Skip to content

Commit ab5e24b

Browse files
authored
Merge pull request #975 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents 8d64469 + 1f9fb1f commit ab5e24b

17 files changed

Lines changed: 827 additions & 68 deletions

File tree

Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ function Push-BPACollectData {
55
#>
66
param($Item)
77

8-
$TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $Item.Tenant
8+
$TenantName = Get-Tenants -TenantFilter $Item.Tenant
99
$BPATemplateTable = Get-CippTable -tablename 'templates'
1010
$Filter = "PartitionKey eq 'BPATemplate'"
1111
$TemplatesLoc = (Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json

Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertAdminPassword.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ function Get-CIPPAlertAdminPassword {
1212
$TenantFilter
1313
)
1414
try {
15-
$TenantId = (Get-Tenants | Where-Object -Property defaultDomainName -EQ $TenantFilter).customerId
15+
$TenantId = (Get-Tenants -TenantFilter $TenantFilter).customerId
1616

1717
# Get role assignments without expanding principal to avoid rate limiting
1818
$RoleAssignments = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments?`$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'" -tenantid $($TenantFilter) | Where-Object { $_.principalOrganizationId -EQ $TenantId }

Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertDefenderMalware.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ function Get-CIPPAlertDefenderMalware {
1212
$TenantFilter
1313
)
1414
try {
15-
$TenantId = (Get-Tenants | Where-Object -Property defaultDomainName -EQ $TenantFilter).customerId
15+
$TenantId = (Get-Tenants -TenantFilter $TenantFilter).customerId
1616
$AlertData = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsDeviceMalwareStates?`$top=999&`$filter=tenantId eq '$($TenantId)'" | Where-Object { $_.malwareThreatState -eq 'Active' } | ForEach-Object {
1717
[PSCustomObject]@{
1818
DeviceName = $_.managedDeviceName

Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertDefenderStatus.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ function Get-CIPPAlertDefenderStatus {
1111
$TenantFilter
1212
)
1313
try {
14-
$TenantId = (Get-Tenants | Where-Object -Property defaultDomainName -EQ $TenantFilter).customerId
14+
$TenantId = (Get-Tenants -TenantFilter $TenantFilter).customerId
1515
$AlertData = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsProtectionStates?`$top=999&`$filter=tenantId eq '$($TenantId)'" | Where-Object { $_.realTimeProtectionEnabled -eq $false -or $_.MalwareprotectionEnabled -eq $false } | ForEach-Object {
1616
[PSCustomObject]@{
1717
ManagedDeviceName = $_.managedDeviceName

Modules/CIPPCore/Public/Add-CIPPBPAField.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ function Add-CIPPBPAField {
77
$Tenant
88
)
99
$Table = Get-CippTable -tablename 'cachebpav2'
10-
$TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $Tenant
10+
$TenantName = Get-Tenants -TenantFilter $Tenant
1111
$CurrentContentsObject = (Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$BPAName' and PartitionKey eq '$($TenantName.customerId)'")
1212
Write-Information "Adding $FieldName to $BPAName for $Tenant. content is $FieldValue"
1313
if ($CurrentContentsObject.RowKey) {

