Merge pull request KelvinTegelaar#212 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: JohnDuprey

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1

@@ -10,7 +10,10 @@ Function Invoke-ExecListBackup {
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
-    $Result = Get-CIPPBackup -type $Request.body.Type -TenantFilter $Request.body.TenantFilter
+    $Result = Get-CIPPBackup -type $Request.query.Type -TenantFilter $Request.query.TenantFilter
+    if ($request.query.NameOnly) {
+        $Result = $Result | Select-Object RowKey, timestamp
+    }
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Alerts' -message $request.body.text -Sev $request.body.Severity
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1

@@ -33,9 +33,9 @@ Function Invoke-AddDefenderDeployment {
                 allowPartnerToCollectIOSPersonalApplicationMetadata = [bool]$Compliance.ConnectIosCompliance
                 androidMobileApplicationManagementEnabled           = [bool]$Compliance.ConnectAndroidCompliance
                 iosMobileApplicationManagementEnabled               = [bool]$Compliance.appSync
-                microsoftDefenderForEndpointAttachEnabled           = [bool]$compliance.AllowMEMEnforceCompliance
+                microsoftDefenderForEndpointAttachEnabled           = [bool]$true
             } | ConvertTo-Json -Compress
-            $SettingsRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/' -tenantid $tenant -type POST -body $SettingsObj
+            $SettingsRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/' -tenantid $tenant -type POST -body $SettingsObj -AsApp $true
             "$($Tenant): Successfully set Defender Compliance and Reporting settings"
 
             $Settings = switch ($PolicySettings) {
@@ -79,8 +79,7 @@ Function Invoke-AddDefenderDeployment {
             Write-Host ($CheckExististing | ConvertTo-Json)
             if ('Default AV Policy' -in $CheckExististing.Name) {
                 "$($Tenant): AV Policy already exists. Skipping"
-            }
-            else {
+            } else {
                 $PolBody = ConvertTo-Json -Depth 10 -Compress -InputObject @{
                     name              = 'Default AV Policy'
                     description       = ''
@@ -138,8 +137,7 @@ Function Invoke-AddDefenderDeployment {
             $CheckExististingASR = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $tenant
             if ('ASR Default rules' -in $CheckExististingASR.Name) {
                 "$($Tenant): ASR Policy already exists. Skipping"
-            }
-            else {
+            } else {
                 Write-Host $ASRbody
                 $ASRRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $tenant -type POST -body $ASRbody
                 Write-Host ($ASRRequest.id)
@@ -215,9 +213,8 @@ Function Invoke-AddDefenderDeployment {
             $CheckExististingEDR = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $tenant
             if ('EDR Configuration' -in $CheckExististingEDR.Name) {
                 "$($Tenant): EDR Policy already exists. Skipping"
-            }
-            else {
-                $EDRRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $tenant -type POST -body $EDRbody
+            } else {
+                #$EDRRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $tenant -type POST -body $EDRbody
                 if ($ASR.AssignTo -ne 'none') {
                     $AssignBody = if ($ASR.AssignTo -ne 'AllDevicesAndUsers') { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.' + $($asr.AssignTo) + 'AssignmentTarget"}}]}' } else { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}},{"id":"","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"}}]}' }
                     $assign = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($EDRRequest.id)')/assign" -tenantid $tenant -type POST -body $AssignBody
@@ -226,8 +223,7 @@ Function Invoke-AddDefenderDeployment {
                 "$($Tenant): Successfully added EDR Settings"
             }
 
-        }
-        catch {
+        } catch {
             "Failed to add policy for $($Tenant): $($_.Exception.Message)"
             Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed adding policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error'
             continue

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1

@@ -29,7 +29,7 @@ Function Invoke-ListSites {
         } else {
             $ParsedRequest = $Result
         }
-        $GraphRequest = $ParsedRequest | Select-Object @{ Name = 'UPN'; Expression = { $_.'Owner Principal Name' } },
+        $GraphRequest = $ParsedRequest | Select-Object AutoMapUrl, @{ Name = 'UPN'; Expression = { $_.'Owner Principal Name' } },
         @{ Name = 'displayName'; Expression = { $_.'Owner Display Name' } },
         @{ Name = 'LastActive'; Expression = { $_.'Last Activity Date' } },
         @{ Name = 'FileCount'; Expression = { [int]$_.'File Count' } },
@@ -41,14 +41,28 @@ Function Invoke-ListSites {
 
