Merge pull request #279 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

ConversionTable.csv

@@ -14,13 +14,19 @@ function Get-CIPPAlertHuntressRogueApps {
         [Parameter(Mandatory = $false)]
         [Alias('input')]
         $InputValue,
-        $TenantFilter
+        $TenantFilter,
+        [Parameter(Mandatory = $false)]
+        [bool]$IgnoreDisabledApps = $false
     )
 
     try {
         $RogueApps = Invoke-RestMethod -Uri 'https://raw.githubusercontent.com/huntresslabs/rogueapps/main/public/rogueapps.json'
         $RogueAppFilter = $RogueApps.appId -join "','"
         $ServicePrincipals = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/servicePrincipals?`$filter=appId in ('$RogueAppFilter')" -tenantid $TenantFilter
+        # If IgnoreDisabledApps is true, filter out disabled service principals
+        if ($IgnoreDisabledApps) {
+            $ServicePrincipals = $ServicePrincipals | Where-Object { $_.accountEnabled -eq $true }
+        }
 
         if (($ServicePrincipals | Measure-Object).Count -gt 0) {
             $AlertData = foreach ($ServicePrincipal in $ServicePrincipals) {

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertHuntressRogueApps.ps1

@@ -0,0 +1,39 @@
+function Get-CIPPAlertTERRL {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    [CmdletBinding()]
+    Param (
+        [Parameter(Mandatory = $false)]
+        [Alias('input')]
+        $InputValue,
+        $TenantFilter
+    )
+
+    try {
+        # Set threshold with fallback to 80%
+        $Threshold = if ([string]::IsNullOrWhiteSpace($InputValue)) { 80 } else { [int]$InputValue }
+
+        # Get TERRL status
+        $TerrlStatus = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-LimitsEnforcementStatus'
+
+        if ($TerrlStatus) {
+            $UsagePercentage = [math]::Round(($TerrlStatus.ObservedValue / $TerrlStatus.Threshold) * 100, 2)
+
+            if ($UsagePercentage -gt $Threshold) {
+                $AlertData = [PSCustomObject]@{
+                    UsagePercentage    = $UsagePercentage
+                    CurrentVolume      = $TerrlStatus.ObservedValue
+                    ThresholdLimit     = $TerrlStatus.Threshold
+                    EnforcementEnabled = $TerrlStatus.EnforcementEnabled
+                    Verdict            = $TerrlStatus.Verdict
+                    Message            = 'Tenant is at {0}% of their TERRL limit (using {1} of {2} messages). Tenant Enforcement Status: {3}' -f $UsagePercentage, $TerrlStatus.ObservedValue, $TerrlStatus.Threshold, $TerrlStatus.Verdict
+                }
+                Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
+            }
+        }
+    } catch {
+        Write-AlertMessage -tenant $($TenantFilter) -message "Could not get TERRL status for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
+    }
+}

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertTERRL.ps1

@@ -21,7 +21,7 @@ Function Invoke-ExecGroupsDelete {
     $DisplayName = $Request.Query.displayName ?? $Request.Body.displayName
 
     Try {
-        $Result = Remove-CIPPGroup -ID $ID -Grouptype $GroupType -TenantFilter $TenantFilter -DisplayName $DisplayName -APIName $APIName -Headers $Headers
+        $Result = Remove-CIPPGroup -ID $ID -GroupType $GroupType -TenantFilter $TenantFilter -DisplayName $DisplayName -APIName $APIName -Headers $Headers
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $Result = "$($_.Exception.Message)"