Modules/CIPPCore/Public/Invoke-CIPPTestCollection.ps1

Lines changed: 4 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -169,30 +169,24 @@ function Invoke-CIPPTestCollection {
169169
foreach ($TestFunction in $TestFunctions) {
170170
$ItemStopwatch = [System.Diagnostics.Stopwatch]::StartNew()
171171
try {
172-
Write-Information " [$SuiteName] Running $($TestFunction.Name) for $TenantFilter"
173-
$TestOutput = @(& $TestFunction.Name -Tenant $TenantFilter)
172+
$TestOutput = @(& $TestFunction -Tenant $TenantFilter)
174173
foreach ($Entity in $TestOutput) {
175-
if ($Entity -is [hashtable] -and $Entity.PartitionKey -and $Entity.RowKey) {
174+
if ($Entity -is [hashtable] -and $Entity.PartitionKey) {
176175
$ResultBatch.Add($Entity)
177176
}
178177
}
179178
if ($ResultBatch.Count -ge 100) {
180179
Add-CIPPAzDataTableEntity @Table -Entity @($ResultBatch) -Force
181-
Write-Information " [$SuiteName] Flushed $($ResultBatch.Count) results to table"
182180
$ResultBatch.Clear()
183181
}
184182
$ItemStopwatch.Stop()
185-
$ElapsedSeconds = [math]::Round($ItemStopwatch.Elapsed.TotalSeconds, 3)
186-
$Timings.Add("$($TestFunction.Name) : ${ElapsedSeconds}s")
187-
Write-Information " [$SuiteName] Completed $($TestFunction.Name) - ${ElapsedSeconds}s"
183+
$Timings.Add("$($TestFunction.Name) : $([math]::Round($ItemStopwatch.Elapsed.TotalSeconds, 3))s")
188184
$SuccessCount++
189185
} catch {
190186
$ItemStopwatch.Stop()
191-
$ElapsedSeconds = [math]::Round($ItemStopwatch.Elapsed.TotalSeconds, 3)
192187
$FailedCount++
193188
$Errors.Add("$($TestFunction.Name) : $($_.Exception.Message)")
194-
$Timings.Add("$($TestFunction.Name) : ${ElapsedSeconds}s (FAILED)")
195-
Write-Warning " [$SuiteName] Failed $($TestFunction.Name) after ${ElapsedSeconds}s: $($_.Exception.Message)"
189+
$Timings.Add("$($TestFunction.Name) : $([math]::Round($ItemStopwatch.Elapsed.TotalSeconds, 3))s (FAILED)")
196190
}
197191
}
198192

Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ function Set-CIPPAuthenticationPolicy {
55
[Parameter(Mandatory = $true)][ValidateSet('FIDO2', 'MicrosoftAuthenticator', 'SMS', 'TemporaryAccessPass', 'HardwareOATH', 'softwareOath', 'Voice', 'Email', 'x509Certificate', 'QRCodePin')]$AuthenticationMethodId,
66
[Parameter(Mandatory = $true)][bool]$Enabled, # true = enabled or false = disabled
77
$MicrosoftAuthenticatorSoftwareOathEnabled,
8+
[ValidateSet('default', 'enabled', 'disabled')]$MicrosoftAuthenticatorDisplayLocation,
9+
[ValidateSet('default', 'enabled', 'disabled')]$MicrosoftAuthenticatorDisplayAppInfo,
10+
[ValidateSet('default', 'enabled', 'disabled')]$MicrosoftAuthenticatorCompanionApp,
811
$TAPMinimumLifetime = 60, #Minutes
912
$TAPMaximumLifetime = 480, #minutes
1013
$TAPDefaultLifeTime = 60, #minutes
@@ -41,26 +44,30 @@ function Set-CIPPAuthenticationPolicy {
4144

