Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev to release #1045

Merged
merged 80 commits into from
Aug 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
80 commits
Select commit Hold shift + click to select a range
f175aa6
Fix: Add DKIM selectors for onmicrosoft.com domains
kris6673 Jul 26, 2024
88269b4
Ignore mail.onmicrosoft.com domains
kris6673 Jul 26, 2024
2edf525
Added Teams External File Sharing Standard
OfficialEsco Jul 27, 2024
59cd17a
Added Teams Global Meeting Policy standard
OfficialEsco Jul 27, 2024
961db30
Merge pull request #1029 from Ren-Roros-Digital/TeamsGlobalMeetingPolicy
KelvinTegelaar Jul 28, 2024
96c7d47
Merge pull request #1028 from Ren-Roros-Digital/TeamsExternalFileSharing
KelvinTegelaar Jul 28, 2024
868db69
Merge pull request #1027 from kris6673/DA-DKIM-onmicrosoftcom-support
KelvinTegelaar Jul 28, 2024
dea1ea5
Added Teams Federation Configuration Standard
OfficialEsco Jul 27, 2024
018f714
Fix GDAP invite from API
JohnDuprey Jul 28, 2024
3a5b4f8
Merge remote-tracking branch 'upstream/dev' into dev
JohnDuprey Jul 28, 2024
08e106d
Merge pull request #1031 from JohnDuprey/dev
JohnDuprey Jul 28, 2024
f7ace34
Tenant onboarding
JohnDuprey Jul 28, 2024
8de6f2d
Updated Spam Filter Standard
cipptesting Jul 29, 2024
5c258e1
Fixed formatting issue
cipptesting Jul 29, 2024
0916dcc
Fix MFA report for alltenants
JohnDuprey Jul 29, 2024
fc4ceda
Merge remote-tracking branch 'upstream/dev' into dev
JohnDuprey Jul 29, 2024
9c7e6d0
CPV refresh tweaks
JohnDuprey Jul 29, 2024
6c0a30b
Merge pull request #1033 from JohnDuprey/dev
JohnDuprey Jul 29, 2024
cb16d6a
Audit log collection
JohnDuprey Jul 30, 2024
ae6344a
Added Teams Email Integration standard
OfficialEsco Jul 30, 2024
d6ccd17
Added TODO to TeamsFederationConfiguration
OfficialEsco Jul 30, 2024
7e7f266
Added Teams External Access Policy Standard
OfficialEsco Jul 27, 2024
a665e00
Merge pull request #1036 from JohnDuprey/dev
JohnDuprey Jul 30, 2024
acf6977
PermissionUpdate changes
JohnDuprey Jul 30, 2024
3361764
Tweak timestamp logic
JohnDuprey Jul 30, 2024
819076a
Merge pull request #1037 from JohnDuprey/dev
JohnDuprey Jul 30, 2024
abbfbfe
GDAP invite list fix
JohnDuprey Jul 30, 2024
9b5e803
Merge branch 'KelvinTegelaar:dev' into dev
JohnDuprey Jul 30, 2024
0f6154a
Merge pull request #1038 from JohnDuprey/dev
JohnDuprey Jul 30, 2024
52bdaf7
Add AuditLogs endpoint
JohnDuprey Jul 30, 2024
c0fe797
Merge branch 'KelvinTegelaar:dev' into dev
JohnDuprey Jul 30, 2024
1d088c7
Merge pull request #1039 from JohnDuprey/dev
JohnDuprey Jul 30, 2024
cb04116
Merge pull request #1035 from Ren-Roros-Digital/TeamsExternalAccessPo…
KelvinTegelaar Jul 30, 2024
1e07b5e
Merge pull request #1034 from Ren-Roros-Digital/TeamsEmailIntegration
KelvinTegelaar Jul 30, 2024
0ed62ee
Merge pull request #1032 from cipptesting/dev
KelvinTegelaar Jul 30, 2024
6895a1a
Merge pull request #1030 from Ren-Roros-Digital/TeamsFederationConfig…
KelvinTegelaar Jul 30, 2024
da0c38a
upgrade user schedulder experience.
KelvinTegelaar Jul 31, 2024
f01f831
Add single audit log support
JohnDuprey Aug 1, 2024
ba95649
change admin portal url for hudu sync
JohnDuprey Aug 1, 2024
