Merge pull request #1 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev
greenloop-it-solutions · Feb 29, 2024 · 35e493a · 35e493a
2 parents f2c321a + 0f6ebae
commit 35e493a
Show file tree

Hide file tree

Showing 224 changed files with 17,626 additions and 5,528 deletions.
diff --git a/.github/workflows/dev_cippy6oom.yml b/.github/workflows/dev_cippy6oom.yml
@@ -0,0 +1,30 @@
+# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
+# More GitHub Actions for Azure: https://github.com/Azure/actions
+
+name: Build and deploy Powershell project to Azure Function App - cippy6oom
+
+on:
+  push:
+    branches:
+      - dev
+  workflow_dispatch:
+
+env:
+  AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
+
+jobs:
+  deploy:
+    runs-on: windows-latest
+
+    steps:
+      - name: 'Checkout GitHub Action'
+        uses: actions/checkout@v4
+
+      - name: 'Run Azure Functions Action'
+        uses: Azure/functions-action@v1
+        id: fa
+        with:
+          app-name: 'cippy6oom'
+          slot-name: 'Production'
+          package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_B9C635E19DF6459F8995BA602EFA638A }}
diff --git a/BestPracticeAnalyser_List/function.json b/BestPracticeAnalyser_List/function.json
diff --git a/BestPracticeAnalyser_List/run.ps1 b/BestPracticeAnalyser_List/run.ps1
diff --git a/Config/49a8069e-3b46-4680-a035-9250bc675446.CATemplate.json b/Config/49a8069e-3b46-4680-a035-9250bc675446.CATemplate.json
@@ -37,5 +37,5 @@
       "excludeApplications": []
     }
   },
-  "displayName": "Enforce Multi factor authentication for each application"
+  "displayName": "CIPP: Enforce Multi factor authentication for each application"
 }
diff --git a/Config/4d9206b0-4f96-41e6-86a5-f78cdcff5069.IntuneTemplate.json b/Config/4d9206b0-4f96-41e6-86a5-f78cdcff5069.IntuneTemplate.json
@@ -1,5 +1,5 @@
 {
-  "Displayname": "CIPP Default: Set screen lock time to 5 minutes",
+  "Displayname": "CIPP: Set screen lock time to 5 minutes",
   "Description": "Sets the screen to lock after 5 minutes of inactivity.",
   "RAWJson": "{\"name\":\"Set Screen Lockout to 5 minutes\",\"description\":\"\",\"platforms\":\"windows10\",\"technologies\":\"mdm\",\"roleScopeTagIds\":[\"0\"],\"settings\":[{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationSetting\",\"settingInstance\":{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance\",\"settingDefinitionId\":\"device_vendor_msft_policy_config_localpoliciessecurityoptions_interactivelogon_machineinactivitylimit_v2\",\"simpleSettingValue\":{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationIntegerSettingValue\",\"value\":300}}}]}",
   "Type": "Catalog",

diff --git a/Config/59bd753c-4204-4b3a-b84b-850d4b69f494.IntuneTemplate.json b/Config/59bd753c-4204-4b3a-b84b-850d4b69f494.IntuneTemplate.json
@@ -1,5 +1,5 @@
 {
-  "Displayname": "LAPS",
+  "Displayname": "CIPP: LAPS",
   "Description": "",
