From fb15432527b4452150894fdf914418f57890afe4 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 5 Jan 2024 15:19:11 +0100 Subject: [PATCH 1/9] api hotfix --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 1f1ac7c2f330..b550c72a11d1 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -4.9.1 \ No newline at end of file +4.9.2 \ No newline at end of file From 483027a918cf7bd77f32c71e4301e69618973150 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 8 Jan 2024 00:09:06 +0100 Subject: [PATCH 2/9] Add DisableExternalCalendarSharing standard --- .../Public/Set-CIPPAuthenticationPolicy.ps1 | 6 ++-- ...StandardDisableExternalCalendarSharing.ps1 | 31 +++++++++++++++++++ 2 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 diff --git a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 index b68de07e0301..32978e323d79 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 @@ -80,7 +80,7 @@ function Set-CIPPAuthenticationPolicy { 'softwareOath' { # Nothing special to do here } - + # Voice call 'Voice' { # Disallow enabling voice @@ -103,8 +103,8 @@ function Set-CIPPAuthenticationPolicy { # Nothing special to do here } Default { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message 'Somehow you hit the default case. You probably made a typo in the input for AuthenticationMethodId. It''s case sensitive' -sev Error - return 'Somehow you hit the default case. You probably made a typo in the input for AuthenticationMethodId. It''s case sensitive.' + Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." -sev Error + return "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." } } # Set state of the authentication method diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 new file mode 100644 index 000000000000..92185029888a --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 @@ -0,0 +1,31 @@ +function Invoke-CIPPStandardDisableExternalCalendarSharing { + <# + .FUNCTIONALITY + Internal + #> + param($Tenant, $Settings) + + if ($Settings.remediate) { + New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } | ForEach-Object { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true + } + } + + # This is ugly but done to avoid a second call to the Graph API + if ($Settings.alert -or $Settings.report) { + $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } + + if ($Settings.alert) { + if ($CurrentInfo.Enabled) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'External calendar sharing is enabled' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'External calendar sharing is not enabled' -sev Info + } + } + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'ExternalCalendarSharingDisabled' -FieldValue [bool]$CurrentInfo.Enabled -StoreAs bool -Tenant $tenant + } + } + + +} \ No newline at end of file From c9bdefac1ee15f2a5cf76902e315f4161735e7a0 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jan 2024 01:46:30 +0100 Subject: [PATCH 3/9] add tenant logging --- .../Push-CIPPAlertMFAAlertUsers.ps1 | 49 ++++++++++--------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 index b7bf8bc6d304..e2ff3256467b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 @@ -7,7 +7,7 @@ function Push-CIPPAlertMFAAlertUsers { ) try { $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users?`$select=userPrincipalName,id,accountEnabled,userType&`$filter=userType eq 'Member' and accountEnabled eq true" -tenantid $($QueueItem.tenant) - Write-Host "found $($users.count) users" + Write-Host "found $($users.count) users for $($QueueItem.tenant)" $StrongMFAMethods = '#microsoft.graph.fido2AuthenticationMethod', '#microsoft.graph.phoneAuthenticationMethod', '#microsoft.graph.passwordlessmicrosoftauthenticatorauthenticationmethod', '#microsoft.graph.softwareOathAuthenticationMethod', '#microsoft.graph.microsoftAuthenticatorAuthenticationMethod' $UserBatches = [System.Collections.Generic.List[Object]]@() @@ -16,35 +16,38 @@ function Push-CIPPAlertMFAAlertUsers { } $UserBatches | ForEach-Object -Parallel { - Import-Module CippCore - Import-Module AzBobbyTables - $UserBatch = $_ - Write-Host "processing batch of $($UserBatch.count) users" - $BatchRequests = $UserBatch | ForEach-Object { - @{ - id = $_.id - method = 'GET' - url = "users/$($_.ID)/authentication/Methods" + try { + Write-Host "processing batch of $($_.count) users for $($using:QueueItem.tenant)" + Import-Module CippCore + Import-Module AzBobbyTables + $UserBatch = $_ + Write-Host "processing batch of $($UserBatch.count) users" + $BatchRequests = $UserBatch | ForEach-Object { + @{ + id = $_.id + method = 'GET' + url = "users/$($_.ID)/authentication/Methods" + } } - } - $BatchResponses = New-GraphBulkRequest -tenantid $using:QueueItem.tenant -Requests $BatchRequests - foreach ($response in $BatchResponses) { - $UPN = ($UserBatch | Where-Object { $_.id -eq $response.id }).UserPrincipalName - $CARegistered = $false + $BatchResponses = New-GraphBulkRequest -tenantid $using:QueueItem.tenant -Requests $BatchRequests + foreach ($response in $BatchResponses) { + $UPN = ($UserBatch | Where-Object { $_.id -eq $response.id }).UserPrincipalName + $CARegistered = $false - foreach ($method in $response.body.value) { - if ($method.'