Merge pull request #297 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1

@@ -8,28 +8,60 @@ function Get-CIPPAlertInactiveLicensedUsers {
         [Parameter(Mandatory = $false)]
         [Alias('input')]
         $InputValue,
+        [Parameter(Mandatory = $false)]
+        [switch]$IncludeNeverSignedIn, # Include users who have never signed in (default is to skip them), future use would allow this to be set in an alert configuration
         $TenantFilter
     )
 
     try {
         try {
+            $Lookup = (Get-Date).AddDays(-90).ToUniversalTime()
+
+            # Build base filter - cannot filter assignedLicenses server-side
+            $BaseFilter = if ($InputValue -eq $true) { "accountEnabled eq true" } else { "" }
 
-            $Lookup = (Get-Date).AddDays(-90).ToUniversalTime().ToString('o')
-            $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter |
-                Where-Object { $null -ne $_.assignedLicenses.skuId }
+            $Uri = if ($BaseFilter) {
+                "https://graph.microsoft.com/beta/users?`$filter=$BaseFilter&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses"
+            } else {
+                "https://graph.microsoft.com/beta/users?`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses"
+            }
+
+            $GraphRequest = New-GraphGetRequest -uri $Uri -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter |
+                Where-Object { $null -ne $_.assignedLicenses -and $_.assignedLicenses.Count -gt 0 }
 
-            # true = only active users
-            if ($InputValue -eq $true) { $GraphRequest = $GraphRequest | Where-Object { $_.accountEnabled -eq $true } }
             $AlertData = foreach ($user in $GraphRequest) {
-                $Message = 'User {0} has been inactive for 90 days, but still has a license assigned.' -f $user.UserPrincipalName
-                $user | Select-Object -Property UserPrincipalName, signInActivity, @{Name = 'Message'; Expression = { $Message } }
+                $lastInteractive = $user.signInActivity.lastSignInDateTime
+                $lastNonInteractive = $user.signInActivity.lastNonInteractiveSignInDateTime
 
-            }
-            Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
+                # Find most recent sign-in
+                $lastSignIn = $null
+                if ($lastInteractive -and $lastNonInteractive) {
+                    $lastSignIn = if ([DateTime]$lastInteractive -gt [DateTime]$lastNonInteractive) { $lastInteractive } else { $lastNonInteractive }
+                } elseif ($lastInteractive) {
+                    $lastSignIn = $lastInteractive
+                } elseif ($lastNonInteractive) {
+                    $lastSignIn = $lastNonInteractive
+                }
 
-        } catch {}
+                # Check if inactive
+                $isInactive = (-not $lastSignIn) -or ([DateTime]$lastSignIn -le $Lookup)
+                # Skip users who have never signed in by default (unless IncludeNeverSignedIn is specified)
+                if (-not $IncludeNeverSignedIn -and -not $lastSignIn) { continue }
+                # Only process inactive users
+                if ($isInactive) {
+                    if (-not $lastSignIn) {
+                        $Message = 'User {0} has never signed in but still has a license assigned.' -f $user.UserPrincipalName
+                    } else {
+                        $daysSinceSignIn = [Math]::Round(((Get-Date) - [DateTime]$lastSignIn).TotalDays)
+                        $Message = 'User {0} has been inactive for {1} days but still has a license assigned. Last sign-in: {2}' -f $user.UserPrincipalName, $daysSinceSignIn, $lastSignIn
+                    }
 
+                    $user | Select-Object -Property UserPrincipalName, signInActivity, @{Name = 'Message'; Expression = { $Message } }
+                }
+            }
 
+            Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
+        } catch {}
     } catch {
         Write-AlertMessage -tenant $($TenantFilter) -message "Failed to check inactive users with licenses for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
     }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Contacts/Invoke-AddContact.ps1