   "RAWJson": "{\r\n  \"name\": \"LAPS\",\r\n  \"description\": \"\",\r\n  \"settings\": [\r\n    {\r\n      \"id\": \"0\",\r\n      \"settingInstance\": {\r\n        \"@odata.type\": \"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance\",\r\n        \"settingDefinitionId\": \"device_vendor_msft_laps_policies_backupdirectory\",\r\n        \"settingInstanceTemplateReference\": {\r\n          \"settingInstanceTemplateId\": \"a3270f64-e493-499d-8900-90290f61ed8a\"\r\n        },\r\n        \"choiceSettingValue\": {\r\n          \"value\": \"device_vendor_msft_laps_policies_backupdirectory_1\",\r\n          \"settingValueTemplateReference\": {\r\n            \"settingValueTemplateId\": \"4d90f03d-e14c-43c4-86da-681da96a2f92\",\r\n            \"useTemplateDefault\": false\r\n          },\r\n          \"children\": [\r\n            {\r\n              \"@odata.type\": \"#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance\",\r\n              \"settingDefinitionId\": \"device_vendor_msft_laps_policies_passwordagedays_aad\",\r\n              \"settingInstanceTemplateReference\": null,\r\n              \"simpleSettingValue\": {\r\n                \"@odata.type\": \"#microsoft.graph.deviceManagementConfigurationIntegerSettingValue\",\r\n                \"settingValueTemplateReference\": null,\r\n                \"value\": 30\r\n              }\r\n            }\r\n          ]\r\n        }\r\n      }\r\n    },\r\n    {\r\n      \"id\": \"1\",\r\n      \"settingInstance\": {\r\n        \"@odata.type\": \"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance\",\r\n        \"settingDefinitionId\": \"device_vendor_msft_laps_policies_passwordcomplexity\",\r\n        \"settingInstanceTemplateReference\": {\r\n          \"settingInstanceTemplateId\": \"8a7459e8-1d1c-458a-8906-7b27d216de52\"\r\n        },\r\n        \"choiceSettingValue\": {\r\n          \"value\": \"device_vendor_msft_laps_policies_passwordcomplexity_4\",\r\n          \"settingValueTemplateReference\": {\r\n            \"settingValueTemplateId\": \"aa883ab5-625e-4e3b-b830-a37a4bb8ce01\",\r\n            \"useTemplateDefault\": false\r\n          },\r\n          \"children\": []\r\n        }\r\n      }\r\n    }\r\n  ],\r\n  \"platforms\": \"windows10\",\r\n  \"technologies\": \"mdm\",\r\n  \"templateReference\": {\r\n    \"templateId\": \"adc46e5a-f4aa-4ff6-aeff-4f27bc525796_1\",\r\n    \"templateFamily\": \"endpointSecurityAccountProtection\",\r\n    \"templateDisplayName\": \"Local admin password solution (Windows LAPS)\",\r\n    \"templateDisplayVersion\": \"Version 1\"\r\n  }\r\n}",
   "Type": "Catalog",

diff --git a/Config/7547f73c-3cb0-460c-a4bd-391944908007.IntuneTemplate.json b/Config/7547f73c-3cb0-460c-a4bd-391944908007.IntuneTemplate.json
@@ -1,5 +1,5 @@
 {
-  "Displayname": "CIPP Default: Skip Autopilot User Setup Page",
+  "Displayname": "CIPP: Skip Autopilot User Setup Page",
   "Description": "Skips the autopilot user setup page",
   "RAWJson": "{\"id\":\"00000000-0000-0000-0000-000000000000\",\"displayName\":\"Skip Autopilot User Setup Page\",\"roleScopeTagIds\":[\"0\"],\"@odata.type\":\"#microsoft.graph.windows10CustomConfiguration\",\"omaSettings\":[{\"displayName\":\"SkipUserSetupPage\",\"omaUri\":\"./Device/Vendor/MSFT/DMClient/Provider/MS DM Server/FirstSyncStatus/SkipUserStatusPage\",\"@odata.type\":\"#microsoft.graph.omaSettingBoolean\",\"value\":\"true\"}]}",
   "Type": "Device",

diff --git a/Config/7b41924e-3051-4a23-b0d0-8cdeadc2c05a.IntuneTemplate.json b/Config/7b41924e-3051-4a23-b0d0-8cdeadc2c05a.IntuneTemplate.json
@@ -1,5 +1,5 @@
 {
-  "Displayname": "CIPP Default: Enable Onedrive Silent Logon and Known Folder Move",
+  "Displayname": "CIPP: Enable Onedrive Silent Logon and Known Folder Move",