@odata.type' -in $using:StrongMFAMethods) { - $CARegistered = $true - break + foreach ($method in $response.body.value) { + if ($method.'@odata.type' -in $using:StrongMFAMethods) { + $CARegistered = $true + break + } } - } - if (-not $CARegistered) { - Write-AlertMessage -tenant $using:QueueItem.tenant -message "User $UPN is enabled but does not have any form of MFA configured." + if (-not $CARegistered) { + Write-AlertMessage -tenant $using:QueueItem.tenant -message "User $UPN is enabled but does not have any form of MFA configured." + } } + } catch { } } -ThrottleLimit 25 - } catch { Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get MFA status for users for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" } From 6f63e98728c995d1ed841338c0dbf01eef262023 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jan 2024 09:34:42 +0100 Subject: [PATCH 4/9] MFA All Users timing --- .../Push-CIPPAlertDepTokenExpiry.ps1 | 2 - .../Push-CIPPAlertMFAAlertUsers.ps1 | 79 +++++++++++-------- 2 files changed, 45 insertions(+), 36 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 index c41d62c1f9b5..804750e60705 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 @@ -7,8 +7,6 @@ function Push-CIPPAlertDepTokenExpiry { ) $LastRunTable = Get-CIPPTable -Table AlertLastRun - - try { $Filter = "RowKey eq 'DepTokenExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 index e2ff3256467b..1230154df79a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 @@ -6,49 +6,60 @@ function Push-CIPPAlertMFAAlertUsers { $TriggerMetadata ) try { - $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users?`$select=userPrincipalName,id,accountEnabled,userType&`$filter=userType eq 'Member' and accountEnabled eq true" -tenantid $($QueueItem.tenant) - Write-Host "found $($users.count) users for $($QueueItem.tenant)" - $StrongMFAMethods = '#microsoft.graph.fido2AuthenticationMethod', '#microsoft.graph.phoneAuthenticationMethod', '#microsoft.graph.passwordlessmicrosoftauthenticatorauthenticationmethod', '#microsoft.graph.softwareOathAuthenticationMethod', '#microsoft.graph.microsoftAuthenticatorAuthenticationMethod' + $LastRunTable = Get-CIPPTable -Table AlertLastRun + $Filter = "RowKey eq 'MFAAllUsers' and PartitionKey eq '{0}'" -f $QueueItem.tenantid + $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter + $Yesterday = (Get-Date).AddDays(-1) + if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { + $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users?`$select=userPrincipalName,id,accountEnabled,userType&`$filter=userType eq 'Member' and accountEnabled eq true" -tenantid $($QueueItem.tenant) + Write-Host "found $($users.count) users for $($QueueItem.tenant)" + $StrongMFAMethods = '#microsoft.graph.fido2AuthenticationMethod', '#microsoft.graph.phoneAuthenticationMethod', '#microsoft.graph.passwordlessmicrosoftauthenticatorauthenticationmethod', '#microsoft.graph.softwareOathAuthenticationMethod', '#microsoft.graph.microsoftAuthenticatorAuthenticationMethod' - $UserBatches = [System.Collections.Generic.List[Object]]@() - for ($i = 0; $i -lt $users.count; $i += 20) { - $UserBatches.Add($users[$i..($i + 19)]) - } + $UserBatches = [System.Collections.Generic.List[Object]]@() + for ($i = 0; $i -lt $users.count; $i += 20) { + $UserBatches.Add($users[$i..