Merge pull request #326 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

CIPP-Permissions.json

@@ -225,6 +225,11 @@
         "Name": "Organization.ReadWrite.All",
         "Description": "Allows the app to read and write the organization and related resources, on your behalf. Related resources include things like subscribed skus and tenant branding information."
       },
+      {
+        "Id": "346c19ff-3fb2-4e81-87a0-bac9e33990c1",
+        "Name": "OrgSettings-Forms.ReadWrite.All",
+        "Description": "Allows the app to read and write organization-wide Microsoft Forms settings on your behalf."
+      },
       {
         "Id": "e67e6727-c080-415e-b521-e3f35d5248e9",
         "Name": "PeopleSettings.ReadWrite.All",
@@ -577,6 +582,11 @@
         "Name": "Organization.ReadWrite.All",
         "Description": "Allows the app to read and write the organization and related resources, without a signed-in user. Related resources include things like subscribed skus and tenant branding information."
       },
+      {
+        "Id": "2cb92fee-97a3-4034-8702-24a6f5d0d1e9",
+        "Name": "OrgSettings-Forms.ReadWrite.All",
+        "Description": "Allows the app to read and write organization-wide Microsoft Forms settings, without a signed-in user."
+      },
       {
         "Id": "b6890674-9dd5-4e42-bb15-5af07f541ae1",
         "Name": "PeopleSettings.ReadWrite.All",
@@ -637,6 +647,11 @@
         "Name": "ReportSettings.ReadWrite.All",
         "Description": "Allows the app to read and update all admin report settings, such as whether to display concealed information in reports, without a signed-in user."
       },
+      {
+        "Id": "025d3225-3f02-4882-b4c0-cd5b541a4e80",
+        "Name": "RoleManagement.ReadWrite.Exchange",
+        "Description": "Allows the app to read and manage the role-based access control (RBAC) settings for your organization's Exchange Online service, without a signed-in user. This includes reading, creating, updating, and deleting Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies."
+      },
       {
         "Id": "04c55753-2244-4c25-87fc-704ab82a4f69",
         "Name": "SecurityAnalyzedMessage.ReadWrite.All",

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertSharepointQuota.ps1

@@ -11,8 +11,11 @@ function Get-CIPPAlertSharepointQuota {
         $TenantFilter
     )
     Try {
-        $SharePointInfo = Get-SharePointAdminLink -Public $false
-        $sharepointQuota = (New-GraphGetRequest -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -uri "$($SharePointInfo.AdminUrl)/_api/StorageQuotas()?api-version=1.3.2").value
+        $SharePointInfo = Get-SharePointAdminLink -Public $false -tenantFilter $TenantFilter
+        $extraHeaders = @{
+            'Accept' = 'application/json'
+        }
+        $sharepointQuota = (New-GraphGetRequest -extraHeaders $extraHeaders -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -uri "$($SharePointInfo.AdminUrl)/_api/StorageQuotas()?api-version=1.3.2")
     } catch {
         return
     }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointAdminUrl.ps1

@@ -19,7 +19,7 @@ function Invoke-ListSharepointAdminUrl {
         if ($Tenant.SharepointAdminUrl) {
             $AdminUrl = $Tenant.SharepointAdminUrl
         } else {
-            $SharePointInfo = Get-SharePointAdminLink -Public $false
+            $SharePointInfo = Get-SharePointAdminLink -Public $false -tenantFilter $TenantFilter
             $Tenant | Add-Member -MemberType NoteProperty -Name SharepointAdminUrl -Value $SharePointInfo.AdminUrl
             $Table = Get-CIPPTable -TableName 'Tenants'
             Add-CIPPAzDataTableEntity @Table -Entity $Tenant -Force

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointQuota.ps1

@@ -21,8 +21,11 @@ Function Invoke-ListSharepointQuota {
         $UsedStoragePercentage = 'Not Supported'
     } else {
         try {
-            $SharePointInfo = Get-SharePointAdminLink -Public $false
-            $SharePointQuota = (New-GraphGetRequest -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -uri "$($SharePointInfo.AdminUrl)/_api/StorageQuotas()?api-version=1.3.2").value | Sort-Object -Property GeoUsedStorageMB -Descending | Select-Object -First 1
+            $SharePointInfo = Get-SharePointAdminLink -Public $false -tenantFilter $TenantFilter
+            $extraHeaders = @{
+                'Accept' = 'application/json'
+            }
+            $SharePointQuota = (New-GraphGetRequest -extraHeaders $extraHeaders -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -uri "$($SharePointInfo.AdminUrl)/_api/StorageQuotas()?api-version=1.3.2") | Sort-Object -Property GeoUsedStorageMB -Descending | Select-Object -First 1
 
             if ($SharePointQuota) {
                 $UsedStoragePercentage = [int](($SharePointQuota.GeoUsedStorageMB / $SharePointQuota.TenantStorageMB) * 100)

