Merge pull request KelvinTegelaar#1410 from KelvinTegelaar/dev

Dev to hotfix

Author: JohnDuprey

.github/workflows/dev_cippahmcc.yml

@@ -0,0 +1,30 @@
+# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
+# More GitHub Actions for Azure: https://github.com/Azure/actions
+
+name: Build and deploy Powershell project to Azure Function App - cippahmcc
+
+on:
+  push:
+    branches:
+      - dev
+  workflow_dispatch:
+
+env:
+  AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
+
+jobs:
+  deploy:
+    runs-on: windows-latest
+    
+    steps:
+      - name: 'Checkout GitHub Action'
+        uses: actions/checkout@v4
+      
+      - name: 'Run Azure Functions Action'
+        uses: Azure/functions-action@v1
+        id: fa
+        with:
+          app-name: 'cippahmcc'
+          slot-name: 'Production'
+          package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_D6317AAB492A474D91B7A6CD29E53BA3 }}

.github/workflows/dev_cippmpiii.yml

@@ -0,0 +1,30 @@
+# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
+# More GitHub Actions for Azure: https://github.com/Azure/actions
+
+name: Build and deploy Powershell project to Azure Function App - cippmpiii
+
+on:
+  push:
+    branches:
+      - dev
+  workflow_dispatch:
+
+env:
+  AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: 'Checkout GitHub Action'
+        uses: actions/checkout@v4
+      
+      - name: 'Run Azure Functions Action'
+        uses: Azure/functions-action@v1
+        id: fa
+        with:
+          app-name: 'cippmpiii'
+          slot-name: 'Production'
+          package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_BC5F21E993034DF2A3793489CE4705E4 }}

Modules/CIPPCore/Private/Get-ExoOnlineStringBytes.ps1

@@ -4,7 +4,7 @@ function Get-ExoOnlineStringBytes {
     # This exists because various exo cmdlets like to return a human readable string like "3.322 KB (3,402 bytes)" but not the raw bytes value
 
     if ($SizeString -match '\(([0-9,]+) bytes\)') {
-        return [int]($Matches[1] -replace ',','')
+        return [int64]($Matches[1] -replace ',','')
     }
 
     return 0

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDefenderIncidents.ps1

@@ -13,7 +13,14 @@ function Get-CIPPAlertDefenderIncidents {
     )
     try {
         $AlertData = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/security/incidents?`$top=50&`$filter=status eq 'active'" -tenantid $TenantFilter | ForEach-Object {
-            "Incident ID $($_.id): Created at $($_.createdDateTime). Severity: $($_.severity). `nIncident name: $($_.displayName). Incident URL: $($_.incidentWebUrl)."
+            [PSCustomObject]@{
+                IncidentID   = $_.id
+                CreatedAt    = $_.createdDateTime
+                Severity     = $_.severity
+                IncidentName = $_.displayName
+                IncidentUrl  = $_.incidentWebUrl
+                Tenant       = $TenantFilter
+            }
         }
         Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
 

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1

@@ -13,9 +13,33 @@ function Get-CIPPAlertNewAppApproval {
         $Headers
     )
     try {
-        $Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests?`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter
+        $Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests?`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter
         if ($Approvals.count -gt 0) {
-            $AlertData = "There are $($Approvals.count) App Approval(s) pending."
+            $AlertData = [System.Collections.Generic.List[PSCustomObject]]::new()
+            foreach ($App in $Approvals) {
+                $userConsentRequests = New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests/$($App.id)/userConsentRequests" -tenantid $TenantFilter
+                $userConsentRequests | ForEach-Object {
+                    $consentUrl = if ($App.consentType -eq 'Static') {
+                        # if something is going wrong here you've probably stumbled on a fourth variation - rvdwegen
+                        "https://login.microsoftonline.com/$($TenantFilter)/adminConsent?client_id=$($App.appId)&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
+                    } elseif ($App.pendingScopes.displayName) {
+                        "https://login.microsoftonline.com/$($TenantFilter)/v2.0/adminConsent?client_id=$($App.appId)&scope=$($App.pendingScopes.displayName -Join(' '))&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
+                    } else {
+                        "https://login.microsoftonline.com/$($TenantFilter)/adminConsent?client_id=$($App.appId)&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"
+                    }
+
+                    $Message = [PSCustomObject]@{
+                        AppName     = $App.appDisplayName
+                        RequestUser = $_.createdBy.user.userPrincipalName
+                        Reason      = $_.reason
+                        AppId       = $App.appId
+                        Scopes      = ($App.pendingScopes.displayName -join ', ')
+                        ConsentURL  = $consentUrl
+                        Tenant      = $TenantFilter
+                    }
+                    $AlertData.Add($Message)
+                }
+            }
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
         }
     } catch {

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Applications/Push-UploadApplication.ps1

