Merge pull request #148 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAzBobbyTables.ps1

@@ -19,8 +19,10 @@ function Invoke-ExecAzBobbyTables {
 
     $AllowList = @(
         'Add-AzDataTableEntity'
+        'Add-CIPPAzDataTableEntity'
         'Update-AzDataTableEntity'
         'Get-AzDataTableEntity'
+        'Get-CIPPAzDataTableEntity'
         'Get-AzDataTable'
         'New-AzDataTable'
         'Remove-AzDataTableEntity'

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListExtensionCacheData.ps1

@@ -0,0 +1,45 @@
+function Invoke-ListExtensionCacheData {
+    <#
+    .SYNOPSIS
+        List Extension Cache Data
+    .DESCRIPTION
+        This function is used to list the extension cache data.
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        CIPP.Core.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter
+    $DataTypes = $Request.Query.dataTypes -split ',' ?? $Request.Body.dataTypes ?? 'All'
+
+    $Data = Get-ExtensionCacheData -TenantFilter $TenantFilter
+
+    if ($DataTypes -ne 'All') {
+        $Data = $Data | Select-Object $DataTypes
+    }
+
+    if (!$Data) {
+        $Results = @{}
+    }
+
+    $Body = @{
+        Results = $Data
+    }
+
+    $StatusCode = [HttpStatusCode]::OK
+
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = $Body | ConvertTo-Json -Compress -Depth 100
+            Headers    = @{
+                'Content-Type' = 'application/json'
+            }
+        })
+}

Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1

@@ -106,7 +106,7 @@ function New-ExoBulkRequest {
                 if ($body.'@adminapi.warnings') {
                     Write-Warning ($body.'@adminapi.warnings' | Out-String)
                 }
-                if ($body.error) {
+                if (![string]::IsNullOrEmpty($body.error.details.message) -or ![string]::IsNullOrEmpty($body.error.message)) {
                     if ($body.error.details.message) {
                         $msg = [pscustomobject]@{ error = $body.error.details.message; target = $body.error.details.target }
                     } else {
@@ -130,7 +130,7 @@ function New-ExoBulkRequest {
                 if ($body.'@adminapi.warnings') {
                     Write-Warning ($body.'@adminapi.warnings' | Out-String)
                 }
-                if ($body.error) {
+                if (![string]::IsNullOrEmpty($body.error.details.message) -or ![string]::IsNullOrEmpty($body.error.message)) {
                     if ($body.error.details.message) {
                         $msg = [pscustomobject]@{ error = $body.error.details.message; target = $body.error.details.target }
                     } else {

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1

@@ -32,12 +32,11 @@ function Invoke-CIPPStandardOauthConsent {
     #>
 
     param($tenant, $settings)
-    ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'OauthConsent'
 
     $State = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -tenantid $tenant
     $StateIsCorrect = if ($State.permissionGrantPolicyIdsAssignedToDefaultUserRole -eq 'managePermissionGrantsForSelf.cipp-consent-policy') { $true } else { $false }
 
-    If ($Settings.remediate -eq $true) {
+    if ($Settings.remediate -eq $true) {
         $AllowedAppIdsForTenant = $settings.AllowedApps -split ','
         try {
             if ($State.permissionGrantPolicyIdsAssignedToDefaultUserRole -notin @('managePermissionGrantsForSelf.cipp-consent-policy')) {
@@ -70,11 +69,17 @@ function Invoke-CIPPStandardOauthConsent {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode is enabled.' -sev Info
         } else {
-            Write-StandardsAlert -message "Application Consent Mode is not enabled." -object $State -tenant $tenant -standardName 'OauthConsent' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'Application Consent Mode is not enabled.' -object $State -tenant $tenant -standardName 'OauthConsent' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode is not enabled.' -sev Info
         }
     }
     if ($Settings.report -eq $true) {
         Add-CIPPBPAField -FieldName 'OauthConsent' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
+        if ($StateIsCorrect) {
+            $FieldValue = $true
+        } else {
+            $FieldValue = $State
+        }
+        Set-CIPPStandardsCompareField -FieldName 'standards.OauthConsent' -FieldValue $FieldValue -Tenant $tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsentLowSec.ps1

@@ -28,24 +28,23 @@ function Invoke-CIPPStandardOauthConsentLowSec {
     #>
 
     param($Tenant, $Settings)
-    ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'OauthConsentLowSec'
 
     $State = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -tenantid $tenant)
     $PermissionState = (New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/servicePrincipals(appId='00000003-0000-0000-c000-000000000000')/delegatedPermissionClassifications" -tenantid $tenant) | Select-Object -Property permissionName
 
     $requiredPermissions = @('offline_access', 'openid', 'User.Read', 'profile', 'email')
     $missingPermissions = $requiredPermissions | Where-Object { $PermissionState.permissionName -notcontains $_ }
 
