Merge pull request #545 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

CIPPHttpTrigger/function.json

@@ -7,50 +7,21 @@
       "type": "httpTrigger",
       "direction": "in",
       "name": "Request",
-      "methods": ["get", "post"],
-      "route": "{CIPPEndpoint}"
+      "methods": [
+        "get",
+        "post",
+        "patch",
+        "put",
+        "delete",
+        "options"
+      ],
+      "route": "{*CIPPEndpoint}"
     },
     {
       "type": "http",
       "direction": "out",
       "name": "Response"
     },
-    {
-      "type": "queue",
-      "direction": "out",
-      "name": "QueueItem",
-      "queueName": "CIPPGenericQueue"
-    },
-    {
-      "type": "queue",
-      "direction": "out",
-      "name": "Subscription",
-      "queueName": "AlertSubscriptions"
-    },
-    {
-      "type": "queue",
-      "direction": "out",
-      "name": "gradientqueue",
-      "queueName": "billqueue"
-    },
-    {
-      "type": "queue",
-      "direction": "out",
-      "name": "alertqueue",
-      "queueName": "alertqueue"
-    },
-    {
-      "type": "queue",
-      "direction": "out",
-      "name": "incidentqueue",
-      "queueName": "incidentqueue"
-    },
-    {
-      "type": "queue",
-      "direction": "out",
-      "name": "offboardingmailbox",
-      "queueName": "offboardingmailbox"
-    },
     {
       "name": "starter",
       "type": "durableClient",

Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1

@@ -229,7 +229,7 @@ function Add-CIPPAzDataTableEntity {
                     throw "Error processing entity: $ErrorMessage Linenumber: $($_.InvocationInfo.ScriptLineNumber)"
                 }
             } else {
-                Write-Information ($_.Exception | ConvertTo-Json)
+                try { Write-Information ($_.Exception | ConvertTo-Json) } catch { Write-Information $_.Exception }
                 Write-Information "THE ERROR IS $($_.Exception.message). The size of the entity is $entitySize."
                 Write-Information "Parameters are: $($Parameters | ConvertTo-Json -Compress)"
                 Write-Information $_.InvocationInfo.PositionMessage