@@ -26,7 +26,7 @@ function Push-UploadApplication {
             $intunewinFilesize = (Get-Item "AddMSPApp\$($ChocoApp.MSPAppName).intunewin")
             $Infile = "AddMSPApp\$($ChocoApp.MSPAppName).intunewin"
         } else {
-            [xml]$Intunexml = Get-Content 'AddChocoApp\choco.app.xml'
+            [xml]$Intunexml = Get-Content 'AddChocoApp\Choco.App.xml'
             $intunewinFilesize = (Get-Item 'AddChocoApp\IntunePackage.intunewin')
             $Infile = "AddChocoApp\$($intunexml.ApplicationInfo.FileName)"
         }

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1

@@ -19,7 +19,8 @@ function Push-BPACollectData {
         }
     }
     $Table = Get-CippTable -tablename 'cachebpav2'
-    $Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $TenantName.defaultDomainName -API $Item.Template
+
+    $Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $Item.Tenant -API $Item.Template
     if ($Rerun) {
         Write-Host 'Detected rerun for BPA. Exiting cleanly'
         exit 0

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1

@@ -1,4 +1,4 @@
-Function Push-ExecOnboardTenantQueue {
+function Push-ExecOnboardTenantQueue {
     <#
     .FUNCTIONALITY
     Entrypoint
@@ -354,22 +354,29 @@ Function Push-ExecOnboardTenantQueue {
         if ($OnboardingSteps.Step4.Status -eq 'succeeded') {
             if ($Item.StandardsExcludeAllTenants -eq $true) {
                 $AddExclusionObj = [PSCustomObject]@{
-                    label       = $Tenant.defaultDomainName
+                    label       = '{0} ({1})' -f $Tenant.displayName, $Tenant.defaultDomainName
                     value       = $Tenant.defaultDomainName
-                    addedFields = @{}
+                    addedFields = @{
+                        customerId        = $Tenant.customerId
+                        defaultDomainName = $Tenant.defaultDomainName
+                    }
                 }
                 $Table = Get-CippTable -tablename 'templates'
                 $ExistingTemplates = Get-CippazDataTableEntity @Table -Filter "PartitionKey eq 'StandardsTemplateV2'" | Where-Object { $_.JSON -match 'AllTenants' }
-                foreach ($AllTenantesTemplate in $ExistingTemplates) {
+                foreach ($AllTenantsTemplate in $ExistingTemplates) {
                     $object = $AllTenantesTemplate.JSON | ConvertFrom-Json
-                    $NewExcludedTenants = $object.excludedTenants + $AddExclusionObj
+                    $NewExcludedTenants = [system.collections.generic.list[object]]::new()
+                    foreach ($Tenant in $object.excludedTenants) {
+                        $NewExcludedTenants.Add($Tenant)
+                    }
+                    $NewExcludedTenants.Add($AddExclusionObj)
                     $object.excludedTenants = $NewExcludedTenants
                     $JSON = ConvertTo-Json -InputObject $object -Compress -Depth 10
                     $Table.Force = $true
                     Add-CIPPAzDataTableEntity @Table -Entity @{
                         JSON         = "$JSON"
-                        RowKey       = $AllTenantesTemplate.RowKey
-                        GUID         = $AllTenantesTemplate.GUID
+                        RowKey       = $AllTenantsTemplate.RowKey
+                        GUID         = $AllTenantsTemplate.GUID
                         PartitionKey = 'StandardsTemplateV2'
                     }
                 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCippReplacemap.ps1

@@ -3,14 +3,14 @@ function Invoke-ExecCippReplacemap {
     .FUNCTIONALITY
         Entrypoint
     .ROLE
-        CIPP.Extension.ReadWrite
+        Tenant.Config.ReadWrite
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
     $Table = Get-CippTable -tablename 'CippReplacemap'
     $Action = $Request.Query.Action ?? $Request.Body.Action
-    $customerId = $Request.Query.customerId ?? $Request.Body.customerId
+    $customerId = $Request.Query.tenantId ?? $Request.Body.tenantId
 
     if (!$customerId) {
         Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecSetRecipientLimits.ps1

@@ -0,0 +1,50 @@
+function Invoke-ExecSetRecipientLimits {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Mailbox.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with the query or body of the request
+    $TenantFilter = $Request.Body.tenantFilter
+    $recipientLimit = $Request.Body.recipientLimit
+    $Identity = $Request.Body.Identity
+    $UserPrincipalName = $Request.Body.userid
+
+    # Set the parameters for the EXO request
+    $ExoRequest = @{
+        tenantid  = $TenantFilter
+        cmdlet    = 'Set-Mailbox'
+        cmdParams = @{
+            Identity              = $Identity
+            RecipientLimits       = $recipientLimit
+        }
+    }
+
+    # Execute the EXO request
+    try {
+        $null = New-ExoRequest @ExoRequest
+        $Results = "Recipient limit for $UserPrincipalName has been set to $recipientLimit"
+        
+        Write-LogMessage -API $APIName -tenant $TenantFilter -message $Results -sev Info
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Results = "Could not set recipient limit for $UserPrincipalName to $recipientLimit. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -API $APIName -tenant $TenantFilter -message $Results -sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::InternalServerError
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{ Results = $Results }
+        })
+}