[pull] master from KelvinTegelaar:master

CommunityRepos.json

@@ -1,4 +1,22 @@
 [
+  {
+    "Id": "1041442982",
+    "Name": "CISTemplates",
+    "Description": "CIPP CIS Templates",
+    "URL": "https://github.com/CyberDrain/CyberDrain-CIS-Templates",
+    "FullName": "CyberDrain/CyberDrain-CIS-Templates",
+    "Owner": "CyberDrain",
+    "Visibility": "public",
+    "WriteAccess": false,
+    "DefaultBranch": "main",
+    "RepoPermissions": {
+      "admin": false,
+      "maintain": false,
+      "push": false,
+      "triage": false,
+      "pull": true
+    }
+  },
   {
     "Id": "930523724",
     "Name": "CIPP-Templates",
@@ -52,5 +70,23 @@
       "triage": false,
       "pull": true
     }
+  },
+  {
+    "Id": "863076113",
+    "Name": "IntuneBaseLines",
+    "Description": "In this repo, you will find Intune profiles in JSON format, which can be used in setting up your Modern Workplace. All policies were created in Microsoft Intune and exported to share with the community.",
+    "URL": "https://github.com/IntuneAdmin/IntuneBaselines",
+    "FullName": "IntuneAdmin/IntuneBaselines",
+    "Owner": "IntuneAdmin",
+    "Visibility": "public",
+    "WriteAccess": false,
+    "DefaultBranch": "main",
+    "RepoPermissions": {
+      "admin": false,
+      "maintain": false,
+      "push": false,
+      "triage": false,
+      "pull": true
+    }
   }
 ]

Config/SchedulerRateLimits.json

@@ -0,0 +1,10 @@
+[
+  {
+    "Command": "Sync-CIPPExtensionData",
+    "MaxRequests": 50
+  },
+  {
+    "Command": "Push-CIPPExtensionData",
+    "MaxRequests": 30
+  }
+]

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertLicensedUsersWithRoles.ps1

@@ -0,0 +1,36 @@
+function Get-CIPPAlertLicensedUsersWithRoles {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $false)]
+        [Alias('input')]
+        $InputValue,
+        $TenantFilter
+    )
+
+    # Get all users with assigned licenses
+    $LicensedUsers = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$top=999&`$select=userPrincipalName,assignedLicenses,displayName" -tenantid $TenantFilter | Where-Object { $_.assignedLicenses -and $_.assignedLicenses.Count -gt 0 }
+    if (-not $LicensedUsers -or $LicensedUsers.Count -eq 0) {
+        Write-Information "No licensed users found for tenant $TenantFilter"
+        return $true
+    }
+    # Get all directory roles with their members
+    $DirectoryRoles = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/directoryRoles?`$expand=members" -tenantid $TenantFilter
+    if (-not $DirectoryRoles -or $DirectoryRoles.Count -eq 0) {
+        Write-Information "No directory roles found for tenant $TenantFilter"
+        return
+    }
+    $UsersToAlertOn = $LicensedUsers | Where-Object { $_.userPrincipalName -in $DirectoryRoles.members.userPrincipalName }
+
+
+    if ($UsersToAlertOn.Count -gt 0) {
+        Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $UsersToAlertOn
+    } else {
+        Write-Information "No licensed users with roles found for tenant $TenantFilter"
+    }
+
+
+}

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertQuotaUsed.ps1

@@ -17,7 +17,7 @@ function Get-CIPPAlertQuotaUsed {
         return
     }
     $OverQuota = $AlertData | ForEach-Object {
-        if ($_.StorageUsedInBytes -eq 0 -or $_.prohibitSendReceiveQuotaInBytes -eq 0) { return }
+        if ([string]::IsNullOrEmpty($_.StorageUsedInBytes) -or [string]::IsNullOrEmpty($_.prohibitSendReceiveQuotaInBytes) -or $_.StorageUsedInBytes -eq 0 -or $_.prohibitSendReceiveQuotaInBytes -eq 0) { return }
         try {
             $PercentLeft = [math]::round(($_.storageUsedInBytes / $_.prohibitSendReceiveQuotaInBytes) * 100)
         } catch { $PercentLeft = 100 }

Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearches.ps1

@@ -13,27 +13,31 @@ function Get-CippAuditLogSearches {
         [Parameter()]
         [switch]$ReadyToProcess
     )
-
+    $AuditLogSearchesTable = Get-CippTable -TableName 'AuditLogSearches'
     if ($ReadyToProcess.IsPresent) {
-        $AuditLogSearchesTable = Get-CippTable -TableName 'AuditLogSearches'
         $15MinutesAgo = (Get-Date).AddMinutes(-15).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
         $1DayAgo = (Get-Date).AddDays(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
-        $PendingQueries = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "Tenant eq '$TenantFilter' and (CippStatus eq 'Pending' or (CippStatus eq 'Processing' and Timestamp le datetime'$15MinutesAgo')) and Timestamp ge datetime'$1DayAgo'" | Sort-Object Timestamp
+        $PendingQueries = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "PartitionKey eq 'Search' and Tenant eq '$TenantFilter' and (CippStatus eq 'Pending' or (CippStatus eq 'Processing' and Timestamp le datetime'$15MinutesAgo')) and Timestamp ge datetime'$1DayAgo'" | Sort-Object Timestamp
+    } else {
+        $7DaysAgo = (Get-Date).AddDays(-7).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
+        $PendingQueries = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "Tenant eq '$TenantFilter' and Timestamp ge datetime'$7DaysAgo'"
+    }
 
-        $BulkRequests = foreach ($PendingQuery in $PendingQueries) {
-            @{
-                id     = $PendingQuery.RowKey
-                url    = 'security/auditLog/queries/' + $PendingQuery.RowKey
-                method = 'GET'
-            }
+    $BulkRequests = foreach ($PendingQuery in $PendingQueries) {
+        @{
+            id     = $PendingQuery.RowKey
+            url    = 'security/auditLog/queries/' + $PendingQuery.RowKey
+            method = 'GET'
         }
-        if ($BulkRequests.Count -eq 0) {
-            return @()
-        }
-        $Queries = New-GraphBulkRequest -Requests @($BulkRequests) -AsApp $true -TenantId $TenantFilter | Select-Object -ExpandProperty body
+    }
+    if ($BulkRequests.Count -eq 0) {
+        return @()
+    }
+    $Queries = New-GraphBulkRequest -Requests @($BulkRequests) -AsApp $true -TenantId $TenantFilter | Select-Object -ExpandProperty body
+
+    if ($ReadyToProcess.IsPresent) {
         $Queries = $Queries | Where-Object { $PendingQueries.RowKey -contains $_.id -and $_.status -eq 'succeeded' }
-    } else {
-        $Queries = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/security/auditLog/queries' -AsApp $true -tenantid $TenantFilter
     }
+
     return $Queries
 }

Modules/CIPPCore/Public/AuditLogs/New-CippAuditLogSearch.ps1

@@ -157,20 +157,26 @@ function New-CippAuditLogSearch {
     if ($PSCmdlet.ShouldProcess('Create a new audit log search for tenant ' + $TenantFilter)) {
         $Query = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/security/auditLog/queries' -body ($SearchParams | ConvertTo-Json -Compress) -tenantid $TenantFilter -AsApp $true
 
+
         if ($ProcessLogs.IsPresent -and $Query.id) {
-            $Entity = [PSCustomObject]@{
-                PartitionKey = [string]'Search'
-                RowKey       = [string]$Query.id
-                Tenant       = [string]$TenantFilter
-                DisplayName  = [string]$DisplayName
-                StartTime    = [datetime]$StartTime.ToUniversalTime()
-                EndTime      = [datetime]$EndTime.ToUniversalTime()
-                Query        = [string]($Query | ConvertTo-Json -Compress)
-                CippStatus   = [string]'Pending'
-            }
-            $Table = Get-CIPPTable -TableName 'AuditLogSearches'
-            Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force | Out-Null
+            $CippStatus = 'Pending'
+        } else {
+            $CippStatus = 'N/A'
+        }
+
+        $Entity = [PSCustomObject]@{
+            PartitionKey = [string]'Search'
+            RowKey       = [string]$Query.id
+            Tenant       = [string]$TenantFilter
+            DisplayName  = [string]$DisplayName
+            StartTime    = [datetime]$StartTime.ToUniversalTime()
+            EndTime      = [datetime]$EndTime.ToUniversalTime()
+            Query        = [string]($Query | ConvertTo-Json -Compress)
+            CippStatus   = [string]$CippStatus
         }
+        $Table = Get-CIPPTable -TableName 'AuditLogSearches'
+        Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force | Out-Null
+
         return $Query
     }
 }

Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1

@@ -20,11 +20,13 @@ function Get-CIPPRolePermissions {
         $Permissions = $Role.Permissions | ConvertFrom-Json
         $AllowedTenants = if ($Role.AllowedTenants) { $Role.AllowedTenants | ConvertFrom-Json } else { @() }
         $BlockedTenants = if ($Role.BlockedTenants) { $Role.BlockedTenants | ConvertFrom-Json } else { @() }
+        $BlockedEndpoints = if ($Role.BlockedEndpoints) { $Role.BlockedEndpoints | ConvertFrom-Json } else { @() }
         [PSCustomObject]@{
-            Role           = $Role.RowKey
-            Permissions    = $Permissions.PSObject.Properties.Value
-            AllowedTenants = @($AllowedTenants)
-            BlockedTenants = @($BlockedTenants)
+            Role             = $Role.RowKey
+            Permissions      = $Permissions.PSObject.Properties.Value
+            AllowedTenants   = @($AllowedTenants)
+            BlockedTenants   = @($BlockedTenants)
+            BlockedEndpoints = @($BlockedEndpoints)
         }
     } else {
         throw "Role $RoleName not found."

Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1

@@ -199,6 +199,7 @@ function Test-CIPPAccess {
                     continue
                 }
             }
+
             if ($PermissionsFound) {
                 if ($TenantList.IsPresent) {
                     $LimitedTenantList = foreach ($Permission in $PermissionSet) {
@@ -248,6 +249,9 @@ function Test-CIPPAccess {
                 foreach ($Role in $PermissionSet) {
                     foreach ($Perm in $Role.Permissions) {
                         if ($Perm -match $APIRole) {
+                            if ($Role.BlockedEndpoints -contains $Request.Params.CIPPEndpoint) {
+                                throw "Access to this CIPP API endpoint is not allowed, the custom role '$($Role.Role)' has blocked this endpoint: $($Request.Params.CIPPEndpoint)"
+                            }
                             $APIAllowed = $true
                             break
                         }

Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1

@@ -5,20 +5,32 @@ function Invoke-ListCippQueue {
     .ROLE
         CIPP.Core.Read
     #>
-    param($Request = $null, $TriggerMetadata = $null)
+    param($Request = $null, $TriggerMetadata = $null, $Reference = $null, $QueueId = $null)
 
     if ($Request) {
         $APIName = $Request.Params.CIPPEndpoint
         Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug'
     }
 
+    $QueueId = $Request.Query.QueueId ?? $QueueId
+    $Reference = $Request.Query.Reference ?? $Reference
+
     $CippQueue = Get-CippTable -TableName 'CippQueue'
     $CippQueueTasks = Get-CippTable -TableName 'CippQueueTasks'
     $3HoursAgo = (Get-Date).ToUniversalTime().AddHours(-3).ToString('yyyy-MM-ddTHH:mm:ssZ')
-    $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue -Filter "PartitionKey eq 'CippQueue' and Timestamp ge datetime'$3HoursAgo'" | Sort-Object -Property Timestamp -Descending
+
+    if ($QueueId) {
+        $Filter = "PartitionKey eq 'CippQueue' and RowKey eq '$QueueId'"
+    } elseif ($Reference) {
+        $Filter = "PartitionKey eq 'CippQueue' and Reference eq '$Reference' and Timestamp ge datetime'$3HoursAgo'"
+    } else {
+        $Filter = "PartitionKey eq 'CippQueue' and Timestamp ge datetime'$3HoursAgo'"
+    }
+
+    $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue -Filter $Filter | Sort-Object -Property Timestamp -Descending
 