d8e217d
Error handling for setting compliance URL
JohnDuprey Aug 1, 2024
1e89169
CIPP-SAM Roles
JohnDuprey Aug 1, 2024
6867fad
add device compliance alert
KelvinTegelaar Aug 1, 2024
1cf6ae0
fixes
KelvinTegelaar Aug 1, 2024
bfa7d24
fixes https://github.com/KelvinTegelaar/CIPP/issues/2710
KelvinTegelaar Aug 1, 2024
9fc6c4c
Fixes issue with default domain name not showing up
KelvinTegelaar Aug 1, 2024
385452a
Device auth
KelvinTegelaar Aug 1, 2024
dc87494
typo
KelvinTegelaar Aug 1, 2024
5962844
Update Set-CIPPSAMAdminRoles.ps1
JohnDuprey Aug 1, 2024
d3e6ff2
Merge branch 'KelvinTegelaar:dev' into dev
JohnDuprey Aug 1, 2024
c06569e
Merge pull request #1040 from JohnDuprey/dev
JohnDuprey Aug 1, 2024
ef19bd6
add the ability to edit named locations
KelvinTegelaar Aug 1, 2024
20fca9c
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into…
KelvinTegelaar Aug 1, 2024
fd37373
Fix API response for SAM roles
JohnDuprey Aug 1, 2024
3d9ff4f
Merge branch 'dev' of https://github.com/johnduprey/CIPP-API into dev
JohnDuprey Aug 1, 2024
35e9e34
Merge branch 'dev' of https://github.com/johnduprey/CIPP-API into dev
JohnDuprey Aug 1, 2024
df43e98
Merge pull request #1041 from JohnDuprey/dev
JohnDuprey Aug 1, 2024
fd57bc2
Add edit named locations
KelvinTegelaar Aug 1, 2024
81020bd
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into…
KelvinTegelaar Aug 1, 2024
76d152f
typo
JohnDuprey Aug 1, 2024
d83e5c3
Fixes ticket 23124234
KelvinTegelaar Aug 1, 2024
331bcdb
fix issue with protection policies
KelvinTegelaar Aug 1, 2024
da41a80
Merge branch 'KelvinTegelaar:dev' into dev
JohnDuprey Aug 1, 2024
735f393
partition logs based on tenant
JohnDuprey Aug 1, 2024
8c84497
list audit log tweak
JohnDuprey Aug 1, 2024
f79be48
Merge branch 'dev' of https://github.com/johnduprey/CIPP-API into dev
JohnDuprey Aug 1, 2024
5e82539
Merge pull request #1042 from JohnDuprey/dev
JohnDuprey Aug 1, 2024
a9fc0c0
Merge branches 'dev' and 'dev' of https://github.com/KelvinTegelaar/C…
KelvinTegelaar Aug 1, 2024
fab8480
solves issue with intune policies
KelvinTegelaar Aug 1, 2024
0ad46d2
Fix audit log filters
JohnDuprey Aug 1, 2024
a73a7c6
Add error handling around CIPP-API
JohnDuprey Aug 1, 2024
a7cae06
Merge remote-tracking branch 'upstream/dev' into dev
JohnDuprey Aug 1, 2024
7467590
Merge pull request #1043 from JohnDuprey/dev
JohnDuprey Aug 1, 2024
93aac85
updates to assign logic.,
KelvinTegelaar Aug 2, 2024
c1d0e94
allow updates of groups.
KelvinTegelaar Aug 2, 2024
43b78c4
create new template run file
KelvinTegelaar Aug 2, 2024
2c9b470
Clean up duplicate webhook entries
JohnDuprey Aug 2, 2024
9077bc6
Merge pull request #1044 from JohnDuprey/dev
JohnDuprey Aug 2, 2024
9be383c
update to templating because
KelvinTegelaar Aug 2, 2024
b27679f
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into…
KelvinTegelaar Aug 2, 2024
b3c5789
update
KelvinTegelaar Aug 2, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions Modules/CIPPCore/Public/Add-CIPPAlias.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
function Add-CIPPAlias {
[CmdletBinding()]
param (
$user,
$Aliases,
$UserprincipalName,
$TenantFilter,
$APIName = 'Set Manager',
$ExecutingUser
)

