Merge branch 'dev' of https://github.com/Jr7468/CIPP-API into dev

Author: Jr7468

DomainAnalyser_All/run.ps1

@@ -42,6 +42,7 @@ $Result = [PSCustomObject]@{
     ExpectedSPFRecord    = ''
     ActualSPFRecord      = ''
     SPFPassAll           = ''
+    ActualMXRecords      = ''
     MXPassTest           = ''
     DMARCPresent         = ''
     DMARCFullPolicy      = ''
@@ -79,6 +80,7 @@ $MXRecord = Read-MXRecord -Domain $Domain -ErrorAction Stop
 
 $Result.ExpectedSPFRecord = $MXRecord.ExpectedInclude
 $Result.MXPassTest = $false
+$Result.ActualMXRecords = $MXRecord.Records
 
 # Check fail counts to ensure all tests pass
 #$MXWarnCount = $MXRecord.ValidationWarns | Measure-Object | Select-Object -ExpandProperty Count

Durable_BECRun/run.ps1

@@ -2,46 +2,45 @@ param($Context)
 #$Context does not allow itself to be cast to a pscustomobject for some reason, so we convert
 $context = $Context | ConvertTo-Json | ConvertFrom-Json
 $APIName = $TriggerMetadata.FunctionName
-Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME  -message "Accessed this API" -Sev "Debug"
+Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 $TenantFilter = $Context.input.tenantfilter
 $SuspectUser = $Context.input.userid
 $UserName = $Context.input.username
 Write-Host "Working on $UserName"
 try {
   $startDate = (Get-Date).AddDays(-7)
   $endDate = (Get-Date)
-  $auditLog = (New-ExoRequest -tenantid $Tenantfilter -cmdlet "Get-AdminAuditLogConfig").UnifiedAuditLogIngestionEnabled 
+  $auditLog = (New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-AdminAuditLogConfig').UnifiedAuditLogIngestionEnabled 
   $7dayslog = if ($auditLog -eq $false) {
-    $ExtractResult = "AuditLog is disabled. Cannot perform full analysis"
-  }
-  else {
+    $ExtractResult = 'AuditLog is disabled. Cannot perform full analysis'
+  } else {
     $sessionid = Get-Random -Minimum 10000 -Maximum 99999
     $operations = @(
-      "New-InboxRule",
-      "Set-InboxRule",
-      "UpdateInboxRules",
-      "Remove-MailboxPermission",
-      "Add-MailboxPermission",
-      "UpdateCalendarDelegation",
-      "AddFolderPermissions",
-      "MailboxLogin",
-      "UserLoggedIn"
+      'New-InboxRule',
+      'Set-InboxRule',
+      'UpdateInboxRules',
+      'Remove-MailboxPermission',
+      'Add-MailboxPermission',
+      'UpdateCalendarDelegation',
+      'AddFolderPermissions',
+      'MailboxLogin',
+      'UserLoggedIn'
     )
     $startDate = (Get-Date).AddDays(-7)
     $endDate = (Get-Date)
     $SearchParam = @{
-      SessionCommand = "ReturnLargeSet"
+      SessionCommand = 'ReturnLargeSet'
       Operations     = $operations
       sessionid      = $sessionid
       startDate      = $startDate
       endDate        = $endDate
     }
     do {
-      New-ExoRequest -tenantid $Tenantfilter -cmdlet "Search-unifiedAuditLog" -cmdParams $SearchParam -Anchor $Username
+      New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Search-unifiedAuditLog' -cmdParams $SearchParam -Anchor $Username
       Write-Host "Retrieved $($logsTenant.count) logs" -ForegroundColor Yellow
       $logsTenant
     } while ($LogsTenant.count % 5000 -eq 0 -and $LogsTenant.count -ne 0)
-    $ExtractResult = "Succesfully extracted logs from auditlog"
+    $ExtractResult = 'Succesfully extracted logs from auditlog'
   }
   Try {
     $URI = "https://graph.microsoft.com/beta/auditLogs/signIns?`$filter=(userId eq '$SuspectUser')&`$top=1&`$orderby=createdDateTime desc" 
@@ -50,29 +49,26 @@ try {
     @{ Name = 'AppDisplayName'; Expression = { $_.resourceDisplayName } },
     @{ Name = 'Status'; Expression = { if (($_.conditionalAccessStatus -eq 'Success' -or 'Not Applied') -and $_.status.errorCode -eq 0) { 'Success' } else { 'Failed' } } },
     @{ Name = 'IPAddress'; Expression = { $_.ipAddress } }
-  }
-  catch {
+  } catch {
     $LastSignIn = [PSCustomObject]@{
-      AppDisplayName  = "Unknown - could not retrieve information. No access to sign-in logs"
-      CreatedDateTime = "Unknown"
-      Id              = "0"
-      Status          = "Could not retrieve additional details"
+      AppDisplayName  = 'Unknown - could not retrieve information. No access to sign-in logs'
+      CreatedDateTime = 'Unknown'
+      Id              = '0'
+      Status          = 'Could not retrieve additional details'
     }
   }
   #List all users devices
   $Bytes = [System.Text.Encoding]::UTF8.GetBytes($SuspectUser)
   $base64IdentityParam = [Convert]::ToBase64String($Bytes)
   Try {
     $Devices = New-GraphGetRequest -uri "https://outlook.office365.com:443/adminapi/beta/$($TenantFilter)/mailbox('$($base64IdentityParam)')/MobileDevice/Exchange.GetMobileDeviceStatistics()/?IsEncoded=True" -Tenantid $tenantfilter -scope ExchangeOnline
-  }
-  catch {
+  } catch {
     $Devices = $null
   }
-  $PermissionsLog = ($7dayslog | Where-Object -Property Operations -In "Remove-MailboxPermission", "Add-MailboxPermission", "UpdateCalendarDelegation", "AddFolderPermissions" ).AuditData | ConvertFrom-Json -Depth 100 | ForEach-Object {
+  $PermissionsLog = ($7dayslog | Where-Object -Property Operations -In 'Remove-MailboxPermission', 'Add-MailboxPermission', 'UpdateCalendarDelegation', 'AddFolderPermissions' ).AuditData | ConvertFrom-Json -Depth 100 | ForEach-Object {
     $perms = if ($_.Parameters) {
-      $_.Parameters | ForEach-Object { if ($_.Name -eq "AccessRights") { $_.Value } }
-    }
-    else
+      $_.Parameters | ForEach-Object { if ($_.Name -eq 'AccessRights') { $_.Value } }
+    } else
     { $_.item.ParentFolder.MemberRights }
     $objectID = if ($_.ObjectID) { $_.ObjectID } else { $($_.MailboxOwnerUPN) + $_.item.ParentFolder.Path }
     [pscustomobject]@{
@@ -83,43 +79,42 @@ try {
     }
   }
 