   "Description": "This policy enables Onedrive Silent Logon and Known Folder move",
   "RAWJson": "{\n\"added\":[\n{\n\"enabled\":true,\n\"presentationValues\":[],\n\"[email protected]\":\"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('9a4db949-29e4-4e31-a129-bf2b88d8fa1b')\"\n},\n{\n\"enabled\":true,\n\"presentationValues\":[\n{\n\"@odata.type\":\"#microsoft.graph.groupPolicyPresentationValueText\",\n\"value\":\"%tenantid%\",\n\"[email protected]\":\"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('39147fa2-6c5e-437b-8264-19b50b891709')/presentations('fbefbbdf-5382-477c-8b6c-71f4a06e2805')\"\n},\n{\n\"@odata.type\":\"#microsoft.graph.groupPolicyPresentationValueText\",\n\"value\":\"0\",\n\"[email protected]\":\"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('39147fa2-6c5e-437b-8264-19b50b891709')/presentations('35c82072-a93b-4022-be14-8684c2f6fcc2')\"\n}\n],\n\"[email protected]\":\"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('39147fa2-6c5e-437b-8264-19b50b891709')\"\n},\n{\n\"enabled\":true,\n\"presentationValues\":[],\n\"[email protected]\":\"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('81c07ba0-7512-402d-b1f6-00856975cfab')\"\n},\n{\n\"enabled\":true,\n\"presentationValues\":[],\n\"[email protected]\":\"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('61b07a01-7e60-4127-b086-f6b32458a5c5')\"\n},\n],\n\"updated\":[],\n\"deletedIds\":[]\n}",
   "Type": "Admin",

diff --git a/Config/7e06b0de-0469-4aae-89be-d83c44b5799f.IntuneTemplate.json b/Config/7e06b0de-0469-4aae-89be-d83c44b5799f.IntuneTemplate.json
@@ -1,5 +1,5 @@
 {
-  "Displayname": "CIPP Default: Enable Bitlocker Encryption for OS drives",
+  "Displayname": "CIPP: Enable Bitlocker Encryption for OS drives",
   "Description": "Enables Bitlocker and stores the key in Azure AD for system Drives",
   "RAWJson": "{\"id\":\"00000000-0000-0000-0000-000000000000\",\"displayName\":\"CIPP: Enable Bitlocker Encryption\",\"roleScopeTagIds\":[\"0\"],\"@odata.type\":\"#microsoft.graph.windows10EndpointProtectionConfiguration\",\"applicationGuardEnabledOptions\":\"notConfigured\",\"firewallCertificateRevocationListCheckMethod\":\"deviceDefault\",\"firewallPacketQueueingMethod\":\"deviceDefault\",\"deviceGuardLocalSystemAuthorityCredentialGuardSettings\":\"notConfigured\",\"defenderSecurityCenterNotificationsFromApp\":\"notConfigured\",\"windowsDefenderTamperProtection\":\"notConfigured\",\"defenderSecurityCenterITContactDisplay\":\"notConfigured\",\"xboxServicesAccessoryManagementServiceStartupMode\":\"manual\",\"xboxServicesLiveAuthManagerServiceStartupMode\":\"manual\",\"xboxServicesLiveGameSaveServiceStartupMode\":\"manual\",\"xboxServicesLiveNetworkingServiceStartupMode\":\"manual\",\"applicationGuardBlockClipboardSharing\":\"notConfigured\",\"defenderPreventCredentialStealingType\":\"notConfigured\",\"defenderAdobeReaderLaunchChildProcess\":\"notConfigured\",\"defenderOfficeCommunicationAppsLaunchChildProcess\":\"notConfigured\",\"defenderAdvancedRansomewareProtectionType\":\"notConfigured\",\"defenderNetworkProtectionType\":\"notConfigured\",\"localSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser\":\"notConfigured\",\"localSecurityOptionsSmartCardRemovalBehavior\":\"lockWorkstation\",\"localSecurityOptionsInformationDisplayedOnLockScreen\":\"notConfigured\",\"localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients\":\"none\",\"localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers\":\"none\",\"lanManagerAuthenticationLevel\":\"lmAndNltm\",\"localSecurityOptionsAdministratorElevationPromptBehavior\":\"notConfigured\",\"localSecurityOptionsStandardUserElevationPromptBehavior\":\"notConfigured\",\"userRightsAccessCredentialManagerAsTrustedCaller\":null,\"userRightsLocalLogOn\":null,\"userRightsAllowAccessFromNetwork\":null,\"userRightsActAsPartOfTheOperatingSystem\":null,\"userRightsBackupData\":null,\"userRightsChangeSystemTime\":null,\"userRightsCreateGlobalObjects\":null,\"userRightsCreatePageFile\":null,\"userRightsCreatePermanentSharedObjects\":null,\"userRightsCreateSymbolicLinks\":null,\"userRightsCreateToken\":null,\"userRightsDebugPrograms\":null,\"userRightsBlockAccessFromNetwork\":null,\"userRightsDenyLocalLogOn\":null,\"userRightsRemoteDesktopServicesLogOn\":null,\"userRightsDelegation\":null,\"userRightsGenerateSecurityAudits\":null,\"userRightsImpersonateClient\":null,\"userRightsIncreaseSchedulingPriority\":null,\"userRightsLoadUnloadDrivers\":null,\"userRightsLockMemory\":null,\"userRightsManageAuditingAndSecurityLogs\":null,\"userRightsManageVolumes\":null,\"userRightsModifyFirmwareEnvironment\":null,\"userRightsModifyObjectLabels\":null,\"userRightsProfileSingleProcess\":null,\"userRightsRemoteShutdown\":null,\"userRightsRestoreData\":null,\"userRightsTakeOwnership\":null,\"bitLockerRecoveryPasswordRotation\":\"notConfigured\",\"bitLockerPrebootRecoveryMsgURLOption\":\"default\",\"bitLockerEncryptDevice\":true,\"bitLockerDisableWarningForOtherDiskEncryption\":true,\"bitLockerAllowStandardUserEncryption\":true,\"bitLockerSyntheticSystemDrivePolicybitLockerDriveRecovery\":true,\"applicationGuardAllowPrintToPDF\":false,\"applicationGuardAllowPrintToXPS\":false,\"applicationGuardAllowPrintToLocalPrinters\":false,\"applicationGuardAllowPrintToNetworkPrinters\":false,\"bitLockerFixedDrivePolicy\":{\"requireEncryptionForWriteAccess\":false,\"recoveryOptions\":null,\"encryptionMethod\":null},\"bitLockerRemovableDrivePolicy\":{\"requireEncryptionForWriteAccess\":false,\"encryptionMethod\":null},\"bitLockerSystemDrivePolicy\":{\"startupAuthenticationRequired\":true,\"startupAuthenticationTpmUsage\":\"allowed\",\"startupAuthenticationTpmPinUsage\":\"allowed\",\"startupAuthenticationTpmKeyUsage\":\"allowed\",\"startupAuthenticationTpmPinAndKeyUsage\":\"allowed\",\"startupAuthenticationBlockWithoutTpmChip\":false,\"minimumPinLength\":null,\"recoveryOptions\":{\"blockDataRecoveryAgent\":false,\"recoveryPasswordUsage\":\"allowed\",\"recoveryKeyUsage\":\"allowed\",\"enableRecoveryInformationSaveToStore\":true,\"recoveryInformationToStore\":\"passwordAndKey\",\"enableBitLockerAfterRecoveryInformationToStore\":true},\"prebootRecoveryEnableMessageAndUrl\":false,\"encryptionMethod\":null},\"firewallProfileDomain\":null,\"firewallProfilePrivate\":null,\"firewallProfilePublic\":null,\"deviceGuardEnableVirtualizationBasedSecurity\":false,\"deviceGuardEnableSecureBootWithDMA\":false}",
   "Type": "Device",

diff --git a/Config/CIPPDefaultTable.BPATemplate.json b/Config/CIPPDefaultTable.BPATemplate.json
@@ -1,5 +1,5 @@
 {
-  "name": "CIPP Best Practices v1.0 - Table view",
