Merge pull request #145 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-AddContact.ps1

@@ -32,7 +32,7 @@ Function Invoke-AddContact {
         $null = New-ExoRequest -tenantid $TenantId -cmdlet 'Set-MailContact' -cmdParams @{Identity = $NewContact.id; HiddenFromAddressListsEnabled = [boolean]$ContactObject.hidefromGAL } -UseSystemMailbox $true
 
         # Log the result
-        $Result = "Created contact $($ContactObject.displayName) with id $($NewContact.id)"
+        $Result = "Created contact $($ContactObject.displayName) with email address $($ContactObject.email)"
         Write-LogMessage -headers $Headers -API $APIName -tenant $TenantId -message $Result -Sev 'Info'
         $StatusCode = [HttpStatusCode]::OK
 

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecGroupsDeliveryManagement.ps1

@@ -21,7 +21,7 @@ Function Invoke-ExecGroupsDeliveryManagement {
     $ID = $Request.Query.ID ?? $Request.Body.ID
 
     Try {
-        $Result = Set-CIPPGroupAuthentication -ID $ID -GroupType $GroupType -OnlyAllowInternalString $OnlyAllowInternal -tenantFilter $TenantFilter -APIName $APIName -Headers $Headers
+        $Result = Set-CIPPGroupAuthentication -ID $ID -GroupType $GroupType -OnlyAllowInternal $OnlyAllowInternal -tenantFilter $TenantFilter -APIName $APIName -Headers $Headers
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $Result = "$($_.Exception.Message)"

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-RemoveContact.ps1

@@ -11,19 +11,20 @@ Function Invoke-RemoveContact {
     param($Request, $TriggerMetadata)
 
     $APIName = $Request.Params.CIPPEndpoint
-    $TenantFilter = $Request.Query.tenantFilter
+    $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter
     Write-LogMessage -Headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
 
     # Interact with query parameters or the body of the request.
     $GUID = $Request.query.GUID ?? $Request.body.GUID
+    $Mail = $Request.query.Mail ?? $Request.body.Mail
 
     try {
         $Params = @{
             Identity = $GUID
         }
         $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-MailContact' -cmdParams $Params -UseSystemMailbox $true
         Write-LogMessage -Headers $Request.Headers -API $APIName -tenant $TenantFilter -message "Deleted contact $GUID" -sev Debug
-        $Result = "Deleted $GUID"
+        $Result = "Deleted $Mail"
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-CippException -Exception $_

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1

@@ -64,9 +64,16 @@ Function Invoke-AddGroup {
                         Type                               = $GroupObject.groupType
                         RequireSenderAuthenticationEnabled = [bool]!$GroupObject.allowExternal
                     }
+                    if ($GroupObject.owners) {
+                        $ExoParams.ManagedBy = @($GroupObject.owners.value)
+                    }
+                    if ($GroupObject.members) {
+                        $ExoParams.Members = @($GroupObject.members.value)
+                    }
                     $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $ExoParams
                 }
             }
+
             "Successfully created group $($GroupObject.displayName) for $($tenant)"
             Write-LogMessage -headers $Request.Headers -API $APIName -tenant $tenant -message "Created group $($GroupObject.displayName) with id $($GraphRequest.id)" -Sev Info
 

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1

@@ -16,7 +16,7 @@ Function Invoke-ListGroups {
     $TenantFilter = $Request.Query.TenantFilter
     $selectstring = "id,createdDateTime,displayName,description,mail,mailEnabled,mailNickname,resourceProvisioningOptions,securityEnabled,visibility,organizationId,onPremisesSamAccountName,membershipRule,grouptypes,onPremisesSyncEnabled,resourceProvisioningOptions,userPrincipalName&`$expand=members(`$select=userPrincipalName)"
 
