Merge pull request #432 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecMdoAlertsListAllTenants.ps1

@@ -0,0 +1,48 @@
+function Push-ExecMdoAlertsListAllTenants {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    param($Item)
+
+    $Tenant = Get-Tenants -TenantFilter $Item.customerId
+    $domainName = $Tenant.defaultDomainName
+    $Table = Get-CIPPTable -TableName 'cachealertsandincidents'
+
+    try {
+        # Get MDO alerts using the specific endpoint and filter
+        $Alerts = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/security/alerts_v2?`$filter=serviceSource eq 'microsoftDefenderForOffice365'" -tenantid $domainName
+
+        foreach ($Alert in $Alerts) {
+            $GUID = (New-Guid).Guid
+            $GraphRequest = @{
+                MdoAlert     = [string]($Alert | ConvertTo-Json -Depth 10)
+                RowKey       = [string]$GUID
+                PartitionKey = 'MdoAlert'
+                Tenant       = [string]$domainName
+            }
+            Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
+        }
+
+    } catch {
+        $GUID = (New-Guid).Guid
+        $AlertText = ConvertTo-Json -InputObject @{
+            Tenant          = $domainName
+            displayName     = "Could not connect to Tenant: $($_.Exception.Message)"
+            id              = ''
+            severity        = 'CIPP'
+            status          = 'Failed'
+            createdDateTime = (Get-Date).ToString('s')
+            category        = 'Unknown'
+            description     = 'Could not connect'
+            serviceSource   = 'microsoftDefenderForOffice365'
+        }
+        $GraphRequest = @{
+            MdoAlert     = [string]$AlertText
+            RowKey       = [string]$GUID
+            PartitionKey = 'MdoAlert'
+            Tenant       = [string]$domainName
+        }
+        Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
+    }
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecSyncVPP.ps1

@@ -0,0 +1,47 @@
+using namespace System.Net
+
+function Invoke-ExecSyncVPP {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.Application.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev Debug
+
+    $TenantFilter = $Request.Body.tenantFilter ?? $Request.Query.tenantFilter
+    try {
+        # Get all VPP tokens and sync them
+        $VppTokens = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/vppTokens' -tenantid $TenantFilter | Where-Object { $_.state -eq 'valid' }
+
+        if ($null -eq $VppTokens -or $VppTokens.Count -eq 0) {
+            $Result = 'No VPP tokens found'
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Info
+        } else {
+            $SyncCount = 0
+            foreach ($Token in $VppTokens) {
+                $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/vppTokens/$($Token.id)/syncLicenses" -tenantid $TenantFilter
+                $SyncCount++
+            }
+            $Result = "Successfully started VPP sync for $SyncCount tokens"
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Info
+        }
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = 'Failed to start VPP sync'
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::Forbidden
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{ Results = $Result }
+        })
+
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecGetRecoveryKey {
+function Invoke-ExecGetRecoveryKey {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -19,7 +19,7 @@ Function Invoke-ExecGetRecoveryKey {
     $GUID = $Request.Query.GUID ?? $Request.Body.GUID
 
     try {
-        $Result = Get-CIPPBitLockerKey -device $GUID -tenantFilter $TenantFilter -APIName $APIName -Headers $Headers
+        $Result = Get-CIPPBitLockerKey -Device $GUID -TenantFilter $TenantFilter -APIName $APIName -Headers $Headers
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $Result = $_.Exception.Message

