Merge pull request #319 from KelvinTegelaar/dev

pull[bot] · web-flow · commit 295e04f6d65a · 2025-06-19T16:28:56.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertSharepointQuota.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertSharepointQuota.ps1
@@ -1,4 +1,3 @@
-
 function Get-CIPPAlertSharepointQuota {
     <#
     .FUNCTIONALITY
@@ -12,10 +11,8 @@ function Get-CIPPAlertSharepointQuota {
         $TenantFilter
     )
     Try {
-            $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
-        $sharepointToken = (Get-GraphToken -scope "https://$($tenantName)-admin.sharepoint.com/.default" -tenantid $TenantFilter)
-        $sharepointToken.Add('accept', 'application/json')
-        $sharepointQuota = (Invoke-RestMethod -Method 'GET' -Headers $sharepointToken -Uri "https://$($tenantName)-admin.sharepoint.com/_api/StorageQuotas()?api-version=1.3.2" -ErrorAction Stop).value
+        $SharePointInfo = Get-SharePointAdminLink -Public $false
+        $sharepointQuota = (New-GraphGetRequest -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -uri "$($SharePointInfo.AdminUrl)/_api/StorageQuotas()?api-version=1.3.2").value
     } catch {
         return
     }
@@ -31,4 +28,4 @@ function Get-CIPPAlertSharepointQuota {
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
         }
     }
-}
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointAdminUrl.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointAdminUrl.ps1
@@ -19,9 +19,8 @@ function Invoke-ListSharepointAdminUrl {
         if ($Tenant.SharepointAdminUrl) {
             $AdminUrl = $Tenant.SharepointAdminUrl
         } else {
-            $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
-            $AdminUrl = "https://$($tenantName)-admin.sharepoint.com"
-            $Tenant | Add-Member -MemberType NoteProperty -Name SharepointAdminUrl -Value $AdminUrl
+            $SharePointInfo = Get-SharePointAdminLink -Public $false
+            $Tenant | Add-Member -MemberType NoteProperty -Name SharepointAdminUrl -Value $SharePointInfo.AdminUrl
             $Table = Get-CIPPTable -TableName 'Tenants'
             Add-CIPPAzDataTableEntity @Table -Entity $Tenant -Force
         }
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointQuota.ps1
@@ -21,12 +21,8 @@ Function Invoke-ListSharepointQuota {
         $UsedStoragePercentage = 'Not Supported'
     } else {
         try {
-            $TenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
-
-            $SharePointToken = (Get-GraphToken -scope "https://$($TenantName)-admin.sharepoint.com/.default" -tenantid $TenantFilter)
-            $SharePointToken.Add('accept', 'application/json')
-            # Implement a try catch later to deal with SharePoint guest user settings
-            $SharePointQuota = (Invoke-RestMethod -Method 'GET' -Headers $SharePointToken -Uri "https://$($TenantName)-admin.sharepoint.com/_api/StorageQuotas()?api-version=1.3.2" -ErrorAction Stop).value | Sort-Object -Property GeoUsedStorageMB -Descending | Select-Object -First 1
+            $SharePointInfo = Get-SharePointAdminLink -Public $false
+            $SharePointQuota = (New-GraphGetRequest -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -uri "$($SharePointInfo.AdminUrl)/_api/StorageQuotas()?api-version=1.3.2").value | Sort-Object -Property GeoUsedStorageMB -Descending | Select-Object -First 1
 
