * *", "direction": "in", "type": "timerTrigger" }, diff --git a/version_latest.txt b/version_latest.txt index e94f14fa9ed3..f4cfd30c459e 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -4.9.3 \ No newline at end of file +4.9.4 \ No newline at end of file