Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev

Author: KelvinTegelaar

Modules/CIPPCore/Private/Get-ExoOnlineStringBytes.ps1

@@ -0,0 +1,11 @@
+function Get-ExoOnlineStringBytes {
+    param([string]$SizeString)
+
+    # This exists because various exo cmdlets like to return a human readable string like "3.322 KB (3,402 bytes)" but not the raw bytes value
+    
+    if ($SizeString -match '\(([0-9,]+) bytes\)') {
+        return [int]($Matches[1] -replace ',','')
+    }
+    
+    return 0
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1

@@ -6,23 +6,31 @@ function Invoke-ExecPerUserMFA {
     .ROLE
     Identity.User.ReadWrite
     #>
-    Param(
-        $Request,
-        $TriggerMetadata
-    )
+    Param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
 
     $Request = @{
-        userId        = $Request.Body.userId
-        TenantFilter  = $Request.Body.TenantFilter
-        State         = $Request.Body.State.value ?  $Request.Body.State.value : $Request.Body.State
-        Headers = $Request.Headers
+        userId       = $Request.Body.userId
+        TenantFilter = $Request.Body.tenantFilter
+        State        = $Request.Body.State.value ?  $Request.Body.State.value : $Request.Body.State
+        Headers      = $Headers
+        APIName      = $APIName
     }
-    $Result = Set-CIPPPerUserMFA @Request
-    $Body = @{
-        Results = @($Result)
+    try {
+        $Result = Set-CIPPPerUserMFA @Request
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $Result = $_.Exception.Message
+        $StatusCode = [HttpStatusCode]::InternalServerError
     }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-            StatusCode = [HttpStatusCode]::OK
-            Body       = $Body
+            StatusCode = $StatusCode
+            Body       = @{ 'Results' = @($Result) }
         })
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1

@@ -6,17 +6,22 @@ function Invoke-ExecPerUserMFAAllUsers {
     .ROLE
     Identity.User.ReadWrite
     #>
-    Param(
-        $Request,
-        $TriggerMetadata
-    )
-    $TenantFilter = $request.query.TenantFilter
+    Param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    # XXX Seems to be an unused endpoint? - Bobby
+
+    $TenantFilter = $request.Query.tenantFilter
     $Users = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/users' -tenantid $TenantFilter
     $Request = @{
-        userId        = $Users.id
-        TenantFilter  = $tenantfilter
-        State         = $Request.query.State
-        Headers = $Request.Headers
+        userId       = $Users.id
+        TenantFilter = $TenantFilter
+        State        = $Request.Query.State
+        Headers      = $Request.Headers
+        APIName      = $APIName
     }
     $Result = Set-CIPPPerUserMFA @Request
     $Body = @{

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1

@@ -164,7 +164,7 @@ function Invoke-ListUserMailboxDetails {
     $ProhibitSendQuotaString = $MailboxDetailedRequest.ProhibitSendQuota -split ' '
     $ProhibitSendReceiveQuotaString = $MailboxDetailedRequest.ProhibitSendReceiveQuota -split ' '
     $TotalItemSizeString = $StatsRequest.TotalItemSize -split ' '
-    $TotalArchiveItemSizeString = $ArchiveSizeRequest.TotalItemSize -split ' '
+    $TotalArchiveItemSizeString = Get-ExoOnlineStringBytes -SizeString $ArchiveSizeRequest.TotalItemSize.Value
 
     $ProhibitSendQuota = try { [math]::Round([float]($ProhibitSendQuotaString[0]), 2) } catch { 0 }
     $ProhibitSendReceiveQuota = try { [math]::Round([float]($ProhibitSendReceiveQuotaString[0]), 2) } catch { 0 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListStandardsCompare.ps1

@@ -25,10 +25,14 @@ Function Invoke-ListStandardsCompare {
                 } else {
                     $_.Value = [string]$_.Value
                 }
-                $object | Add-Member -MemberType NoteProperty -Name $_.Name.Replace('standards_', 'standards.') -Value $_.Value -Force
+
+                $Key = $_.Name.replace('standards_', 'standards.')
+                $Key = $Key.replace('IntuneTemplate_', 'IntuneTemplate.')
+                $Key = $Key -replace '__', '-'
+
+                $object | Add-Member -MemberType NoteProperty -Name $Key -Value $_.Value -Force
                 $object.PSObject.Properties.Remove($_.Name)
             }
-
         }
     }
 

