Merge pull request #193 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecSetLitigationHold.ps1

@@ -0,0 +1,58 @@
+function Invoke-ExecSetLitigationHold {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Mailbox.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with the query or body of the request
+    $TenantFilter = $Request.Body.tenantFilter
+    $LitHoldState = -not $Request.Body.disable -as [bool]
+    $Identity = $Request.Body.Identity
+    $UserPrincipalName = $Request.Body.UPN
+    $Days = $Request.Body.days -as [int]
+
+    # Set the parameters for the EXO request
+    $ExoRequest = @{
+        tenantid  = $TenantFilter
+        cmdlet    = 'Set-Mailbox'
+        cmdParams = @{
+            Identity              = $Identity
+            LitigationHoldEnabled = $LitHoldState
+        }
+    }
+
+    # Add the duration of the hold if specified
+    if ($Days -ne 0 -and $LitHoldState -eq $true) {
+        $ExoRequest.cmdParams['LitigationHoldDuration'] = $Days
+    }
+
+    # Execute the EXO request
+    try {
+        $null = New-ExoRequest @ExoRequest
+        $Results = "Litigation hold for $UserPrincipalName with Id $Identity has been set to $LitHoldState"
+        if ($Days -ne 0 -and $LitHoldState -eq $true) {
+            $Results += " for $Days days"
+        }
+        Write-LogMessage -API $APIName -tenant $TenantFilter -message $Results -sev Info
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Results = "Could not set litigation hold for $UserPrincipalName with Id $Identity to $LitHoldState. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -API $APIName -tenant $TenantFilter -message $Results -sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::InternalServerError
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{ Results = $Results }
+        })
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ListMailboxes.ps1

@@ -17,7 +17,7 @@ Function Invoke-ListMailboxes {
     # Interact with query parameters or the body of the request.
     $TenantFilter = $Request.Query.tenantFilter
     try {
-        $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled,ExternalDirectoryObjectId,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled'
+        $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled,ExternalDirectoryObjectId,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled,PersistedCapabilities,LitigationHoldEnabled,LitigationHoldDate,LitigationHoldDuration'
         $ExoRequest = @{
             tenantid  = $TenantFilter
             cmdlet    = 'Get-Mailbox'
@@ -69,7 +69,12 @@ Function Invoke-ListMailboxes {
         HiddenFromAddressListsEnabled,
         ExternalDirectoryObjectId,
         MessageCopyForSendOnBehalfEnabled,
-        MessageCopyForSentAsEnabled
+        MessageCopyForSentAsEnabled,
+        LitigationHoldEnabled,
+        LitigationHoldDate,
+        LitigationHoldDuration,
+        @{ Name = 'LicensedForLitigationHold'; Expression = { ($_.PersistedCapabilities -contains 'BPOS_S_DlpAddOn' -or $_.PersistedCapabilities -contains 'BPOS_S_Enterprise') } }
+
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecRenameAPDevice.ps1

@@ -0,0 +1,61 @@
+using namespace System.Net
+
+Function Invoke-ExecRenameAPDevice {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.Autopilot.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+    $TenantFilter = $Request.Body.tenantFilter
+
+
+    try {
+        $DeviceId = $Request.Body.deviceId
+        $SerialNumber = $Request.Body.serialNumber
+        $DisplayName = $Request.Body.displayName
+
+        # Validation
+        if ($DisplayName.Length -gt 15) {
+            $ValidationError = 'Display name cannot exceed 15 characters.'
+        } elseif ($DisplayName -notmatch '^[a-zA-Z0-9-]+$') {
+            # This regex also implicitly checks for spaces
+            $ValidationError = 'Display name can only contain letters (a-z, A-Z), numbers (0-9), and hyphens (-).'
+        } elseif ($DisplayName -match '^\d+$') {
+            $ValidationError = 'Display name cannot consist solely of numbers.'
+        }
+
+        if ($null -ne $ValidationError) {
+            $Result = "Validation failed: $ValidationError"
+            $StatusCode = [HttpStatusCode]::BadRequest
+        } else {
+            # Validation passed, proceed with Graph API call
+            $body = @{
+                displayName = $DisplayName
+            } | ConvertTo-Json
+
+            New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($DeviceId)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST | Out-Null
+            $Result = "Successfully renamed device '$($DeviceId)' with serial number '$($SerialNumber)' to '$($DisplayName)'"
+            Write-LogMessage -Headers $User -API $APINAME -message $Result -Sev Info
+            $StatusCode = [HttpStatusCode]::OK
+        }
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = "Could not rename device '$($DeviceId)' with serial number '$($SerialNumber)' to '$($DisplayName)'. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -Headers $User -API $APINAME -message $Result -Sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::BadRequest
+    }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{ Results = $Result }
+        })
+
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecSetAPDeviceGroupTag.ps1

