Merge pull request #9 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1

@@ -15,10 +15,14 @@ function Get-CIPPAlertInactiveLicensedUsers {
         try {
 
             $Lookup = (Get-Date).AddDays(-90).ToUniversalTime().ToString('o')
-            $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | Where-Object { $_.assignedLicenses.skuId -ne $null }
+            $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter |
+                Where-Object { $null -ne $_.assignedLicenses.skuId }
+
+            # true = only active users
+            if ($InputValue -eq $true) { $GraphRequest = $GraphRequest | Where-Object { $_.accountEnabled -eq $true } }
             $AlertData = foreach ($user in $GraphRequest) {
                 $Message = 'User {0} has been inactive for 90 days, but still has a license assigned.' -f $user.UserPrincipalName
-                $user | Select-Object -Property userPrincipalname, signInActivity, @{Name = 'Message'; Expression = { $Message } }
+                $user | Select-Object -Property UserPrincipalName, signInActivity, @{Name = 'Message'; Expression = { $Message } }
 
             }
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1

@@ -11,22 +11,30 @@ Function Invoke-ExecHideFromGAL {
     param($Request, $TriggerMetadata)
 
     $APIName = $TriggerMetadata.FunctionName
-    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    $ExecutingUser = $Request.headers.'x-ms-client-principal'
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+
+    # Support if the request is a POST or a GET. So to support legacy(GET) and new(POST) requests
+    $UserId = $Request.Query.ID ?? $Request.body.ID
+    $TenantFilter = $Request.Query.TenantFilter ?? $Request.body.tenantFilter
+    $Hidden = -not [string]::IsNullOrWhiteSpace($Request.Query.HideFromGAL) ? [System.Convert]::ToBoolean($Request.Query.HideFromGAL) : [System.Convert]::ToBoolean($Request.body.HideFromGAL)
 
 
-    $TenantFilter = $request.query.tenantfilter
     Try {
-        $Hidden = [System.Convert]::ToBoolean($Request.query.HideFromGal)
-        $HideResults = Set-CIPPHideFromGAL -tenantFilter $tenantFilter -userid $Request.query.ID -HideFromGAL $Hidden -ExecutingUser $request.headers.'x-ms-client-principal' -APIName 'ExecOffboardUser'
+        $HideResults = Set-CIPPHideFromGAL -tenantFilter $TenantFilter -UserID $UserId -hidefromgal $Hidden -ExecutingUser $ExecutingUser -APIName $APIName
         $Results = [pscustomobject]@{'Results' = $HideResults }
+        $StatusCode = [HttpStatusCode]::OK
 
     } catch {
-        $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" }
-        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Hide/UnHide from GAL failed: $($_.Exception.Message)" -Sev 'Error'
+        $ErrorMessage = Get-CippException -Exception $_
+        $Results = [pscustomobject]@{'Results' = "Failed. $($ErrorMessage.NormalizedError)" }
+        $StatusCode = [HttpStatusCode]::Forbidden
     }
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-            StatusCode = [HttpStatusCode]::OK
+            StatusCode = $StatusCode
             Body       = $Results
         })
 

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1

@@ -0,0 +1,34 @@
+using namespace System.Net
+
+Function Invoke-ListGlobalAddressList {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Mailbox.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    $ExecutingUser = $Request.headers.'x-ms-client-principal'
+    Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    $TenantFilter = $Request.Query.tenantFilter
+
+    try {
+        $GAL = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Recipient' -cmdParams @{ResultSize = 'unlimited'; SortBy = 'DisplayName' } `
+            -Select 'Identity, DisplayName, Alias, PrimarySmtpAddress, ExternalDirectoryObjectId, HiddenFromAddressListsEnabled, EmailAddresses, IsDirSynced, SKUAssigned, RecipientType, RecipientTypeDetails, AddressListMembership' | Select-Object -ExcludeProperty *odata*, *data.type*
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $StatusCode = [HttpStatusCode]::Forbidden
+        $GAL = $ErrorMessage.NormalizedError
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @($GAL)
+        })
+
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1