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogBundleProcessing.ps1

@@ -0,0 +1,72 @@
+function Push-AuditLogSearchCreation {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+    #>
+    [CmdletBinding(SupportsShouldProcess = $true)]
+    param($Item)
+
+    # Get params from batch item
+    $Tenant = $Item.Tenant
+    $StartTime = $Item.StartTime
+    $EndTime = $Item.EndTime
+    $ServiceFilters = @($Item.ServiceFilters)
+
+    try {
+        $LogSearch = @{
+            StartTime         = $StartTime
+            EndTime           = $EndTime
+            ServiceFilters    = $ServiceFilters
+            TenantFilter      = $Tenant.defaultDomainName
+            ProcessLogs       = $true
+            RecordTypeFilters = @(
+                'exchangeAdmin', 'azureActiveDirectory', 'azureActiveDirectoryAccountLogon', 'dataCenterSecurityCmdlet',
+                'complianceDLPSharePoint', 'complianceDLPExchange', 'azureActiveDirectoryStsLogon', 'skypeForBusinessPSTNUsage',
+                'skypeForBusinessUsersBlocked', 'securityComplianceCenterEOPCmdlet', 'microsoftFlow', 'aeD', 'microsoftStream',
+                'threatFinder', 'project', 'dataGovernance', 'securityComplianceAlerts', 'threatIntelligenceUrl',
+                'securityComplianceInsights', 'mipLabel', 'workplaceAnalytics', 'powerAppsApp', 'powerAppsPlan',
+                'threatIntelligenceAtpContent', 'labelContentExplorer', 'hygieneEvent',
+                'dataInsightsRestApiAudit', 'informationBarrierPolicyApplication', 'microsoftTeamsAdmin', 'hrSignal',
+                'informationWorkerProtection', 'campaign', 'dlpEndpoint', 'airInvestigation', 'quarantine', 'microsoftForms',
+                'applicationAudit', 'complianceSupervisionExchange', 'customerKeyServiceEncryption', 'officeNative',
+                'mipAutoLabelSharePointItem', 'mipAutoLabelSharePointPolicyLocation', 'secureScore',
+                'mipAutoLabelExchangeItem', 'cortanaBriefing', 'search', 'wdatpAlerts', 'powerPlatformAdminDlp',
+                'powerPlatformAdminEnvironment', 'mdatpAudit', 'sensitivityLabelPolicyMatch', 'sensitivityLabelAction',
+                'sensitivityLabeledFileAction', 'attackSim', 'airManualInvestigation', 'securityComplianceRBAC', 'userTraining',
+                'airAdminActionInvestigation', 'mstic', 'physicalBadgingSignal', 'aipDiscover', 'aipSensitivityLabelAction',
+                'aipProtectionAction', 'aipFileDeleted', 'aipHeartBeat', 'mcasAlerts', 'onPremisesFileShareScannerDlp',
+                'onPremisesSharePointScannerDlp', 'exchangeSearch', 'privacyDataMinimization', 'labelAnalyticsAggregate',
+                'myAnalyticsSettings', 'securityComplianceUserChange', 'complianceDLPExchangeClassification',
+                'complianceDLPEndpoint', 'mipExactDataMatch', 'msdeResponseActions', 'msdeGeneralSettings', 'msdeIndicatorsSettings',
+                'ms365DCustomDetection', 'msdeRolesSettings', 'mapgAlerts', 'mapgPolicy', 'mapgRemediation',
+                'privacyRemediationAction', 'privacyDigestEmail', 'mipAutoLabelSimulationProgress', 'mipAutoLabelSimulationCompletion',
+                'mipAutoLabelProgressFeedback', 'dlpSensitiveInformationType', 'mipAutoLabelSimulationStatistics',
+                'largeContentMetadata', 'microsoft365Group', 'cdpMlInferencingResult', 'filteringMailMetadata',
+                'cdpClassificationMailItem', 'cdpClassificationDocument', 'officeScriptsRunAction', 'filteringPostMailDeliveryAction',
+                'cdpUnifiedFeedback', 'tenantAllowBlockList', 'consumptionResource', 'healthcareSignal', 'dlpImportResult',
+                'cdpCompliancePolicyExecution', 'multiStageDisposition', 'privacyDataMatch', 'filteringDocMetadata',
+                'filteringEmailFeatures', 'powerBIDlp', 'filteringUrlInfo', 'filteringAttachmentInfo', 'coreReportingSettings',
+                'complianceConnector', 'powerPlatformLockboxResourceAccessRequest', 'powerPlatformLockboxResourceCommand',
+                'cdpPredictiveCodingLabel', 'cdpCompliancePolicyUserFeedback', 'webpageActivityEndpoint', 'omePortal',
+                'cmImprovementActionChange', 'filteringUrlClick', 'mipLabelAnalyticsAuditRecord', 'filteringEntityEvent',
+                'filteringRuleHits', 'filteringMailSubmission', 'labelExplorer', 'microsoftManagedServicePlatform',
+                'powerPlatformServiceActivity', 'scorePlatformGenericAuditRecord', 'filteringTimeTravelDocMetadata', 'alert',
+                'alertStatus', 'alertIncident', 'incidentStatus', 'case', 'caseInvestigation', 'recordsManagement',
+                'privacyRemediation', 'dataShareOperation', 'cdpDlpSensitive', 'ehrConnector', 'filteringMailGradingResult',
+                'microsoftTodoAudit', 'timeTravelFilteringDocMetadata', 'microsoftDefenderForIdentityAudit',
+                'supervisoryReviewDayXInsight', 'defenderExpertsforXDRAdmin', 'cdpEdgeBlockedMessage', 'hostedRpa',
+                'cdpContentExplorerAggregateRecord', 'cdpHygieneAttachmentInfo', 'cdpHygieneSummary', 'cdpPostMailDeliveryAction',
+                'cdpEmailFeatures', 'cdpHygieneUrlInfo', 'cdpUrlClick', 'cdpPackageManagerHygieneEvent', 'filteringDocScan',
+                'timeTravelFilteringDocScan', 'mapgOnboard'
+            )
+        }
+        if ($PSCmdlet.ShouldProcess('Push-AuditLogSearchCreation', 'Creating Audit Log Search')) {
+            $NewSearch = New-CippAuditLogSearch @LogSearch
+            Write-Information "Created audit log search $($Tenant.defaultDomainName) - $($NewSearch.displayName)"
+        }
+    } catch {
+        Write-Information "Error creating audit log search $($Tenant.defaultDomainName) - $($_.Exception.Message)"
+        Write-Information $_.InvocationInfo.PositionMessage
+    }
+    return $true
+}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogSearchCreation.ps1

@@ -13,7 +13,22 @@ function New-CippCoreRequest {
     param($Request, $TriggerMetadata)
 
     $FunctionName = 'Invoke-{0}' -f $Request.Params.CIPPEndpoint
-    Write-Information "API: $($Request.Params.CIPPEndpoint)"
+    Write-Information "API Endpoint: $($Request.Params.CIPPEndpoint) | Frontend Version: $($Request.Headers.'X-CIPP-Version' ?? 'Not specified')"
+
+    if ($Request.Headers.'X-CIPP-Version') {
+        $Table = Get-CippTable -tablename 'Version'
+        $FrontendVer = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Version' and RowKey eq 'frontend'"
+
+        if (!$FrontendVer -or ([semver]$FrontendVer.Version -lt [semver]$Request.Headers.'X-CIPP-Version')) {
+            Add-CIPPAzDataTableEntity @Table -Entity ([pscustomobject]@{
+                    PartitionKey = 'Version'
+                    RowKey       = 'frontend'
+                    Version      = $Request.Headers.'X-CIPP-Version'
+                }) -Force
+        } elseif ([semver]$FrontendVer.Version -gt [semver]$Request.Headers.'X-CIPP-Version') {
+            Write-Warning "Client version $($Request.Headers.'X-CIPP-Version') is older than the current frontend version $($FrontendVer.Version)"
+        }
+    }
 