@@ -0,0 +1,107 @@
+using namespace System.Net
+
+Function Invoke-AddContact {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Contact.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    $ContactObject = $Request.Body
+    $TenantId = $ContactObject.tenantid
+
+    try {
+        # Prepare the body for New-MailContact cmdlet
+        $BodyToship = @{
+            displayName          = $ContactObject.displayName
+            name                 = $ContactObject.displayName
+            ExternalEmailAddress = $ContactObject.email
+            FirstName            = $ContactObject.firstName
+            LastName             = $ContactObject.lastName
+        }
+
+        # Create the mail contact first
+        $NewContact = New-ExoRequest -tenantid $TenantId -cmdlet 'New-MailContact' -cmdParams $BodyToship -UseSystemMailbox $true
+
+        # Build SetContactParams efficiently with only provided values
+        $SetContactParams = @{
+            Identity = $NewContact.id
+        }
+
+        # Helper to add non-empty values
+        $PropertyMap = @{
+            'Title'           = $ContactObject.Title
+            'Company'         = $ContactObject.Company
+            'StreetAddress'   = $ContactObject.StreetAddress
+            'City'            = $ContactObject.City
+            'StateOrProvince' = $ContactObject.State
+            'PostalCode'      = $ContactObject.PostalCode
+            'CountryOrRegion' = $ContactObject.CountryOrRegion
+            'Phone'           = $ContactObject.phone
+            'MobilePhone'     = $ContactObject.mobilePhone
+            'WebPage'         = $ContactObject.website
+        }
+
+        # Add only non-null/non-empty properties
+        foreach ($Property in $PropertyMap.GetEnumerator()) {
+            if (![string]::IsNullOrWhiteSpace($Property.Value)) {
+                $SetContactParams[$Property.Key] = $Property.Value
+            }
+        }
+
+        # Update the contact with additional details only if we have properties to set
+        if ($SetContactParams.Count -gt 1) {
+            Start-Sleep -Milliseconds 500 # Ensure the contact is created before updating
+            $null = New-ExoRequest -tenantid $TenantId -cmdlet 'Set-Contact' -cmdParams $SetContactParams -UseSystemMailbox $true
+        }
+
+        # Check if we need to update MailContact properties
+        $needsMailContactUpdate = $false
+        $MailContactParams = @{
+            Identity = $NewContact.id
+        }
+
+        # Only add HiddenFromAddressListsEnabled if we're actually hiding from GAL
+        if ([bool]$ContactObject.hidefromGAL) {
+            $MailContactParams.HiddenFromAddressListsEnabled = $true
+            $needsMailContactUpdate = $true
+        }
+
+        # Add MailTip if provided
+        if (![string]::IsNullOrWhiteSpace($ContactObject.mailTip)) {
+            $MailContactParams.MailTip = $ContactObject.mailTip
+            $needsMailContactUpdate = $true
+        }
+
+        # Only call Set-MailContact if we have changes to make
+        if ($needsMailContactUpdate) {
+            Start-Sleep -Milliseconds 500 # Ensure the contact is created before updating
+            $null = New-ExoRequest -tenantid $TenantId -cmdlet 'Set-MailContact' -cmdParams $MailContactParams -UseSystemMailbox $true
+        }
+
+        # Log the result
+        $Result = "Successfully created contact $($ContactObject.displayName) with email address $($ContactObject.email)"
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantId -message $Result -Sev 'Info'
+        $StatusCode = [HttpStatusCode]::OK
+    }
+    catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = "Failed to create contact. $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantId -message $Result -Sev 'Error' -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::InternalServerError
+
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+        StatusCode = $StatusCode
+        Body       = @{Results = $Result }
+    })
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Contacts/Invoke-AddContactTemplates.ps1

@@ -0,0 +1,68 @@
+using namespace System.Net
+
+Function Invoke-AddContactTemplates {
+    <#
+    .FUNCTIONALITY
+        Entrypoint,AnyTenant
+    .ROLE
+        Exchange.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev Debug
+    Write-Host ($request | ConvertTo-Json -Depth 10 -Compress)
+
+    try {
+        $GUID = (New-Guid).GUID
+
+        # Create a new ordered hashtable to store selected properties
+        $contactObject = [ordered]@{}
+
+        # Set name and comments first
+        $contactObject["name"] = $Request.body.displayName
+        $contactObject["comments"] = "Contact template created $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
+
+        # Copy specific properties we want to keep
+        $propertiesToKeep = @(
+            "displayName", "firstName", "lastName", "email", "hidefromGAL", "streetAddress", "postalCode",
+            "city", "state", "country", "companyName", "mobilePhone", "businessPhone", "jobTitle", "website", "mailTip"
+        )
+
+        # Copy each property if it exists
+        foreach ($prop in $propertiesToKeep) {
+            if ($null -ne $Request.body.$prop) {
+                $contactObject[$prop] = $Request.body.$prop
+            }
+        }
+
+        # Convert to JSON
+        $JSON = $contactObject | ConvertTo-Json -Depth 10
+
+        # Save the template to Azure Table Storage
+        $Table = Get-CippTable -tablename 'templates'
+        $Table.Force = $true
+        Add-CIPPAzDataTableEntity @Table -Entity @{
+            JSON         = "$JSON"
+            RowKey       = "$GUID"
+            PartitionKey = 'ContactTemplate'
+        }
+
+        Write-LogMessage -Headers $Headers -API $APINAME -message "Created Contact Template $($contactObject.name) with GUID $GUID" -Sev Info
+        $body = [pscustomobject]@{'Results' = "Created Contact Template $($contactObject.name) with GUID $GUID" }
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -Headers $Headers -API $APINAME -message "Failed to create Contact template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        $body = [pscustomobject]@{'Results' = "Failed to create Contact template: $($ErrorMessage.NormalizedError)" }
+        $StatusCode = [HttpStatusCode]::Forbidden
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = $body
+        })
+}