+  "name": "CIPP Best Practices v1.5 - Table view",
   "style": "Table",
   "Fields": [
     {
@@ -172,19 +172,21 @@
       "FrontendFields": [
         {
           "name": "Current Secure Score",
-          "value": "CurrentSecureScore.currentScore"
-        },
-        {
-          "name": "Max Secure Score",
-          "value": "CurrentSecureScore.maxScore"
+          "value": "CurrentSecureScore.currentScore / CurrentSecureScore.maxScore * 100",
+          "formatter": "math",
+          "showAs": "percentage"
         },
         {
           "name": "Average Comparative Score (All Tenants)",
-          "value": "CurrentSecureScore.averageComparativeScores[0].averageScore"
+          "value": "CurrentSecureScore.averageComparativeScores[0].averageScore / CurrentSecureScore.maxScore * 100",
+          "formatter": "math",
+          "showAs": "percentage"
         },
         {
           "name": "Average Comparative Score (Similiar Size Tenants)",
-          "value": "CurrentSecureScore.averageComparativeScores[1].averageScore"
+          "value": "CurrentSecureScore.averageComparativeScores[1].averageScore / CurrentSecureScore.maxScore * 100",
+          "formatter": "math",
+          "showAs": "percentage"
         }
       ]
     }

diff --git a/Config/CyberEssentials.BPATemplate.json b/Config/CyberEssentials.BPATemplate.json
@@ -0,0 +1,98 @@
+{
+  "name": "CIPP Cyber Essentials Helper - Tenant view",
+  "style": "Tenant",
+  "Fields": [
+    {
+      "name": "deviceregister",
+      "UseExistingInfo": false,
+      "FrontendFields": [
+        {
+          "name": "Device Register",
+          "value": "deviceregister",
+          "desc": "These are all devices found in M365 to add to your CE Device Register.",
+          "formatter": "table"
+        }
+      ],
+      "StoreAs": "JSON",
+      "API": "Graph",
+      "ExtractFields": [
+        "deviceName",
+        "lastSyncDateTime",
+        "osVersion",
+        "userPrincipalName",
+        "complianceState"
+      ],
+      "URL": "https://graph.microsoft.com/beta/deviceManagement/managedDevices"
+    },
+    {
+      "name": "adminsTable",
+      "UseExistingInfo": false,
+      "FrontendFields": [
+        {
+          "name": "Admins Table",
+          "value": "adminsTable",
+          "desc": "The list of admin accounts in your M365 environment. These must all be named and attached to actual users.",
+          "formatter": "table"
+        }
+      ],
+      "StoreAs": "JSON",
+      "API": "Graph",
+      "ExtractFields": ["displayName", "userPrincipalName"],
+      "URL": "https://graph.microsoft.com/beta/directoryRoles/roleTemplateId=62e90394-69f5-4237-9190-012177145e10/members"
+    },
+    {
+      "name": "windowsProtectionState",
+      "UseExistingInfo": false,
+      "FrontendFields": [
+        {
+          "name": "Defender List",
+          "value": "windowsProtectionState",
+          "formatter": "table",
+          "desc": "List of Defender protected workstations. Add this to your Malware Protection Audit List"
+        }
+      ],
+      "StoreAs": "JSON",
+      "API": "Graph",
+      "ExtractFields": ["windowsProtectionState"],
+      "parameters": {},
+      "URL": "https://graph.microsoft.com/beta/deviceManagement/managedDevices?$expand=windowsProtectionState"
+    },
+    {