@@ -0,0 +1,53 @@
+using namespace System.Net
+
+Function Invoke-ExecSetAPDeviceGroupTag {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.Autopilot.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+    $TenantFilter = $Request.Body.tenantFilter
+
+    try {
+        $DeviceId = $Request.Body.deviceId
+        $SerialNumber = $Request.Body.serialNumber
+        $GroupTag = $Request.Body.groupTag
+
+        # Validation - GroupTag can be empty, but if provided, validate it
+        if ($null -ne $GroupTag -and $GroupTag -ne '' -and $GroupTag.Length -gt 128) {
+            $ValidationError = 'Group tag cannot exceed 128 characters.'
+        }
+
+        if ($null -ne $ValidationError) {
+            $Result = "Validation failed: $ValidationError"
+            $StatusCode = [HttpStatusCode]::BadRequest
+        } else {
+            # Validation passed, proceed with Graph API call
+            $body = @{
+                groupTag = $GroupTag
+            } | ConvertTo-Json
+
+            New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($DeviceId)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST | Out-Null
+            $Result = "Successfully updated group tag for device '$($DeviceId)' with serial number '$($SerialNumber)' to '$($GroupTag)'"
+            Write-LogMessage -Headers $Headers -API $APIName -message $Result -Sev Info
+            $StatusCode = [HttpStatusCode]::OK
+        }
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = "Could not update group tag for device '$($DeviceId)' with serial number '$($SerialNumber)' to '$($GroupTag)'. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -Headers $Headers -API $APIName -message $Result -Sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::BadRequest
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{ Results = $Result }
+        })
+}

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAddShortcutsToOneDrive.ps1

@@ -33,11 +33,6 @@ function Invoke-CIPPStandardDisableAddShortcutsToOneDrive {
 
     $CurrentState = Get-CIPPSPOTenant -TenantFilter $Tenant | Select-Object _ObjectIdentity_, TenantFilter, DisableAddToOneDrive
 
-    if ($Settings.report -eq $true) {
-        Set-CIPPStandardsCompareField -FieldName 'standards.DisableAddShortcutsToOneDrive' -FieldValue $CurrentState.DisableAddToOneDrive -TenantFilter $Tenant
-        Add-CIPPBPAField -FieldName 'OneDriveAddShortcutButtonDisabled' -FieldValue $CurrentState.DisableAddToOneDrive -StoreAs bool -Tenant $Tenant
-    }
-
     # Input validation
     $StateValue = $Settings.state.value ?? $Settings.state
     if (([string]::IsNullOrWhiteSpace($StateValue) -or $StateValue -eq 'Select a value') -and ($Settings.remediate -eq $true -or $Settings.alert -eq $true)) {
@@ -49,6 +44,16 @@ function Invoke-CIPPStandardDisableAddShortcutsToOneDrive {
     $StateIsCorrect = if ($CurrentState.DisableAddToOneDrive -eq $WantedState) { $true } else { $false }
     $HumanReadableState = if ($WantedState -eq $true) { 'disabled' } else { 'enabled' }
 
+    if ($Settings.report -eq $true) {
+        if ($StateIsCorrect -eq $true) {
+            $FieldValue = $true
+        } else {
+            $FieldValue = $CurrentState | Select-Object -Property DisableAddToOneDrive
+        }
+        Set-CIPPStandardsCompareField -FieldName 'standards.DisableAddShortcutsToOneDrive' -FieldValue $FieldValue -TenantFilter $Tenant
+        Add-CIPPBPAField -FieldName 'OneDriveAddShortcutButtonDisabled' -FieldValue $CurrentState.DisableAddToOneDrive -StoreAs bool -Tenant $Tenant
+    }
+
     If ($Settings.remediate -eq $true) {
         Write-Host 'Time to remediate'
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableLitigationHold.ps1

@@ -30,7 +30,7 @@ function Invoke-CIPPStandardEnableLitigationHold {
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'EnableLitigationHold'
 
-    $MailboxesNoLitHold = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdparams @{ Filter = 'LitigationHoldEnabled -eq "False"' } -Select 'UserPrincipalName,PersistedCapabilities,LitigationHoldEnabled' | Where-Object { $_.PersistedCapabilities -contains 'BPOS_S_DlpAddOn' -or $_.PersistedCapabilities -contains 'BPOS_S_Enterprise' }
+    $MailboxesNoLitHold = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ Filter = 'LitigationHoldEnabled -eq "False"' } -Select 'UserPrincipalName,PersistedCapabilities,LitigationHoldEnabled' | Where-Object { $_.PersistedCapabilities -contains 'BPOS_S_DlpAddOn' -or $_.PersistedCapabilities -contains 'BPOS_S_Enterprise' }
 
     if ($Settings.remediate -eq $true) {
         if ($null -eq $MailboxesNoLitHold) {
@@ -44,19 +44,19 @@ function Invoke-CIPPStandardEnableLitigationHold {
                             Parameters = @{ Identity = $_.UserPrincipalName; LitigationHoldEnabled = $true }
                         }
                     }
-                    if ($Settings.days -ne $null) {
+                    if ($null -ne $Settings.days) {
                         $params.CmdletInput.Parameters['LitigationHoldDuration'] = $Settings.days
                     }
                     $params
                 }
 
 
-                $BatchResults = New-ExoBulkRequest -tenantid $tenant -cmdletArray @($Request)
+                $BatchResults = New-ExoBulkRequest -tenantid $Tenant -cmdletArray @($Request)
                 $BatchResults | ForEach-Object {
                     if ($_.error) {
                         $ErrorMessage = Get-NormalizedError -Message $_.error
                         Write-Host "Failed to Enable Litigation Hold for $($_.Target). Error: $ErrorMessage"
-                        Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to Enable Litigation Hold for $($_.Target). Error: $ErrorMessage" -sev Error
+                        Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to Enable Litigation Hold for $($_.Target). Error: $ErrorMessage" -sev Error
                     }
                 }
             } catch {