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecMdoAlertsList.ps1

@@ -0,0 +1,84 @@
+using namespace System.Net
+
+function Invoke-ExecMDOAlertsList {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Security.Alert.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with query parameters or the body of the request.
+    $TenantFilter = $Request.Query.tenantFilter
+
+    try {
+        $GraphRequest = if ($TenantFilter -ne 'AllTenants') {
+            # Single tenant functionality
+            New-GraphGetRequest -uri "https://graph.microsoft.com/beta/security/alerts_v2?`$filter=serviceSource eq 'microsoftDefenderForOffice365'" -tenantid $TenantFilter
+        } else {
+            # AllTenants functionality
+            $Table = Get-CIPPTable -TableName cachealertsandincidents
+            $PartitionKey = 'MdoAlert'
+            $Filter = "PartitionKey eq '$PartitionKey'"
+            $Rows = Get-CIPPAzDataTableEntity @Table -filter $Filter | Where-Object -Property Timestamp -GT (Get-Date).AddMinutes(-30)
+            $QueueReference = '{0}-{1}' -f $TenantFilter, $PartitionKey
+            $RunningQueue = Invoke-ListCippQueue -Reference $QueueReference | Where-Object { $_.Status -notmatch 'Completed' -and $_.Status -notmatch 'Failed' }
+            # If a queue is running, we will not start a new one
+            if ($RunningQueue) {
+                $Metadata = [PSCustomObject]@{
+                    QueueMessage = 'Still loading data for all tenants. Please check back in a few more minutes'
+                    QueueId      = $RunningQueue.RowKey
+                }
+            } elseif (!$Rows -and !$RunningQueue) {
+                # If no rows are found and no queue is running, we will start a new one
+                $TenantList = Get-Tenants -IncludeErrors
+                $Queue = New-CippQueueEntry -Name 'MDO Alerts - All Tenants' -Link '/security/reports/mdo-alerts?customerId=AllTenants' -Reference $QueueReference -TotalTasks ($TenantList | Measure-Object).Count
+                $Metadata = [PSCustomObject]@{
+                    QueueMessage = 'Loading data for all tenants. Please check back in a few minutes'
+                    QueueId      = $Queue.RowKey
+                }
+                $InputObject = [PSCustomObject]@{
+                    OrchestratorName = 'MdoAlertsOrchestrator'
+                    QueueFunction    = @{
+                        FunctionName = 'GetTenants'
+                        QueueId      = $Queue.RowKey
+                        TenantParams = @{
+                            IncludeErrors = $true
+                        }
+                        DurableName  = 'ExecMdoAlertsListAllTenants'
+                    }
+                    SkipLog          = $true
+                }
+                Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress) | Out-Null
+            } else {
+                $Metadata = [PSCustomObject]@{
+                    QueueId = $RunningQueue.RowKey ?? $null
+                }
+                $Alerts = $Rows
+                foreach ($alert in $Alerts) {
+                    ConvertFrom-Json -InputObject $alert.MdoAlert -Depth 10
+                }
+            }
+        }
+    } catch {
+        $Body = Get-NormalizedError -Message $_.Exception.Message
+        $StatusCode = [HttpStatusCode]::Forbidden
+    }
+    if (!$Body) {
+        $StatusCode = [HttpStatusCode]::OK
+        $Body = [PSCustomObject]@{
+            Results  = @($GraphRequest)
+            Metadata = $Metadata
+        }
+    }
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = $Body
+        })
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetMdoAlert.ps1