Modules/CIPPCore/Public/Set-CIPPMailboxLocale.ps1

@@ -2,25 +2,32 @@ function Set-CippMailboxLocale {
     [CmdletBinding()]
     param (
         $Headers,
-        $locale,
-        $username,
+        $Locale,
+        $Username,
         $APIName = 'Mailbox Locale',
         $TenantFilter
     )
 
     try {
+        # Validate the locale. Also if the locale is not valid, it will throw an exception, not wasting a request.
+        if ([System.Globalization.CultureInfo]::GetCultureInfo($Locale).IsNeutralCulture) {
+            throw "$Locale is not a valid Locale. Neutral cultures are not supported."
+        }
+
         $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-MailboxRegionalConfiguration' -cmdParams @{
-            Identity                  = $username
-            Language                  = $locale
+            Identity                  = $Username
+            Language                  = $Locale
             LocalizeDefaultFolderName = $true
+            DateFormat                = $null
+            TimeFormat                = $null
         } -Anchor $username
-        $Result = "Set locale for $($username) to a $locale"
-        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev 'Info' -tenant $TenantFilter
+        $Result = "Set locale for $($Username) to $Locale"
+        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev Info -tenant $TenantFilter
         return $Result
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
-        $Result = "Could not set locale for $($username). Error: $($ErrorMessage.NormalizedError)"
-        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
+        $Result = "Failed to set locale for $($Username). Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev Error -tenant $TenantFilter -LogData $ErrorMessage
         throw $Result
     }
 }

Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1

@@ -29,8 +29,10 @@ function Set-CIPPPerUserMFA {
         [string[]]$userId,
         [ValidateSet('enabled', 'disabled', 'enforced')]
         $State = 'enabled',
-        [string]$Headers = 'CIPP'
+        $Headers,
+        $APIName = 'Set-CIPPPerUserMFA'
     )
+
     try {
         $int = 0
         $Body = @{
@@ -48,8 +50,7 @@ function Set-CIPPPerUserMFA {
             }
         }
 
-        $Requests = New-GraphBulkRequest -tenantid $tenantfilter -scope 'https://graph.microsoft.com/.default' -Requests @($Requests) -asapp $true
-
+        $Requests = New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($Requests) -asapp $true
         "Successfully set Per user MFA State for $userId"
 
         $Users = foreach ($id in $userId) {
@@ -61,10 +62,11 @@ function Set-CIPPPerUserMFA {
             }
         }
         Set-CIPPUserSchemaProperties -TenantFilter $TenantFilter -Users $Users
-        Write-LogMessage -headers $Headers -API 'Set-CIPPPerUserMFA' -message "Successfully set Per user MFA State to $State for $id" -Sev 'Info' -tenant $TenantFilter
+        Write-LogMessage -headers $Headers -API $APIName -message "Successfully set Per user MFA State to $State for $id" -Sev Info -tenant $TenantFilter
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
-        "Failed to set MFA State for $id. Error: $($ErrorMessage.NormalizedError)"
-        Write-LogMessage -headers $Headers -API 'Set-CIPPPerUserMFA' -message "Failed to set MFA State to $State for $id. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
+        $Result = "Failed to set MFA State to $State for $id. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev Error -tenant $TenantFilter -LogData $ErrorMessage
+        throw $Result
     }
 }

Modules/CIPPCore/Public/Set-CIPPStandardsCompareField.ps1

@@ -6,8 +6,12 @@ function Set-CIPPStandardsCompareField {
     )
     $Table = Get-CippTable -tablename 'CippStandardsReports'
     $TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $Tenant
-    #if the fieldname does not contain standards. prepend it.
+
+    # Sanitize invalid c#/xml characters for Azure Tables
     $FieldName = $FieldName.replace('standards.', 'standards_')
+    $FieldName = $FieldName.replace('IntuneTemplate.', 'IntuneTemplate_')
+    $FieldName = $FieldName -replace '-', '__'
+
     if ($FieldValue -is [System.Boolean]) {
         $fieldValue = [bool]$FieldValue
     } elseif ($FieldValue -is [string]) {
@@ -18,24 +22,28 @@ function Set-CIPPStandardsCompareField {
     }
 
