diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListExoRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListExoRequest.ps1 index 4ca7f895b56f..4fced9c1680e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListExoRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListExoRequest.ps1 @@ -7,13 +7,12 @@ function Invoke-ListExoRequest { 'Search' ) - Write-Information ($Request.Query | ConvertTo-Json) - $Cmdlet = $Request.Query.Cmdlet - $cmdParams = if ($Request.Body) { $Request.Body } else { [PSCustomObject]@{} } + $Cmdlet = $Request.Body.Cmdlet + $cmdParams = if ($Request.Body.cmdParams) { $Request.Body.cmdParams } else { [PSCustomObject]@{} } $Verb = ($Cmdlet -split '-')[0] $AllowedTenants = Test-CIPPAccess -Request $Request -TenantList - $TenantFilter = $Request.Query.TenantFilter + $TenantFilter = $Request.Body.TenantFilter $Tenants = Get-Tenants -IncludeErrors $Tenant = $Tenants | Where-Object { $_.defaultDomainName -eq $TenantFilter -or $_.customerId -eq $TenantFilter } if ($Tenant.customerId -in $AllowedTenants -or $AllowedTenants -eq 'AllTenants') { @@ -33,27 +32,26 @@ function Invoke-ListExoRequest { tenantid = $TenantFilter } - if ($Request.Query.Select) { - $ExoParams.Select = $Request.Query.Select + if ($Request.Body.Select) { + $ExoParams.Select = $Request.Body.Select } - if ($Request.Query.UseSystemMailbox) { + if ($Request.Body.UseSystemMailbox -eq $true) { $ExoParams.useSystemMailbox = $true } - if ($Request.Query.Anchor) { - $ExoParams.Anchor = $Request.Query.Anchor + if ($Request.Body.Anchor) { + $ExoParams.Anchor = $Request.Body.Anchor } - if ($Request.Query.Compliance) { + if ($Request.Body.Compliance -eq $true) { $ExoParams.Compliance = $true } - if ($Request.Query.AsApp) { + if ($Request.Body.AsApp -eq $true) { $ExoParams.AsApp = $true } - Write-Information ($ExoParams | ConvertTo-Json) $Results = New-ExoRequest @ExoParams $Body = [pscustomobject]@{ Results = $Results diff --git a/Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1 index deb7f2fd1d56..7d967d4f08ba 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1 @@ -1,23 +1,72 @@ -function New-ExoBulkRequest ($tenantid, $cmdletArray, $useSystemMailbox, $Anchor, $NoAuthCheck, $Select) { +function New-ExoBulkRequest { <# .FUNCTIONALITY Internal #> + [CmdletBinding()] + param( + $tenantid, + $cmdletArray, + $useSystemMailbox, + $Anchor, + $NoAuthCheck, + $Select, + [switch]$Compliance, + [switch]$AsApp + ) if ((Get-AuthorisedRequest -TenantID $tenantid) -or $NoAuthCheck -eq $True) { - $token = Get-ClassicAPIToken -resource 'https://outlook.office365.com' -Tenantid $tenantid + if ($Compliance.IsPresent) { + $Resource = 'https://ps.compliance.protection.outlook.com' + } else { + $Resource = 'https://outlook.office365.com' + } + $Token = Get-GraphToken -Tenantid $tenantid -scope "$Resource/.default" -AsApp:$AsApp.IsPresent + $Tenant = Get-Tenants -IncludeErrors | Where-Object { $_.defaultDomainName -eq $tenantid -or $_.customerId -eq $tenantid } $Headers = @{ - Authorization = "Bearer $($token.access_token)" + Authorization = $Token.Authorization Prefer = 'odata.maxpagesize = 1000;odata.continue-on-error' 'parameter-based-routing' = $true 'X-AnchorMailbox' = $Anchor } + + if ($Compliance.IsPresent) { + if (!$Anchor) { + if (!$Tenant.initialDomainName -or $Tenant.initialDomainName -notlike '*onmicrosoft.com*') { + $OnMicrosoft = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains?$top=999' -tenantid $tenantid -NoAuthCheck $NoAuthCheck | Where-Object -Property isInitial -EQ $true).id + } else { + $OnMicrosoft = $Tenant.initialDomainName + } + $Headers.Anchor = "UPN:SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}@$($OnMicrosoft)" + } + if (!$Tenant.ComplianceUrl) { + Write-Verbose "Getting Compliance URL for $($tenant.defaultDomainName)" + $URL = "$Resource/adminapi/$ApiVersion/$($tenant.customerId)/EXOBanner('AutogenSession')?Version=$ModuleVersion" + Invoke-RestMethod -ResponseHeadersVariable ComplianceHeaders -MaximumRedirection 0 -ErrorAction SilentlyContinue -Uri $URL -Headers $Headers -SkipHttpErrorCheck | Out-Null + $RedirectedHost = ([System.Uri]($ComplianceHeaders.Location | Select-Object -First 1)).Host + $RedirectedHostname = '{0}.ps.compliance.protection.outlook.com' -f ($RedirectedHost -split '\.' | Select-Object -First 1) + $Resource = "https://$($RedirectedHostname)" + try { + $null = [System.Uri]$Resource + $Tenant | Add-Member -MemberType NoteProperty -Name ComplianceUrl -Value $Resource + $TenantTable = Get-CIPPTable -tablename 'Tenants' + Add-CIPPAzDataTableEntity @TenantTable -Entity $Tenant -Force + } catch { + Write-Error "Failed to get the Compliance URL for $($tenant.defaultDomainName), invalid URL - check the Anchor and try again." + return + } + } else { + $Resource = $Tenant.ComplianceUrl + } + Write-Verbose "Redirecting to $Resource" + } + try { if ($Select) { $Select = "`$select=$Select" } - $URL = "https://outlook.office365.com/adminapi/beta/$($tenant.customerId)/InvokeCommand?$Select" - $BatchURL = "https://outlook.office365.com/adminapi/beta/$($tenant.customerId)/`$batch" + $URL = "$ResourceUrl/adminapi/beta/$($tenant.customerId)/InvokeCommand?$Select" + $BatchURL = "$ResourceUrl/adminapi/beta/$($tenant.customerId)/`$batch" $BatchBodyObj = @{ requests = @() } @@ -84,4 +133,4 @@ function New-ExoBulkRequest ($tenantid, $cmdletArray, $useSystemMailbox, $Anchor } else { Write-Error 'Not allowed. You cannot manage your own tenant or tenants not under your scope' } -} \ No newline at end of file +}