Skip to content

Commit

Permalink
Merge branch 'KelvinTegelaar:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
CentralizedServices authored Sep 21, 2023
2 parents 5ce8bf6 + eafc8a0 commit 3966fdd
Show file tree
Hide file tree
Showing 36 changed files with 492 additions and 560 deletions.
6 changes: 3 additions & 3 deletions AddGroup/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -

$groupobj = $Request.body
$SelectedTenants = if ($Request.body.selectedTenants) { $request.body.selectedTenants.defaultDomainName } else { $Request.body.tenantid }

if ("AllTenants" -in $SelectedTenants) { $SelectedTenants = (Get-Tenants).defaultDomainName }

# Write to the Azure Functions log stream.
Write-Host "PowerShell HTTP trigger function processed a request."
Expand Down Expand Up @@ -44,13 +44,13 @@ $results = foreach ($tenant in $SelectedTenants) {
}
$GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet "New-DistributionGroup" -cmdParams $params
}
"Successfully created group."
"Successfully created group $($groupobj.displayname) for $($tenant)"
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id) " -Sev "Info"

}
catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Group creation API failed. $($_.Exception.Message)" -Sev "Error"
"Failed to create group. $($_.Exception.Message)"
"Failed to create group. $($groupobj.displayname) for $($tenant) $($_.Exception.Message)"

}
}
Expand Down
70 changes: 33 additions & 37 deletions BestPracticeAnalyser_All/run.ps1
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
param($tenant)

$TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $tenant
Set-Location (Get-Item $PSScriptRoot).Parent.FullName
$TemplatesLoc = Get-ChildItem "Config\*.BPATemplate.json"
$CippRoot = (Get-Item $PSScriptRoot).Parent.FullName
$TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json"
$Templates = $TemplatesLoc | ForEach-Object {
$Template = $(Get-Content $_) | ConvertFrom-Json
[PSCustomObject]@{
Expand All @@ -26,89 +26,85 @@ $AddRow = foreach ($Template in $templates) {
if ($Field.Where) { $filterscript = [scriptblock]::Create($Field.Where) } else { $filterscript = { $true } }
try {
switch ($field.API) {
"Graph" {
'Graph' {
$paramsField = @{
uri = $field.URL
tenantid = $TenantName.defaultDomainName
}
if ($Field.parameters) {
if ($Field.parameters.psobject.properties.name) {
$field.Parameters | ForEach-Object {
Write-Host "Doing: $($_.psobject.properties.name) with value $($_.psobject.properties.value)"
$paramsField.Add($_.psobject.properties.name, $_.psobject.properties.value)
$paramsField[$_.psobject.properties.name] = $_.psobject.properties.value
}
}
$FieldInfo = New-GraphGetRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
}
"Exchange" {
if ($field.Command -notlike "get-*") {
Write-LogMessage -API "BPA" -tenant $tenant -message "The BPA only supports get- exchange commands. A set or update command was used." -sev Error
'Exchange' {
if ($field.Command -notlike 'get-*') {
Write-LogMessage -API 'BPA' -tenant $tenant -message 'The BPA only supports get- exchange commands. A set or update command was used.' -sev Error
break
}
else {
} else {
$paramsField = @{
tenantid = $TenantName.defaultDomainName
cmdlet = $field.Command
}
if ($Field.Parameters) { $paramsfield.add('cmdparams', $field.parameters) }
$FieldInfo = New-ExoRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
if ($Field.Parameters) { $paramsfield.'cmdparams' = $field.parameters }
$FieldInfo = New-ExoRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
}
}
"CIPPFunction" {
if ($field.Command -notlike "get-CIPP*") {
Write-LogMessage -API "BPA" -tenant $tenant -message "The BPA only supports get-CIPP commands. A set or update command was used, or a command that is not allowed." -sev Error
'CIPPFunction' {
if ($field.Command -notlike 'get-CIPP*') {
Write-LogMessage -API 'BPA' -tenant $tenant -message 'The BPA only supports get-CIPP commands. A set or update command was used, or a command that is not allowed.' -sev Error
break
}
$paramsField = @{
TenantFilter = $TenantName.defaultDomainName
}
if ($field.parameters) {
if ($field.parameters.psobject.properties.name) {
$field.Parameters | ForEach-Object {
$paramsField.Add($_.psobject.properties.name, $_.psobject.properties.value)
$paramsField[$_.psobject.properties.name] = $_.psobject.properties.value
}
}
$FieldInfo = & $field.Command @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
$FieldInfo = & $field.Command @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields
}
}
}
catch {
} catch {
Write-Host "Error getting $($field.Name) in $($field.api) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)"
Write-LogMessage -API "BPA" -tenant $tenant -message "Error getting $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
$fieldinfo = "FAILED"
$field.StoreAs = "string"
}
Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
$fieldinfo = 'FAILED'
$field.StoreAs = 'string'
}
try {
switch -Wildcard ($field.StoreAs) {
"*bool" {
'*bool' {
if ($field.ExtractFields.Count -gt 1) {
Write-LogMessage -API "BPA" -tenant $tenant -message "The BPA only supports 1 field for a bool. $($field.ExtractFields.Count) fields were specified." -sev Error
Write-LogMessage -API 'BPA' -tenant $tenant -message "The BPA only supports 1 field for a bool. $($field.ExtractFields.Count) fields were specified." -sev Error
break
}
if ($null -eq $FieldInfo.$($field.ExtractFields)) { $FieldInfo = $false }