Modules/CIPPCore/Public/ConversionTable.csv

@@ -0,0 +1,147 @@
+using namespace System.Net
+
+Function Invoke-SetUserAliases {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Identity.User.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $ApiName -message 'Accessed this API' -Sev 'Debug'
+
+    $UserObj = $Request.Body
+    if ([string]::IsNullOrWhiteSpace($UserObj.id)) {
+        $body = @{'Results' = @('Failed to manage aliases. No user ID provided') }
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::BadRequest
+                Body       = $Body
+            })
+        return
+    }
+
+    $Results = [System.Collections.Generic.List[object]]::new()
+    $Aliases = if ($UserObj.AddedAliases) { ($UserObj.AddedAliases -split ',').ForEach({ $_.Trim() }) }
+    $RemoveAliases = if ($UserObj.RemovedAliases) { ($UserObj.RemovedAliases -split ',').ForEach({ $_.Trim() }) }
+
+    try {
+        if ($Aliases -or $RemoveAliases -or $UserObj.MakePrimary) {
+            # Get current mailbox
+            $CurrentMailbox = New-ExoRequest -tenantid $UserObj.tenantFilter -cmdlet 'Get-Mailbox' -cmdParams @{ Identity = $UserObj.id } -UseSystemMailbox $true
+            
+            if (-not $CurrentMailbox) {
+                throw 'Could not find mailbox for user'
+            }
+
+            $CurrentProxyAddresses = @($CurrentMailbox.EmailAddresses)
+            Write-Host "Current proxy addresses: $($CurrentProxyAddresses -join ', ')"
+            $NewProxyAddresses = @($CurrentProxyAddresses)
+            
+            # Handle setting primary address
+            if ($UserObj.MakePrimary) {
+                $PrimaryAddress = $UserObj.MakePrimary
+                Write-Host "Attempting to set primary address: $PrimaryAddress"
+                
+                # Normalize the primary address format
+                if ($PrimaryAddress -notlike 'SMTP:*') {
+                    $PrimaryAddress = "SMTP:$($PrimaryAddress -replace '^smtp:', '')"
+                }
+                Write-Host "Normalized primary address: $PrimaryAddress"
+                
+                # Check if the address exists in the current addresses (case-insensitive)
+                $ExistingAddress = $CurrentProxyAddresses | Where-Object { 
+                    $current = $_.ToLower()
+                    $target = $PrimaryAddress.ToLower()
+                    Write-Host "Comparing: '$current' with '$target'"
+                    $current -eq $target
+                }
+                
+                if (-not $ExistingAddress) {
+                    Write-Host "Available addresses: $($CurrentProxyAddresses -join ', ')"
+                    throw "Cannot set primary address. Address $($PrimaryAddress -replace '^SMTP:', '') not found in user's addresses."
+                }
+
+                # Convert all current SMTP addresses to lowercase (secondary)
+                $NewProxyAddresses = $NewProxyAddresses | ForEach-Object {
+                    if ($_ -like 'SMTP:*') {
+                        $_.ToLower()
+                    }
+                    else {
+                        $_
+                    }
+                }
+
+                # Remove any existing version of the address (case-insensitive)
+                $NewProxyAddresses = $NewProxyAddresses | Where-Object { 
+                    $_.ToLower() -ne $PrimaryAddress.ToLower() 
+                }
+                # Add the new primary address at the beginning
+                $NewProxyAddresses = @($PrimaryAddress) + $NewProxyAddresses
+                
+                Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "Set primary address for $($CurrentMailbox.DisplayName)" -Sev Info
+                $null = $results.Add('Success. Set new primary address.')
+            }
+            
+            # Remove specified aliases
+            if ($RemoveAliases) {
+                foreach ($Alias in $RemoveAliases) {
+                    # Normalize the alias format
+                    if ($Alias -notlike 'smtp:*') {
+                        $Alias = "smtp:$Alias"
+                    }
+                    # Remove the alias case-insensitively
+                    $NewProxyAddresses = $NewProxyAddresses | Where-Object { 
+                        $_.ToLower() -ne $Alias.ToLower() 
+                    }
+                }
+                Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "Removed Aliases from $($CurrentMailbox.DisplayName)" -Sev Info
+                $null = $results.Add('Success. Removed specified aliases from user.')
+            }
+
+            # Add new aliases
+            if ($Aliases) {
+                $AliasesToAdd = @()
+                foreach ($Alias in $Aliases) {
+                    # Normalize the alias format
+                    if ($Alias -notlike 'smtp:*') {
+                        $Alias = "smtp:$Alias"
+                    }
+                    # Check if the alias exists case-insensitively
+                    if (-not ($NewProxyAddresses | Where-Object { $_.ToLower() -eq $Alias.ToLower() })) {
+                        $AliasesToAdd = $AliasesToAdd + $Alias
+                    }
+                }
+                if ($AliasesToAdd.Count -gt 0) {
+                    $NewProxyAddresses = $NewProxyAddresses + $AliasesToAdd
+                    Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "Added Aliases to $($CurrentMailbox.DisplayName)" -Sev Info
+                    $null = $results.Add('Success. Added new aliases to user.')
+                }
+            }
+
+            # Update the mailbox with new proxy addresses
+            $Params = @{
+                Identity       = $UserObj.id
+                EmailAddresses = $NewProxyAddresses
+            }
+            $null = New-ExoRequest -tenantid $UserObj.tenantFilter -cmdlet 'Set-Mailbox' -cmdParams $Params -UseSystemMailbox $true
+        }
+        else {
+            $null = $results.Add('No alias changes specified.')
+        }
+    }
+    catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Headers -message "Alias management failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        $null = $results.Add("Failed to manage aliases: $($ErrorMessage.NormalizedError)")
+    }
+
+    $body = @{'Results' = @($results) }
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Body
+        })
+} 