             if ($SharePointQuota) {
                 $UsedStoragePercentage = [int](($SharePointQuota.GeoUsedStorageMB / $SharePointQuota.TenantStorageMB) * 100)
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListStandardsCompare.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListStandardsCompare.ps1
@@ -50,6 +50,18 @@ function Invoke-ListStandardsCompare {
         $FieldName = $Standard.RowKey
         $FieldValue = $Standard.Value
         $Tenant = $Standard.PartitionKey
+
+        # decode field names that are hex encoded (e.g. QuarantineTemplates)
+        if ($FieldName -match '^(standards\.QuarantineTemplate\.)(.+)$') {
+            $Prefix = $Matches[1]
+            $HexEncodedName = $Matches[2]
+            $Chars = [System.Collections.Generic.List[char]]::new()
+            for ($i = 0; $i -lt $HexEncodedName.Length; $i += 2) {
+                $Chars.Add([char][Convert]::ToInt32($HexEncodedName.Substring($i,2),16))
+            }
+            $FieldName = "$Prefix$(-join $Chars)"
+        }
+
         if ($FieldValue -is [System.Boolean]) {
             $FieldValue = [bool]$FieldValue
         } elseif ($FieldValue -like '*{*') {
diff --git a/Modules/CIPPCore/Public/Get-CIPPSPOTenant.ps1 b/Modules/CIPPCore/Public/Get-CIPPSPOTenant.ps1
@@ -8,11 +8,13 @@ function Get-CIPPSPOTenant {
 
     if (!$SharepointPrefix) {
         # get sharepoint admin site
-        $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
+        $SharePointInfo = Get-SharePointAdminLink -Public $false
+        $tenantName = $SharePointInfo.TenantName
+        $AdminUrl = $SharePointInfo.AdminUrl
     } else {
         $tenantName = $SharepointPrefix
+        $AdminUrl = "https://$($tenantName)-admin.sharepoint.com"
     }
-    $AdminUrl = "https://$($tenantName)-admin.sharepoint.com"
 
     # Query tenant settings
     $XML = @'
@@ -21,7 +23,7 @@ function Get-CIPPSPOTenant {
     $AdditionalHeaders = @{
         'Accept' = 'application/json;odata=verbose'
     }
-    $Results = New-GraphPostRequest -scope "$AdminURL/.default" -tenantid $TenantFilter -Uri "$AdminURL/_vti_bin/client.svc/ProcessQuery" -Type POST -Body $XML -ContentType 'text/xml' -AddedHeaders $AdditionalHeaders
+    $Results = New-GraphPostRequest -scope "$($AdminUrl)/.default" -tenantid $TenantFilter -Uri "$($SharePointInfo.AdminUrl)/_vti_bin/client.svc/ProcessQuery" -Type POST -Body $XML -ContentType 'text/xml' -AddedHeaders $AdditionalHeaders
 
