Skip to content

Commit

Permalink
Merge pull request #25 from KelvinTegelaar/master
Browse files Browse the repository at this point in the history
[pull] master from KelvinTegelaar:master
  • Loading branch information
pull[bot] authored Mar 22, 2024
2 parents 253e3da + 64cfeb3 commit 0532681
Show file tree
Hide file tree
Showing 10 changed files with 74 additions and 17 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ Function Invoke-ListScheduledItems {
# Write to the Azure Functions log stream.
Write-Host 'PowerShell HTTP trigger function processed a request.'
$Table = Get-CIPPTable -TableName 'ScheduledTasks'
$ScheduledTasks = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'ScheduledTask' and Hidden ne 'True'"
$ScheduledTasks = foreach ($Task in Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'ScheduledTask' and Hidden ne 'True'") {
$Task.Parameters = $Task.Parameters | ConvertFrom-Json
$Task
}

# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
Expand Down
10 changes: 6 additions & 4 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-ListWebhookAlert.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,14 @@ Function Invoke-ListWebhookAlert {
$APIName = $TriggerMetadata.FunctionName
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
$Table = get-cipptable -TableName 'SchedulerConfig'
$WebhookRow = Get-CIPPAzDataTableEntity @Table | Where-Object -Property PartitionKey -EQ 'WebhookAlert'

$WebhookRow = foreach ($Webhook in Get-CIPPAzDataTableEntity @Table | Where-Object -Property PartitionKey -EQ 'WebhookAlert') {
$Webhook.If = $Webhook.If | ConvertFrom-Json
$Webhook.execution = $Webhook.execution | ConvertFrom-Json
$Webhook
}

Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = @($WebhookRow)
})


}
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ function Push-CIPPAlertApnCertExpiry {
Write-AlertMessage -tenant $($Item.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime)
}
} catch {
Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check APN certificate expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)"
#no error because if a tenant does not have an APN, it'll error anyway.
#Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check APN certificate expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)"
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ function Push-CIPPAlertAppSecretExpiry {
}
}
} catch {
Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check App registration expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)"
#Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check App registration expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)"
}
}

2 changes: 1 addition & 1 deletion Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ function Invoke-CIPPStandardsRun {

#For each item in our object, run the queue.

$Batch = foreach ($task in $object | Where-Object -Property Standard -NotLike 'v2*') {
$Batch = foreach ($task in $object | Where-Object { $_.Standard -NotLike 'v2*' -and ($_.Settings.remediate -eq $true -or $_.Settings.alert -eq $true -or $_.Settings.report -eq $true) }) {
[PSCustomObject]@{
Tenant = $task.Tenant
Standard = $task.Standard
Expand Down
1 change: 1 addition & 0 deletions Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ function Invoke-CippWebhookProcessing {
'OAuth2:Token'
'SAS:EndAuth'
'SAS:ProcessAuth'
'Login:reprocess'
)
if ($TableObj.RequestType -in $ExtendedPropertiesIgnoreList) {
Write-Host 'No need to process this operation.'
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
function Invoke-CIPPStandardDisableAppCreation {
<#
.FUNCTIONALITY
Internal
#>
param($Tenant, $Settings)
$CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy?$select=defaultUserRolePermissions' -tenantid $Tenant

If ($Settings.remediate) {
if ($CurrentInfo.defaultUserRolePermissions.allowedToCreateApps -eq $false) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are already not allowed to create App registrations.' -sev Info
} else {
try {
$body = '{"defaultUserRolePermissions":{"allowedToCreateApps":false}}'
$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json'
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled users from creating App registrations.' -sev Info
$CurrentInfo.defaultUserRolePermissions.allowedToCreateApps = $false
} catch {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from creating App registrations: $($_.exception.message)" -sev Error
}
}
}

if ($Settings.alert) {

if ($CurrentInfo.defaultUserRolePermissions.allowedToCreateApps -eq $false) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are not allowed to create App registrations.' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are allowed to create App registrations.' -sev Alert
}
}

if ($Settings.report) {
$State = -not $CurrentInfo.defaultUserRolePermissions.allowedToCreateApps
Add-CIPPBPAField -FieldName 'UserAppCreationDisabled' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ function Invoke-CIPPStandardIntuneTemplate {

if ($Settings.AssignTo) {
Write-Host "Assigning Policy to $($Settings.AssignTo) the create ID is $($CreateRequest)"
if ($Settings.AssignTo -eq 'customGroup') { $Settings.AssignTo = $Settings.customGroup }
Set-CIPPAssignedPolicy -PolicyId $CreateRequest.id -TenantFilter $tenant -GroupName $Settings.AssignTo -Type $TemplateTypeURL
}
Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully added Intune Template policy for $($Tenant)" -sev 'Info'
Expand Down
28 changes: 20 additions & 8 deletions Scheduler_GetWebhooks/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,24 @@ param($Timer)

$Table = Get-CIPPTable -TableName WebhookIncoming
$Webhooks = Get-CIPPAzDataTableEntity @Table
$InputObject = [PSCustomObject]@{
OrchestratorName = 'WebhookOrchestrator'
Batch = @($Webhooks)
SkipLog = $true
$WebhookCount = ($Webhooks | Measure-Object).Count
$Message = 'Processing {0} webhooks' -f $WebhookCount
Write-LogMessage -API 'Webhooks' -message $Message -sev Info

try {
for ($i = 0; $i -lt $WebhookCount; $i += 2500) {
$WebhookBatch = $Webhooks[$i..($i + 2499)]
$InputObject = [PSCustomObject]@{
OrchestratorName = 'WebhookOrchestrator'
Batch = @($WebhookBatch)
SkipLog = $true
}
#Write-Host ($InputObject | ConvertTo-Json)
$InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5)
Write-Host "Started orchestration with ID = '$InstanceId'"
}
} catch {
Write-LogMessage -API 'Webhooks' -message "Error processing webhooks - $($_.Exception.Message)" -sev Error
} finally {
Write-LogMessage -API 'Webhooks' -message 'Webhook processing completed' -sev Info
}
#Write-Host ($InputObject | ConvertTo-Json)
$InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5)
Write-Host "Started orchestration with ID = '$InstanceId'"
#$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId
2 changes: 1 addition & 1 deletion version_latest.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
5.3.1
5.3.2

0 comments on commit 0532681

Please sign in to comment.