$Result.Add($field.Name, [bool]$FieldInfo.$($field.ExtractFields))
}
"JSON" {
if ($FieldInfo -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldInfo) }
'JSON' {
if ($FieldInfo -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldInfo -Compress) }
$Result.Add($field.Name, $JSONString)
}
"string" {
'string' {
$Result.Add($field.Name, [string]$FieldInfo)
}
}
}
catch {
Write-LogMessage -API "BPA" -tenant $tenant -message "Error storing $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
$Result.Add($field.Name, "FAILED")
} catch {
Write-LogMessage -API 'BPA' -tenant $tenant -message "Error storing $($field.Name) for $($TenantName.displayName) with GUID $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
$Result.Add($field.Name, 'FAILED')
}

}

if ($Result) {
try {
Add-AzDataTableEntity @Table -Entity $Result -Force
}
catch {
Write-LogMessage -API "BPA" -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
} catch {
Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error

}
}
Expand Down
1 change: 1 addition & 0 deletions Cache_SAMSetup/SAMManifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,7 @@
{ "id": "2a60023f-3219-47ad-baa4-40e17cd02a1d", "type": "Role" },
{ "id": "338163d7-f101-4c92-94ba-ca46fe52447c", "type": "Role" },
{ "id": "cac88765-0581-4025-9725-5ebc13f729ee", "type": "Role" },
{ "id": "75359482-378d-4052-8f01-80520e7db3cd", "type": "Role" },
{ "id": "b27a61ec-b99c-4d6a-b126-c4375d08ae30", "type": "Scope" },
{ "id": "84bccea3-f856-4a8a-967b-dbe0a3d53a64", "type": "Scope" },
{ "id": "280b3b69-0437-44b1-bc20-3b2fca1ee3e9", "type": "Scope" },
Expand Down
12 changes: 6 additions & 6 deletions Config/CIPPDefaultTable.BPATemplate.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"name": "PasswordNeverExpires",
"API": "Graph",
"URL": "https://graph.microsoft.com/beta/domains",
"ExtractFields": "passwordValidityPeriodInDays",
"ExtractFields": ["passwordValidityPeriodInDays"],
"where": "$_.passwordValidityPeriodInDays -eq 2147483647",
"StoreAs": "bool",
"FrontendFields": [
Expand All @@ -21,7 +21,7 @@
"name": "OAuthAppConsent",
"API": "Graph",
"URL": "https://graph.microsoft.com/v1.0/policies/authorizationPolicy?$select=defaultUserRolePermissions",
"ExtractFields": "defaultuserrolepermissions",
"ExtractFields": ["defaultuserrolepermissions"],
"where": "'ManagePermissionGrantsForSelf.microsoft-user-default-legacy' -notin $_.defaultuserrolepermissions.permissionGrantPoliciesAssigned",
"StoreAs": "bool",
"FrontendFields": [
Expand All @@ -36,7 +36,7 @@
"name": "UnifiedAuditLog",
"API": "Exchange",
"Command": "Get-AdminAuditLogConfig",
"ExtractFields": "UnifiedAuditLogIngestionEnabled",
"ExtractFields": ["UnifiedAuditLogIngestionEnabled"],
"StoreAs": "bool",
"FrontendFields": [
{
Expand Down Expand Up @@ -65,7 +65,7 @@
"name": "TAPEnabled",
"API": "Graph",
"URL": "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/TemporaryAccessPass",
"ExtractFields": "State",
"ExtractFields": ["State"],
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -79,7 +79,7 @@
"name": "SecureDefaultState",
"API": "Graph",
"URL": "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy",
"ExtractFields": "IsEnabled",
"ExtractFields": ["IsEnabled"],
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -93,7 +93,7 @@
"name": "AnonymousPrivacyReports",
"API": "Graph",
"URL": "https://graph.microsoft.com/beta/admin/reportSettings",
"ExtractFields": "displayConcealedNames",
"ExtractFields": ["displayConcealedNames"],
"StoreAs": "bool",