try {
foreach ($Alias in $Aliases) {
Write-Host "Adding alias $Alias to $user"
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$user" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$Alias`"}" -verbose
}
Write-Host "Resetting primary alias to $User"
New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($user)" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$User`"}" -verbose
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Added alias $($Alias) to $($UserprincipalName)" -Sev 'Info'
return ("Added Aliases: $($Aliases -join ',')")
} catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Failed to set alias. Error:$($_.Exception.Message)" -Sev 'Error'
throw "Failed to set alias: $($_.Exception.Message)"
}
}

22 changes: 22 additions & 0 deletions Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@

function Get-CIPPAlertDeviceCompliance {
<#
.FUNCTIONALITY
Entrypoint
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $false)]
[Alias('input')]
$InputValue,
$TenantFilter
)
try {
$AlertData = New-GraphGETRequest -uri "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$top=999" -tenantid $TenantFilter | Where-Object -Property complianceState -NE 'compliant' | ForEach-Object {
$_ | Select-Object -Property id, deviceName, deviceType, complianceState, lastReportedDateTime
}
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
} catch {
Write-AlertMessage -tenant $($TenantFilter) -message "Could not get compliance state for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,12 @@ function Push-DomainAnalyserDomain {
if (![string]::IsNullOrEmpty($DomainObject.DkimSelectors)) {
$DkimParams.Selectors = $DomainObject.DkimSelectors | ConvertFrom-Json
}
# Check if its a onmicrosoft.com domain and add special selectors for these
if ($Domain -match 'onmicrosoft.com' -and $Domain -notmatch 'mail.onmicrosoft.com') {
$DKIMSelector1Value = "selector1-$($Domain -replace '\.', '-' )"
$DKIMSelector2Value = "selector2-$($Domain -replace '\.', '-' )"
$DkimParams.Add('Selectors', @("$DKIMSelector1Value", "$DKIMSelector2Value"))
}

$DkimRecord = Read-DkimRecord @DkimParams -ErrorAction Stop

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ function Push-ListGraphRequestQueue {
Get-GraphRequestList @GraphRequestParams
} catch {
[PSCustomObject]@{
Tenant = $Item.Tenant
Tenant = $Item.TenantFilter
CippStatus = "Could not connect to tenant. $($_.Exception.message)"
}
}
Expand All @@ -62,4 +62,4 @@ function Push-ListGraphRequestQueue {
Write-Information "Queue Error: $($_.Exception.Message)"
throw $_
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ Function Push-ExecOnboardTenantQueue {
if ($AccessAssignments.id -and !$Invite) {
$MissingRoles = [System.Collections.Generic.List[object]]::new()
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Relationship has existing access assignments, checking for missing mappings' })
#Write-Host ($AccessAssignments | ConvertTo-Json -Depth 5)

if ($Item.Roles -and $Item.AutoMapRoles -eq $true) {
foreach ($Role in $Item.Roles) {
if ($AccessAssignments.accessContainer.accessContainerid -notcontains $Role.GroupId -and $Relationship.accessDetails.unifiedRoles.roleDefinitionId -contains $Role.roleDefinitionId) {
Expand All @@ -161,7 +161,7 @@ Function Push-ExecOnboardTenantQueue {
}
}

if (!$AccessAssignments.id -and !$Invite -and $Item.Roles) {
if (!$AccessAssignments.id -and $Item.Roles) {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'No access assignments found, using defined role mapping.' })
$MatchingRoles = [System.Collections.Generic.List[object]]::new()
foreach ($Role in $Item.Roles) {
Expand All @@ -177,7 +177,7 @@ Function Push-ExecOnboardTenantQueue {
'InviteUrl' = 'https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/{0}' -f $Id
'RoleMappings' = [string](@($MatchingRoles) | ConvertTo-Json -Depth 10 -Compress)
}
Add-CIPPAzDataTableEntity @InviteTable -Entity $Invite
Add-CIPPAzDataTableEntity @InviteTable -Entity $Invite -Force
$GroupSuccess = $true
} else {
$TenantOnboarding.Status = 'failed'
Expand Down Expand Up @@ -292,10 +292,10 @@ Function Push-ExecOnboardTenantQueue {
}
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Added initial CPV consent permissions' })
} catch {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV Consent Failed' })
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = ('CPV Consent Failed, error: {0}' -f $Consent) })
$TenantOnboarding.Status = 'failed'
$OnboardingSteps.Step4.Status = 'failed'
$OnboardingSteps.Step4.Message = 'CPV Consent failed, check the App Registration in your partner tenant for missing admin consent.'
$OnboardingSteps.Step4.Message = 'CPV Consent failed, check the logs for more details.'
$TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
$TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
Expand All @@ -309,13 +309,15 @@ Function Push-ExecOnboardTenantQueue {
$TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
$TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
$LastCPVError = ''
do {
try {
Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Relationship.customer.tenantId
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Relationship.customer.tenantId
$CPVSuccess = $true
$Refreshing = $false
} catch {
$LastCPVError = $_.Exception.Message
Start-Sleep -Seconds 30
}
} while ($Refreshing -and (Get-Date) -lt $Start.AddMinutes(8))
Expand All @@ -328,10 +330,10 @@ Function Push-ExecOnboardTenantQueue {
$Tenant = Get-Tenants -TriggerRefresh -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1
}
} else {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' })
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh. {0}' -f $LastCPVError })
$TenantOnboarding.Status = 'failed'
$OnboardingSteps.Step4.Status = 'failed'
$OnboardingSteps.Step4.Message = 'CPV permissions failed to refresh, try again later'
$OnboardingSteps.Step4.Message = 'CPV permissions failed to refresh, check the logs for more details.'
}
} else {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant not found' })
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ function Push-ListMFAUsersQueue {
Write-Host "PowerShell queue trigger function processed work item: $($Item.defaultDomainName)"