($i + 19)]) + } - $UserBatches | ForEach-Object -Parallel { - try { - Write-Host "processing batch of $($_.count) users for $($using:QueueItem.tenant)" - Import-Module CippCore - Import-Module AzBobbyTables - $UserBatch = $_ - Write-Host "processing batch of $($UserBatch.count) users" - $BatchRequests = $UserBatch | ForEach-Object { - @{ - id = $_.id - method = 'GET' - url = "users/$($_.ID)/authentication/Methods" + $UserBatches | ForEach-Object -Parallel { + try { + Write-Host "processing batch of $($_.count) users for $($using:QueueItem.tenant)" + Import-Module CippCore + Import-Module AzBobbyTables + $UserBatch = $_ + Write-Host "processing batch of $($UserBatch.count) users" + $BatchRequests = $UserBatch | ForEach-Object { + @{ + id = $_.id + method = 'GET' + url = "users/$($_.ID)/authentication/Methods" + } } - } - $BatchResponses = New-GraphBulkRequest -tenantid $using:QueueItem.tenant -Requests $BatchRequests - foreach ($response in $BatchResponses) { - $UPN = ($UserBatch | Where-Object { $_.id -eq $response.id }).UserPrincipalName - $CARegistered = $false + $BatchResponses = New-GraphBulkRequest -tenantid $using:QueueItem.tenant -Requests $BatchRequests + foreach ($response in $BatchResponses) { + $UPN = ($UserBatch | Where-Object { $_.id -eq $response.id }).UserPrincipalName + $CARegistered = $false - foreach ($method in $response.body.value) { - if ($method.'@odata.type' -in $using:StrongMFAMethods) { - $CARegistered = $true - break + foreach ($method in $response.body.value) { + if ($method.'@odata.type' -in $using:StrongMFAMethods) { + $CARegistered = $true + break + } } - } - if (-not $CARegistered) { - Write-AlertMessage -tenant $using:QueueItem.tenant -message "User $UPN is enabled but does not have any form of MFA configured." + if (-not $CARegistered) { + Write-AlertMessage -tenant $using:QueueItem.tenant -message "User $UPN is enabled but does not have any form of MFA configured." + } } + } catch { } - } catch { - } - } -ThrottleLimit 25 + } -ThrottleLimit 25 + } } catch { Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get MFA status for users for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" } + $LastRun = @{ + RowKey = 'MFAAllUsers' + PartitionKey = $QueueItem.tenantid + } + Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } From 340d05a70fc47aad6cc298ccfef20aa47d5c6aba Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jan 2024 09:36:17 +0100 Subject: [PATCH 5/9] mfa all admins timing --- .../Entrypoints/Push-CIPPAlertMFAAdmins.ps1 | 55 +++++++++++-------- 1 file changed, 33 insertions(+), 22 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 index 7f8c83fad40b..db17b8b2556c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 @@ -6,34 +6,45 @@ function Push-CIPPAlertMFAAdmins { $TriggerMetadata ) try { - $StrongMFAMethods = '#microsoft.graph.fido2AuthenticationMethod', '#microsoft.graph.phoneAuthenticationMethod', '#microsoft.graph.passwordlessmicrosoftauthenticatorauthenticationmethod', '#microsoft.graph.softwareOathAuthenticationMethod', '#microsoft.graph.microsoftAuthenticatorAuthenticationMethod' - $AdminList = (New-GraphGETRequest -uri "https://graph.microsoft.com/beta/directoryRoles?`$expand=members" -tenantid $($QueueItem.tenant) | Where-Object -Property roleTemplateId -NE 'd29b2b05-8046-44ba-8758-1e26182fcf32').members | Where-Object { $_.userPrincipalName -ne $null -and $_.Usertype -eq 'Member' -and $_.accountEnabled -eq $true } | Sort-Object UserPrincipalName -Unique - $CAPolicies = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies' -tenantid $QueueItem.tenant -ErrorAction Stop) - foreach ($Policy in $CAPolicies) { - if ($policy.grantControls.customAuthenticationFactors -eq 'RequireDuoMfa') { - $DuoActive = $true - } - } - if (!$DuoActive) { - $AdminList | ForEach-Object { - $CARegistered = $null - try { - New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users/$($_.ID)/authentication/Methods" -tenantid $($QueueItem.tenant) | ForEach-Object { - if ($_.'@odata.type' -in $StrongMFAMethods) { - $CARegistered = $true + $LastRunTable = Get-CIPPTable -Table AlertLastRun + $Filter = "RowKey eq 'MFAAllAdmins' and PartitionKey eq '{0}'" -f $QueueItem.tenantid + $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter + $Yesterday = (Get-Date).AddDays(-1) + if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { + $StrongMFAMethods = '#microsoft.graph.fido2AuthenticationMethod', '#microsoft.graph.phoneAuthenticationMethod', '#microsoft.graph.passwordlessmicrosoftauthenticatorauthenticationmethod', '#microsoft.graph.softwareOathAuthenticationMethod', '#microsoft.graph.microsoftAuthenticatorAuthenticationMethod' + $AdminList = (New-GraphGETRequest -uri "https://graph.microsoft.com/beta/directoryRoles?`$expand=members" -tenantid $($QueueItem.tenant) | Where-Object -Property roleTemplateId -NE 'd29b2b05-8046-44ba-8758-1e26182fcf32').members | Where-Object { $_.userPrincipalName -ne $null -and $_.Usertype -eq 'Member' -and $_.accountEnabled -eq $true } | Sort-Object UserPrincipalName -Unique + $CAPolicies = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies' -tenantid $QueueItem.tenant -ErrorAction Stop) + foreach ($Policy in $CAPolicies) { + if ($policy.grantControls.customAuthenticationFactors -eq 'RequireDuoMfa') { + $DuoActive = $true + } + } + if (!