     $QueueData = foreach ($Queue in $CippQueueData) {
-        $Tasks = Get-CIPPAzDataTableEntity @CippQueueTasks -Filter "PartitionKey eq 'Task' and QueueId eq '$($Queue.RowKey)'" | Where-Object { $_.Name } | Select-Object @{n = 'Timestamp'; exp = { $_.Timestamp.DateTime.ToUniversalTime() } }, Name, Status
+        $Tasks = Get-CIPPAzDataTableEntity @CippQueueTasks -Filter "PartitionKey eq 'Task' and QueueId eq '$($Queue.RowKey)'" | Where-Object { $_.Name } | Select-Object @{n = 'Timestamp'; exp = { $_.Timestamp } }, Name, Status
         $TaskStatus = @{}
         $Tasks | Group-Object -Property Status | ForEach-Object {
             $TaskStatus.$($_.Name) = $_.Count
@@ -54,9 +66,9 @@ function Invoke-ListCippQueue {
             PercentComplete = [math]::Round(((($TotalCompleted + $TotalFailed) / $Queue.TotalTasks) * 100), 1)
             PercentFailed   = [math]::Round((($TotalFailed / $Queue.TotalTasks) * 100), 1)
             PercentRunning  = [math]::Round((($TotalRunning / $Queue.TotalTasks) * 100), 1)
-            Tasks           = @($Tasks)
+            Tasks           = @($Tasks | Sort-Object -Descending Timestamp)
             Status          = $Queue.Status
-            Timestamp       = $Queue.Timestamp.DateTime.ToUniversalTime()
+            Timestamp       = $Queue.Timestamp
         }
 
     }

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BEC/Push-BECRun.ps1

@@ -50,7 +50,7 @@ function Push-BECRun {
             $ExtractResult = 'Successfully extracted logs from auditlog'
         }
         Write-Information 'Getting last sign-in'
-        Try {
+        try {
             $URI = "https://graph.microsoft.com/beta/auditLogs/signIns?`$filter=(userId eq '$SuspectUser')&`$top=1&`$orderby=createdDateTime desc"
             $LastSignIn = New-GraphGetRequest -uri $URI -tenantid $TenantFilter -noPagination $true -verbose | Select-Object @{ Name = 'CreatedDateTime'; Expression = { $(($_.createdDateTime | Out-String) -replace '\r\n') } },
             id,
@@ -69,7 +69,7 @@ function Push-BECRun {
         #List all users devices
         $Bytes = [System.Text.Encoding]::UTF8.GetBytes($SuspectUser)
         $base64IdentityParam = [Convert]::ToBase64String($Bytes)
-        Try {
+        try {
             $Devices = New-GraphGetRequest -uri "https://outlook.office365.com:443/adminapi/beta/$($TenantFilter)/mailbox('$($base64IdentityParam)')/MobileDevice/Exchange.GetMobileDeviceStatistics()/?IsEncoded=True" -Tenantid $TenantFilter -scope ExchangeOnline
         } catch {
             $Devices = $null
@@ -143,10 +143,10 @@ function Push-BECRun {
         Write-Information 'Getting bulk requests'
         $GraphResults = New-GraphBulkRequest -Requests $Requests -tenantid $TenantFilter -asapp $true
 
-        $PasswordChanges = ($GraphResults | Where-Object { $_.id -eq 'Users' }).body.value | Where-Object { $_.lastPasswordChangeDateTime -ge $startDate }
-        $NewUsers = ($GraphResults | Where-Object { $_.id -eq 'Users' }).body.value | Where-Object { $_.createdDateTime -ge $startDate }
-        $MFADevices = ($GraphResults | Where-Object { $_.id -eq 'MFADevices' }).body.value
-        $NewSPs = ($GraphResults | Where-Object { $_.id -eq 'NewSPs' }).body.value
+        $PasswordChanges = ($GraphResults | Where-Object { $_.id -eq 'Users' }).body.value | Where-Object { $_.lastPasswordChangeDateTime -ge $startDate } ?? @()
+        $NewUsers = ($GraphResults | Where-Object { $_.id -eq 'Users' }).body.value | Where-Object { $_.createdDateTime -ge $startDate } ?? @()
+        $MFADevices = ($GraphResults | Where-Object { $_.id -eq 'MFADevices' }).body.value ?? @()
+        $NewSPs = ($GraphResults | Where-Object { $_.id -eq 'NewSPs' }).body.value ?? @()
 