     $HttpTrigger = @{
         Request         = [pscustomobject]($Request)

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/New-CippCoreRequest.ps1

@@ -29,7 +29,7 @@ function Start-AuditLogSearchCreation {
 
         Write-Information 'Audit Logs: Creating new searches'
 
-        foreach ($Tenant in $TenantList) {
+        $Batch = foreach ($Tenant in $TenantList) {
             Write-Information "Processing tenant $($Tenant.defaultDomainName) - $($Tenant.customerId)"
             $TenantInConfig = $false
             $MatchingConfigs = [System.Collections.Generic.List[object]]::new()
@@ -50,64 +50,27 @@ function Start-AuditLogSearchCreation {
             }
 
             if ($MatchingConfigs) {
-                $ServiceFilters = $MatchingConfigs | Select-Object -Property type | Sort-Object -Property type -Unique | ForEach-Object { $_.type.split('.')[1] }
-                try {
-                    $LogSearch = @{
-                        StartTime         = $StartTime
-                        EndTime           = $EndTime
-                        ServiceFilters    = $ServiceFilters
-                        TenantFilter      = $Tenant.defaultDomainName
-                        ProcessLogs       = $true
-                        RecordTypeFilters = @(
-                            'exchangeAdmin', 'azureActiveDirectory', 'azureActiveDirectoryAccountLogon', 'dataCenterSecurityCmdlet',
-                            'complianceDLPSharePoint', 'complianceDLPExchange', 'azureActiveDirectoryStsLogon', 'skypeForBusinessPSTNUsage',
-                            'skypeForBusinessUsersBlocked', 'securityComplianceCenterEOPCmdlet', 'microsoftFlow', 'aeD', 'microsoftStream',
-                            'threatFinder', 'project', 'dataGovernance', 'securityComplianceAlerts', 'threatIntelligenceUrl',
-                            'securityComplianceInsights', 'mipLabel', 'workplaceAnalytics', 'powerAppsApp', 'powerAppsPlan',
-                            'threatIntelligenceAtpContent', 'labelContentExplorer', 'hygieneEvent',
-                            'dataInsightsRestApiAudit', 'informationBarrierPolicyApplication', 'microsoftTeamsAdmin', 'hrSignal',
-                            'informationWorkerProtection', 'campaign', 'dlpEndpoint', 'airInvestigation', 'quarantine', 'microsoftForms',
-                            'applicationAudit', 'complianceSupervisionExchange', 'customerKeyServiceEncryption', 'officeNative',
-                            'mipAutoLabelSharePointItem', 'mipAutoLabelSharePointPolicyLocation', 'secureScore',
-                            'mipAutoLabelExchangeItem', 'cortanaBriefing', 'search', 'wdatpAlerts', 'powerPlatformAdminDlp',
-                            'powerPlatformAdminEnvironment', 'mdatpAudit', 'sensitivityLabelPolicyMatch', 'sensitivityLabelAction',
-                            'sensitivityLabeledFileAction', 'attackSim', 'airManualInvestigation', 'securityComplianceRBAC', 'userTraining',
-                            'airAdminActionInvestigation', 'mstic', 'physicalBadgingSignal', 'aipDiscover', 'aipSensitivityLabelAction',
-                            'aipProtectionAction', 'aipFileDeleted', 'aipHeartBeat', 'mcasAlerts', 'onPremisesFileShareScannerDlp',
-                            'onPremisesSharePointScannerDlp', 'exchangeSearch', 'privacyDataMinimization', 'labelAnalyticsAggregate',
-                            'myAnalyticsSettings', 'securityComplianceUserChange', 'complianceDLPExchangeClassification',
-                            'complianceDLPEndpoint', 'mipExactDataMatch', 'msdeResponseActions', 'msdeGeneralSettings', 'msdeIndicatorsSettings',
-                            'ms365DCustomDetection', 'msdeRolesSettings', 'mapgAlerts', 'mapgPolicy', 'mapgRemediation',
-                            'privacyRemediationAction', 'privacyDigestEmail', 'mipAutoLabelSimulationProgress', 'mipAutoLabelSimulationCompletion',
-                            'mipAutoLabelProgressFeedback', 'dlpSensitiveInformationType', 'mipAutoLabelSimulationStatistics',
-                            'largeContentMetadata', 'microsoft365Group', 'cdpMlInferencingResult', 'filteringMailMetadata',
-                            'cdpClassificationMailItem', 'cdpClassificationDocument', 'officeScriptsRunAction', 'filteringPostMailDeliveryAction',