try {
Update-CippQueueEntry -RowKey $Item.QueueId -Status 'Running' -Name $Item.displayName
#Update-CippQueueEntry -RowKey $Item.QueueId -Status 'Running' -Name $Item.displayName
$domainName = $Item.defaultDomainName
$Table = Get-CIPPTable -TableName cachemfa
Try {
Expand All @@ -29,6 +29,12 @@ function Push-ListMFAUsersQueue {
RowKey = [string]"$domainName"
PartitionKey = 'users'
}
} else {
$GraphRequest = foreach ($Request in $GraphRequest) {
$Request.CAPolicies = try { [string](@($Request.CAPolicies) | ConvertTo-Json -Compress -Depth 5) } catch { [string]$Request.CAPolicies }
$Request.MFAMethods = try { [string](@($Request.MFAMethods) | ConvertTo-Json -Compress -Depth 5) } catch { [string]$Request.MFAMethods }
$Request
}
}
Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null

Expand All @@ -47,7 +53,7 @@ function Push-ListMFAUsersQueue {
}
Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
} finally {
Update-CippQueueEntry -RowKey $QueueItem -Status 'Completed'
#Update-CippQueueEntry -RowKey $QueueItem -Status 'Completed'
}

}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,50 @@ function Push-UpdatePermissionsQueue {
Entrypoint
#>
param($Item)
Write-Host "Applying permissions for $($Item.defaultDomainName)"
$Table = Get-CIPPTable -TableName cpvtenants
$CPVRows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Tenant -EQ $Item.customerId
if (!$CPVRows -or $ENV:ApplicationID -notin $CPVRows.applicationId) {
Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message 'A New tenant has been added, or a new CIPP-SAM Application is in use' -Sev 'Warn' -API 'NewTenant'
Write-Host 'Adding CPV permissions'
Set-CIPPCPVConsent -Tenantfilter $Item.customerId
}

Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
try {
$DomainRefreshRequired = $false

if (!$Item.defaultDomainName) {
$DomainRefreshRequired = $true
}

Write-Information "Applying permissions for $($Item.displayName)"
$Table = Get-CIPPTable -TableName cpvtenants
$CPVRows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Tenant -EQ $Item.customerId

if (!$CPVRows -or $ENV:ApplicationID -notin $CPVRows.applicationId) {
Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message 'A New tenant has been added, or a new CIPP-SAM Application is in use' -Sev 'Warn' -API 'NewTenant'
Write-Information 'Adding CPV permissions'
Set-CIPPCPVConsent -Tenantfilter $Item.customerId
$DomainRefreshRequired = $true
}
Write-Information 'Updating permissions'
Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.displayName)" -Sev 'Info' -API 'UpdatePermissionsQueue'

Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.displayName)" -Sev 'Info' -API 'UpdatePermissionsQueue'
}
Write-Information 'Pushing CIPP-SAM admin roles'
Set-CIPPSAMAdminRoles -TenantFilter $Item.customerId

$Table = Get-CIPPTable -TableName cpvtenants
$unixtime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
$GraphRequest = @{
LastApply = "$unixtime"
applicationId = "$($ENV:applicationId)"
Tenant = "$($Item.customerId)"
PartitionKey = 'Tenant'
RowKey = "$($Item.customerId)"
}
Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force

if ($DomainRefreshRequired) {
$UpdatedTenant = Get-Tenants -TenantFilter $Item.customerId -TriggerRefresh
if ($UpdatedTenant.defaultDomainName) {
Write-Information "Updated tenant domains $($UpdatedTenant.defaultDomainName)"
}
}
} catch {
Write-Information "Error updating permissions for $($Item.displayName)"
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ function Push-AuditLogTenant {
}

if (($NewBundles | Measure-Object).Count -gt 0) {
Add-CIPPAzDataTableEntity @AuditBundleTable -Entity $NewBundles
Add-CIPPAzDataTableEntity @AuditBundleTable -Entity $NewBundles -Force
Write-Information ($NewBundles | ConvertTo-Json -Depth 5 -Compress)