-    $BulkRequestArrayList = [System.Collections.ArrayList]@()
+    $BulkRequestArrayList = [System.Collections.Generic.List[object]]::new()
 
     if ($Request.Query.GroupID) {
         $selectstring = 'id,createdDateTime,displayName,description,mail,mailEnabled,mailNickname,resourceProvisioningOptions,securityEnabled,visibility,organizationId,onPremisesSamAccountName,membershipRule,groupTypes,userPrincipalName'
@@ -36,21 +36,60 @@ Function Invoke-ListGroups {
     }
 
     if ($Request.Query.owners) {
-        $selectstring = 'id,userPrincipalName,displayName,hideFromOutlookClients,hideFromAddressLists,mail,mailEnabled,mailNickname,resourceProvisioningOptions,securityEnabled,visibility,organizationId,onPremisesSamAccountName,membershipRule'
-        $BulkRequestArrayList.add(@{
-                id     = 3
-                method = 'GET'
-                url    = "groups/$($Request.Query.GroupID)/owners?`$top=999&select=$selectstring"
-            })
+        if ($Request.Query.groupType -ne 'Distribution List' -or $Request.Query.groupType -ne 'Mail-Enabled Security') {
+            $selectstring = 'id,userPrincipalName,displayName,hideFromOutlookClients,hideFromAddressLists,mail,mailEnabled,mailNickname,resourceProvisioningOptions,securityEnabled,visibility,organizationId,onPremisesSamAccountName,membershipRule'
+            $BulkRequestArrayList.add(@{
+                    id     = 3
+                    method = 'GET'
+                    url    = "groups/$($Request.Query.GroupID)/owners?`$top=999&select=$selectstring"
+                })
+        } else {
+            $OwnerIds = New-ExoRequest -cmdlet 'Get-DistributionGroup' -tenantid $TenantFilter -cmdParams @{Identity = $Request.Query.GroupID } -useSystemMailbox $true | Select-Object -ExpandProperty ManagedBy
+
+            $BulkRequestArrayList.add(@{
+                    id      = 3
+                    method  = 'POST'
+                    url     = 'directoryObjects/getByIds'
+                    body    = @{
+                        ids = @($OwnerIds)
+                    }
+                    headers = @{
+                        'Content-Type' = 'application/json'
+                    }
+                })
+        }
+    }
+
+    if ($Request.Query.groupType -eq 'Distribution List' -or $Request.Query.groupType -eq 'Mail-Enabled Security') {
+        # get the outside the organization RequireSenderAuthenticationEnabled setting
+        $OnlyAllowInternal = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-DistributionGroup' -cmdParams @{Identity = $Request.Query.GroupID } -useSystemMailbox $true | Select-Object -ExpandProperty RequireSenderAuthenticationEnabled
+    } elseif ($GroupType -eq 'Microsoft 365') {
+        $OnlyAllowInternal = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-UnifiedGroup' -cmdParams @{Identity = $Request.Query.GroupID } -useSystemMailbox $true | Select-Object -ExpandProperty RequireSenderAuthenticationEnabled
+    } else {
+        $OnlyAllowInternal = $null
+    }
+
+    if ($Request.Query.groupType -eq 'Microsoft 365') {
+        $UnifiedGroup = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-UnifiedGroup' -cmdParams @{Identity = $Request.Query.GroupID } -useSystemMailbox $true | Select-Object -Property subscriptionEnabled, AutoSubscribeNewMembers
+
+        if ($UnifiedGroup.subscriptionEnabled -eq $true -and $UnifiedGroup.AutoSubscribeNewMembers -eq $true) {
+            $SendCopies = $true
+        } else {
+            $SendCopies = $false
+        }
+    } else {
+        $SendCopies = $null
     }
 
     try {
         if ($BulkRequestArrayList.Count -gt 0) {
             $RawGraphRequest = New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($BulkRequestArrayList) -asapp $true
             $GraphRequest = [PSCustomObject]@{
-                groupInfo = ($RawGraphRequest | Where-Object { $_.id -eq 1 }).body
-                members   = ($RawGraphRequest | Where-Object { $_.id -eq 2 }).body.value
-                owners    = ($RawGraphRequest | Where-Object { $_.id -eq 3 }).body.value
+                groupInfo     = ($RawGraphRequest | Where-Object { $_.id -eq 1 }).body
+                members       = ($RawGraphRequest | Where-Object { $_.id -eq 2 }).body.value
+                owners        = ($RawGraphRequest | Where-Object { $_.id -eq 3 }).body.value
+                allowExternal = (!$OnlyAllowInternal)
+                sendCopies    = $SendCopies
             }
         } else {
             $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupID)/$($members)?`$top=999&select=$selectstring" -tenantid $TenantFilter | Select-Object *, @{ Name = 'primDomain'; Expression = { $_.mail -split '@' | Select-Object -Last 1 } },
@@ -85,6 +124,7 @@ Function Invoke-ListGroups {
 