-  $RulesLog = @(($7dayslog | Where-Object -Property Operations -In "New-InboxRule", "Set-InboxRule", "UpdateInboxRules").AuditData | ConvertFrom-Json) | ForEach-Object {
+  $RulesLog = @(($7dayslog | Where-Object -Property Operations -In 'New-InboxRule', 'Set-InboxRule', 'UpdateInboxRules').AuditData | ConvertFrom-Json) | ForEach-Object {
     Write-Host ($_ | ConvertTo-Json)
     [pscustomobject]@{
       ClientIP      = $_.ClientIP
       CreationTime  = $_.CreationTime
       UserId        = $_.UserId
-      RuleName      = ($_.OperationProperties | ForEach-Object { if ($_.Name -eq "RuleName") { $_.Value } })
-      RuleCondition = ($_.OperationProperties | ForEach-Object { if ($_.Name -eq "RuleCondition") { $_.Value } })
+      RuleName      = ($_.OperationProperties | ForEach-Object { if ($_.Name -eq 'RuleName') { $_.Value } })
+      RuleCondition = ($_.OperationProperties | ForEach-Object { if ($_.Name -eq 'RuleCondition') { $_.Value } })
     }
   }
   $PasswordChanges = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`select=lastPasswordChangeDateTime,displayname,UserPrincipalName" -Tenantid $tenantfilter | Where-Object { $_.lastPasswordChangeDateTime -gt $startDate }
-  $NewUsers = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users?`$select=displayname,UserPrincipalName,CreatedDateTime"  -Tenantid $tenantfilter | Where-Object { $_.CreatedDateTime -gt $startDate }
+  $NewUsers = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users?`$select=displayname,UserPrincipalName,CreatedDateTime" -Tenantid $tenantfilter | Where-Object { $_.CreatedDateTime -gt $startDate }
   $MFADevices = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($SuspectUser)/authentication/methods" -Tenantid $tenantfilter
   $NewSPs = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/servicePrincipals?`$select=displayName,createdDateTime,id,AppDisplayName&`$filter=createdDateTime ge $($startDate.ToString('yyyy-MM-ddTHH:mm:ssZ'))" -Tenantid $tenantfilter
-  $Last50Logons = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/auditLogs/signIns?`$top=50&`$orderby=createdDateTime desc"  -tenantid $TenantFilter -noPagination $true -verbose | Select-Object @{ Name = 'CreatedDateTime'; Expression = { $(($_.createdDateTime | Out-String) -replace '\r\n') } },
+  $Last50Logons = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/auditLogs/signIns?`$top=50&`$orderby=createdDateTime desc" -tenantid $TenantFilter -noPagination $true -verbose | Select-Object @{ Name = 'CreatedDateTime'; Expression = { $(($_.createdDateTime | Out-String) -replace '\r\n') } },
   id,
   @{ Name = 'AppDisplayName'; Expression = { $_.resourceDisplayName } },
   @{ Name = 'Status'; Expression = { if (($_.conditionalAccessStatus -eq 'Success' -or 'Not Applied') -and $_.status.errorCode -eq 0) { 'Success' } else { 'Failed' } } },
   @{ Name = 'IPAddress'; Expression = { $_.ipAddress } }, UserPrincipalName
   $Results = [PSCustomObject]@{
-    AddedApps                = $NewSPs
-    SuspectUserMailboxLogons = $Last50Logons
+    AddedApps                = @($NewSPs)
+    SuspectUserMailboxLogons = @($Last50Logons)
     LastSuspectUserLogon     = @($LastSignIn)
     SuspectUserDevices       = @($Devices)
     NewRules                 = @($RulesLog)
     MailboxPermissionChanges = @($PermissionsLog)
     NewUsers                 = @($NewUsers)
-    MFADevices               = $MFADevices
-    ChangedPasswords         = $PasswordChanges
+    MFADevices               = @($MFADevices)
+    ChangedPasswords         = @($PasswordChanges)
     ExtractedAt              = (Get-Date).ToString('s')
     ExtractResult            = $ExtractResult
   }
 