         #Temporary workaround for url as report is broken.
         #This API is so stupid its great.
-        $URLs = (New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/sites/getAllSites?$select=SharePointIds' -asapp $true -tenantid $TenantFilter).SharePointIds
-
+        $URLs = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/sites/getAllSites?$select=SharePointIds,name,webUrl,displayName,siteCollection' -asapp $true -tenantid $TenantFilter
+        $int = 0
+        if ($Type -eq 'SharePointSiteUsage') {
+            $Requests = foreach ($url in $URLs) {
+                @{
+                    id     = $int++
+                    method = 'GET'
+                    url    = "sites/$($url.sharepointIds.siteId)/lists?`$select=id,name,list,parentReference"
+                }
+            }
+            $Requests = (New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($Requests) -asapp $true).body.value | Where-Object { $_.list.template -eq 'DocumentLibrary' }
+        }
         $GraphRequest = foreach ($site in $GraphRequest) {
-            $site.URL = ($URLs | Where-Object { $_.siteId -eq $site.SiteId }).siteUrl
+            $SiteURLs = ($URLs.SharePointIds | Where-Object { $_.siteId -eq $site.SiteId })
+            $site.URL = $SiteURLs.siteUrl
+            $ListId = ($Requests | Where-Object { $_.parentReference.siteId -like "*$($SiteURLs.siteId)*" }).id
+            $site.AutoMapUrl = "tenantId=$($SiteUrls.tenantId)&webId={$($SiteUrls.webId)}&siteid={$($SiteURLs.siteId)}&webUrl=$($SiteURLs.siteUrl)&listId={$($ListId)}"
             $site
         }
 
         $StatusCode = [HttpStatusCode]::OK
+    
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
         $StatusCode = [HttpStatusCode]::Forbidden

Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1

@@ -14,40 +14,42 @@ Function Invoke-AddTenantAllowBlockList {
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -message 'Accessed this API' -Sev 'Debug'
 
     $blocklistobj = $Request.body
-
+    if ($Request.body.tenantId -eq 'AllTenants') { $Tenants = (Get-Tenants).defaultDomainName } else { $Tenants = @($Request.body.tenantId) }
     # Write to the Azure Functions log stream.
     Write-Host 'PowerShell HTTP trigger function processed a request.'
-    try {
-        $ExoRequest = @{
-            tenantid  = $Request.body.tenantid
-            cmdlet    = 'New-TenantAllowBlockListItems'
-            cmdParams = @{
-                Entries                  = [string[]]$blocklistobj.entries
-                ListType                 = [string]$blocklistobj.listType
-                Notes                    = [string]$blocklistobj.notes
-                $blocklistobj.listMethod = [bool]$true
+    $Results = [System.Collections.Generic.List[string]]::new()
+    foreach ($Tenant in $Tenants) {
+        try {
+            $ExoRequest = @{
+                tenantid  = $Tenant
+                cmdlet    = 'New-TenantAllowBlockListItems'
+                cmdParams = @{
+                    Entries                  = [string[]]$blocklistobj.entries
+                    ListType                 = [string]$blocklistobj.listType
+                    Notes                    = [string]$blocklistobj.notes
+                    $blocklistobj.listMethod = [bool]$true
+                }
             }
-        }
 
-        if ($blocklistobj.NoExpiration -eq $true) {
-            $ExoRequest.cmdParams.NoExpiration = $true
-        }
+            if ($blocklistobj.NoExpiration -eq $true) {
+                $ExoRequest.cmdParams.NoExpiration = $true
+            }
 
-        New-ExoRequest @ExoRequest
+            New-ExoRequest @ExoRequest
 
-        $result = "Successfully added $($blocklistobj.Entries) as type $($blocklistobj.ListType) to the $($blocklistobj.listMethod) list"
-        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Request.body.tenantid -message $result -Sev 'Info'
-    } catch {
-        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-        $result = "Failed to create blocklist. Error: $ErrorMessage"
-        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Request.body.tenantid -message $result -Sev 'Error'
+            $results.add("Successfully added $($blocklistobj.Entries) as type $($blocklistobj.ListType) to the $($blocklistobj.listMethod) list for $tenant")
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Tenant -message $result -Sev 'Info'
+        } catch {
+            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+            $results.add("Failed to create blocklist. Error: $ErrorMessage")
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Tenant -message $result -Sev 'Error'
+        }
     }
-
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
             Body       = @{
-                'Results' = $result
+                'Results' = $results
                 'Request' = $ExoRequest
             }
         })

Modules/CIPPCore/Public/Get-CIPPBackup.ps1

@@ -4,6 +4,7 @@ function Get-CIPPBackup {
         [string]$Type,
         [string]$TenantFilter
     )
+    Write-Host "Getting backup for $Type with TenantFilter $TenantFilter"
     $Table = Get-CippTable -tablename "$($Type)Backup"
     if ($TenantFilter) {
         $Filter = "PartitionKey eq '$($Type)Backup' and TenantFilter eq '$($TenantFilter)'"

