Merge pull request KelvinTegelaar#1614 from Zacgoose/teams-phone

FEAT: Teams phone DID removal endpoint

Author: JohnDuprey

CIPP-Permissions.json

@@ -425,6 +425,11 @@
         "Name": "UserAuthenticationMethod.ReadWrite",
         "Description": "Allows the app to read and write your authentication methods, including phone numbers and Authenticator app settings.This does not allow the app to see secret information like your passwords, or to sign-in or otherwise use your authentication methods."
       },
+      {
+        "Id": "424b07a8-1209-4d17-9fe4-9018a93a1024",
+        "Name": "TeamsTelephoneNumber.ReadWrite.All",
+        "Description": "Allows the app to read and modify your tenant's acquired telephone number details on behalf of the signed-in admin user. Acquired telephone numbers may include attributes related to assigned object, emergency location, network site, etc."
+      },
       {
         "Id": "b7887744-6746-4312-813d-72daeaee7e2d",
         "Name": "UserAuthenticationMethod.ReadWrite.All",
@@ -697,6 +702,11 @@
         "Name": "User.ReadWrite.All",
         "Description": "Allows the app to read and update user profiles without a signed in user."
       },
+      {
+        "Id": "0a42382f-155c-4eb1-9bdc-21548ccaa387",
+        "Name": "TeamsTelephoneNumber.ReadWrite.All",
+        "Description": "Allows the app to read your tenant's acquired telephone number details, without a signed-in user. Acquired telephone numbers may include attributes related to assigned object, emergency location, network site, etc."
+      },
       {
         "Id": "50483e42-d915-4231-9639-7fdb7fd190e5",
         "Name": "UserAuthenticationMethod.ReadWrite.All",

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-CIPPOffboardingJob.ps1

@@ -111,6 +111,13 @@ function Invoke-CIPPOffboardingJob {
                 $_.Exception.Message
             }
         }
+        { $_.RemoveTeamsPhoneDID } {
+            try {
+                Remove-CIPPUserTeamsPhoneDIDs -userid $userid -username $username -tenantFilter $TenantFilter -Headers $Headers -APIName $APIName
+            } catch {
+                $_.Exception.Message
+            }
+        }
         { $_.RemoveLicenses -eq $true } {
             Remove-CIPPLicense -userid $userid -username $Username -tenantFilter $TenantFilter -Headers $Headers -APIName $APIName -Schedule
         }

Modules/CIPPCore/Public/PermissionsTranslator.json

@@ -5353,5 +5353,23 @@
     "userConsentDescription": "Access Microsoft Teams and Skype for Business data as the signed in user",
     "userConsentDisplayName": "Access Microsoft Teams and Skype for Business data based on the user's role membership",
     "value": "OnPremDirectorySynchronization.ReadWrite.All"
+  },
+  {
+    "description": "Read and Modify Tenant-Acquired Telephone Number Details",
+    "displayName": "Read and Modify Tenant-Acquired Telephone Number Details",
+    "id": "424b07a8-1209-4d17-9fe4-9018a93a1024",
+    "Origin": "Delegated",
+    "userConsentDescription": "Allows the app to read and modify your tenant's acquired telephone number details on behalf of the signed-in admin user. Acquired telephone numbers may include attributes related to assigned object, emergency location, network site, etc.",
+    "userConsentDisplayName": "Allows the app to read and modify your tenant's acquired telephone number details on behalf of the signed-in admin user. Acquired telephone numbers may include attributes related to assigned object, emergency location, network site, etc.",
+    "value": "TeamsTelephoneNumber.ReadWrite.All"
+  },
+  {
+    "description": "Read and Modify Tenant-Acquired Telephone Number Details",
+    "displayName": "Read and Modify Tenant-Acquired Telephone Number Details",
+    "id": "0a42382f-155c-4eb1-9bdc-21548ccaa387",
+    "Origin": "Application",
+    "userConsentDescription": "Allows the app to read your tenant's acquired telephone number details, without a signed-in user. Acquired telephone numbers may include attributes related to assigned object, emergency location, network site, etc.",
+    "userConsentDisplayName": "Allows the app to read your tenant's acquired telephone number details, without a signed-in user. Acquired telephone numbers may include attributes related to assigned object, emergency location, network site, etc.",
+    "value": "TeamsTelephoneNumber.ReadWrite.All"
   }
 ]