+      "name": "detectedApps",
+      "UseExistingInfo": false,
+      "FrontendFields": [
+        {
+          "name": "Detected Apps",
+          "value": "detectedApps",
+          "desc": "All Detected Software and their version. Add this to your software audit list",
+          "formatter": "table"
+        }
+      ],
+      "StoreAs": "JSON",
+      "API": "Graph",
+      "ExtractFields": ["displayName", "version", "platform", "publisher"],
+      "URL": "https://graph.microsoft.com/beta/deviceManagement/detectedApps"
+    },
+    {
+      "name": "userRegistrationDetails",
+      "UseExistingInfo": false,
+      "FrontendFields": [
+        {
+          "name": "User Registration Details",
+          "desc": "All MFA settings (Requires a P1 Subscription)",
+          "value": "userRegistrationDetails",
+          "formatter": "table"
+        }
+      ],
+      "StoreAs": "JSON",
+      "API": "Graph",
+      "ExtractFields": [
+        "userDisplayName",
+        "isAdmin",
+        "isMFARegistered",
+        "defaultMFAMethod"
+      ],
+      "URL": "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails"
+    }
+  ]
+}
diff --git a/Config/b79d0123-3105-4c5d-9f15-62cc7a7eb7e1.IntuneTemplate.json b/Config/b79d0123-3105-4c5d-9f15-62cc7a7eb7e1.IntuneTemplate.json
@@ -1,5 +1,5 @@
 {
-  "Displayname": "CIPP Default: Automatic Configuration of Outlook",
+  "Displayname": "CIPP: Automatic Configuration of Outlook",
   "Description": "Configures the first profile on a device to always use the e-mail address of the currently logged on user.",
   "RAWJson": "{\"name\":\"Automatic configuration of Outlook\",\"description\":\"\",\"platforms\":\"windows10\",\"technologies\":\"mdm\",\"roleScopeTagIds\":[\"0\"],\"settings\":[{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationSetting\",\"settingInstance\":{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance\",\"settingDefinitionId\":\"user_vendor_msft_policy_config_outlk16v2~policy~l_microsoftofficeoutlook~l_toolsaccounts~l_exchangesettings_l_automaticallyconfigureprofilebasedonactiveonce\",\"choiceSettingValue\":{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue\",\"value\":\"user_vendor_msft_policy_config_outlk16v2~policy~l_microsoftofficeoutlook~l_toolsaccounts~l_exchangesettings_l_automaticallyconfigureprofilebasedonactiveonce_1\",\"children\":[]}}}]}",
   "Type": "Catalog",

diff --git a/Config/cba836bb-33b7-4c50-88be-ee80f74cbeac.CATemplate.json b/Config/cba836bb-33b7-4c50-88be-ee80f74cbeac.CATemplate.json
@@ -32,5 +32,5 @@
     "times": null,
     "clientApplications": null
   },
-  "displayName": "Enforce Multi-factor authentication for Static Web Apps"
+  "displayName": "CIPP: Enforce Multi-factor authentication for Static Web Apps"
 }
diff --git a/Config/f8be7e58-2419-40a8-a739-714bf5deff90.CATemplate.json b/Config/f8be7e58-2419-40a8-a739-714bf5deff90.CATemplate.json
@@ -26,11 +26,11 @@
     "platforms": null,
     "clientApplications": null,
     "applications": {
-      "includeApplications": ["None"],
+      "includeApplications": ["All"],
       "includeUserActions": [],
       "includeAuthenticationContextClassReferences": [],
       "excludeApplications": []
     }
   },
-  "displayName": "Block Legacy Authentication"
+  "displayName": "CIPP: Block Legacy Authentication"
 }