@@ -0,0 +1,74 @@
+using namespace System.Net
+
+function Invoke-ExecSetMdoAlert {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Security.Incident.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+
+    # Interact with query parameters or the body of the request.
+    $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter
+    $AlertId = $Request.Query.GUID ?? $Request.Body.GUID
+    $Status = $Request.Query.Status ?? $Request.Body.Status
+    $Assigned = $Request.Query.Assigned ?? $Request.Body.Assigned ?? ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails
+    $Classification = $Request.Query.Classification ?? $Request.Body.Classification
+    $Determination = $Request.Query.Determination ?? $Request.Body.Determination
+    $Result = ''
+    $AssignBody = @{}
+
+    try {
+        # Set received status
+        if ($null -ne $Status) {
+            $AssignBody.status = $Status
+            $Result += 'Set status for incident ' + $AlertId + ' to ' + $Status
+        }
+
+        # Set received classification and determination
+        if ($null -ne $Classification) {
+            if ($null -eq $Determination) {
+                # Maybe some poindexter tries to send a classification without a determination
+                throw
+            }
+
+            $AssignBody.classification = $Classification
+            $AssignBody.determination = $Determination
+            $Result += 'Set classification & determination for incident ' + $AlertId + ' to ' + $Classification + ' ' + $Determination
+        }
+
+        # Set received assignee
+        if ($null -ne $Assigned) {
+            $AssignBody.assignedTo = $Assigned
+            if ($null -eq $Status) {
+                $Result += 'Set assigned for incident ' + $AlertId + ' to ' + $Assigned
+            }
+        }
+
+        # Convert hashtable to JSON
+        $AssignBodyJson = $AssignBody | ConvertTo-Json -Compress
+
+        $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/security/alerts_v2/$AlertId" -type PATCH -tenantid $TenantFilter -body $AssignBodyJson -asApp $true
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev 'Info'
+
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = "Failed to update incident $AlertId : $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev 'Error' -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::InternalServerError
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{'Results' = $Result }
+        })
+
+}

Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1

@@ -1,22 +1,34 @@
 
-function Get-CIPPBitlockerKey {
+function Get-CIPPBitLockerKey {
     [CmdletBinding()]
     param (
-        $device,
+        $Device,
         $TenantFilter,
         $APIName = 'Get BitLocker key',
         $Headers
     )
 
     try {
-        $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys?`$filter=deviceId eq '$($device)'" -tenantid $TenantFilter | ForEach-Object {
-        (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys/$($_.id)?`$select=key" -tenantid $TenantFilter).key
+        $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys?`$filter=deviceId eq '$($Device)'" -tenantid $TenantFilter |
+            ForEach-Object {
+                $BitLockerKeyObject = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys/$($_.id)?`$select=key" -tenantid $TenantFilter)
+                [PSCustomObject]@{
+                    resultText = "Id: $($_.id) Key: $($BitLockerKeyObject.key)"
+                    copyField  = $BitLockerKeyObject.key
+                    state      = 'success'
+                }
+            }
+
+        if ($GraphRequest.Count -eq 0) {
+            Write-LogMessage -headers $Headers -API $APIName -message "No BitLocker recovery keys found for $($Device)" -Sev Info -tenant $TenantFilter
+            return "No BitLocker recovery keys found for $($Device)"
         }
+        Write-LogMessage -headers $Headers -API $APIName -message "Retrieved BitLocker recovery keys for $($Device)" -Sev Info -tenant $TenantFilter
         return $GraphRequest
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
-        $Result = "Could not retrieve BitLocker recovery key for $($device). Error: $($ErrorMessage.NormalizedError)"
-        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
+        $Result = "Could not retrieve BitLocker recovery key for $($Device). Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev Error -tenant $TenantFilter -LogData $ErrorMessage
         throw $Result
     }
 }

Modules/CIPPCore/Public/Set-CIPPOutOfoffice.ps1

@@ -18,8 +18,9 @@ function Set-CIPPOutOfOffice {
     try {
 
         $CmdParams = @{
-            Identity       = $UserID
-            AutoReplyState = $State
+            Identity         = $UserID
+            AutoReplyState   = $State
+            ExternalAudience = 'None'
         }
 
         if ($PSBoundParameters.ContainsKey('InternalMessage')) {
@@ -28,6 +29,7 @@ function Set-CIPPOutOfOffice {
 
         if ($PSBoundParameters.ContainsKey('ExternalMessage')) {
             $CmdParams.ExternalMessage = $ExternalMessage
+            $CmdParams.ExternalAudience = 'All'
         }
 