     $Results | Select-Object -Last 1 *, @{n = 'SharepointPrefix'; e = { $tenantName } }, @{n = 'TenantFilter'; e = { $TenantFilter } }
 }
diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-SharePointAdminLink.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-SharePointAdminLink.ps1
@@ -0,0 +1,68 @@
+function Get-SharePointAdminLink {
+    <#
+    .FUNCTIONALITY
+    Internal
+    #>
+    [CmdletBinding()]
+    param ($Public)
+
+    if ($Public) {
+        # Do it through domain discovery, unreliable
+        try {
+            # Get tenant information using autodiscover
+            $body = @"
+<?xml version="1.0" encoding="utf-8"?>
+<soap:Envelope xmlns:exm="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <soap:Header>
+        <a:Action soap:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation</a:Action>
+        <a:To soap:mustUnderstand="1">https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc</a:To>
+        <a:ReplyTo>
+            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
+        </a:ReplyTo>
+    </soap:Header>
+    <soap:Body>
+        <GetFederationInformationRequestMessage xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover">
+            <Request>
+                <Domain>$TenantFilter</Domain>
+            </Request>
+        </GetFederationInformationRequestMessage>
+    </soap:Body>
+</soap:Envelope>
+"@
+
+            # Create the headers
+            $AutoDiscoverHeaders = @{
+                'Content-Type' = 'text/xml; charset=utf-8'
+                'SOAPAction'   = '"http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation"'
+                'User-Agent'   = 'AutodiscoverClient'
+            }
+
+            # Invoke autodiscover
+            $Response = Invoke-RestMethod -UseBasicParsing -Method Post -Uri 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc' -Body $body -Headers $AutoDiscoverHeaders
+
+            # Get the onmicrosoft.com domain from the response
+            $TenantDomains = $Response.Envelope.body.GetFederationInformationResponseMessage.response.Domains.Domain | Sort-Object
+            $OnMicrosoftDomains = $TenantDomains | Where-Object { $_ -like "*.onmicrosoft.com" }
+
+            if ($OnMicrosoftDomains.Count -eq 0) {
+                throw "Could not find onmicrosoft.com domain through autodiscover"
+            } elseif ($OnMicrosoftDomains.Count -gt 1) {
+                throw "Multiple onmicrosoft.com domains found through autodiscover. Cannot determine the correct one: $($OnMicrosoftDomains -join ', ')"
+            } else {
+                $OnMicrosoftDomain = $OnMicrosoftDomains[0]
+                $tenantName = $OnMicrosoftDomain.Split('.')[0]
+            }
+        } catch {
+            throw "Failed to get SharePoint admin URL through autodiscover: $($_.Exception.Message)"
+        }
+    } else {
+        $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
+    }
+
+    # Return object with all needed properties
+    return [PSCustomObject]@{
+        AdminUrl        = "https://$tenantName-admin.sharepoint.com"
+        TenantName      = $tenantName
+        SharePointUrl   = "https://$tenantName.sharepoint.com"
+    }
+}
diff --git a/Modules/CIPPCore/Public/New-CIPPSharepointSite.ps1 b/Modules/CIPPCore/Public/New-CIPPSharepointSite.ps1
@@ -65,13 +65,10 @@ function New-CIPPSharepointSite {
         $APIName = 'Create SharePoint Site',
         $Headers
     )
-    $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
-    $AdminUrl = "https://$($tenantName)-admin.sharepoint.com"
-    $SitePath = $SiteName -replace ' ' -replace '[^A-Za-z0-9-]'
-    $SiteUrl = "https://$tenantName.sharepoint.com/sites/$SitePath"
-
-
 
+    $SharePointInfo = Get-SharePointAdminLink -Public $false
+    $SitePath = $SiteName -replace ' ' -replace '[^A-Za-z0-9-]'
+    $SiteUrl = "https://$($SharePointInfo.TenantName).sharepoint.com/sites/$SitePath"
 
     switch ($TemplateName) {
         'Communication' {
@@ -142,7 +139,7 @@ function New-CIPPSharepointSite {
             'accept'        = 'application/json;odata.metadata=none'
             'odata-version' = '4.0'
         }
-        $Results = New-GraphPostRequest -scope "$AdminUrl/.default" -uri "$AdminUrl/_api/SPSiteManager/create" -Body ($body | ConvertTo-Json -Compress -Depth 10) -tenantid $TenantFilter -ContentType 'application/json' -AddedHeaders $AddedHeaders
+        $Results = New-GraphPostRequest -scope "$($SharePointInfo.AdminUrl)/.default" -uri "$($SharePointInfo.AdminUrl)/_api/SPSiteManager/create" -Body ($body | ConvertTo-Json -Compress -Depth 10) -tenantid $TenantFilter -ContentType 'application/json' -AddedHeaders $AddedHeaders
     }
 