4245
# Microsoft Authenticator
4346
'MicrosoftAuthenticator' {
44-
# Remove numberMatchingRequiredState property if it exists
45-
$CurrentInfo.featureSettings.PSObject.Properties.Remove('numberMatchingRequiredState')
46-
4747
if ($State -eq 'enabled') {
48-
$CurrentInfo.featureSettings.displayAppInformationRequiredState.state = $State
49-
$CurrentInfo.featureSettings.displayLocationInformationRequiredState.state = $State
5048
# Set MS authenticator OTP state if parameter is passed in
51-
if ($null -ne $MicrosoftAuthenticatorSoftwareOathEnabled ) {
49+
if ($null -ne $MicrosoftAuthenticatorSoftwareOathEnabled) {
5250
$CurrentInfo.isSoftwareOathEnabled = $MicrosoftAuthenticatorSoftwareOathEnabled
5351
$OptionalLogMessage = "and MS Authenticator software OTP to $MicrosoftAuthenticatorSoftwareOathEnabled"
5452
}
53+
# Feature settings
54+
if ($MicrosoftAuthenticatorDisplayAppInfo) {
55+
$CurrentInfo.featureSettings.displayAppInformationRequiredState.state = $MicrosoftAuthenticatorDisplayAppInfo
56+
}
57+
if ($MicrosoftAuthenticatorDisplayLocation) {
58+
$CurrentInfo.featureSettings.displayLocationInformationRequiredState.state = $MicrosoftAuthenticatorDisplayLocation
59+
}
60+
if ($MicrosoftAuthenticatorCompanionApp) {
61+
$CurrentInfo.featureSettings.companionAppAllowedState.state = $MicrosoftAuthenticatorCompanionApp
62+
}
63+
# numberMatchingRequiredState is permanently enabled by Microsoft and can no longer be toggled
64+
$CurrentInfo.featureSettings.PSObject.Properties.Remove('numberMatchingRequiredState')
5565
}
5666
}
5767

5868
# SMS
5969
'SMS' {
60-
if ($State -eq 'enabled') {
61-
Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error
62-
throw "Setting $AuthenticationMethodId to enabled is not allowed"
63-
}
70+
# No special configuration needed
6471
}
6572

6673
# Temporary Access Pass
@@ -87,31 +94,24 @@ function Set-CIPPAuthenticationPolicy {
8794

8895
# Voice call
8996
'Voice' {
90-
# Disallow enabling voice
91-
if ($State -eq 'enabled') {
92-
Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error
93-
throw "Setting $AuthenticationMethodId to enabled is not allowed"
94-
}
97+
# No special configuration needed
9598
}
9699

97100
# Email OTP
98101
'Email' {
99-
if ($State -eq 'enabled') {
100-
Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error
101-
throw "Setting $AuthenticationMethodId to enabled is not allowed"
102-
}
102+
# No special configuration needed
103103
}
104104

105105
# Certificate-based authentication
106106
'x509Certificate' {
107-
# Nothing special to do here
107+
# No special configuration needed
108108
}
109109

110110
# QR code
111111
'QRCodePin' {
112112
if ($State -eq 'enabled') {
113-
Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error
114-
throw "Setting $AuthenticationMethodId to enabled is not allowed"
113+
$CurrentInfo.standardQRCodeLifetimeInDays = $QRCodeLifetimeInDays
114+
$CurrentInfo.pinLength = $QRCodePinLength
115115
}
116116
}
117117
default {

Modules/CIPPDB/Public/DBCache/Set-CIPPDBCacheMailboxes.ps1

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ function Set-CIPPDBCacheMailboxes {
2626
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Caching mailboxes' -sev Debug
2727

2828
# Get mailboxes and user details in a single bulk request
29+
$ZeroArchiveGuid = '00000000-0000-0000-0000-000000000000'
2930
$Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled,ExternalDirectoryObjectId,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled,GrantSendOnBehalfTo,PersistedCapabilities,LitigationHoldEnabled,LitigationHoldDate,LitigationHoldDuration,ComplianceTagHoldApplied,RetentionHoldEnabled,InPlaceHolds,RetentionPolicy,RemotePowerShellEnabled,Guid,Identity'
3031
$BulkRequests = @(
3132
@{ CmdletInput = @{ CmdletName = 'Get-Mailbox'; Parameters = @{} } }
@@ -49,6 +50,12 @@ function Set-CIPPDBCacheMailboxes {
4950
@{ Name = 'UPN'; Expression = { $_.'UserPrincipalName' } },
5051
@{ Name = 'displayName'; Expression = { $_.'DisplayName' } },
5152
@{ Name = 'primarySmtpAddress'; Expression = { $_.'PrimarySMTPAddress' } },
53+
@{ Name = 'ArchiveEnabled'; Expression = { $_.ArchiveGuid -and $_.ArchiveGuid.ToString() -ne $ZeroArchiveGuid } },
54+
@{ Name = 'ArchiveSize'; Expression = { 0 } },
55+
@{ Name = 'ArchiveItemCount'; Expression = { 0 } },
56+
@{ Name = 'storageUsedInBytes'; Expression = { 0 } },
57+
@{ Name = 'prohibitSendReceiveQuotaInBytes'; Expression = { 0 } },
58+
@{ Name = 'MailboxItemCount'; Expression = { 0 } },
5259
@{ Name = 'recipientType'; Expression = { $_.'RecipientType' } },
5360
@{ Name = 'recipientTypeDetails'; Expression = { $_.'RecipientTypeDetails' } },
5461
@{ Name = 'AdditionalEmailAddresses'; Expression = { ($_.'EmailAddresses' | Where-Object { $_ -clike 'smtp:*' }).Replace('smtp:', '') -join ', ' } },
@@ -73,6 +80,61 @@ function Set-CIPPDBCacheMailboxes {
7380
@{ Name = 'Identity'; Expression = { $MatchedUser.Identity } }))
7481
}
7582

