Skip to content

Commit 6d08e3c

Browse files
authored
Merge pull request #967 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents 73f8371 + 22902b0 commit 6d08e3c

48 files changed

Lines changed: 2057 additions & 210 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

Config/CIPPDBCacheTypes.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -363,5 +363,10 @@
363363
"type": "CopilotUserCountTrend",
364364
"friendlyName": "Copilot User Count Trend",
365365
"description": "Daily Copilot active user count trend (7-day period)"
366+
},
367+
{
368+
"type": "ExoTransportConfig",
369+
"friendlyName": "Exchange Transport Config",
370+
"description": "Exchange Online transport configuration including SMTP authentication settings"
366371
}
367372
]

Config/CIPPTimers.json

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -273,5 +273,14 @@
273273
"Priority": 30,
274274
"RunOnProcessor": false,
275275
"IsSystem": true
276+
},
277+
{
278+
"Id": "7e2a9b4c-1d5f-4a8e-b3c6-0f9d2e7a4b1c",
279+
"Command": "Start-UserSyncTimer",
280+
"Description": "Sync partner tenant users and group-based roles into allowedUsers table",
281+
"Cron": "0 */15 * * * *",
282+
"Priority": 11,
283+
"RunOnProcessor": false,
284+
"IsSystem": true
276285
}
277286
]

Config/FeatureFlags.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@
3232
"Endpoints": [
3333
"ExecCIPPUsers",
3434
"ListCIPPUsers",
35-
"ExecSSOSetup",
3635
"ExecContainerManagement",
3736
"ListContainerLogs",
3837
"ListWorkerHealth"

Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Applications/Push-UploadApplication.ps1

Lines changed: 1 addition & 138 deletions
Original file line numberDiff line numberDiff line change
@@ -11,15 +11,11 @@ function Push-UploadApplication {
1111
$Filter = "PartitionKey eq 'apps' and RowKey eq '$($Item.Name)'"
1212

1313
$AppConfig = (Get-CIPPAzDataTableEntity @Table -filter $Filter).JSON | ConvertFrom-Json
14-
$intuneBody = $AppConfig.IntuneBody
1514
$tenants = if ($AppConfig.tenant -eq 'AllTenants') {
1615
(Get-Tenants -IncludeErrors).defaultDomainName
1716
} else {
1817
$AppConfig.tenant
1918
}
20-
$assignTo = $AppConfig.assignTo
21-
$AssignToIntent = $AppConfig.InstallationIntent
22-
$ExcludeGroup = $AppConfig.excludeGroup
2319
$ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter
2420
if ($AppConfig.tenant -ne 'AllTenants') {
2521
$null = Remove-AzDataTableEntity -Force @Table -Entity $clearRow
@@ -33,142 +29,9 @@ function Push-UploadApplication {
3329
}
3430
}
3531

