Skip to content

Commit

Permalink
Added Anti-Phishing and Anti-Spam policies to backup
Browse files Browse the repository at this point in the history
  • Loading branch information
@cipptesting
cipptesting committed Aug 21, 2024
1 parent bca97eb commit c0aef66
Show file tree
Hide file tree
Showing 2 changed files with 386 additions and 0 deletions.
44 changes: 44 additions & 0 deletions Modules/CIPPCore/Public/New-CIPPBackupTask.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,50 @@ function New-CIPPBackupTask {
}
}

'antispam' {
Write-Host "Backup Anti-Spam Policies for $TenantFilter"

$Policies = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-HostedContentFilterPolicy' | Select-Object * -ExcludeProperty *odata*, *data.type*
$Rules = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-HostedContentFilterRule' | Select-Object * -ExcludeProperty *odata*, *data.type*

$Policies | ForEach-Object {
$_.psobject.properties | Where-Object { $null -eq $_.Value } | ForEach-Object {
$_.psobject.properties.Remove($_.Name)
}
}

$Rules | ForEach-Object {
$_.psobject.properties | Where-Object { $null -eq $_.Value } | ForEach-Object {
$_.psobject.properties.Remove($_.Name)
}
}

$JSON = @{ policies = $Policies; rules = $Rules } | ConvertTo-Json -Depth 10
$JSON
}

'antiphishing' {
Write-Host "Backup Anti-Phishing Policies for $TenantFilter"

$Policies = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-AntiPhishPolicy' | Select-Object * -ExcludeProperty *odata*, *data.type*
$Rules = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-AntiPhishRule' | Select-Object * -ExcludeProperty *odata*, *data.type*

$Policies | ForEach-Object {
$_.psobject.properties | Where-Object { $null -eq $_.Value } | ForEach-Object {
$_.psobject.properties.Remove($_.Name)
}
}

$Rules | ForEach-Object {
$_.psobject.properties | Where-Object { $null -eq $_.Value } | ForEach-Object {
$_.psobject.properties.Remove($_.Name)
}
}

$JSON = @{ policies = $Policies; rules = $Rules } | ConvertTo-Json -Depth 10
$JSON
}

'CippWebhookAlerts' {
Write-Host "Backup Webhook Alerts for $TenantFilter"
$WebhookTable = Get-CIPPTable -TableName 'WebhookRules'
Expand Down
342 changes: 342 additions & 0 deletions Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,348 @@ function New-CIPPRestoreTask {

}

'antispam' {
try {
$BackupConfig = $BackupData.antispam | ConvertFrom-Json | ConvertFrom-Json
$BackupPolicies = $BackupConfig.policies
$BackupRules = $BackupConfig.rules
$CurrentPolicies = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-HostedContentFilterPolicy' | Select-Object * -ExcludeProperty *odata*, *data.type*
$CurrentRules = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-HostedContentFilterRule' | Select-Object * -ExcludeProperty *odata*, *data.type*
} catch {
$ErrorMessage = Get-CippException -Exception $_
"Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) "
Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage
}

$policyparams = @(
'AddXHeaderValue',
'AdminDisplayName',
'AllowedSenderDomains',
'AllowedSenders',
'BlockedSenderDomains',
'BlockedSenders',
'BulkQuarantineTag',
'BulkSpamAction',
'BulkThreshold',
'DownloadLink',
'EnableEndUserSpamNotifications',
'EnableLanguageBlockList',
'EnableRegionBlockList',
'EndUserSpamNotificationCustomFromAddress',
'EndUserSpamNotificationCustomFromName',
'EndUserSpamNotificationCustomSubject',
'EndUserSpamNotificationFrequency',
'EndUserSpamNotificationLanguage',
'EndUserSpamNotificationLimit',
'HighConfidencePhishAction',
'HighConfidencePhishQuarantineTag',
'HighConfidenceSpamAction',
'HighConfidenceSpamQuarantineTag',
'IncreaseScoreWithBizOrInfoUrls',
'IncreaseScoreWithImageLinks',
'IncreaseScoreWithNumericIps',
'IncreaseScoreWithRedirectToOtherPort',
'InlineSafetyTipsEnabled',
'IntraOrgFilterState',
'LanguageBlockList',
'MarkAsSpamBulkMail',
'MarkAsSpamEmbedTagsInHtml',
'MarkAsSpamEmptyMessages',
'MarkAsSpamFormTagsInHtml',
'MarkAsSpamFramesInHtml',
'MarkAsSpamFromAddressAuthFail',
'MarkAsSpamJavaScriptInHtml',
'MarkAsSpamNdrBackscatter',
'MarkAsSpamObjectTagsInHtml',
'MarkAsSpamSensitiveWordList',
'MarkAsSpamSpfRecordHardFail',
'MarkAsSpamWebBugsInHtml',
'ModifySubjectValue',
'PhishQuarantineTag',
'PhishSpamAction',
'PhishZapEnabled',
'QuarantineRetentionPeriod',
'RedirectToRecipients',
'RegionBlockList',
'SpamAction',
'SpamQuarantineTag',
'SpamZapEnabled',
'TestModeAction',
'TestModeBccToRecipients'
)