83+
# $MailboxByUPN is the only lookup that stores mailbox objects. Enrichment steps below
84+
# resolve back through this lookup before updating the objects written by Add-CIPPDbItem.
85+
$MailboxByUPN = @{}
86+
foreach ($Mailbox in @($Mailboxes)) {
87+
if ($Mailbox.UPN) {
88+
$MailboxByUPN[$Mailbox.UPN] = $Mailbox
89+
}
90+
}
91+
92+
try {
93+
$MailboxUsage = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/reports/getMailboxUsageDetail(period='D7')?`$format=application%2fjson" -tenantid $TenantFilter
94+
foreach ($Usage in @($MailboxUsage)) {
95+
if ($Usage.userPrincipalName -and $MailboxByUPN.ContainsKey($Usage.userPrincipalName)) {
96+
$Mailbox = $MailboxByUPN[$Usage.userPrincipalName]
97+
$Mailbox.storageUsedInBytes = try { [int64]$Usage.storageUsedInBytes } catch { 0 }
98+
$Mailbox.prohibitSendReceiveQuotaInBytes = try { [int64]$Usage.prohibitSendReceiveQuotaInBytes } catch { 0 }
99+
$Mailbox.MailboxItemCount = try { [int64]$Usage.itemCount } catch { 0 }
100+
}
101+
}
102+
} catch {
103+
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "Failed to cache mailbox usage details: $($_.Exception.Message)" -sev Warning
104+
}
105+
106+
$ArchiveMailboxes = @($Mailboxes | Where-Object { $_.ArchiveEnabled -eq $true -and $_.UPN })
107+
if ($ArchiveMailboxes.Count -gt 0) {
108+
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "Caching archive statistics for $($ArchiveMailboxes.Count) mailboxes" -sev Debug
109+
110+
$MailboxUPNByArchiveStatsRequestId = @{}
111+
$ArchiveStatsRequests = @(foreach ($Mailbox in $ArchiveMailboxes) {
112+
$OperationGuid = [Guid]::NewGuid().ToString()
113+
$MailboxUPNByArchiveStatsRequestId[$OperationGuid] = $Mailbox.UPN
114+
115+
@{
116+
CmdletInput = @{
117+
CmdletName = 'Get-MailboxStatistics'
118+
Parameters = @{
119+
Identity = $Mailbox.UPN
120+
Archive = $true
121+
}
122+
}
123+
OperationGuid = $OperationGuid
124+
}
125+
})
126+
127+
$ArchiveStatsResults = New-ExoBulkRequest -tenantid $TenantFilter -cmdletArray $ArchiveStatsRequests -useSystemMailbox $true
128+
foreach ($ArchiveStat in @($ArchiveStatsResults)) {
129+
if ($ArchiveStat.OperationGuid -and $MailboxUPNByArchiveStatsRequestId.ContainsKey($ArchiveStat.OperationGuid) -and -not $ArchiveStat.error) {
130+
$ArchiveMailboxUPN = $MailboxUPNByArchiveStatsRequestId[$ArchiveStat.OperationGuid]
131+
$ArchiveMailbox = $MailboxByUPN[$ArchiveMailboxUPN]
132+
$ArchiveMailbox.ArchiveSize = try { Get-ExoOnlineStringBytes -SizeString $ArchiveStat.TotalItemSize } catch { 0 }
133+
$ArchiveMailbox.ArchiveItemCount = try { [int64]$ArchiveStat.ItemCount } catch { 0 }
134+
}
135+
}
136+
}
137+
76138
$Mailboxes | Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'Mailboxes' -AddCount
77139