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecGroupsDelete.ps1

@@ -14,14 +14,14 @@ Function Invoke-AddTeam {
     $Headers = $Request.Headers
     Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
 
-    $userobj = $Request.body
+    # Interact with the body of the request
+    $TeamObj = $Request.Body
+    $TenantID = $TeamObj.tenantid
 
-
-
-    $Owners = ($userobj.owner)
+    $Owners = ($TeamObj.owner)
     try {
         if ($null -eq $Owners) {
-            throw "You have to add at least one owner to the team"
+            throw 'You have to add at least one owner to the team'
         }
         $Owners = $Owners | ForEach-Object {
             $OwnerID = "https://graph.microsoft.com/beta/users('$($_)')"
@@ -34,28 +34,31 @@ Function Invoke-AddTeam {
 
         $TeamsSettings = [PSCustomObject]@{
             '[email protected]' = "https://graph.microsoft.com/v1.0/teamsTemplates('standard')"
-            'visibility'          = $userobj.visibility
-            'displayName'         = $userobj.displayname
-            'description'         = $userobj.description
-            'members'             = @($owners)
+            'visibility'          = $TeamObj.visibility
+            'displayName'         = $TeamObj.displayName
+            'description'         = $TeamObj.description
+            'members'             = @($Owners)
 
         } | ConvertTo-Json -Depth 10
+        # Write-Host $TeamsSettings
 
-        Write-Host $TeamsSettings
-        New-GraphPostRequest -AsApp $true -uri 'https://graph.microsoft.com/beta/teams' -tenantid $Userobj.tenantid -type POST -body $TeamsSettings -verbose
-        Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantid) -message "Added Team $($userobj.displayname)" -Sev 'Info'
-        $body = [pscustomobject]@{'Results' = 'Success. Team has been added' }
+        $null = New-GraphPostRequest -AsApp $true -uri 'https://graph.microsoft.com/beta/teams' -tenantid $TenantID -type POST -body $TeamsSettings -Verbose
+        $Message = "Successfully created Team: '$($TeamObj.displayName)'"
+        Write-LogMessage -headers $Headers -API $APINAME -tenant $TenantID -message $Message -Sev Info
+        $StatusCode = [HttpStatusCode]::OK
 
     } catch {
-        Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantid) -message "Adding Team failed. Error: $($_.Exception.Message)" -Sev 'Error'
-        $body = [pscustomobject]@{'Results' = "Failed. Error message: $($_.Exception.Message)" }
+        $ErrorMessage = Get-CippException -Exception $_
+        $Message = "Failed to create Team: '$($TeamObj.displayName)'. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APINAME -tenant $TenantID -message $Message -Sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::InternalServerError
     }
 
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-            StatusCode = [HttpStatusCode]::OK
-            Body       = $Body
+            StatusCode = $StatusCode
+            Body       = @{ Results = $Message }
         })
 
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-SetUserAliases.ps1

@@ -28,7 +28,7 @@ function Invoke-CIPPStandardActivityBasedTimeout {
         UPDATECOMMENTBLOCK
             Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     .LINK
-        https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#medium-impact
+        https://docs.cipp.app/user-documentation/tenant/standards/list-standards
     #>
 
     param($Tenant, $Settings)

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1

@@ -27,7 +27,7 @@ function Invoke-CIPPStandardAddDKIM {
         UPDATECOMMENTBLOCK
             Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     .LINK
-        https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact
+        https://docs.cipp.app/user-documentation/tenant/standards/list-standards
     #>
 
     param($Tenant, $Settings)

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1

@@ -25,7 +25,7 @@ function Invoke-CIPPStandardAnonReportDisable {
         UPDATECOMMENTBLOCK
             Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     .LINK
-        https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact
+        https://docs.cipp.app/user-documentation/tenant/standards/list-standards
     #>
 
     param($Tenant, $Settings)