     # Check the results. This response is weird. https://learn.microsoft.com/en-us/sharepoint/dev/apis/site-creation-rest
diff --git a/Modules/CIPPCore/Public/Request-CIPPSPOPersonalSite.ps1 b/Modules/CIPPCore/Public/Request-CIPPSPOPersonalSite.ps1
@@ -36,11 +36,11 @@ function Request-CIPPSPOPersonalSite {
     </ObjectPaths>
 </Request>
 "@
-    $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
-    $AdminUrl = "https://$($tenantName)-admin.sharepoint.com"
+
+    $SharePointInfo = Get-SharePointAdminLink -Public $false
 
     try {
-        $Request = New-GraphPostRequest -scope "$AdminURL/.default" -tenantid $TenantFilter -Uri "$AdminURL/_vti_bin/client.svc/ProcessQuery" -Type POST -Body $XML -ContentType 'text/xml'
+        $Request = New-GraphPostRequest -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -Uri "$($SharePointInfo.AdminUrl)/_vti_bin/client.svc/ProcessQuery" -Type POST -Body $XML -ContentType 'text/xml'
         if (!$Request.IsComplete) { throw }
         Write-LogMessage -headers $Headers -API $APIName -message "Requested personal site for $($UserEmails -join ', ')" -Sev 'Info' -tenant $TenantFilter
         return "Successfully requested personal site for $($UserEmails -join ', ')"
diff --git a/Modules/CIPPCore/Public/Set-CIPPSPOTenant.ps1 b/Modules/CIPPCore/Public/Set-CIPPSPOTenant.ps1
@@ -44,12 +44,13 @@ function Set-CIPPSPOTenant {
     process {
         if (!$SharepointPrefix) {
             # get sharepoint admin site
-            $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
+            $SharePointInfo = Get-SharePointAdminLink -Public $false
+            $AdminUrl = $SharePointInfo.AdminUrl
         } else {
             $tenantName = $SharepointPrefix
+            $AdminUrl = "https://$($tenantName)-admin.sharepoint.com"
         }
         $Identity = $Identity -replace "`n", '&#xA;'
-        $AdminUrl = "https://$($tenantName)-admin.sharepoint.com"
         $AllowedTypes = @('Boolean', 'String', 'Int32')
         $SetProperty = [System.Collections.Generic.List[string]]::new()
         $x = 114
diff --git a/Modules/CIPPCore/Public/Set-CIPPSharePointPerms.ps1 b/Modules/CIPPCore/Public/Set-CIPPSharePointPerms.ps1
@@ -20,8 +20,9 @@ function Set-CIPPSharePointPerms {
             Write-Information 'No URL provided, getting URL from Graph'
             $URL = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($UserId)/Drives" -asapp $true -tenantid $TenantFilter).WebUrl
         }
-        $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]
-        $AdminUrl = "https://$($tenantName)-admin.sharepoint.com"
+
+        $SharePointInfo = Get-SharePointAdminLink -Public $false
+
         $XML = @"
 <Request xmlns="http://schemas.microsoft.com/sharepoint/clientquery/2009" AddExpandoFieldTypeSuffix="true" SchemaVersion="15.0.0.0" LibraryVersion="16.0.0.0" ApplicationName=".NET Library">
   <Actions>
@@ -39,7 +40,7 @@ function Set-CIPPSharePointPerms {
   </ObjectPaths>
 </Request>
 "@
-        $request = New-GraphPostRequest -scope "$AdminURL/.default" -tenantid $TenantFilter -Uri "$AdminURL/_vti_bin/client.svc/ProcessQuery" -Type POST -Body $XML -ContentType 'text/xml'
+        $request = New-GraphPostRequest -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -Uri "$($SharePointInfo.AdminUrl)/_vti_bin/client.svc/ProcessQuery" -Type POST -Body $XML -ContentType 'text/xml'
         # Write-Host $($request)
         if (!$request.ErrorInfo.ErrorMessage) {
             $Message = "$($OnedriveAccessUser) has been $($RemovePermission ? 'removed from' : 'given') access to $URL"
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1
@@ -69,15 +69,15 @@ function Invoke-CIPPStandardAppDeploy {
 