 
         $Results = [PSCustomObject]@{

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Graph Requests/Push-ListGraphRequestQueue.ps1

@@ -35,6 +35,7 @@ function Push-ListGraphRequestQueue {
             ReverseTenantLookupProperty = $Item.ReverseTenantLookupProperty
             ReverseTenantLookup         = $Item.ReverseTenantLookup
             AsApp                       = $Item.AsApp ?? $false
+            Caller                      = 'Push-ListGraphRequestQueue'
             SkipCache                   = $true
         }
 

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecMdoAlertsListAllTenants.ps1

@@ -0,0 +1,48 @@
+function Push-ExecMdoAlertsListAllTenants {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    param($Item)
+
+    $Tenant = Get-Tenants -TenantFilter $Item.customerId
+    $domainName = $Tenant.defaultDomainName
+    $Table = Get-CIPPTable -TableName 'cachealertsandincidents'
+
+    try {
+        # Get MDO alerts using the specific endpoint and filter
+        $Alerts = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/security/alerts_v2?`$filter=serviceSource eq 'microsoftDefenderForOffice365'" -tenantid $domainName
+
+        foreach ($Alert in $Alerts) {
+            $GUID = (New-Guid).Guid
+            $GraphRequest = @{
+                MdoAlert     = [string]($Alert | ConvertTo-Json -Depth 10)
+                RowKey       = [string]$GUID
+                PartitionKey = 'MdoAlert'
+                Tenant       = [string]$domainName
+            }
+            Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
+        }
+
+    } catch {
+        $GUID = (New-Guid).Guid
+        $AlertText = ConvertTo-Json -InputObject @{
+            Tenant          = $domainName
+            displayName     = "Could not connect to Tenant: $($_.Exception.Message)"
+            id              = ''
+            severity        = 'CIPP'
+            status          = 'Failed'
+            createdDateTime = (Get-Date).ToString('s')
+            category        = 'Unknown'
+            description     = 'Could not connect'
+            serviceSource   = 'microsoftDefenderForOffice365'
+        }
+        $GraphRequest = @{
+            MdoAlert     = [string]$AlertText
+            RowKey       = [string]$GUID
+            PartitionKey = 'MdoAlert'
+            Tenant       = [string]$domainName
+        }
+        Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
+    }
+}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1

@@ -12,14 +12,20 @@ function Push-ListMailboxRulesQueue {
 
     $Table = Get-CIPPTable -TableName cachembxrules
     try {
-        $Rules = New-ExoRequest -tenantid $domainName -cmdlet 'Get-Mailbox' -Select 'userPrincipalName,GUID' | ForEach-Object -Parallel {
-            Import-Module CIPPCore
-            $MbxRules = New-ExoRequest -Anchor $_.UserPrincipalName -tenantid $using:domainName -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $_.GUID; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' }
-            foreach ($Rule in $MbxRules) {
-                $Rule | Add-Member -NotePropertyName 'UserPrincipalName' -NotePropertyValue $_.userPrincipalName
-                $Rule
+        $Mailboxes = New-ExoRequest -tenantid $domainName -cmdlet 'Get-Mailbox' -Select 'userPrincipalName,GUID'
+        $Request = $Mailboxes | ForEach-Object {
+            @{
+                OperationGuid = $_.UserPrincipalName
+                CmdletInput   = @{
+                    CmdletName = 'Get-InboxRule'
+                    Parameters = @{
+                        Mailbox = $_.UserPrincipalName
+                    }
+                }
             }
         }
+
+        $Rules = New-ExoBulkRequest -tenantid $domainName -cmdletArray @($Request) | Where-Object { $_.Identity }
         if (($Rules | Measure-Object).Count -gt 0) {
             $GraphRequest = foreach ($Rule in $Rules) {
                 [PSCustomObject]@{