From db9bc325ecb600375eb28ff20b2c640ed1c9b93b Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 21 Jun 2024 15:29:09 +0200 Subject: [PATCH 1/6] remove bpa file reads --- BestPracticeAnalyser_OrchestrationStarter/run.ps1 | 10 ++++------ BestPracticeAnalyser_OrchestrationStarterTimer/run.ps1 | 10 ++++------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/BestPracticeAnalyser_OrchestrationStarter/run.ps1 b/BestPracticeAnalyser_OrchestrationStarter/run.ps1 index 0afc6fdc07e0..3135509f9b3e 100644 --- a/BestPracticeAnalyser_OrchestrationStarter/run.ps1 +++ b/BestPracticeAnalyser_OrchestrationStarter/run.ps1 @@ -8,12 +8,10 @@ if ($Request.Query.TenantFilter) { $TenantList = Get-Tenants $Name = 'Best Practice Analyser (All Tenants)' } -$CippRoot = (Get-Item $PSScriptRoot).Parent.FullName -$TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json" -$Templates = $TemplatesLoc | ForEach-Object { - $Template = $(Get-Content $_) | ConvertFrom-Json - $Template.Name -} + +$BPATemplateTable = Get-CippTable -tablename 'templates' +$Filter = "PartitionKey eq 'BPATemplate'" +$Templates = ((Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json).Name $BPAReports = foreach ($Tenant in $TenantList) { foreach ($Template in $Templates) { diff --git a/BestPracticeAnalyser_OrchestrationStarterTimer/run.ps1 b/BestPracticeAnalyser_OrchestrationStarterTimer/run.ps1 index f111844160d4..0b9faa0a7c8b 100644 --- a/BestPracticeAnalyser_OrchestrationStarterTimer/run.ps1 +++ b/BestPracticeAnalyser_OrchestrationStarterTimer/run.ps1 @@ -7,12 +7,10 @@ if ($env:DEV_SKIP_BPA_TIMER) { $TenantList = Get-Tenants -$CippRoot = (Get-Item $PSScriptRoot).Parent.FullName -$TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json" -$Templates = $TemplatesLoc | ForEach-Object { - $Template = $(Get-Content $_) | ConvertFrom-Json - $Template.Name -} +$BPATemplateTable = Get-CippTable -tablename 'templates' +$Filter = "PartitionKey eq 'BPATemplate'" +$Templates = ((Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json).Name + $BPAReports = foreach ($Tenant in $TenantList) { foreach ($Template in $Templates) { From a29142f3ab29adddebf8917a6bba6b79479f4983 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 21 Jun 2024 15:59:33 +0200 Subject: [PATCH 2/6] added delete report --- .../Public/Invoke-RemoveBPATemplate.ps1 | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 diff --git a/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 new file mode 100644 index 000000000000..b9ae2a8c13e1 --- /dev/null +++ b/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 @@ -0,0 +1,38 @@ +using namespace System.Net + +Function Invoke-RemoveBPATemplate { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Tenant.ConditionalAccess.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + $ID = $request.query.TemplateName + try { + $Table = Get-CippTable -tablename 'templates' + + $Filter = "PartitionKey eq 'BPATemplate' and RowKey eq '$id'" + $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey + Remove-AzDataTableEntity @Table -Entity $clearRow + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Removed BPA Template with ID $ID." -Sev 'Info' + $body = [pscustomobject]@{'Results' = 'Successfully removed BPA Template' } + } catch { + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to remove BPA template $ID. $($_.Exception.Message)" -Sev 'Error' + $body = [pscustomobject]@{'Results' = "Failed to remove template: $($_.Exception.Message)" } + } + + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $body + }) + + +} From 002cdab1b81f9d8744187212b41b98324c1f03da Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 21 Jun 2024 16:27:50 +0200 Subject: [PATCH 3/6] remove file support bpa --- .../Activity Triggers/BPA/Push-BPACollectData.ps1 | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 index 71d41acb852b..af2c6092ff21 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 @@ -6,10 +6,12 @@ function Push-BPACollectData { param($Item) $TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $Item.Tenant - $CippRoot = (Get-Item $PSScriptRoot).Parent.Parent.Parent.Parent.Parent.Parent.FullName - $TemplatesLoc = Get-ChildItem "$CippRoot\Config\*.BPATemplate.json" + $BPATemplateTable = Get-CippTable -tablename 'templates' + $Filter = "PartitionKey eq 'BPATemplate'" + $TemplatesLoc = (Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json + $Templates = $TemplatesLoc | ForEach-Object { - $Template = $(Get-Content $_) | ConvertFrom-Json + $Template = $_ [PSCustomObject]@{ Data = $Template Name = $Template.Name @@ -17,7 +19,7 @@ function Push-BPACollectData { } } $Table = Get-CippTable -tablename 'cachebpav2' - + Write-Host "Working on BPA for $($TenantName.displayName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)" $Template = $Templates | Where-Object -Property Name -EQ -Value $Item.Template # Build up the result object that will be stored in tables $Result = @{ @@ -39,13 +41,13 @@ function Push-BPACollectData { } if ($Field.parameters.psobject.properties.name) { $field.Parameters | ForEach-Object { - Write-Information "Doing: $($_.psobject.properties.name) with value $($_.psobject.properties.value)" $paramsField[$_.psobject.properties.name] = $_.psobject.properties.value } } $FieldInfo = New-GraphGetRequest @paramsField | Where-Object $filterscript | Select-Object $field.ExtractFields } 'Exchange' { + Write-Host "Trying to execute $($field.Command) for $($TenantName.displayName) with GUID $($TenantName.customerId)" if ($field.Command -notlike 'get-*') { Write-LogMessage -API 'BPA' -tenant $tenant -message 'The BPA only supports get- exchange commands. A set or update command was used.' -sev Error break @@ -93,6 +95,7 @@ function Push-BPACollectData { } 'JSON' { if ($FieldInfo -eq $null) { $JsonString = '{}' } else { $JsonString = (ConvertTo-Json -Depth 15 -InputObject $FieldInfo -Compress) } + Write-Host "Adding $($field.Name) to table with value $JsonString" $Result.Add($field.Name, $JSONString) } 'string' { From 149f68bbc726da005f7a9cd8e99b70b8f17372cc Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 21 Jun 2024 17:31:54 +0200 Subject: [PATCH 4/6] added lost sku exclusion --- Modules/CippExtensions/Private/New-GradientServiceSyncRun.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CippExtensions/Private/New-GradientServiceSyncRun.ps1 b/Modules/CippExtensions/Private/New-GradientServiceSyncRun.ps1 index 3200c46782c5..b2fdba7b43ae 100644 --- a/Modules/CippExtensions/Private/New-GradientServiceSyncRun.ps1 +++ b/Modules/CippExtensions/Private/New-GradientServiceSyncRun.ps1 @@ -41,7 +41,7 @@ function New-GradientServiceSyncRun { Import-Module '.\Modules\CIPPCore' Write-Host "Doing $domainName" try { - $Licrequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $_.defaultDomainName -ErrorAction Stop + $Licrequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $_.defaultDomainName -ErrorAction Stop | Where-Object -Property skuId -NotIn $ExcludedSkuList.RowKey [PSCustomObject]@{ Tenant = $domainName Licenses = $Licrequest From 5ab5e6a68a93df7fef348d36ce502d0d49f87987 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 21 Jun 2024 23:33:35 +0200 Subject: [PATCH 5/6] update to exo commands --- Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 index 8ef890eaf10d..fac7a03612a0 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 @@ -23,14 +23,14 @@ function New-ExoRequest ($tenantid, $cmdlet, $cmdParams, $useSystemMailbox, $Anc if ($cmdparams.anr) { $Anchor = $cmdparams.anr } if ($cmdparams.User) { $Anchor = $cmdparams.User } if ($cmdparams.mailbox) { $Anchor = $cmdparams.mailbox } - + if ($cmdlet -eq 'Set-AdminAuditLogConfig') { $anchor = "UPN:SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}@$($OnMicrosoft)" } if (!$Anchor -or $useSystemMailbox) { if (!$Tenant.initialDomainName -or $Tenant.initialDomainName -notlike '*onmicrosoft.com*') { $OnMicrosoft = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains?$top=999' -tenantid $tenantid -NoAuthCheck $NoAuthCheck | Where-Object -Property isInitial -EQ $true).id } else { $OnMicrosoft = $Tenant.initialDomainName } - $anchor = "UPN:SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}@$($OnMicrosoft)" + $anchor = "UPN:SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}@$($OnMicrosoft)" } #if the anchor is a GUID, try looking up the user. if ($Anchor -match '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$') { From 784d66600f70f888c29857380e10cb2a2e758dd8 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Sat, 22 Jun 2024 02:22:48 +0200 Subject: [PATCH 6/6] updated api --- .../HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 index 1ec68eb1a7c7..a49abf454b11 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 @@ -29,7 +29,7 @@ Function Invoke-GetCippAlerts { Write-LogMessage -message 'Your CIPP API is out of date. Please update to the latest version' -API 'Updates' -tenant 'All Tenants' -sev Alert } - if ($env:ApplicationID -eq 'LongApplicationID' -or $null -eq $ENV:ApplicationID) { $Alerts.Add(@{Alert = 'You have not yet completed your SAM Setup. Please go to the SAM Setup Wizard in settings to connect CIPP to your tenant.'; link = '/cipp/setup'; type = 'warning' }) } + if ($env:ApplicationID -eq 'LongApplicationID' -or $null -eq $ENV:ApplicationID) { $Alerts.Add(@{Alert = 'You have not yet completed your SAM Setup. Please go to the SAM Setup Wizard in settings to connect CIPP to your tenant.'; link = '/cipp/setup'; type = 'warning'; setupCompleted = $false }) } if ($role -like '*superadmin*') { $Alerts.Add(@{Alert = 'You are logged in under a superadmin account. This account should not be used for normal usage.'; link = 'https://docs.cipp.app/setup/installation/owntenant'; type = 'danger' }) } if ($env:WEBSITE_RUN_FROM_PACKAGE -ne '1' -and $env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true') { $Alerts.Add(