"where": "$_.displayConcealedNames -eq $false",
"FrontendFields": [
Expand Down
22 changes: 11 additions & 11 deletions Config/CIPPDefaultTenantPage.BPATemplate.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"Fields": [
{
"name": "PasswordNeverExpires",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -17,7 +17,7 @@
},
{
"name": "OAuthAppConsent",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -30,7 +30,7 @@
},
{
"name": "UnifiedAuditLog",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -43,7 +43,7 @@
},
{
"name": "MFANudgeState",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -56,7 +56,7 @@
},
{
"name": "TAPEnabled",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -69,7 +69,7 @@
},
{
"name": "SecureDefaultState",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -82,7 +82,7 @@
},
{
"name": "AnonymousPrivacyReports",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "bool",
"FrontendFields": [
{
Expand All @@ -95,7 +95,7 @@
},
{
"name": "MessageCopyforSentAsDisabled",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "JSON",
"FrontendFields": [
{
Expand All @@ -108,7 +108,7 @@
},
{
"name": "SharedMailboxeswithenabledusers",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "JSON",
"FrontendFields": [
{
Expand All @@ -121,7 +121,7 @@
},
{
"name": "Unusedlicenses",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "JSON",
"FrontendFields": [
{
Expand All @@ -134,7 +134,7 @@
},
{
"name": "CurrentSecureScore",
"UseExistingInfo": "true",
"UseExistingInfo": true,
"StoreAs": "JSON",
"FrontendFields": [
{
Expand Down
2 changes: 1 addition & 1 deletion EditUser/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ catch {
}

if ($Request.body.CopyFrom -ne "") {
$CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $request.headers.'x-ms-client-principal' -tenantid $Userobj.tenantid -CopyFromId $Request.body.CopyFrom -UserID $user -TenantFilter $Userobj.tenantid
$CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $request.headers.'x-ms-client-principal' -tenantid $Userobj.tenantid -CopyFromId $Request.body.CopyFrom -UserID $UserprincipalName -TenantFilter $Userobj.tenantid
$results.AddRange($CopyFrom)
}
$body = @{"Results" = @($results) }
Expand Down
10 changes: 7 additions & 3 deletions ExecCPVPermissions/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,17 @@ $GraphRequest = $ExpectedPermissions.requiredResourceAccess | ForEach-Object {
}
}

try {
$ourSVCPrincipal = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($ENV:applicationid)')" -tenantid $Tenantfilter
$CurrentRoles = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignments" -tenantid $tenantfilter

$ourSVCPrincipal = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($ENV:applicationid)')" -tenantid $Tenantfilter

}
catch {
#this try catch exists because of 500 errors when the app principal does not exist. :)
}
# if the app svc principal exists, consent app permissions
$apps = $ExpectedPermissions
#get current roles
$CurrentRoles = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignments" -tenantid $tenantfilter
#If
$Grants = foreach ($App in $apps.requiredResourceAccess) {
try {
Expand Down
19 changes: 19 additions & 0 deletions ExecEditTemplate/function.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"bindings": [
{
"authLevel": "anonymous",
"type": "httpTrigger",
"direction": "in",
"name": "Request",
"methods": [
"get",
"post"
]
},
{
"type": "http",
"direction": "out",
"name": "Response"
}
]
}
Loading

0 comments on commit 3966fdd

Please sign in to comment.