-                            'cdpUnifiedFeedback', 'tenantAllowBlockList', 'consumptionResource', 'healthcareSignal', 'dlpImportResult',
-                            'cdpCompliancePolicyExecution', 'multiStageDisposition', 'privacyDataMatch', 'filteringDocMetadata',
-                            'filteringEmailFeatures', 'powerBIDlp', 'filteringUrlInfo', 'filteringAttachmentInfo', 'coreReportingSettings',
-                            'complianceConnector', 'powerPlatformLockboxResourceAccessRequest', 'powerPlatformLockboxResourceCommand',
-                            'cdpPredictiveCodingLabel', 'cdpCompliancePolicyUserFeedback', 'webpageActivityEndpoint', 'omePortal',
-                            'cmImprovementActionChange', 'filteringUrlClick', 'mipLabelAnalyticsAuditRecord', 'filteringEntityEvent',
-                            'filteringRuleHits', 'filteringMailSubmission', 'labelExplorer', 'microsoftManagedServicePlatform',
-                            'powerPlatformServiceActivity', 'scorePlatformGenericAuditRecord', 'filteringTimeTravelDocMetadata', 'alert',
-                            'alertStatus', 'alertIncident', 'incidentStatus', 'case', 'caseInvestigation', 'recordsManagement',
-                            'privacyRemediation', 'dataShareOperation', 'cdpDlpSensitive', 'ehrConnector', 'filteringMailGradingResult',
-                            'microsoftTodoAudit', 'timeTravelFilteringDocMetadata', 'microsoftDefenderForIdentityAudit',
-                            'supervisoryReviewDayXInsight', 'defenderExpertsforXDRAdmin', 'cdpEdgeBlockedMessage', 'hostedRpa',
-                            'cdpContentExplorerAggregateRecord', 'cdpHygieneAttachmentInfo', 'cdpHygieneSummary', 'cdpPostMailDeliveryAction',
-                            'cdpEmailFeatures', 'cdpHygieneUrlInfo', 'cdpUrlClick', 'cdpPackageManagerHygieneEvent', 'filteringDocScan',
-                            'timeTravelFilteringDocScan', 'mapgOnboard'
-                        )
-                    }
-                    if ($PSCmdlet.ShouldProcess('Start-AuditLogSearchCreation', 'Creating Audit Log Search')) {
-                        $NewSearch = New-CippAuditLogSearch @LogSearch
-                        Write-Information "Created audit log search $($Tenant.defaultDomainName) - $($NewSearch.displayName)"
-                    }
-                } catch {
-                    Write-Information "Error creating audit log search $($Tenant.defaultDomainName) - $($_.Exception.Message)"
+                [PSCustomObject]@{
+                    FunctionName   = 'AuditLogSearchCreation'
+                    Tenant         = $Tenant | Select-Object defaultDomainName, customerId, displayName
+                    StartTime      = $StartTime
+                    EndTime        = $EndTime
+                    ServiceFilters = @($MatchingConfigs | Select-Object -Property type | Sort-Object -Property type -Unique | ForEach-Object { $_.type.split('.')[1] })
                 }
             }
         }
+
+        if (($Batch | Measure-Object).Count -gt 0) {
+            $InputObject = [PSCustomObject]@{
+                Batch            = @($Batch)
+                OrchestratorName = 'AuditLogSearchCreation'
+                SkipLog          = $true
+            }
+            Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
+            Write-Information "Started Audit Log search creation orchestratorwith $($Batch.Count) tenants"
+        } else {
+            Write-Information 'No tenants found for Audit Log search creation'
+        }
     } catch {
         Write-LogMessage -API 'Audit Logs' -message 'Error creating audit log searches' -sev Error -LogData (Get-CippException -Exception $_)
         Write-Information ( 'Audit logs error {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message)

Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-AuditLogSearchCreation.ps1

@@ -10,7 +10,7 @@ function Get-CIPPTimerFunctions {
 
     # Check running nodes
     $VersionTable = Get-CIPPTable -tablename 'Version'
-    $Nodes = Get-CIPPAzDataTableEntity @VersionTable -Filter "PartitionKey eq 'Version' and RowKey ne 'Version'"
+    $Nodes = Get-CIPPAzDataTableEntity @VersionTable -Filter "PartitionKey eq 'Version' and RowKey ne 'Version' and RowKey ne 'frontend'"
 
     $FunctionName = $env:WEBSITE_SITE_NAME
     $MainFunctionVersion = ($Nodes | Where-Object { $_.RowKey -eq $FunctionName }).Version