-    If ($Settings.remediate -eq $true) {
+    if ($Settings.remediate -eq $true) {
         if ($State.permissionGrantPolicyIdsAssignedToDefaultUserRole -in @('managePermissionGrantsForSelf.microsoft-user-default-low')) {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode(microsoft-user-default-low) is already enabled.' -sev Info
         } else {
             try {
                 $GraphParam = @{
-                    tenantid = $tenant
-                    Uri = 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy'
-                    Type = 'PATCH'
-                    Body = @{
+                    tenantid    = $tenant
+                    Uri         = 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy'
+                    Type        = 'PATCH'
+                    Body        = @{
                         permissionGrantPolicyIdsAssignedToDefaultUserRole = @('managePermissionGrantsForSelf.microsoft-user-default-low')
                     } | ConvertTo-Json
                     ContentType = 'application/json'
@@ -64,10 +63,10 @@ function Invoke-CIPPStandardOauthConsentLowSec {
             try {
                 $missingPermissions | ForEach-Object {
                     $GraphParam = @{
-                        tenantid = $tenant
-                        Uri = "https://graph.microsoft.com/beta/servicePrincipals(appId='00000003-0000-0000-c000-000000000000')/delegatedPermissionClassifications"
-                        Type = 'POST'
-                        Body = @{
+                        tenantid    = $tenant
+                        Uri         = "https://graph.microsoft.com/beta/servicePrincipals(appId='00000003-0000-0000-c000-000000000000')/delegatedPermissionClassifications"
+                        Type        = 'POST'
+                        Body        = @{
                             permissionName = $_
                             classification = 'low'
                         } | ConvertTo-Json
@@ -85,7 +84,7 @@ function Invoke-CIPPStandardOauthConsentLowSec {
 
     if ($Settings.alert -eq $true) {
         if ($State.permissionGrantPolicyIdsAssignedToDefaultUserRole -notin @('managePermissionGrantsForSelf.microsoft-user-default-low')) {
-            Write-StandardsAlert -message "Application Consent Mode(microsoft-user-default-low) is not enabled" -object $State -tenant $tenant -standardName 'OauthConsentLowSec' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'Application Consent Mode(microsoft-user-default-low) is not enabled' -object $State -tenant $tenant -standardName 'OauthConsentLowSec' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode(microsoft-user-default-low) is not enabled.' -sev Info
         } else {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode(microsoft-user-default-low) is enabled.' -sev Info
@@ -95,9 +94,15 @@ function Invoke-CIPPStandardOauthConsentLowSec {
     if ($Settings.report -eq $true) {
         if ($State.permissionGrantPolicyIdsAssignedToDefaultUserRole -notin @('managePermissionGrantsForSelf.microsoft-user-default-low')) {
             $State.permissionGrantPolicyIdsAssignedToDefaultUserRole = $false
+            $ValueField = @{
+                authorizationPolicy       = $State
+                permissionClassifications = $PermissionState
+            }
         } else {
             $State.permissionGrantPolicyIdsAssignedToDefaultUserRole = $true
+            $ValueField = $true
         }
         Add-CIPPBPAField -FieldName 'OauthConsentLowSec' -FieldValue $State.permissionGrantPolicyIdsAssignedToDefaultUserRole -StoreAs bool -Tenant $tenant
+        Set-CIPPStandardsCompareField -FieldName 'standards.OauthConsentLowSec' -FieldValue $ValueField -Tenant $tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1

@@ -31,11 +31,10 @@ function Invoke-CIPPStandardOutBoundSpamAlert {
     #>
 
     param($Tenant, $Settings)
-    ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'OutBoundSpamAlert'
 
     $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-HostedOutboundSpamFilterPolicy' -useSystemMailbox $true
 
-    If ($Settings.remediate -eq $true) {
+    if ($Settings.remediate -eq $true) {
 
         if ($CurrentInfo.NotifyOutboundSpam -ne $true -or $CurrentInfo.NotifyOutboundSpamRecipients -ne $settings.OutboundSpamContact) {
             $Contacts = $settings.OutboundSpamContact
@@ -56,12 +55,18 @@ function Invoke-CIPPStandardOutBoundSpamAlert {
         if ($CurrentInfo.NotifyOutboundSpam -eq $true) {
             Write-LogMessage -API 'Standards' -tenant $tenant -message "Outbound spam filter alert is set to $($CurrentInfo.NotifyOutboundSpamRecipients)" -sev Info
         } else {
-            Write-StandardsAlert -message "Outbound spam filter alert is not set" -object $CurrentInfo -tenant $tenant -standardName 'OutBoundSpamAlert' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'Outbound spam filter alert is not set' -object $CurrentInfo -tenant $tenant -standardName 'OutBoundSpamAlert' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Outbound spam filter alert is not set' -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
         Add-CIPPBPAField -FieldName 'OutboundSpamAlert' -FieldValue $CurrentInfo.NotifyOutboundSpam -StoreAs bool -Tenant $tenant
+        if ($CurrentInfo.NotifyOutboundSpam -ne $true -or $CurrentInfo.NotifyOutboundSpamRecipients -ne $settings.OutboundSpamContact) {
+            $ValueField = $CurrentInfo | Select-Object -Property NotifyOutboundSpamRecipients, NotifyOutboundSpam
+        } else {
+            $ValueField = $true
+        }
+        Set-CIPPStandardsCompareField -FieldName 'standards.OutBoundSpamAlert' -FieldValue $ValueField -Tenant $tenant
     }
 }