Merge pull request #127 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Config/CyberEssentials.BPATemplate.json

@@ -92,7 +92,10 @@
         "isMFARegistered",
         "defaultMFAMethod"
       ],
-      "URL": "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails"
+      "URL": "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails",
+      "Parameters": {
+        "asApp": "True"
+      }
     }
   ]
 }

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertMFAAdmins.ps1

@@ -18,7 +18,7 @@ function Get-CIPPAlertMFAAdmins {
             }
         }
         if (!$DuoActive) {
-            $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$top=999&filter=IsAdmin eq true and isMfaRegistered eq false and userType eq 'member'&`$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered,IsAdmin" -tenantid $($TenantFilter) | Where-Object { $_.userDisplayName -ne 'On-Premises Directory Synchronization Service Account' }
+            $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$top=999&filter=IsAdmin eq true and isMfaRegistered eq false and userType eq 'member'&`$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered,IsAdmin" -tenantid $($TenantFilter) -AsApp $true | Where-Object { $_.userDisplayName -ne 'On-Premises Directory Synchronization Service Account' }
             if ($users.UserPrincipalName) {
                 $AlertData = "The following admins do not have MFA registered: $($users.UserPrincipalName -join ', ')"
                 Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertMFAAlertUsers.ps1

@@ -12,7 +12,7 @@ function Get-CIPPAlertMFAAlertUsers {
     )
     try {
 
-        $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$top=999&filter=IsAdmin eq false and isMfaRegistered eq false and userType eq 'member'&`$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered,IsAdmin" -tenantid $($TenantFilter) | Where-Object { $_.userDisplayName -ne 'On-Premises Directory Synchronization Service Account' }
+        $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$top=999&filter=IsAdmin eq false and isMfaRegistered eq false and userType eq 'member'&`$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered,IsAdmin" -tenantid $($TenantFilter) -AsApp $true | Where-Object { $_.userDisplayName -ne 'On-Premises Directory Synchronization Service Account' }
         if ($users.UserPrincipalName) {
             $AlertData = "The following $($users.Count) users do not have MFA registered: $($users.UserPrincipalName -join ', ')"
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData

Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-AuditLogSearchCreation.ps1

@@ -7,7 +7,7 @@ function Start-AuditLogSearchCreation {
     param()
     try {
         $ConfigTable = Get-CippTable -TableName 'WebhookRules'
-        $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable
+        $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable -Filter "PartitionKey eq 'Webhookv2'"
 
         $TenantList = Get-Tenants -IncludeErrors
         # Round time down to nearest minute

Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-BPAOrchestrator.ps1

@@ -30,10 +30,32 @@ function Start-BPAOrchestrator {
         }
 
         Write-Verbose 'Getting BPA templates'
+
+
         $BPATemplateTable = Get-CippTable -tablename 'templates'
         $Filter = "PartitionKey eq 'BPATemplate'"
-        $Templates = ((Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json).Name
+        try {
+            $TemplateRows = Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter
+
+            if (!$TemplateRows) {
+                $null = Get-ChildItem 'Config\*.BPATemplate.json' | ForEach-Object {
+                    $TemplateJson = Get-Content $_ | ConvertFrom-Json | ConvertTo-Json -Compress -Depth 10
+                    $Entity = @{
+                        JSON         = "$TemplateJson"
+                        RowKey       = "$($_.name)"
+                        PartitionKey = 'BPATemplate'
+                        GUID         = "$($_.name)"
+                    }
+                    Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force
+                }
+                $TemplateRows = Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter
+            }
 
+            $Templates = ($TemplateRows.JSON | ConvertFrom-Json).Name
+        } catch {
+            Write-LogMessage -API 'BestPracticeAnalyser' -message 'Could not get BPA templates' -sev Error
+            return $false
+        }
         Write-Verbose 'Creating orchestrator batch'
         $BPAReports = foreach ($Tenant in $TenantList) {
             foreach ($Template in $Templates) {

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1

@@ -7,7 +7,7 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP {
     .SYNOPSIS
         (Label) Disable SMTP Basic Authentication
     .DESCRIPTION
-        (Helptext) Disables SMTP AUTH for the organization and all users. This is the default for new tenants. 
+        (Helptext) Disables SMTP AUTH for the organization and all users. This is the default for new tenants.
         (DocsDescription) Disables SMTP basic authentication for the tenant and all users with it explicitly enabled.
     .NOTES
         CAT
@@ -75,24 +75,24 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP {
         if ($SMTPusers.Count -eq 0) {
             $LogMessage.add('SMTP Basic Authentication for all users is disabled')
         } else {
-            $LogMessage.add("SMTP Basic Authentication for the following $($SMTPusers.Count) users is not disabled: $($SMTPusers.PrimarySmtpAddress -join ',')")
+            $LogMessage.add("SMTP Basic Authentication for the following $($SMTPusers.Count) users is not disabled: $($SMTPusers.PrimarySmtpAddress -join ', ')")
         }
 
         if ($Settings.alert -eq $true) {
 
             if ($CurrentInfo.SmtpClientAuthenticationDisabled -and $SMTPusers.Count -eq 0) {
                 Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication for tenant and all users is disabled' -sev Info
             } else {
-                Write-LogMessage -API 'Standards' -tenant $tenant -message $LogMessage -sev Alert
+                Write-LogMessage -API 'Standards' -tenant $tenant -message ($LogMessage -join '') -sev Alert
             }
         }
 
         if ($Settings.report -eq $true) {
-
             if ($CurrentInfo.SmtpClientAuthenticationDisabled -and $SMTPusers.Count -eq 0) {
                 Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue $CurrentInfo.SmtpClientAuthenticationDisabled -StoreAs bool -Tenant $tenant
             } else {
-                Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue $LogMessage -StoreAs string -Tenant $tenant
+                $Logs = $LogMessage | Select-Object @{n = 'Message'; e = { $_ } }
+                Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue $Logs -StoreAs json -Tenant $tenant
             }
         }
     }

Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1

@@ -19,7 +19,7 @@ function New-PwPushLink {
             if ($PSCmdlet.ShouldProcess('Create a new PwPush link')) {
                 $Link = New-Push @PushParams
                 if ($Configuration.RetrievalStep) {
-                    return $Link.LinkRetrievalStep
+                    return $Link.LinkRetrievalStep -replace '/r/r', '/r'
                 }
                 return $Link.Link
             }