         $StatusCode = [HttpStatusCode]::OK
     } catch {
+        Write-Warning $_.InvocationInfo.PositionMessage
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
         $StatusCode = [HttpStatusCode]::Forbidden
         $GraphRequest = $ErrorMessage

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroups.ps1

@@ -0,0 +1,71 @@
+using namespace System.Net
+
+Function Invoke-ListStandardsCompare {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Tenant.BestPracticeAnalyser.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    # Create mock data for testing with the correct API structure
+    # Only tenant data with values, no compliance information or standard values
+    $Results = @(
+        @{
+            tenantFilter     = 'TenantOne'
+            standardsResults = @(
+                @{
+                    standardId   = 'standards.MailContacts'
+                    standardName = 'Mail Contacts'
+                    value        = @{
+                        GeneralContact   = '[email protected]'
+                        SecurityContact  = '[email protected]'
+                        MarketingContact = '[email protected]'
+                        TechContact      = '[email protected]'
+                    }
+                },
+                @{
+                    standardId   = 'standards.AuditLog'
+                    standardName = 'Audit Log'
+                    value        = $true
+                },
+                @{
+                    standardId   = 'standards.ProfilePhotos'
+                    standardName = 'Profile Photos'
+                    value        = @{
+                        state = @{
+                            label = 'Enabled'
+                            value = 'enabled'
+                        }
+                    }
+                }
+            )
+        },
+        @{
+            tenantFilter     = 'dev.johnwduprey.com'
+            standardsResults = @(
+                @{
+                    standardId   = 'standards.MailContacts'
+                    standardName = 'Mail Contacts'
+                    value        = @{
+                        GeneralContact  = '[email protected]'
+                        SecurityContact = '[email protected]'
+                    }
+                },
+                @{
+                    standardId   = 'standards.AuditLog'
+                    standardName = 'Audit Log'
+                    value        = $false
+                }
+            )
+        }
+    )
+    
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = (ConvertTo-Json -Depth 15 -InputObject $Results)
+        })
+
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListStandardsCompare.ps1

@@ -26,12 +26,20 @@ function Start-DurableCleanup {
 
     $CleanupCount = 0
     $QueueCount = 0
+    $ClearQueues = $false
+
+    $FunctionsWithLongRunningOrchestrators = [System.Collections.Generic.List[object]]::new()
     foreach ($Table in $InstancesTables) {
+        $RunningOrchestratorCount = 0
         $Table = Get-CippTable -TableName $Table
-        $ClearQueues = $false
         $FunctionName = $Table.TableName -replace 'Instances', ''
         $Orchestrators = Get-CIPPAzDataTableEntity @Table -Filter "RuntimeStatus eq 'Running'" | Select-Object * -ExcludeProperty Input
+        $Queues = Get-AzStorageQueue -Context $StorageContext -Name ('{0}*' -f $FunctionName) | Select-Object -Property Name, ApproximateMessageCount, QueueClient
+        $RunningOrchestratorCount = $Orchestrators.Count
         $LongRunningOrchestrators = $Orchestrators | Where-Object { $_.CreatedTime.DateTime -lt $TargetTime }
+        if ($LongRunningOrchestrators.Count -gt 0) {
+            $FunctionsWithLongRunningOrchestrators.Add(@{'FunctionName' = $FunctionName })
+        }
         foreach ($Orchestrator in $LongRunningOrchestrators) {
             $CreatedTime = [DateTime]::SpecifyKind($Orchestrator.CreatedTime.DateTime, [DateTimeKind]::Utc)
             $TimeSpan = New-TimeSpan -Start $CreatedTime -End (Get-Date).ToUniversalTime()
@@ -45,9 +53,7 @@ function Start-DurableCleanup {
                 $CleanupCount++
             }
         }
-
-        if ($ClearQueues) {
-            $Queues = Get-AzStorageQueue -Context $StorageContext -Name ('{0}*' -f $FunctionName) | Select-Object -Property Name, ApproximateMessageCount, QueueClient
+        if ($ClearQueues -or ($RunningOrchestratorCount -eq 0 -and $Queues.ApproximateMessageCount -gt 0)) {
             $RunningQueues = $Queues | Where-Object { $_.ApproximateMessageCount -gt 0 }
             foreach ($Queue in $RunningQueues) {
                 Write-Information "- Removing queue: $($Queue.Name), message count: $($Queue.ApproximateMessageCount)"
@@ -58,5 +64,10 @@ function Start-DurableCleanup {
             }
         }
     }
-    Write-Information "Cleanup complete. $CleanupCount orchestrators were terminated. $QueueCount queues were cleared."
+
+    if ($CleanupCount -gt 0 -or $QueueCount -gt 0) {
+        Write-LogMessage -api 'Durable Cleanup' -message "$CleanupCount orchestrators were terminated. $QueueCount queues were cleared." -sev 'Info' -LogData $FunctionsWithLongRunningOrchestrators
+    }
+
+    Write-Information "Durable cleanup complete. $CleanupCount orchestrators were terminated. $QueueCount queues were cleared."
 }

Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-DurableCleanup.ps1

@@ -45,12 +45,12 @@ function New-ExoBulkRequest {
             $IdToCmdletName = @{}
 
             # Split the cmdletArray into batches of 10
-            $batches = [System.Collections.ArrayList]@()
+            $batches = [System.Collections.Generic.List[object]]::new()
             for ($i = 0; $i -lt $cmdletArray.Length; $i += 10) {
-                $null = $batches.Add($cmdletArray[$i..[math]::Min($i + 9, $cmdletArray.Length - 1)])
+                $batches.Add($cmdletArray[$i..[math]::Min($i + 9, $cmdletArray.Length - 1)])
             }
 
-            $ReturnedData = @()
+            $ReturnedData = [System.Collections.Generic.List[object]]::new()
             foreach ($batch in $batches) {
                 $BatchBodyObj = @{
                     requests = @()
@@ -85,13 +85,16 @@ function New-ExoBulkRequest {
                 }
                 $BatchBodyJson = ConvertTo-Json -InputObject $BatchBodyObj -Depth 10
                 $Results = Invoke-RestMethod $BatchURL -ResponseHeadersVariable responseHeaders -Method POST -Body $BatchBodyJson -Headers $Headers -ContentType 'application/json; charset=utf-8'
-                $ReturnedData = $ReturnedData + $Results.responses
+                $ReturnedData.Add($Results.responses)
+
                 Write-Host "Batch #$($batches.IndexOf($batch) + 1) of $($batches.Count) processed"
             }
         } catch {
             # Error handling (omitted for brevity)
         }
 
+        Write-Information ($ReturnedHeaders | ConvertTo-Json -Depth 10)
+
         # Process the returned data
         if ($ReturnWithCommand) {
             $FinalData = @{}

Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1

@@ -2,13 +2,12 @@ function Set-CIPPGroupAuthentication(
     [string]$Headers,
     [string]$GroupType,
     [string]$Id,
-    [string]$OnlyAllowInternalString,
+    [bool]$OnlyAllowInternal,
     [string]$TenantFilter,
     [string]$APIName = 'Group Sender Authentication'
 ) {
     try {
-        $OnlyAllowInternal = if ($OnlyAllowInternalString -eq 'true') { 'true' } else { 'false' }
-        $messageSuffix = if ($OnlyAllowInternal -eq 'true') { 'inside the organisation.' } else { 'inside and outside the organisation.' }
+        $messageSuffix = if ($OnlyAllowInternal -eq $true) { 'inside the organisation.' } else { 'inside and outside the organisation.' }
 
         if ($GroupType -eq 'Distribution List' -or $GroupType -eq 'Mail-Enabled Security') {
             New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-DistributionGroup' -cmdParams @{Identity = $Id; RequireSenderAuthenticationEnabled = $OnlyAllowInternal }