Merge pull request #187 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

AddChocoApp/IntunePackage/Install.ps1

@@ -19,13 +19,13 @@ param (
 
 try {
     if ($Trace) { Start-Transcript -Path (Join-Path $env:windir "\temp\choco-$Packagename-trace.log") }
-    $chocoPath = "$($ENV:SystemDrive)\ProgramData\chocolatey\bin\choco.exe"
+    $chocoPath = "$($env:SystemDrive)\ProgramData\chocolatey\bin\choco.exe"
 
     if ($InstallChoco) {
         if (-not (Test-Path $chocoPath)) {
             try {
                 Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
-                $chocoPath = "$($ENV:SystemDrive)\ProgramData\chocolatey\bin\choco.exe"
+                $chocoPath = "$($env:SystemDrive)\ProgramData\chocolatey\bin\choco.exe"
             }
             catch {
                 Write-Host "InstallChoco Error: $($_.Exception.Message)"
@@ -45,7 +45,7 @@ try {
             & "$chocoPath" install $Packagename -y $CustomRepoString
         }
         Write-Host 'Completed.'
-    }  
+    }
     catch {
         Write-Host "Install/upgrade error: $($_.Exception.Message)"
     }

AddChocoApp/IntunePackage/Uninstall.ps1

@@ -4,6 +4,6 @@ param (
     [string]
     $Packagename
 )
-$chocoPath = "$($ENV:SystemDrive)\ProgramData\chocolatey\bin\choco.exe"
+$chocoPath = "$($env:SystemDrive)\ProgramData\chocolatey\bin\choco.exe"
 & $Chocopath uninstall $Packagename -y
 

Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1

@@ -5,7 +5,7 @@ function Add-CIPPApplicationPermission {
         $ApplicationId,
         $Tenantfilter
     )
-    if ($ApplicationId -eq $ENV:ApplicationID -and $Tenantfilter -eq $env:TenantID) {
+    if ($ApplicationId -eq $env:ApplicationID -and $Tenantfilter -eq $env:TenantID) {
         #return @('Cannot modify application permissions for CIPP-SAM on partner tenant')
         $RequiredResourceAccess = 'CIPPDefaults'
     }

Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1

@@ -9,7 +9,7 @@ function Add-CIPPDelegatedPermission {
     Write-Host 'Adding Delegated Permissions'
     Set-Location (Get-Item $PSScriptRoot).FullName
 
-    if ($ApplicationId -eq $ENV:ApplicationID -and $Tenantfilter -eq $env:TenantID) {
+    if ($ApplicationId -eq $env:ApplicationID -and $Tenantfilter -eq $env:TenantID) {
         #return @('Cannot modify delgated permissions for CIPP-SAM on partner tenant')
         $RequiredResourceAccess = 'CIPPDefaults'
     }

Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1

@@ -7,7 +7,8 @@ function Get-CippApiAuth {
     if ($env:MSI_SECRET) {
         Disable-AzContextAutosave -Scope Process | Out-Null
         $null = Connect-AzAccount -Identity
-        $SubscriptionId = $ENV:WEBSITE_OWNER_NAME -split '\+' | Select-Object -First 1
+        $SubscriptionId = $env:WEBSITE_OWNER_NAME -split '\+' | Select-Object -First 1
+        $Context = Set-AzContext -SubscriptionId $SubscriptionId
     } else {
         $Context = Get-AzContext
         $SubscriptionId = $Context.Subscription.Id

Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1

@@ -55,12 +55,13 @@ function New-CIPPAPIConfig {
                         enableAccessTokenIssuance = $false
                         enableIdTokenIssuance     = $true
                     }
-                    redirectUris          = @("https://$($ENV:Website_hostname)/.auth/login/aad/callback")
+                    redirectUris          = @("https://$($env:WEBSITE_HOSTNAME)/.auth/login/aad/callback")
                 }
             } | ConvertTo-Json -Depth 10 -Compress
 
             if ($PSCmdlet.ShouldProcess($AppName, 'Create API App')) {
                 Write-Information 'Creating app'
+                Write-Information $CreateBody
                 $APIApp = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/applications' -AsApp $true -NoAuthCheck $true -type POST -body $CreateBody
                 Write-Information 'Creating password'
                 $APIPassword = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/addPassword" -AsApp $true -NoAuthCheck $true -type POST -body "{`"passwordCredential`":{`"displayName`":`"Generated by API Setup`"}}"
@@ -118,9 +119,6 @@ function New-CIPPAPIConfig {
         $ErrorMessage = Get-CippException -Exception $_
         Write-Information ($ErrorMessage | ConvertTo-Json -Depth 10)
         Write-LogMessage -headers $Headers -API $APINAME -tenant 'None' -message "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError) Linenumber: $($_.InvocationInfo.ScriptLineNumber)" -Sev 'Error' -LogData $ErrorMessage
-        return @{
-            Results = "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError)"
-        }
-
+        throw "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError)"
     }
 }

Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1

@@ -10,7 +10,7 @@ function Set-CippApiAuth {
     if ($env:MSI_SECRET) {
         Disable-AzContextAutosave -Scope Process | Out-Null
         $null = Connect-AzAccount -Identity
-        $SubscriptionId = $ENV:WEBSITE_OWNER_NAME -split '\+' | Select-Object -First 1
+        $SubscriptionId = $env:WEBSITE_OWNER_NAME -split '\+' | Select-Object -First 1
         $Context = Set-AzContext -SubscriptionId $SubscriptionId
     } else {
         $Context = Get-AzContext
@@ -20,6 +20,8 @@ function Set-CippApiAuth {
     # Get auth settings
     $AuthSettings = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2/list?api-version=2020-06-01" | Select-Object -ExpandProperty Content | ConvertFrom-Json
 
+    Write-Information "AuthSettings: $($AuthSettings | ConvertTo-Json -Depth 10)"
+
     # Set allowed audiences
     $AllowedAudiences = foreach ($ClientId in $ClientIds) {
         "api://$ClientId"

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BEC/Push-BECRun.ps1

@@ -96,7 +96,8 @@ function Push-BECRun {
         Write-Information 'Getting rules'
 
         try {
-            $RulesLog = New-ExoRequest -cmdlet 'Get-InboxRule' -tenantid $TenantFilter -cmdParams @{ Mailbox = $Username; IncludeHidden = $true } -Anchor $Username
+            $RulesLog = New-ExoRequest -cmdlet 'Get-InboxRule' -tenantid $TenantFilter -cmdParams @{ Mailbox = $Username; IncludeHidden = $true } -Anchor $Username |
+                Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' }
         } catch {
             Write-Host 'Failed to get rules: ' + $_.Exception.Message
             $RulesLog = @()

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1

@@ -315,8 +315,8 @@ Function Push-ExecOnboardTenantQueue {
                     $LastCPVError = ''
                     do {
                         try {
-                            Add-CIPPApplicationPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Relationship.customer.tenantId
-                            Add-CIPPDelegatedPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Relationship.customer.tenantId
+                            Add-CIPPApplicationPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $env:ApplicationID -tenantfilter $Relationship.customer.tenantId
+                            Add-CIPPDelegatedPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $env:ApplicationID -tenantfilter $Relationship.customer.tenantId
                             $CPVSuccess = $true
                             $Refreshing = $false
                         } catch {

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1

@@ -16,15 +16,15 @@ function Push-UpdatePermissionsQueue {
         $Table = Get-CIPPTable -TableName cpvtenants
         $CPVRows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Tenant -EQ $Item.customerId
 
-        if (!$CPVRows -or $ENV:ApplicationID -notin $CPVRows.applicationId) {
+        if (!$CPVRows -or $env:ApplicationID -notin $CPVRows.applicationId) {
             Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message 'A New tenant has been added, or a new CIPP-SAM Application is in use' -Sev 'Warn' -API 'NewTenant'
             Write-Information 'Adding CPV permissions'
             Set-CIPPCPVConsent -Tenantfilter $Item.customerId
             $DomainRefreshRequired = $true
         }
         Write-Information 'Updating permissions'
-        Add-CIPPApplicationPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
-        Add-CIPPDelegatedPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
+        Add-CIPPApplicationPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $env:ApplicationID -tenantfilter $Item.customerId
+        Add-CIPPDelegatedPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $env:ApplicationID -tenantfilter $Item.customerId
         Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.displayName)" -Sev 'Info' -API 'UpdatePermissionsQueue'
 
         if ($Item.defaultDomainName -ne 'PartnerTenant') {
@@ -36,7 +36,7 @@ function Push-UpdatePermissionsQueue {
         $unixtime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
         $GraphRequest = @{
             LastApply     = "$unixtime"
-            applicationId = "$($ENV:ApplicationID)"
+            applicationId = "$($env:ApplicationID)"
             Tenant        = "$($Item.customerId)"
             PartitionKey  = 'Tenant'
             RowKey        = "$($Item.customerId)"