-}
-catch {
+} catch {
   $errMessage = Get-NormalizedError -message $_.Exception.Message
-  $results = [pscustomobject]@{"Results" = "$errMessage" }
+  $results = [pscustomobject]@{'Results' = "$errMessage" }
 }
 
 $Table = Get-CippTable -tablename 'cachebec'
@@ -128,5 +123,5 @@ Add-CIPPAzDataTableEntity @Table -Entity @{
   UserId       = $Context.input.userid
   Results      = "$($results | ConvertTo-Json -Depth 10)"
   RowKey       = $Context.input.userid
-  PartitionKey = "bec"
+  PartitionKey = 'bec'
 }

Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1

@@ -42,7 +42,10 @@ Function Invoke-AddPolicy {
                     if ($PolicyName -in $CheckExististing.displayName) {
                         Throw "Policy with Display Name $($Displayname) Already exists"
                     }
-                
+                    $PolicyFile = $RawJSON | ConvertFrom-Json
+                    $Null = $PolicyFile | Add-Member -MemberType NoteProperty -Name 'description' -Value $description -Force
+                    $null = $PolicyFile | Add-Member -MemberType NoteProperty -Name 'displayName' -Value $displayname -Force
+                    $RawJSON = ConvertTo-Json -InputObject $PolicyFile -Depth 20
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJSON
                 }
                 'Catalog' {
@@ -62,8 +65,7 @@ Function Invoke-AddPolicy {
                 Set-CIPPAssignedPolicy -GroupName $AssignTo -PolicyId $CreateRequest.id -Type $TemplateTypeURL -TenantFilter $tenant 
             }
             "Successfully added policy for $($Tenant)"
-        }
-        catch {
+        } catch {
             "Failed to add policy for $($Tenant): $($_.Exception.Message)"
             Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed adding policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error'
             continue

Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1

@@ -8,7 +8,7 @@ Function Invoke-AddUser {
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
-    $APIName = "AddUser"
+    $APIName = 'AddUser'
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
     $Results = [System.Collections.ArrayList]@()
@@ -56,8 +56,7 @@ Function Invoke-AddUser {
         $results.add('Created user.')
         $results.add("Username: $($UserprincipalName)")
         $results.add("Password: $password")
-    }
-    catch {
+    } catch {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error'
         $body = $results.add("Failed to create user. $($_.Exception.Message)" )
     }
@@ -70,8 +69,7 @@ Function Invoke-AddUser {
             $LicenseBody = if ($licenses.count -ge 2) {
                 $liclist = foreach ($license in $Licenses) { '{"disabledPlans": [],"skuId": "' + $license + '" },' }
                 '{"addLicenses": [' + $LicList + '], "removeLicenses": [ ] }'
-            }
-            else {
+            } else {
                 '{"addLicenses": [ {"disabledPlans": [],"skuId": "' + $licenses + '" }],"removeLicenses": [ ]}'
             }
             Write-Host $LicenseBody
@@ -97,8 +95,7 @@ Function Invoke-AddUser {
             Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Added alias $($Alias) to $($userobj.displayname)" -Sev 'Info'
             $body = $results.add("Added Aliases: $($Aliases -join ',')")
         }
-    }
-    catch {
+    } catch {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Failed to create the Aliases. Error:$($_.Exception.Message)" -Sev 'Error'
         $body = $results.add("Failed to create the Aliases: $($_.Exception.Message)")
     }
@@ -107,7 +104,15 @@ Function Invoke-AddUser {
         $results.Add($CopyFrom.Success -join ', ')
         $results.Add($CopyFrom.Error -join ', ') 
     }
-
+    
+    if ($Request.body.setManager) {
+        $ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setManager.value)" }
+        $ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody
+        New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($GraphRequest.id)/manager/`$ref" -tenantid $Userobj.tenantid -type PUT -body $ManagerBodyJSON -Verbose
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)" -Sev 'Info'
+        $results.add("Success. Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)")
+    }
+    
     $copyFromResults = @{
         'Success' = $CopyFrom.Success
         'Error'   = $CopyFrom.Error
@@ -119,6 +124,8 @@ Function Invoke-AddUser {
         'Password' = $password
         'CopyFrom' = $copyFromResults
     }
+
+
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK

Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1

@@ -12,6 +12,14 @@ Function Invoke-EditUser {
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
     $userobj = $Request.body
+    if ($userobj.Userid -eq '') {
+        $body = @{'Results' = @('Failed to edit user. No user ID provided') }
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::BadRequest
+                Body       = $Body
+            })
+        return
+    }
     $Results = [System.Collections.ArrayList]@()
     $licenses = ($userobj | Select-Object 'License_*').psobject.properties.value
     $Aliases = if ($userobj.AddedAliases) { ($userobj.AddedAliases).Split([Environment]::NewLine) }
@@ -153,7 +161,14 @@ Function Invoke-EditUser {
 
         }         
     }
-
+    if ($Request.body.setManager) {
+        $ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setManager.value)" }
+        $ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody
+        New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userobj.Userid)/manager/`$ref" -tenantid $Userobj.tenantid -type PUT -body $ManagerBodyJSON -Verbose
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)" -Sev 'Info'
+        $results.add("Success. Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)")
+    }
+    
     if ($RemoveFromGroups) {
         $RemoveFromGroups | ForEach-Object { 
 

Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1

@@ -0,0 +1,35 @@
+using namespace System.Net
+
+Function Invoke-ExecDeviceDelete {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with query parameters or the body of the request.
+
+
+    try {   
+        $url = "https://graph.microsoft.com/beta/devices/$($request.query.id)"
+        if ($Request.query.action -eq 'delete') {
+            $ActionResult = New-GraphPOSTRequest -uri $url -type DELETE -tenantid $Request.Query.TenantFilter
+        } else {
+            $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": false }'
+        }
+        $body = [pscustomobject]@{'Results' = "Executed action $($Request.query.action) on $($Request.query.id)" }
+    } catch {
+        $body = [pscustomobject]@{'Results' = "Failed to queue action $($Request.query.action) on $($request.query.id): $($_.Exception.Message)" }
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $body
+        })
+
+}

Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1

@@ -21,21 +21,27 @@ Function Invoke-ExecGraphExplorerPreset {
             $Id = (New-Guid).Guid
         }
         'Save' {
-            $Id = $Request.Body.values.reportTemplate.value
+            $Id = $Request.Body.preset.reportTemplate.value
         }
         'Delete' {
-            $Id = $Request.Body.values.reportTemplate.value
+            $Id = $Request.Body.preset.reportTemplate.value
+        }
+        default {
+            $Request.Body.Action = 'Copy'
+            $Id = (New-Guid).Guid
         }
     }
 
-    $params = $Request.Body.values | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared
+    $params = $Request.Body.preset | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared
+    if ($params.'$select') { $params.'$select' = ($params.'$select').value -join ',' }
+
     $Preset = [PSCustomObject]@{
         PartitionKey = 'Preset'
         RowKey       = [string]$Id
         id           = [string]$Id
-        name         = [string]$Request.Body.values.name
+        name         = [string]$Request.Body.preset.name
         Owner        = [string]$Username
-        IsShared     = $Request.Body.values.IsShared
+        IsShared     = $Request.Body.preset.IsShared
         params       = [string](ConvertTo-Json -InputObject $params -Compress)
     }