Modules/CIPPCore/Public/Get-CIPPSPOTenant.ps1

@@ -8,7 +8,7 @@ function Get-CIPPSPOTenant {
 
     if (!$SharepointPrefix) {
         # get sharepoint admin site
-        $SharePointInfo = Get-SharePointAdminLink -Public $false
+        $SharePointInfo = Get-SharePointAdminLink -Public $false -tenantFilter $TenantFilter
         $tenantName = $SharePointInfo.TenantName
         $AdminUrl = $SharePointInfo.AdminUrl
     } else {

Modules/CIPPCore/Public/GraphHelper/Get-SharePointAdminLink.ps1

@@ -4,7 +4,7 @@ function Get-SharePointAdminLink {
     Internal
     #>
     [CmdletBinding()]
-    param ($Public)
+    param ($Public, $TenantFilter)
 
     if ($Public) {
         # Do it through domain discovery, unreliable
@@ -42,10 +42,10 @@ function Get-SharePointAdminLink {
 
             # Get the onmicrosoft.com domain from the response
             $TenantDomains = $Response.Envelope.body.GetFederationInformationResponseMessage.response.Domains.Domain | Sort-Object
-            $OnMicrosoftDomains = $TenantDomains | Where-Object { $_ -like "*.onmicrosoft.com" }
+            $OnMicrosoftDomains = $TenantDomains | Where-Object { $_ -like '*.onmicrosoft.com' }
 
             if ($OnMicrosoftDomains.Count -eq 0) {
-                throw "Could not find onmicrosoft.com domain through autodiscover"
+                throw 'Could not find onmicrosoft.com domain through autodiscover'
             } elseif ($OnMicrosoftDomains.Count -gt 1) {
                 throw "Multiple onmicrosoft.com domains found through autodiscover. Cannot determine the correct one: $($OnMicrosoftDomains -join ', ')"
             } else {
@@ -61,8 +61,8 @@ function Get-SharePointAdminLink {
 
     # Return object with all needed properties
     return [PSCustomObject]@{
-        AdminUrl        = "https://$tenantName-admin.sharepoint.com"
-        TenantName      = $tenantName
-        SharePointUrl   = "https://$tenantName.sharepoint.com"
+        AdminUrl      = "https://$tenantName-admin.sharepoint.com"
+        TenantName    = $tenantName
+        SharePointUrl = "https://$tenantName.sharepoint.com"
     }
-}
+}

Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1

@@ -15,7 +15,8 @@ function New-GraphGetRequest {
         $Caller,
         [switch]$ComplexFilter,
         [switch]$CountOnly,
-        [switch]$IncludeResponseHeaders
+        [switch]$IncludeResponseHeaders,
+        [hashtable]$extraHeaders
     )
 
     if ($NoAuthCheck -eq $false) {
@@ -35,7 +36,11 @@ function New-GraphGetRequest {
             $headers['ConsistencyLevel'] = 'eventual'
         }
         $nextURL = $uri
-
+        if ($extraHeaders) {
+            foreach ($key in $extraHeaders.Keys) {
+                $headers[$key] = $extraHeaders[$key]
+            }
+        }
         # Track consecutive Graph API failures
         $TenantsTable = Get-CippTable -tablename Tenants
         $Filter = "PartitionKey eq 'Tenants' and (defaultDomainName eq '{0}' or customerId eq '{0}')" -f $tenantid

Modules/CIPPCore/Public/New-CIPPSharepointSite.ps1

@@ -66,7 +66,7 @@ function New-CIPPSharepointSite {
         $Headers
     )
 
-    $SharePointInfo = Get-SharePointAdminLink -Public $false
+    $SharePointInfo = Get-SharePointAdminLink -Public $false -tenantFilter $TenantFilter
     $SitePath = $SiteName -replace ' ' -replace '[^A-Za-z0-9-]'
     $SiteUrl = "https://$($SharePointInfo.TenantName).sharepoint.com/sites/$SitePath"
 

Modules/CIPPCore/Public/Request-CIPPSPOPersonalSite.ps1

@@ -37,8 +37,7 @@ function Request-CIPPSPOPersonalSite {
 </Request>
 "@
 
-    $SharePointInfo = Get-SharePointAdminLink -Public $false
-
+    $SharePointInfo = Get-SharePointAdminLink -Public $false -tenantFilter $TenantFilter
     try {
         $Request = New-GraphPostRequest -scope "$($SharePointInfo.AdminUrl)/.default" -tenantid $TenantFilter -Uri "$($SharePointInfo.AdminUrl)/_vti_bin/client.svc/ProcessQuery" -Type POST -Body $XML -ContentType 'text/xml'
         if (!$Request.IsComplete) { throw }

Modules/CIPPCore/Public/Set-CIPPSPOTenant.ps1

@@ -44,7 +44,7 @@ function Set-CIPPSPOTenant {
     process {
         if (!$SharepointPrefix) {
             # get sharepoint admin site
-            $SharePointInfo = Get-SharePointAdminLink -Public $false
+            $SharePointInfo = Get-SharePointAdminLink -Public $false -tenantFilter $TenantFilter
             $AdminUrl = $SharePointInfo.AdminUrl
         } else {
             $tenantName = $SharepointPrefix