             foreach ($AppId in $AppIds) {
                 if ($AppId -notin $AppExists.appId) {
-                    Write-Information "Adding $($AppId) to tenant $($Tenant)."
-                    $PostResults = New-GraphPostRequest 'https://graph.microsoft.com/beta/servicePrincipals' -type POST -tenantid $Item.tenant -body "{ `"appId`": `"$($Item.appId)`" }"
-                    Write-LogMessage -message "Added $($Item.AppId) to tenant $($Item.Tenant)" -tenant $Item.Tenant -API 'Add Multitenant App' -sev Info
+                    Write-Information "Adding $AppId to tenant $Tenant."
+                    $PostResults = New-GraphPostRequest 'https://graph.microsoft.com/beta/servicePrincipals' -type POST -tenantid $Tenant -body "{ `"appId`": `"$AppId`" }"
+                    Write-LogMessage -message "Added $AppId to tenant $Tenant" -tenant $Tenant -API 'Add Multitenant App' -sev Info
                 }
             }
             foreach ($TemplateId in $TemplateIds) {
                 try {
-                    Add-CIPPApplicationPermission -TemplateId $TemplateId -Tenantfilter $Tenant
-                    Add-CIPPDelegatedPermission -TemplateId $TemplateId -Tenantfilter $Tenant
+                    Add-CIPPApplicationPermission -TemplateId $TemplateId -TenantFilter $Tenant
+                    Add-CIPPDelegatedPermission -TemplateId $TemplateId -TenantFilter $Tenant
                     Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application(s) from template $($TemplateName) and updated it's permissions" -sev Info
                 } catch {
                     $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineTemplate.ps1
@@ -183,9 +183,10 @@ function Invoke-CIPPStandardQuarantineTemplate {
         }
 
         if ($true -in $Settings.report) {
-            # This could do with an improvement. But will work for now or else reporting could be disabled for now
             foreach ($Policy in $CompareList | Where-Object -Property report -EQ $true) {
-                Set-CIPPStandardsCompareField -FieldName "standards.QuarantineTemplate" -FieldValue $Policy.StateIsCorrect -TenantFilter $Tenant
+                # Convert displayName to hex to avoid invalid characters "/, \, #, ?" which are not allowed in RowKey, but "\, #, ?" can be used in quarantine displayName
+                $HexName = -join ($Policy.displayName.ToCharArray() | ForEach-Object { '{0:X2}' -f [int][char]$_ })
+                Set-CIPPStandardsCompareField -FieldName "standards.QuarantineTemplate.$HexName" -FieldValue $Policy.StateIsCorrect -TenantFilter $Tenant
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-`
`2`	`1`	`function Get-CIPPAlertSharepointQuota {`
`3`	`2`	`<#`
`4`	`3`	`.FUNCTIONALITY`
`@@ -12,10 +11,8 @@ function Get-CIPPAlertSharepointQuota {`
`12`	`11`	`$TenantFilter`
`13`	`12`	`)`
`14`	`13`	`Try {`
`15`		`- $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/root' -asApp $true -tenantid $TenantFilter).id.Split('.')[0]`
`16`		`- $sharepointToken = (Get-GraphToken -scope "https://$($tenantName)-admin.sharepoint.com/.default" -tenantid $TenantFilter)`
`17`		`- $sharepointToken.Add('accept', 'application/json')`
`18`		`- $sharepointQuota = (Invoke-RestMethod -Method 'GET' -Headers $sharepointToken -Uri "https://$($tenantName)-admin.sharepoint.com/_api/StorageQuotas()?api-version=1.3.2" -ErrorAction Stop).value`
	`14`	`+ $SharePointInfo = Get-SharePointAdminLink -Public $false`
	`15`	`+ $sharepointQuota = (New-GraphGetRequest -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -uri "$($SharePointInfo.AdminUrl)/_api/StorageQuotas()?api-version=1.3.2").value`
`19`	`16`	`} catch {`
`20`	`17`	`return`
`21`	`18`	`}`
`@@ -31,4 +28,4 @@ function Get-CIPPAlertSharepointQuota {`
`31`	`28`	`Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData`
`32`	`29`	`}`
`33`	`30`	`}`
`34`		`-}`
	`31`	`+}`