Merge pull request #624 from KelvinTegelaar/dev

KelvinTegelaar · web-flow · commit 156561193992 · 2024-02-13T20:56:56.000+01:00
Dev
diff --git a/DomainAnalyser_All/run.ps1 b/DomainAnalyser_All/run.ps1
@@ -42,6 +42,7 @@ $Result = [PSCustomObject]@{
     ExpectedSPFRecord    = ''
     ActualSPFRecord      = ''
     SPFPassAll           = ''
+    ActualMXRecords      = ''
     MXPassTest           = ''
     DMARCPresent         = ''
     DMARCFullPolicy      = ''
@@ -79,6 +80,7 @@ $MXRecord = Read-MXRecord -Domain $Domain -ErrorAction Stop
 
 $Result.ExpectedSPFRecord = $MXRecord.ExpectedInclude
 $Result.MXPassTest = $false
+$Result.ActualMXRecords = $MXRecord.Records
 
 # Check fail counts to ensure all tests pass
 #$MXWarnCount = $MXRecord.ValidationWarns | Measure-Object | Select-Object -ExpandProperty Count
diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1
@@ -12,6 +12,14 @@ Function Invoke-EditUser {
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
     
     $userobj = $Request.body
+    if ($userobj.Userid -eq '') {
+        $body = @{'Results' = @('Failed to edit user. No user ID provided') }
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::BadRequest
+                Body       = $Body
+            })
+        return
+    }
     $Results = [System.Collections.ArrayList]@()
     $licenses = ($userobj | Select-Object 'License_*').psobject.properties.value
     $Aliases = if ($userobj.AddedAliases) { ($userobj.AddedAliases).Split([Environment]::NewLine) }
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1
@@ -19,7 +19,7 @@ function Invoke-CIPPStandardEnableMailboxAuditing {
             $LogMessage = 'Tenant level mailbox audit already enabled. '
         }
 
-        # check for mailbox audit on all mailboxes. Enabled for all that it's not enabled for
+        # Check for mailbox audit on all mailboxes. Enable for all that it's not enabled for
         $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditEnabled -ne $true }
         $Mailboxes | ForEach-Object {
             try {
@@ -29,9 +29,30 @@ function Invoke-CIPPStandardEnableMailboxAuditing {
                 Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable user level mailbox audit for $($_.UserPrincipalName). Error: $($_.exception.message)" -sev Error
             }
         }
-        if ($Mailboxes.Count -eq 0) {
-            $LogMessage += 'User level mailbox audit already enabled for all mailboxes'
+
+        # Disable audit bypass for all mailboxes that have it enabled
+        $BypassMailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxAuditBypassAssociation' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditBypassEnabled -eq $true }
+        $BypassMailboxes | ForEach-Object {
+            try {
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxAuditBypassAssociation' -cmdParams @{Identity = $_.Guid; AuditBypassEnabled = $false } -UseSystemMailbox $true
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Mailbox audit bypass disabled for $($_.Name)" -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable mailbox audit bypass for $($_.Name). Error: $($_.exception.message)" -sev Error
+            }
+        }
+
+        if ($Mailboxes.Count -eq 0 -and $BypassMailboxes.Count -eq 0) {
+            # Make log message smaller if both are already in the desired state
+            $LogMessage += 'User level mailbox audit already enabled and mailbox audit bypass already disabled for all mailboxes'
+        } else {
+            if ($Mailboxes.Count -eq 0) {
+                $LogMessage += 'User level mailbox audit already enabled for all mailboxes. '
+            }
+            if ($BypassMailboxes.Count -eq 0) {
+                $LogMessage += 'Mailbox audit bypass already disabled for all mailboxes'
+            }    
         }
+        
         Write-LogMessage -API 'Standards' -tenant $Tenant -message $LogMessage -sev Info
     }
 
diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1
@@ -2,7 +2,7 @@ function Test-CIPPAccessTenant {
     [CmdletBinding()]
     param (
         $TenantCSV,
-        $APIName = "Access Check",
+        $APIName = 'Access Check',
         $ExecutingUser
     )
     $ExpectedRoles = @(
@@ -27,8 +27,7 @@ function Test-CIPPAccessTenant {
     }
     try {
         $MyRoles = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/myRoles?`$filter=tenantId in ('$($TenantIds -join "','")')"
-    }
-    catch {
+    } catch {
         $MyRoles = @()
         $AddedText = 'but could not retrieve GDAP roles from Lighthouse API'
     }
@@ -37,7 +36,7 @@ function Test-CIPPAccessTenant {
         try {
             $TenantId = ($TenantList | Where-Object { $_.defaultDomainName -eq $tenant }).customerId
             $Assignments = ($MyRoles | Where-Object { $_.tenantId -eq $TenantId }).assignments
-            $SAMUserRoles = ($Assignments | Where-Object { $_.assignmentType -eq 'granularDelegatedAdminPrivileges' }).roles
+            $SAMUserRoles = $Assignments.roles
 
             $BulkRequests = $ExpectedRoles | ForEach-Object { @(
                     @{
@@ -62,8 +61,7 @@ function Test-CIPPAccessTenant {
                         }
                     )
                     $AddedText = 'but missing GDAP roles'
-                }
-                else {
+                } else {
                     $GDAPRoles.Add([PSCustomObject]$RoleId)
                 }
                 if (!$SAMRole) {
@@ -88,8 +86,7 @@ function Test-CIPPAccessTenant {
             }
             Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message 'Tenant access check executed successfully' -Sev 'Info'
 
-        }
-        catch {
+        } catch {
             @{
                 TenantName = "$($tenant)"
                 Status     = "Failed to connect: $(Get-NormalizedError -message $_.Exception.Message)"
@@ -106,8 +103,7 @@ function Test-CIPPAccessTenant {
                 Status     = 'Successfully connected to Exchange'
             }
 
-        }
-        catch {
+        } catch {
             $ReportedError = ($_.ErrorDetails | ConvertFrom-Json -ErrorAction SilentlyContinue)
             $Message = if ($ReportedError.error.details.message) { $ReportedError.error.details.message } else { $ReportedError.error.innererror.internalException.message }
             if ($null -eq $Message) { $Message = $($_.Exception.Message) }
diff --git a/version_latest.txt b/version_latest.txt
@@ -1 +1 @@
-5.1.1
+5.1.2