Modules/CIPPCore/Public/Remove-CIPPUserTeamsPhoneDIDs.ps1

@@ -0,0 +1,98 @@
+using namespace System.Net
+using namespace System.Collections.Generic
+
+function Remove-CIPPUserTeamsPhoneDIDs {
+    [CmdletBinding()]
+    param (
+        $Headers,
+        [parameter(Mandatory = $true)]
+        [string]$UserID,
+        [string]$Username,
+        $APIName = 'Remove User Teams Phone DIDs',
+        [parameter(Mandatory = $true)]
+        $TenantFilter
+    )
+
+    try {
+
+        # Set Username to UserID if not provided
+        if ([string]::IsNullOrEmpty($Username)) {
+            $Username = $UserID
+        }
+
+        # Initialize collections for results
+        $Results = [List[string]]::new()
+        $SuccessCount = 0
+        $ErrorCount = 0
+
+        # Get all tenant DIDs
+        $TeamsPhoneDIDs = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/admin/teams/telephoneNumberManagement/numberAssignments" -tenant $TenantFilter
+
+        if (-not $TeamsPhoneDIDs -or $TeamsPhoneDIDs.Count -eq 0) {
+            $Result = "No Teams Phone DIDs found in tenant"
+            $Results.Add($Result)
+            return $Results.ToArray()
+        }
+
+        # Filter DIDs assigned to the specific user
+        $UserDIDs = $TeamsPhoneDIDs | Where-Object { $_.assignmentTargetId -eq $UserID -and $_.assignmentStatus -ne 'unassigned' }
+
+        if (-not $UserDIDs -or $UserDIDs.Count -eq 0) {
+            $Result = "No Teams Phone DIDs found assigned to user: '$Username' - '$UserID'"
+            $Results.Add($Result)
+            return $Results.ToArray()
+        }
+
+        # Prepare bulk requests for all DIDs
+        $RemoveRequests = foreach ($DID in $UserDIDs) {
+            @{
+                id     = $DID.telephoneNumber
+                method = 'POST'
+                url    = "admin/teams/telephoneNumberManagement/numberAssignments/unassignNumber"
+                body   = @{
+                    telephoneNumber = $DID.telephoneNumber
+                    numberType      = $DID.numberType
+                }
+            }
+        }
+
+        # Execute bulk request
+        $RemoveResults = New-GraphBulkRequest -tenantid $TenantFilter -requests @($RemoveRequests)
+
+        # Process results
+        $RemoveResults | ForEach-Object {
+            $PhoneNumber = $_.id
+
+            if ($_.status -eq 204) {
+                $SuccessResult = "Successfully removed Teams Phone DID: '$PhoneNumber' from: '$Username' - '$UserID'"
+                Write-LogMessage -headers $Headers -API $APIName -message $SuccessResult -Sev 'Info' -tenant $TenantFilter
+                $Results.Add($SuccessResult)
+                $SuccessCount++
+            } else {
+                $ErrorMessage = if ($_.body.error.message) {
+                    $_.body.error.message
+                } else {
+                    "HTTP Status: $($_.status)"
+                }
+
+                $ErrorResult = "Failed to remove Teams Phone DID: '$PhoneNumber' from: '$Username' - '$UserID'. Error: $ErrorMessage"
+                Write-LogMessage -headers $Headers -API $APIName -message $ErrorResult -Sev 'Error' -tenant $TenantFilter
+                $Results.Add($ErrorResult)
+                $ErrorCount++
+            }
+        }
+
+        # Add summary result
+        $SummaryResult = "Completed processing $($UserDIDs.Count) DIDs for user '$Username': $SuccessCount successful, $ErrorCount failed"
+        Write-LogMessage -headers $Headers -API $APIName -message $SummaryResult -Sev 'Info' -tenant $TenantFilter
+        $Results.Add($SummaryResult)
+
+        return $Results.ToArray()
+
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = "Failed to process Teams Phone DIDs removal for: '$Username' - '$UserID'. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
+        throw $Result
+    }
+}

Modules/CIPPCore/Public/SAMManifest.json

@@ -570,6 +570,14 @@
         {
           "id": "b7887744-6746-4312-813d-72daeaee7e2d",
           "type": "Scope"
+        },
+        {
+          "id": "424b07a8-1209-4d17-9fe4-9018a93a1024",
+          "type": "Scope"
+        },
+        {
+          "id": "0a42382f-155c-4eb1-9bdc-21548ccaa387",
+          "type": "Role"
         }
       ]
     },
@@ -643,4 +651,4 @@
       ]
     }
   ]
-}
+}