78140
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "Cached $($Mailboxes.Count) mailboxes successfully" -sev Debug

Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ListWorkerHealth.ps1

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ function Invoke-ListWorkerHealth {
1515
switch ($Action) {
1616
'Snapshot' {
1717
$Snapshot = [Craft.Services.WorkerMetricsBridge]::GetSnapshot()
18+
try { $Snapshot.Memory | Add-Member -NotePropertyName 'TestDataCacheCount' -NotePropertyValue ([CIPP.TestDataCache]::Count) -ErrorAction SilentlyContinue } catch {}
1819
$Body = @{ Results = $Snapshot }
1920
}
2021
'Summary' {
@@ -100,6 +101,14 @@ function Invoke-ListWorkerHealth {
100101
$Result = [Craft.Services.WorkerMetricsBridge]::ChangePriority($JobId, [int]$NewPriority)
101102
$Body = @{ Results = @{ Success = $Result; JobId = $JobId; NewPriority = [int]$NewPriority } }
102103
}
104+
'CacheDiag' {
105+
$Diag = [CIPP.TestDataCache]::GetDiagnostics()
106+
$Body = @{ Results = $Diag }
107+
}
108+
'MemoryDetail' {
109+
$Breakdown = [Craft.Services.WorkerMetricsBridge]::GetMemoryBreakdown()
110+
$Body = @{ Results = $Breakdown }
111+
}
103112
default {
104113
$Body = @{ Results = "Unknown action: $Action" }
105114
return [HttpResponseContext]@{

Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ListMailboxes.ps1

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ function Invoke-ListMailboxes {
3030
}
3131

3232
# Original live EXO logic
33+
$ZeroArchiveGuid = '00000000-0000-0000-0000-000000000000'
3334
$Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled,ExternalDirectoryObjectId,IsDirSynced,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled,PersistedCapabilities,LitigationHoldEnabled,LitigationHoldDate,LitigationHoldDuration,ComplianceTagHoldApplied,RetentionHoldEnabled,InPlaceHolds,RetentionPolicy'
3435
$ExoRequest = @{
3536
tenantid = $TenantFilter
@@ -73,6 +74,7 @@ function Invoke-ListMailboxes {
7374
@{ Name = 'UPN'; Expression = { $_.'UserPrincipalName' } },
7475
@{ Name = 'displayName'; Expression = { $_.'DisplayName' } },
7576
@{ Name = 'primarySmtpAddress'; Expression = { $_.'PrimarySMTPAddress' } },
77+
@{ Name = 'ArchiveEnabled'; Expression = { $_.ArchiveGuid -and $_.ArchiveGuid.ToString() -ne $ZeroArchiveGuid } },
7678
@{ Name = 'recipientType'; Expression = { $_.'RecipientType' } },
7779
@{ Name = 'recipientTypeDetails'; Expression = { $_.'RecipientTypeDetails' } },
7880
@{ Name = 'AdditionalEmailAddresses'; Expression = { ($_.'EmailAddresses' | Where-Object { $_ -clike 'smtp:*' }).Replace('smtp:', '') -join ', ' } },

0 commit comments

Comments
 (0)