Modules/CIPPCore/Public/New-CIPPBackup.ps1

@@ -60,10 +60,10 @@ function New-CIPPBackup {
                 RowKey       = $RowKey
                 TenantFilter = $TenantFilter
             }
-            Write-Host "ScheduledBackupValues: $($ScheduledBackupValues | ConvertTo-Json -Compress -Depth 100)"
-            Write-Host "Scheduled backup value psproperties: $($ScheduledBackupValues.psobject.Properties.Name)"
-            foreach ($ScheduledBackup in $ScheduledBackupValues.psobject.Properties.Name) {
-                $entity[$ScheduledBackup] = New-CIPPBackupTask -Task $ScheduledBackup -TenantFilter $TenantFilter
+            Write-Host "Scheduled backup value psproperties: $(([pscustomobject]$ScheduledBackupValues).psobject.Properties)"
+            foreach ($ScheduledBackup in ([pscustomobject]$ScheduledBackupValues).psobject.Properties.Name) {
+                $BackupResult = New-CIPPBackupTask -Task $ScheduledBackup -TenantFilter $TenantFilter | ConvertTo-Json -Depth 100 -Compress | Out-String
+                $entity[$ScheduledBackup] = "$BackupResult"
             }
             $Table = Get-CippTable -tablename 'ScheduledBackup'
             try {

Modules/CIPPCore/Public/New-CIPPBackupTask.ps1

@@ -7,19 +7,24 @@ function New-CIPPBackupTask {
 
     $BackupData = switch ($Task) {
         'users' {
-            $BackupData = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/users?$top=999' -tenantid $TenantFilter
+            Write-Host "Backup users for $TenantFilter"
+            New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/users?$top=999' -tenantid $TenantFilter
         }
         'groups' {
-            $BackupData = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$top=999' -tenantid $TenantFilter
+            Write-Host "Backup groups for $TenantFilter"
+            New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$top=999' -tenantid $TenantFilter
         }
         'ca' {
-            $BackupData = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/policies?$top=999' -tenantid $TenantFilter
+            Write-Host "Backup Conditional Access Policies for $TenantFilter"
+            New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/policies?$top=999' -tenantid $TenantFilter
         }
         'namedlocations' {
-            $BackupData = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/namedLocations?$top=999' -tenantid $TenantFilter
+            Write-Host "Backup Named Locations for $TenantFilter"
+            New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/namedLocations?$top=999' -tenantid $TenantFilter
         }
         'authstrengths' {
-            $BackupData = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/authenticationStrength/policies' -tenantid $TenantFilter
+            Write-Host "Backup Authentication Strength Policies for $TenantFilter"
+            New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/authenticationStrength/policies' -tenantid $TenantFilter
         }
         'intuneconfig' {
             #alert
@@ -29,17 +34,20 @@ function New-CIPPBackupTask {
         'intuneprotection' {}
 
         'CippWebhookAlerts' {
+            Write-Host "Backup Webhook Alerts for $TenantFilter"
             $WebhookTable = Get-CIPPTable -TableName 'WebhookRules'
-            $BackupData = Get-CIPPAzDataTableEntity @WebhookTable | Where-Object { $TenantFilter -in ($_.Tenants | ConvertFrom-Json).fullvalue.defaultDomainName }
+            Get-CIPPAzDataTableEntity @WebhookTable | Where-Object { $TenantFilter -in ($_.Tenants | ConvertFrom-Json).fullvalue.defaultDomainName }
         }
         'CippScriptedAlerts' {
+            Write-Host "Backup Scripted Alerts for $TenantFilter"
             $ScheduledTasks = Get-CIPPTable -TableName 'ScheduledTasks'
-            $BackupData = Get-CIPPAzDataTableEntity @ScheduledTasks | Where-Object { $_.hidden -eq $true -and $_.command -like 'Get-CippAlert*' -and $TenantFilter -in $_.Tenant }
+            Get-CIPPAzDataTableEntity @ScheduledTasks | Where-Object { $_.hidden -eq $true -and $_.command -like 'Get-CippAlert*' -and $TenantFilter -in $_.Tenant }
         }
         'CippStandards' { 
+            Write-Host "Backup Standards for $TenantFilter"
             $Table = Get-CippTable -tablename 'standards'
             $Filter = "PartitionKey eq 'standards' and RowKey eq '$($TenantFilter)'"
-            $BackupData = (Get-CIPPAzDataTableEntity @Table -Filter $Filter)
+            (Get-CIPPAzDataTableEntity @Table -Filter $Filter)
         }
 
     }

Scheduler_UserTasks/function.json

@@ -2,7 +2,7 @@
   "bindings": [
     {
       "name": "Timer",
-      "schedule": "0 */15 * * * *",
+      "schedule": "0 */5 * * * *",
       "direction": "in",
       "type": "timerTrigger"
     },