         if ($State -eq 'Scheduled') {

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1

@@ -32,7 +32,7 @@ function Invoke-CIPPStandardAddDKIM {
 
     param($Tenant, $Settings)
     #$Rerun -Type Standard -Tenant $Tenant -API 'AddDKIM' -Settings $Settings
-    $TestResult = Test-CIPPStandardLicense -StandardName 'AddDKIM' -TenantFilter $Tenant -RequiredCapabilities @('EXCHANGE_S_STANDARD', 'EXCHANGE_S_ENTERPRISE', 'EXCHANGE_LITE') #No Foundation because that does not allow powershell access
+    $TestResult = Test-CIPPStandardLicense -StandardName 'AddDKIM' -TenantFilter $Tenant -RequiredCapabilities @('EXCHANGE_S_STANDARD', 'EXCHANGE_S_ENTERPRISE', 'EXCHANGE_S_STANDARD_GOV', 'EXCHANGE_S_ENTERPRISE_GOV', 'EXCHANGE_LITE') #No Foundation because that does not allow powershell access
 
     if ($TestResult -eq $false) {
         Write-Host "We're exiting as the correct license is not present for this standard."

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1

@@ -50,7 +50,7 @@ function Invoke-CIPPStandardAntiPhishPolicy {
     #>
 
     param($Tenant, $Settings)
-    $TestResult = Test-CIPPStandardLicense -StandardName 'AntiPhishPolicy' -TenantFilter $Tenant -RequiredCapabilities @('EXCHANGE_S_STANDARD', 'EXCHANGE_S_ENTERPRISE', 'EXCHANGE_LITE') #No Foundation because that does not allow powershell access
+    $TestResult = Test-CIPPStandardLicense -StandardName 'AntiPhishPolicy' -TenantFilter $Tenant -RequiredCapabilities @('EXCHANGE_S_STANDARD', 'EXCHANGE_S_ENTERPRISE', 'EXCHANGE_S_STANDARD_GOV', 'EXCHANGE_S_ENTERPRISE_GOV', 'EXCHANGE_LITE') #No Foundation because that does not allow powershell access
 
     if ($TestResult -eq $false) {
         Write-Host "We're exiting as the correct license is not present for this standard."

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiSpamSafeList.ps1

@@ -29,7 +29,7 @@ function Invoke-CIPPStandardAntiSpamSafeList {
     #>
 
     param($Tenant, $Settings)
-    $TestResult = Test-CIPPStandardLicense -StandardName 'AntiSpamSafeList' -TenantFilter $Tenant -RequiredCapabilities @('EXCHANGE_S_STANDARD', 'EXCHANGE_S_ENTERPRISE', 'EXCHANGE_LITE') #No Foundation because that does not allow powershell access
+    $TestResult = Test-CIPPStandardLicense -StandardName 'AntiSpamSafeList' -TenantFilter $Tenant -RequiredCapabilities @('EXCHANGE_S_STANDARD', 'EXCHANGE_S_ENTERPRISE', 'EXCHANGE_S_STANDARD_GOV', 'EXCHANGE_S_ENTERPRISE_GOV', 'EXCHANGE_LITE') #No Foundation because that does not allow powershell access
 
     if ($TestResult -eq $false) {
         Write-Host "We're exiting as the correct license is not present for this standard."
@@ -41,15 +41,15 @@ function Invoke-CIPPStandardAntiSpamSafeList {
         $State = [System.Convert]::ToBoolean($Settings.EnableSafeList)
     } catch {
         Write-LogMessage -API 'Standards' -tenant $Tenant -message 'AntiSpamSafeList: Failed to convert the EnableSafeList parameter to a boolean' -sev Error
-        Return
+        return
     }
 
     try {
         $CurrentState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-HostedConnectionFilterPolicy' -cmdParams @{Identity = 'Default' }).EnableSafeList
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
         Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to get the Anti-Spam Connection Filter Safe List. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
-        Return
+        return
     }
     $WantedState = $State -eq $true ? $true : $false
     $StateIsCorrect = if ($CurrentState -eq $WantedState) { $true } else { $false }