$ruleparams = @(
'Name',
'HostedContentFilterPolicy',
'Comments',
'Enabled',
'ExceptIfRecipientDomainIs',
'ExceptIfSentTo',
'ExceptIfSentToMemberOf',
'Priority',
'RecipientDomainIs',
'SentTo',
'SentToMemberOf'
)

foreach ($policy in $BackupPolicies) {
try {
if ($policy.Identity -in $CurrentPolicies.Identity) {
if ($overwrite) {
$cmdparams = @{
Identity = $policy.Identity
}

foreach ($param in $policyparams) {
if ($policy.PSObject.Properties[$param]) {
if ($param -eq 'IntraOrgFilterState' -and $policy.$param -eq 'Default') {
$cmdparams[$param] = 'HighConfidencePhish'
} else {
$cmdparams[$param] = $policy.$param
}
}
}

New-ExoRequest -TenantId $Tenantfilter -cmdlet 'Set-HostedContentFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true

Write-LogMessage -message "Restored $($policy.Identity) from backup" -Sev 'info'
"Restored $($policy.Identity) from backup."
}
} else {
$cmdparams = @{
Name = $policy.Name
}

foreach ($param in $policyparams) {
if ($policy.PSObject.Properties[$param]) {
if ($param -eq 'IntraOrgFilterState' -and $policy.$param -eq 'Default') {
$cmdparams[$param] = 'HighConfidencePhish'
} else {
$cmdparams[$param] = $policy.$param
}
}
}

New-ExoRequest -TenantId $Tenantfilter -cmdlet 'New-HostedContentFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true

Write-LogMessage -message "Restored $($policy.Identity) from backup" -Sev 'info'
"Restored $($policy.Identity) from backup."
}
} catch {
$ErrorMessage = Get-CippException -Exception $_
"Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) "
Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage
}
}

foreach ($rule in $BackupRules) {
try {
if ($rule.Identity -in $CurrentRules.Identity) {
if ($overwrite) {
$cmdparams = @{
Identity = $rule.Identity
}

foreach ($param in $ruleparams) {
if ($rule.PSObject.Properties[$param]) {
if ($param -eq 'Enabled') {
$cmdparams[$param] = if ($rule.State -eq 'Enabled') {$true} else {$false}
} else {
$cmdparams[$param] = $rule.$param
}
}
}

New-ExoRequest -TenantId $Tenantfilter -cmdlet 'Set-HostedContentFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true

Write-LogMessage -message "Restored $($rule.Identity) from backup" -Sev 'info'
"Restored $($rule.Identity) from backup."
}
} else {
$cmdparams = @{
Name = $rule.Name
}

foreach ($param in $ruleparams) {
if ($rule.PSObject.Properties[$param]) {
if ($param -eq 'Enabled') {
$cmdparams[$param] = if ($rule.State -eq 'Enabled') {$true} else {$false}
} else {
$cmdparams[$param] = $rule.$param
}
}
}

New-ExoRequest -TenantId $Tenantfilter -cmdlet 'New-HostedContentFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true

Write-LogMessage -message "Restored $($rule.Identity) from backup" -Sev 'info'
"Restored $($rule.Identity) from backup."
}
} catch {
$ErrorMessage = Get-CippException -Exception $_
"Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) "
Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage
}
}
}

'antiphishing' {
try {
$BackupConfig = $BackupData.antiphishing | ConvertFrom-Json | ConvertFrom-Json
$BackupPolicies = $BackupConfig.policies
$BackupRules = $BackupConfig.rules
$CurrentPolicies = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-AntiPhishPolicy' | Select-Object * -ExcludeProperty *odata*, *data.type*
$CurrentRules = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-AntiPhishRule' | Select-Object * -ExcludeProperty *odata*, *data.type*
} catch {
$ErrorMessage = Get-CippException -Exception $_
"Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) "
Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage
}