$Batch = $NewBundles | Select-Object @{Name = 'ContentId'; Expression = { $_.RowKey } }, @{Name = 'TenantFilter'; Expression = { $_.PartitionKey } }, @{Name = 'FunctionName'; Expression = { 'AuditLogBundleProcessing' } }
Expand All @@ -62,4 +62,4 @@ function Push-AuditLogTenant {
Write-Host "Started orchestration with ID = '$InstanceId'"
}

}
}
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,13 @@ function Push-Schedulerwebhookcreation {
if ($Row.tenantid -ne 'AllTenants') {
Remove-AzDataTableEntity @Table -Entity $Row
}
if (($Webhook | Measure-Object).Count -gt 1) {
$Webhook = $Webhook | Select-Object -First 1
$WebhooksToRemove = $ExistingWebhooks | Where-Object { $_.RowKey -ne $Webhook.RowKey }
foreach ($RemoveWebhook in $WebhooksToRemove) {
Remove-AzDataTableEntity @WebhookTable -Entity $RemoveWebhook
}
}
} else {
Write-Information "No existing webhook for $Tenant - $($Row.webhookType) - Time to create."
try {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,13 @@ Function Invoke-ExecExtensionsConfig {
Write-Information 'PowerShell HTTP trigger function processed a request.'
$results = try {
if ($Request.Body.CIPPAPI.Enabled) {
$APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Request.Body.CIPPAPI.ResetPassword
$AddedText = $APIConfig.Results
try {
$APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Request.Body.CIPPAPI.ResetPassword
$AddedText = $APIConfig.Results
} catch {
$AddedText = ' Could not enable CIPP-API. Check the CIPP documentation for API requirements.'
$Request.Body = $Request.Body | Select-Object * -ExcludeProperty CIPPAPI
}
}

# Check if NinjaOne URL is set correctly and the instance has at least version 5.6
Expand All @@ -31,7 +36,7 @@ Function Invoke-ExecExtensionsConfig {
throw "Failed to connect to NinjaOne check your Instance is set correctly eg 'app.ninjarmmm.com'"
}
if ($Version -lt [version]'5.6.0.0') {
throw 'NinjaOne 5.6.0.0 is required. This will be rolling out regionally between the end of November and mid-December. Please try again at a later date.'
throw 'NinjaOne 5.6.0.0 is required.'
}
}

Expand Down Expand Up @@ -84,9 +89,9 @@ Function Invoke-ExecExtensionsConfig {
Add-AzDataTableEntity @ConfigTable -Entity $AddObject -Force

Register-CIPPExtensionScheduledTasks
"Successfully set the configuration. $AddedText"
"Successfully saved the extension configuration. $AddedText"
} catch {
"Failed to set configuration: $($_.Exception.message) Linenumber: $($_.InvocationInfo.ScriptLineNumber)"
"Failed to save the extensions configuration: $($_.Exception.message) Linenumber: $($_.InvocationInfo.ScriptLineNumber)"
}


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ Function Invoke-ExecCPVPermissions {

Write-Host "Our tenant is $($Tenant.displayName) - $($Tenant.defaultDomainName)"

$TenantFilter = $Request.Query.TenantFilter
$CPVConsentParams = @{
TenantFilter = $Request.Query.TenantFilter
}
Expand All @@ -27,24 +28,29 @@ Function Invoke-ExecCPVPermissions {
}

$GraphRequest = try {
Set-CIPPCPVConsent @CPVConsentParams
Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter
if ($TenantFilter -ne 'PartnerTenant') {
Set-CIPPCPVConsent @CPVConsentParams
} else {
$TenantFilter = $env:TenantId
}
Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
Set-CIPPSAMAdminRoles -TenantFilter $TenantFilter
$Success = $true
} catch {
"Failed to update permissions for $($Tenant.displayName): $($_.Exception.Message)"
$Success = $false
}

$Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $TenantFilter
$Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $TenantFilter | Select-Object -First 1

# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = @{
Results = $GraphRequest
Metadata = @{
Heading = 'CPV Permission - {0} ({1})' -f $Tenant.displayName, $Tenant.defaultDomainName
Heading = ('CPV Permission - {0} ({1})' -f $Tenant.displayName, $Tenant.defaultDomainName)
Success = $Success
}
}
Expand Down
Loading
Loading