@@ -11,29 +11,28 @@ Function Invoke-ExecDeviceDelete {
     param($Request, $TriggerMetadata)
 
     $APIName = $TriggerMetadata.FunctionName
-    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
-
-    # Interact with query parameters or the body of the request.
+    $ExecutingUser = $Request.headers.'x-ms-client-principal'
+    Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
+    # Interact with body parameters or the body of the request.
+    $TenantFilter = $Request.body.tenantFilter ?? $Request.Query.tenantFilter
+    $Action = $Request.body.action ?? $Request.Query.action
+    $DeviceID = $Request.body.ID ?? $Request.Query.ID
 
     try {
-        $url = "https://graph.microsoft.com/beta/devices/$($request.query.id)"
-        if ($Request.query.action -eq 'delete') {
-            $ActionResult = New-GraphPOSTRequest -uri $url -type DELETE -tenantid $Request.Query.TenantFilter
-        } elseif ($Request.query.action -eq 'disable') {
-            $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": false }'
-        } elseif ($Request.query.action -eq 'enable') {
-            $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": true }'
-        }
-        Write-Host $ActionResult
-        $body = [pscustomobject]@{'Results' = "Executed action $($Request.query.action) on $($Request.query.id)" }
+        $Results = Set-CIPPDeviceState -Action $Action -DeviceID $DeviceID -TenantFilter $TenantFilter -ExecutingUser $ExecutingUser -APIName $APINAME
+        $StatusCode = [HttpStatusCode]::OK
     } catch {
-        $body = [pscustomobject]@{'Results' = "Failed to queue action $($Request.query.action) on $($request.query.id): $($_.Exception.Message)" }
+        $Results = $_.Exception.Message
+        $StatusCode = [HttpStatusCode]::BadRequest
     }
 
+    Write-Host $Results
+    $body = [pscustomobject]@{'Results' = "$Results" }
+
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-            StatusCode = [HttpStatusCode]::OK
+            StatusCode = $StatusCode
             Body       = $body
         })
 

Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1

@@ -48,6 +48,8 @@ Function Invoke-ListIntuneTemplates {
 
     if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property guid -EQ $Request.query.id }
 
+    # Sort all output regardless of view condition
+    $Templates = $Templates | Sort-Object -Property displayName
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{

Modules/CIPPCore/Public/New-CIPPBackup.ps1

@@ -21,6 +21,8 @@ function New-CIPPBackup {
                     'standards'
                     'SchedulerConfig'
                     'Extensions'
+                    'WebhookRules'
+                    'ScheduledTasks'
                 )
                 $CSVfile = foreach ($CSVTable in $BackupTables) {
                     $Table = Get-CippTable -tablename $CSVTable

Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1

@@ -0,0 +1,79 @@
+function Set-CIPPDeviceState {
+    <#
+    .SYNOPSIS
+    Sets or modifies the state of a device in Microsoft Graph.
+
+    .DESCRIPTION
+    This function allows you to enable, disable, or delete a device by making
+    corresponding requests to the Microsoft Graph API. It logs the result
+    and returns a success or error message based on the outcome.
+
+    .PARAMETER Action
+    Specifies the action to perform on the device. Valid actions are:
+        - Enable: Enable the device
+        - Disable: Disable the device
+        - Delete: Remove the device from the tenant
+
+    .PARAMETER DeviceID
+    Specifies the unique identifier (Object ID) of the device to be managed.
+
+    .PARAMETER TenantFilter
+    Specifies the tenant ID or domain against which to perform the operation.
+
+    .PARAMETER ExecutingUser
+    Specifies the user who initiated the request for logging purposes.
+
+    .PARAMETER APIName
+    Specifies the name of the API call for logging purposes. Defaults to 'Set Device State'.
+
+    .EXAMPLE
+    Set-CIPPDeviceState -Action Enable -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com" -ExecutingUser "[email protected]"
+
+    This command enables the specified device within the given tenant.
+
+    .EXAMPLE
+    Set-CIPPDeviceState -Action Delete -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com"
+
+    This command removes the specified device from the tenant.
+#>
+    param (
+        [Parameter(Mandatory = $true)][ValidateSet('Enable', 'Disable', 'Delete')]$Action,
+
+        [ValidateScript({
+                if ([Guid]::TryParse($_, [ref] [Guid]::Empty)) {
+                    $true
+                } else {
+                    throw 'DeviceID must be a valid GUID.'
+                }
+            })]
+        [Parameter(Mandatory = $true)]$DeviceID,
+
+        [Parameter(Mandatory = $true)]$TenantFilter,
+        $ExecutingUser,
+        $APIName = 'Set Device State'
+    )
+    $Url = "https://graph.microsoft.com/beta/devices/$($DeviceID)"
+
+    try {
+        switch ($Action) {
+            'Delete' {
+                $ActionResult = New-GraphPOSTRequest -uri $Url -type DELETE -tenantid $TenantFilter
+            }
+            'Disable' {
+                $ActionResult = New-GraphPOSTRequest -uri $Url -type PATCH -tenantid $TenantFilter -body '{"accountEnabled": false }'
+            }
+            'Enable' {
+                $ActionResult = New-GraphPOSTRequest -uri $Url -type PATCH -tenantid $TenantFilter -body '{"accountEnabled": true }'
+            }
+        }
+        Write-Host $ActionResult
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Executed action $($Action) on $($DeviceID)" -Sev Info
+        return "Executed action $($Action) on $($DeviceID)"
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        throw "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)"
+    }
+
+
+}

Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1

@@ -1,20 +1,20 @@
 function Set-CIPPHideFromGAL {
     [CmdletBinding()]
     param (
-        $userid,
-        $tenantFilter,
+        $UserId,
+        $TenantFilter,
         $APIName = 'Hide From Address List',
         [bool]$HideFromGAL,
         $ExecutingUser
     )
     $Text = if ($HideFromGAL) { 'hidden' } else { 'unhidden' }
     try {
-        $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-mailbox' -cmdParams @{Identity = $userid ; HiddenFromAddressListsEnabled = $HideFromGAL }
-        Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($tenantfilter) -message "$($userid) $Text from GAL" -Sev 'Info'
-        return "Successfully $Text $($userid) from GAL."
+        $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $UserId ; HiddenFromAddressListsEnabled = $HideFromGAL }
+        Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($Tenantfilter) -message "$($UserId) $Text from GAL" -Sev Info
+        return "Successfully $Text $($UserId) from GAL."
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
-        Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not hide $($userid) from address list. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
-        return "Could not hide $($userid) from address list. Error: $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
+        return "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)"
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1

@@ -17,7 +17,7 @@ function Invoke-CIPPStandardActivityBasedTimeout {
             "CIS"
             "spo_idle_session_timeout"
         ADDEDCOMPONENT
-            {"type":"Select","label":"Select value","name":"standards.ActivityBasedTimeout.timeout","values":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]}
+            {"type":"select","multiple":false,"label":"Select value","name":"standards.ActivityBasedTimeout.timeout","options":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]}
         IMPACT
             Medium Impact
         POWERSHELLEQUIVALENT
@@ -27,7 +27,7 @@ function Invoke-CIPPStandardActivityBasedTimeout {
         UPDATECOMMENTBLOCK
             Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     .LINK
-        https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
+        https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#medium-impact
     #>
 
     param($Tenant, $Settings)

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1

@@ -25,7 +25,7 @@ function Invoke-CIPPStandardAddDKIM {
         UPDATECOMMENTBLOCK
             Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     .LINK
-        https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
+        https://docs.cipp.app/user-documentation/tenant/standards/list-standards/exchange-standards#low-impact
     #>
 
     param($Tenant, $Settings)