$policyparams = @(
'AdminDisplayName',
'AuthenticationFailAction',
'DmarcQuarantineAction',
'DmarcRejectAction',
'EnableFirstContactSafetyTips',
'EnableMailboxIntelligence',
'EnableMailboxIntelligenceProtection',
'EnableOrganizationDomainsProtection',
'EnableSimilarDomainsSafetyTips',
'EnableSimilarUsersSafetyTips',
'EnableSpoofIntelligence',
'EnableTargetedDomainsProtection',
'EnableTargetedUserProtection',
'EnableUnauthenticatedSender',
'EnableUnusualCharactersSafetyTips',
'EnableViaTag',
'ExcludedDomains',
'ExcludedSenders',
'HonorDmarcPolicy',
'ImpersonationProtectionState',
'MailboxIntelligenceProtectionAction',
'MailboxIntelligenceProtectionActionRecipients',
'MailboxIntelligenceQuarantineTag',
'PhishThresholdLevel',
'SimilarUsersSafetyTipsCustomText',
'SpoofQuarantineTag',
'TargetedDomainActionRecipients',
'TargetedDomainProtectionAction',
'TargetedDomainQuarantineTag',
'TargetedDomainsToProtect',
'TargetedUserActionRecipients',
'TargetedUserProtectionAction',
'TargetedUserQuarantineTag',
'TargetedUsersToProtect'
)

$ruleparams = @(
'Name',
'AntiPhishPolicy',
'Comments',
'Enabled',
'ExceptIfRecipientDomainIs',
'ExceptIfSentTo',
'ExceptIfSentToMemberOf',
'Priority',
'RecipientDomainIs',
'SentTo',
'SentToMemberOf'
)

foreach ($policy in $BackupPolicies) {
try {
if ($policy.Identity -in $CurrentPolicies.Identity) {
if ($overwrite) {
$cmdparams = @{
Identity = $policy.Identity
}

foreach ($param in $policyparams) {
if ($policy.PSObject.Properties[$param]) {
$cmdparams[$param] = $policy.$param
}
}

New-ExoRequest -TenantId $Tenantfilter -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true

Write-LogMessage -message "Restored $($policy.Identity) from backup" -Sev 'info'
"Restored $($policy.Identity) from backup."
}
} else {
$cmdparams = @{
Name = $policy.Name
}

foreach ($param in $policyparams) {
if ($policy.PSObject.Properties[$param]) {
$cmdparams[$param] = $policy.$param
}
}

New-ExoRequest -TenantId $Tenantfilter -cmdlet 'New-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true

Write-LogMessage -message "Restored $($policy.Identity) from backup" -Sev 'info'
"Restored $($policy.Identity) from backup."
}
} catch {
$ErrorMessage = Get-CippException -Exception $_
"Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) "
Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage
}
}

foreach ($rule in $BackupRules) {
try {
if ($rule.Identity -in $CurrentRules.Identity) {
if ($overwrite) {
$cmdparams = @{
Identity = $rule.Identity
}

foreach ($param in $ruleparams) {
if ($rule.PSObject.Properties[$param]) {
if ($param -eq 'Enabled') {
$cmdparams[$param] = if ($rule.State -eq 'Enabled') {$true} else {$false}
} else {
$cmdparams[$param] = $rule.$param
}
}
}

New-ExoRequest -TenantId $Tenantfilter -cmdlet 'Set-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true

Write-LogMessage -message "Restored $($rule.Identity) from backup" -Sev 'info'
"Restored $($rule.Identity) from backup."
}
} else {
$cmdparams = @{
Name = $rule.Name
}

foreach ($param in $ruleparams) {
if ($rule.PSObject.Properties[$param]) {
if ($param -eq 'Enabled') {
$cmdparams[$param] = if ($rule.State -eq 'Enabled') {$true} else {$false}
} else {
$cmdparams[$param] = $rule.$param
}
}
}

New-ExoRequest -TenantId $Tenantfilter -cmdlet 'New-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true

Write-LogMessage -message "Restored $($rule.Identity) from backup" -Sev 'info'
"Restored $($rule.Identity) from backup."
}
} catch {
$ErrorMessage = Get-CippException -Exception $_
"Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) "
Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage
}
}
}

'CippWebhookAlerts' {
Write-Host "Restore Webhook Alerts for $TenantFilter"
$WebhookTable = Get-CIPPTable -TableName 'WebhookRules'
Expand Down

0 comments on commit c0aef66

Please sign in to comment.