$DuoActive) { + $AdminList | ForEach-Object { + $CARegistered = $null + try { + New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users/$($_.ID)/authentication/Methods" -tenantid $($QueueItem.tenant) | ForEach-Object { + if ($_.'@odata.type' -in $StrongMFAMethods) { + $CARegistered = $true + } } + if ($CARegistered -ne $true) { + Write-AlertMessage -tenant $($QueueItem.tenant) -message "Admin $($_.UserPrincipalName) is enabled but does not have any form of MFA configured." + } + } catch { + # Error handling here if needed } - if ($CARegistered -ne $true) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Admin $($_.UserPrincipalName) is enabled but does not have any form of MFA configured." - } - } catch { - # Error handling here if needed } + } else { + Write-LogMessage -message 'Potentially using Duo for MFA, could not check MFA status for Admins with 100% accuracy' -API 'MFA Alerts - Informational' -tenant $QueueItem.tenant -sev Info } - } else { - Write-LogMessage -message 'Potentially using Duo for MFA, could not check MFA status for Admins with 100% accuracy' -API 'MFA Alerts - Informational' -tenant $QueueItem.tenant -sev Info } } catch { Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get MFA status for admins for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" } + $LastRun = @{ + RowKey = 'MFAAllAdmins' + PartitionKey = $QueueItem.tenantid + } + Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } \ No newline at end of file From 7e68863956651d706f443ecaf04688243db0bd12 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jan 2024 09:48:35 +0100 Subject: [PATCH 6/9] fix for appsecret --- .../Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 index e0936bb9c69c..bbc2a60fa74b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 @@ -18,7 +18,7 @@ function Push-CIPPAlertAppSecretExpiry { if ($App.passwordCredentials) { foreach ($Credential in $App.passwordCredentials) { if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) { - ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) + Write-AlertMessage -tenant $($QueueItem.tenant) -message ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) } } } From e8f448eeaa0fbabe94bba6e0482d87fee0e517c3 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jan 2024 09:49:09 +0100 Subject: [PATCH 7/9] version up --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index b550c72a11d1..e94f14fa9ed3 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -4.9.2 \ No newline at end of file +4.9.3 \ No newline at end of file From 29dae48453f76574671ada5a09ddf7768fc08cf5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jan 2024 10:23:47 +0100 Subject: [PATCH 8/9] added logging --- .../Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 index bbc2a60fa74b..65501b405c16 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 @@ -7,7 +7,7 @@ function Push-CIPPAlertAppSecretExpiry { ) $LastRunTable = Get-CIPPTable -Table AlertLastRun - + Write-Host "Checking app expire for $($QueueItem.tenant)" try { $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter @@ -15,9 +15,11 @@ function Push-CIPPAlertAppSecretExpiry { if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,passwordCredentials" -tenantid $QueueItem.tenant | ForEach-Object { foreach ($App in $_) { + Write-Host "checking $($App.displayName)" if ($App.passwordCredentials) { foreach ($Credential in $App.passwordCredentials) { if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) { + Write-Host ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) Write-AlertMessage -tenant $($QueueItem.tenant) -message ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) } } From 5295bc8119341462d4a960f870b986a04644c05e Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jan 2024 10:25:15 +0100 Subject: [PATCH 9/9] added out-null --- Scheduler_Alert/run.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Scheduler_Alert/run.ps1 b/Scheduler_Alert/run.ps1 index c35df4f9d1a1..1a7cca3527e3 100644 --- a/Scheduler_Alert/run.ps1 +++ b/Scheduler_Alert/run.ps1 @@ -31,7 +31,7 @@ try { $CurrentAlerts = (Get-CIPPAzDataTableEntity @AlertsTable -Filter $Filter) $CurrentAlerts | ForEach-Object { if ($_.Message -notin $currentlog.Message) { Write-LogMessage -message $_.Message -API 'Alerts' -tenant $tenant.tenant -sev Alert -tenantid $Tenant.tenantid } - Remove-AzDataTableEntity @AlertsTable -Entity $_ + Remove-AzDataTableEntity @AlertsTable -Entity $_ | Out-Null } [PSCustomObject]@{