36-
# Determine app type (default to 'Choco' if not specified)
37-
$AppType = if ($AppConfig.type) { $AppConfig.type } else { 'Choco' }
38-
39-
# Load files based on app type (only for types that need them)
40-
$Intunexml = $null
41-
$Infile = $null
42-
if ($AppType -eq 'MSPApp') {
43-
[xml]$Intunexml = Get-Content (Join-Path $env:CIPPRootPath "AddMSPApp\$($AppConfig.MSPAppName).app.xml")
44-
$Infile = Join-Path $env:CIPPRootPath "AddMSPApp\$($AppConfig.MSPAppName).intunewin"
45-
} elseif ($AppType -in @('Choco', 'Win32ScriptApp')) {
46-
[xml]$Intunexml = Get-Content (Join-Path $env:CIPPRootPath 'AddChocoApp\Choco.App.xml')
47-
$Infile = Join-Path $env:CIPPRootPath "AddChocoApp\$($Intunexml.ApplicationInfo.FileName)"
48-
}
49-
50-
51-
$baseuri = 'https://graph.microsoft.com/beta/deviceAppManagement/mobileApps'
5232
foreach ($tenant in $tenants) {
5333
try {
54-
# Check if app already exists
55-
$ApplicationList = New-GraphGetRequest -Uri $baseuri -tenantid $tenant | Where-Object { $_.DisplayName -eq $AppConfig.Applicationname -and ($_.'@odata.type' -eq '#microsoft.graph.win32LobApp' -or $_.'@odata.type' -eq '#microsoft.graph.winGetApp') }
56-
if ($ApplicationList.displayname.count -ge 1) {
57-
Write-LogMessage -api 'AppUpload' -tenant $tenant -message "$($AppConfig.Applicationname) exists. Skipping this application" -Sev 'Info'
58-
continue
59-
}
60-
61-
# Route to appropriate handler based on app type
62-
$NewApp = $null
63-
switch ($AppType) {
64-
'WinGet' {
65-
$NewApp = Add-CIPPWinGetApp -AppBody $intuneBody -TenantFilter $tenant
66-
}
67-
'Choco' {
68-
# Prepare encryption info from XML
69-
$EncryptionInfo = @{
70-
EncryptionKey = $Intunexml.ApplicationInfo.EncryptionInfo.EncryptionKey
71-
MacKey = $Intunexml.ApplicationInfo.EncryptionInfo.MacKey
72-
InitializationVector = $Intunexml.ApplicationInfo.EncryptionInfo.InitializationVector
73-
Mac = $Intunexml.ApplicationInfo.EncryptionInfo.Mac
74-
ProfileIdentifier = $Intunexml.ApplicationInfo.EncryptionInfo.ProfileIdentifier
75-
FileDigest = $Intunexml.ApplicationInfo.EncryptionInfo.FileDigest
76-
FileDigestAlgorithm = $Intunexml.ApplicationInfo.EncryptionInfo.FileDigestAlgorithm
77-
}
78-
79-
# Build parameters dynamically
80-
$Params = @{
81-
AppBody = $intuneBody
82-
TenantFilter = $tenant
83-
FilePath = $Infile
84-
FileName = $Intunexml.ApplicationInfo.FileName
85-
UnencryptedSize = [int64]$Intunexml.ApplicationInfo.UnencryptedContentSize
86-
EncryptionInfo = $EncryptionInfo
87-
}
88-
if ($AppConfig.Applicationname) { $Params.DisplayName = $AppConfig.Applicationname }
89-
90-
$NewApp = Add-CIPPPackagedApplication @Params
91-
}
92-
'MSPApp' {
93-
# Prepare encryption info from XML
94-
$EncryptionInfo = @{
95-
EncryptionKey = $Intunexml.ApplicationInfo.EncryptionInfo.EncryptionKey
96-
MacKey = $Intunexml.ApplicationInfo.EncryptionInfo.MacKey
97-
InitializationVector = $Intunexml.ApplicationInfo.EncryptionInfo.InitializationVector
98-
Mac = $Intunexml.ApplicationInfo.EncryptionInfo.Mac
99-
ProfileIdentifier = $Intunexml.ApplicationInfo.EncryptionInfo.ProfileIdentifier
100-
FileDigest = $Intunexml.ApplicationInfo.EncryptionInfo.FileDigest
101-
FileDigestAlgorithm = $Intunexml.ApplicationInfo.EncryptionInfo.FileDigestAlgorithm
102-
}
103-
104-
# Build parameters dynamically
105-
$Params = @{
106-
AppBody = $intuneBody
107-
TenantFilter = $tenant
108-
FilePath = $Infile
109-
FileName = $Intunexml.ApplicationInfo.FileName
110-
UnencryptedSize = [int64]$Intunexml.ApplicationInfo.UnencryptedContentSize
