forked from KelvinTegelaar/CIPP-API
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathInvoke-CIPPStandardDisableUserSiteCreate.ps1
64 lines (56 loc) · 2.98 KB
/
Invoke-CIPPStandardDisableUserSiteCreate.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
function Invoke-CIPPStandardDisableUserSiteCreate {
<#
.FUNCTIONALITY
Internal
.COMPONENT
(APIName) DisableUserSiteCreate
.SYNOPSIS
(Label) Disable site creation by standard users
.DESCRIPTION
(Helptext) Disables users from creating new SharePoint sites
(DocsDescription) Disables standard users from creating SharePoint sites, also disables the ability to fully create teams
.NOTES
CAT
SharePoint Standards
TAG
"highimpact"
ADDEDCOMPONENT
IMPACT
High Impact
POWERSHELLEQUIVALENT
Update-MgAdminSharepointSetting
RECOMMENDEDBY
UPDATECOMMENTBLOCK
Run the Tools\Update-StandardsComments.ps1 script to update this comment block
.LINK
https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
#>
param($Tenant, $Settings)
##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'DisableUserSiteCreate'
$CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true
If ($Settings.remediate -eq $true) {
if ($CurrentInfo.isSiteCreationEnabled -or $CurrentInfo.isSiteCreationUIEnabled) {
try {
$body = '{"isSiteCreationEnabled": false, "isSiteCreationUIEnabled": false}'
$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites and adjusted UI setting' -sev Info
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $ErrorMessage" -sev Error
}
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites and UI setting is adjusted' -sev Info
}
}
if ($Settings.alert -eq $true) {
if ($CurrentInfo.isSiteCreationEnabled -eq $false -and $CurrentInfo.isSiteCreationUIEnabled -eq $false) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites and UI setting is disabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites or UI setting is enabled' -sev Alert
}
}
if ($Settings.report -eq $true) {
Add-CIPPBPAField -FieldName 'DisableUserSiteCreate' -FieldValue $CurrentInfo.isSiteCreationEnabled -StoreAs bool -Tenant $tenant
Add-CIPPBPAField -FieldName 'DisableUserSiteCreateUI' -FieldValue $CurrentInfo.isSiteCreationUIEnabled -StoreAs bool -Tenant $tenant
}
}