     $Existing = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'StandardReport' and RowKey eq '$($TenantName.defaultDomainName)'"
-    if ($Existing) {
-        $Existing = $Existing | Select-Object * -ExcludeProperty ETag, TimeStamp | ConvertTo-Json -Depth 10 -Compress | ConvertFrom-Json -AsHashtable
-        $Existing[$FieldName] = $FieldValue
-        $Existing['LastRefresh'] = [string]$(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z')
-        $Existing = [PSCustomObject]$Existing
+    try {
+        if ($Existing) {
+            $Existing = $Existing | Select-Object * -ExcludeProperty ETag, TimeStamp | ConvertTo-Json -Depth 10 -Compress | ConvertFrom-Json -AsHashtable
+            $Existing[$FieldName] = $FieldValue
+            $Existing['LastRefresh'] = [string]$(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z')
+            $Existing = [PSCustomObject]$Existing
 
-        Add-CIPPAzDataTableEntity @Table -Entity $Existing -Force
-    } else {
-        $Result = @{
-            tenantFilter = "$($TenantName.defaultDomainName)"
-            GUID         = "$($TenantName.customerId)"
-            RowKey       = "$($TenantName.defaultDomainName)"
-            PartitionKey = 'StandardReport'
-            LastRefresh  = [string]$(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z')
-        }
-        $Result[$FieldName] = $FieldValue
-        Add-CIPPAzDataTableEntity @Table -Entity $Result -Force
+            Add-CIPPAzDataTableEntity @Table -Entity $Existing -Force
+        } else {
+            $Result = @{
+                tenantFilter = "$($TenantName.defaultDomainName)"
+                GUID         = "$($TenantName.customerId)"
+                RowKey       = "$($TenantName.defaultDomainName)"
+                PartitionKey = 'StandardReport'
+                LastRefresh  = [string]$(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z')
+            }
+            $Result[$FieldName] = $FieldValue
+            Add-CIPPAzDataTableEntity @Table -Entity $Result -Force
 
+        }
+        Write-Information "Adding $FieldName to StandardCompare for $Tenant. content is $FieldValue"
+    } catch {
+        Write-Warning "Failed to add $FieldName to StandardCompare for $Tenant. content is $FieldValue - $($_.Exception.Message)"
     }
-    Write-Information "Adding $FieldName to StandardCompare for $Tenant. content is $FieldValue"
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1

@@ -84,6 +84,8 @@ function Invoke-CIPPStandardIntuneTemplate {
                 assignTo         = $Template.AssignTo
                 excludeGroup     = $Template.excludeGroup
                 remediate        = $Template.remediate
+                alert            = $Template.alert
+                report           = $Template.report
                 existingPolicyId = $ExistingPolicy.id
                 templateId       = $Template.TemplateList.value
                 customGroup      = $Template.customGroup
@@ -100,6 +102,8 @@ function Invoke-CIPPStandardIntuneTemplate {
                 assignTo         = $Template.AssignTo
                 excludeGroup     = $Template.excludeGroup
                 remediate        = $Template.remediate
+                alert            = $Template.alert
+                report           = $Template.report
                 existingPolicyId = $ExistingPolicy.id
                 templateId       = $Template.TemplateList.value
                 customGroup      = $Template.customGroup
@@ -122,8 +126,9 @@ function Invoke-CIPPStandardIntuneTemplate {
 
     }
 
-    if ($Settings.alert) {
-        foreach ($Template in $CompareList) {
+    if ($true -in $Settings.alert) {
+        foreach ($Template in $CompareList | Where-Object -Property alert -EQ $true) {
+            Write-Host "working on template alert: $($Template.displayname)"
             $AlertObj = $Template | Select-Object -Property displayname, description, compare, assignTo, excludeGroup, existingPolicyId
             if ($Template.compare) {
                 Write-StandardsAlert -message "Template $($Template.displayname) does not match the expected configuration." -object $AlertObj -tenant $Tenant -standardName 'IntuneTemplate' -standardId $Settings.templateId
@@ -139,13 +144,14 @@ function Invoke-CIPPStandardIntuneTemplate {
         }
     }
 
-    if ($Settings.report) {
-        foreach ($Template in $CompareList) {
+    if ($true -in $Settings.report) {
+        foreach ($Template in $CompareList | Where-Object -Property report -EQ $true) {
+            Write-Host "working on template report: $($Template.displayname)"
             $id = $Template.templateId
             $CompareObj = $Template.compare
             $state = $CompareObj ? $CompareObj : $true
             Set-CIPPStandardsCompareField -FieldName "standards.IntuneTemplate.$id" -FieldValue $state -TenantFilter $Tenant
         }
-        Add-CIPPBPAField -FieldName "policy-$id" -FieldValue $Compare -StoreAs bool -Tenant $tenant
+        #Add-CIPPBPAField -FieldName "policy-$id" -FieldValue $Compare -StoreAs bool -Tenant $tenant
     }
 }