111-
EncryptionInfo = $EncryptionInfo
112-
}
113-
if ($AppConfig.Applicationname) { $Params.DisplayName = $AppConfig.Applicationname }
114-
115-
$NewApp = Add-CIPPPackagedApplication @Params
116-
}
117-
'Win32ScriptApp' {
118-
# Prepare encryption info from XML
119-
$EncryptionInfo = @{
120-
EncryptionKey = $Intunexml.ApplicationInfo.EncryptionInfo.EncryptionKey
121-
MacKey = $Intunexml.ApplicationInfo.EncryptionInfo.MacKey
122-
InitializationVector = $Intunexml.ApplicationInfo.EncryptionInfo.InitializationVector
123-
Mac = $Intunexml.ApplicationInfo.EncryptionInfo.Mac
124-
ProfileIdentifier = $Intunexml.ApplicationInfo.EncryptionInfo.ProfileIdentifier
125-
FileDigest = $Intunexml.ApplicationInfo.EncryptionInfo.FileDigest
126-
FileDigestAlgorithm = $Intunexml.ApplicationInfo.EncryptionInfo.FileDigestAlgorithm
127-
}
128-
129-
# Build properties dynamically
130-
$Properties = @{
131-
displayName = $AppConfig.Applicationname
132-
installScript = $AppConfig.installScript
133-
}
134-
135-
# A few of these are probably mandatory
136-
if ($AppConfig.description) { $Properties['description'] = $AppConfig.description }
137-
if ($AppConfig.publisher) { $Properties['publisher'] = $AppConfig.publisher }
138-
if ($AppConfig.uninstallScript) { $Properties['uninstallScript'] = $AppConfig.uninstallScript }
139-
if ($AppConfig.detectionScript) { $Properties['detectionScript'] = $AppConfig.detectionScript }
140-
if ($AppConfig.detectionPath) { $Properties['detectionPath'] = $AppConfig.detectionPath }
141-
if ($AppConfig.detectionFile) { $Properties['detectionFile'] = $AppConfig.detectionFile }
142-
if ($AppConfig.runAsAccount) { $Properties['runAsAccount'] = $AppConfig.runAsAccount }
143-
if ($AppConfig.deviceRestartBehavior) { $Properties['deviceRestartBehavior'] = $AppConfig.deviceRestartBehavior }
144-
if ($null -ne $AppConfig.runAs32Bit) { $Properties['runAs32Bit'] = $AppConfig.runAs32Bit }
145-
if ($null -ne $AppConfig.enforceSignatureCheck) { $Properties['enforceSignatureCheck'] = $AppConfig.enforceSignatureCheck }
146-
147-
$NewApp = Add-CIPPW32ScriptApplication -TenantFilter $tenant -Properties ([PSCustomObject]$Properties)
148-
}
149-
'WinGetNew' {
150-
# I think we don't need a separate WinGetNew type, just use WinGet?
151-
}
152-
default {
153-
throw "Unsupported app type: $($AppConfig.type)"
154-
}
155-
}
156-
157-
# Log success and assign app if requested
158-
if ($NewApp) {
159-
Write-LogMessage -api 'AppUpload' -tenant $tenant -message "$($AppConfig.Applicationname) Successfully created" -Sev 'Info'
160-
161-
if ($assignTo -and $assignTo -ne 'On') {
162-
$intent = if ($AssignToIntent) { 'Uninstall' } else { 'Required' }
163-
$AppTypeForAssignment = switch ($AppType) {
164-
'WinGet' { 'WinGet' }
165-
'WinGetNew' { 'WinGet' }
166-
default { 'Win32Lob' }
167-
}
168-
Start-Sleep -Milliseconds 200
169-
Set-CIPPAssignedApplication -ApplicationId $NewApp.Id -TenantFilter $tenant -groupName $assignTo -ExcludeGroup $ExcludeGroup -Intent $intent -AppType $AppTypeForAssignment -APIName 'AppUpload'
170-
}
171-
}
34+
$NewApp = New-CIPPIntuneAppDeployment -AppConfig $AppConfig -TenantFilter $tenant -APIName 'AppUpload'
17235
} catch {
17336
"Failed to add Application for $tenant : $($_.Exception.Message)"
17437
Write-LogMessage -api 'AppUpload' -tenant $tenant -message "Failed adding Application $($AppConfig.Applicationname). Error: $($_.Exception.Message)" -LogData (Get-CippException -Exception $_) -Sev 'Error'

Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Domain Analyser/Push-DomainAnalyserTenant.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,8 +99,8 @@ function Push-DomainAnalyserTenant {
9999
}
100100

101101
if ($OldDomain) {
102-
$DomainObject.DkimSelectors = $OldDomain.DkimSelectors
103-
$DomainObject.MailProviders = $OldDomain.MailProviders
102+
$Domain.DkimSelectors = $OldDomain.DkimSelectors
103+
$Domain.MailProviders = $OldDomain.MailProviders
104104
}
105105
} else {
106106
$Domain.TenantDetails = $TenantDetails

Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Domain Analyser/Push-GetTenantDomains.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@ function Push-GetTenantDomains {
22
Param($Item)
33
$DomainTable = Get-CippTable -tablename 'Domains'
44
$Filter = "PartitionKey eq 'TenantDomains' and TenantGUID eq '{0}'" -f $Item.TenantGUID
5-
$Domains = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter -Property PartitionKey, RowKey | Select-Object RowKey, @{n = 'FunctionName'; exp = { 'DomainAnalyserDomain' } }
5+
$Domains = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter -Property PartitionKey, RowKey, TenantId | Select-Object RowKey, @{n = 'FunctionName'; exp = { 'DomainAnalyserDomain' } }, @{n = 'TenantFilter'; exp = { $_.TenantId } }
66
return @($Domains)
77
}

Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ function Get-CIPPAlertAppCertificateExpiry {
44
Entrypoint
55
#>
66
[CmdletBinding()]
7-
Param (
7+
param (
88
[Parameter(Mandatory = $false)]
99
[Alias('input')]
1010
$InputValue,
@@ -21,6 +21,7 @@ function Get-CIPPAlertAppCertificateExpiry {
2121
}
2222

2323
$AppAlertData = foreach ($App in $appList) {
24+
if ($App.displayName -match 'ConnectSyncProvisioning') { continue }
2425
if ($App.keyCredentials) {
2526
foreach ($Credential in $App.keyCredentials) {
2627
if ($Credential.endDateTime -lt $Now.AddDays(30) -and $Credential.endDateTime -gt $Now.AddDays(-7)) {
@@ -42,6 +43,7 @@ function Get-CIPPAlertAppCertificateExpiry {
4243
}
4344

4445
$SamlAlertData = foreach ($ServicePrincipal in $servicePrincipals) {
46+
if ($ServicePrincipal.displayName -match 'ConnectSyncProvisioning') { continue }
4547
$ExpiryDate = $null
4648
if ($ServicePrincipal.preferredTokenSigningKeyEndDateTime) {
4749
$ExpiryDate = [datetime]$ServicePrincipal.preferredTokenSigningKeyEndDateTime

Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertAppSecretExpiry.ps1

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ function Get-CIPPAlertAppSecretExpiry {
44
Entrypoint
55
#>
66
[CmdletBinding()]
7-
Param (
7+
param (
88
[Parameter(Mandatory = $false)]
99
[Alias('input')]
1010
$InputValue,
@@ -21,6 +21,7 @@ function Get-CIPPAlertAppSecretExpiry {
2121
$AlertData = [System.Collections.Generic.List[PSCustomObject]]::new()
2222

2323
foreach ($App in $applist) {
24+
if ($App.displayName -match 'ConnectSyncProvisioning') { continue }
2425
Write-Host "checking $($App.displayName)"
2526
if ($App.passwordCredentials) {
2627
foreach ($Credential in $App.passwordCredentials) {

Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertQuarantineReleaseRequests.ps1

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,6 @@
1111
$TenantFilter
1212
)
1313

14-
#Add rerun protection: This Monitor can only run once every hour.
15-
$Rerun = Test-CIPPRerun -TenantFilter $TenantFilter -Type 'ExchangeMonitor' -API 'Get-CIPPAlertQuarantineReleaseRequests'
16-
if ($Rerun) {
17-
return
18-
}
1914
$HasLicense = Test-CIPPStandardLicense -StandardName 'QuarantineReleaseRequests' -TenantFilter $TenantFilter -Preset Exchange
2015

2116
if (-not $HasLicense) {

Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,9 +41,12 @@ function Get-CippApiAuth {
4141
}
4242
}
4343

44+
$ExtractedTenantId = $Issuer -replace 'https://sts.windows.net/', '' -replace 'https://login.microsoftonline.com/', '' -replace '/v2.0', ''
45+
$TenantId = if ($ExtractedTenantId -eq 'common') { $env:TenantID } else { $ExtractedTenantId }
46+
4447
[PSCustomObject]@{
4548
ApiUrl = "https://$($env:WEBSITE_HOSTNAME)"
46-
TenantID = $Issuer -replace 'https://sts.windows.net/', '' -replace 'https://login.microsoftonline.com/', '' -replace '/v2.0', ''
49+
TenantID = $TenantId
4750
ClientIDs = $AllowedApps
4851
Enabled = $AAD.enabled
4952
}

0 commit comments

Comments
 (0)