Skip to content

Commit

Permalink
Merge pull request #22 from KelvinTegelaar/master
Browse files Browse the repository at this point in the history
[pull] master from KelvinTegelaar:master
  • Loading branch information
pull[bot] authored Feb 14, 2024
2 parents 5bbbcbe + 1565611 commit d64af99
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 14 deletions.
2 changes: 2 additions & 0 deletions DomainAnalyser_All/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ $Result = [PSCustomObject]@{
ExpectedSPFRecord = ''
ActualSPFRecord = ''
SPFPassAll = ''
ActualMXRecords = ''
MXPassTest = ''
DMARCPresent = ''
DMARCFullPolicy = ''
Expand Down Expand Up @@ -79,6 +80,7 @@ $MXRecord = Read-MXRecord -Domain $Domain -ErrorAction Stop

$Result.ExpectedSPFRecord = $MXRecord.ExpectedInclude
$Result.MXPassTest = $false
$Result.ActualMXRecords = $MXRecord.Records

# Check fail counts to ensure all tests pass
#$MXWarnCount = $MXRecord.ValidationWarns | Measure-Object | Select-Object -ExpandProperty Count
Expand Down
8 changes: 8 additions & 0 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,14 @@ Function Invoke-EditUser {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'

$userobj = $Request.body
if ($userobj.Userid -eq '') {
$body = @{'Results' = @('Failed to edit user. No user ID provided') }
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::BadRequest
Body = $Body
})
return
}
$Results = [System.Collections.ArrayList]@()
$licenses = ($userobj | Select-Object 'License_*').psobject.properties.value
$Aliases = if ($userobj.AddedAliases) { ($userobj.AddedAliases).Split([Environment]::NewLine) }
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ function Invoke-CIPPStandardEnableMailboxAuditing {
$LogMessage = 'Tenant level mailbox audit already enabled. '
}

# check for mailbox audit on all mailboxes. Enabled for all that it's not enabled for
# Check for mailbox audit on all mailboxes. Enable for all that it's not enabled for
$Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditEnabled -ne $true }
$Mailboxes | ForEach-Object {
try {
Expand All @@ -29,9 +29,30 @@ function Invoke-CIPPStandardEnableMailboxAuditing {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable user level mailbox audit for $($_.UserPrincipalName). Error: $($_.exception.message)" -sev Error
}
}
if ($Mailboxes.Count -eq 0) {
$LogMessage += 'User level mailbox audit already enabled for all mailboxes'

# Disable audit bypass for all mailboxes that have it enabled
$BypassMailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxAuditBypassAssociation' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditBypassEnabled -eq $true }
$BypassMailboxes | ForEach-Object {
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxAuditBypassAssociation' -cmdParams @{Identity = $_.Guid; AuditBypassEnabled = $false } -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Mailbox audit bypass disabled for $($_.Name)" -sev Info
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable mailbox audit bypass for $($_.Name). Error: $($_.exception.message)" -sev Error
}
}

if ($Mailboxes.Count -eq 0 -and $BypassMailboxes.Count -eq 0) {
# Make log message smaller if both are already in the desired state
$LogMessage += 'User level mailbox audit already enabled and mailbox audit bypass already disabled for all mailboxes'
} else {
if ($Mailboxes.Count -eq 0) {
$LogMessage += 'User level mailbox audit already enabled for all mailboxes. '
}
if ($BypassMailboxes.Count -eq 0) {
$LogMessage += 'Mailbox audit bypass already disabled for all mailboxes'
}
}

Write-LogMessage -API 'Standards' -tenant $Tenant -message $LogMessage -sev Info
}

Expand Down
16 changes: 6 additions & 10 deletions Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ function Test-CIPPAccessTenant {
[CmdletBinding()]
param (
$TenantCSV,
$APIName = "Access Check",
$APIName = 'Access Check',
$ExecutingUser
)
$ExpectedRoles = @(
Expand All @@ -27,8 +27,7 @@ function Test-CIPPAccessTenant {
}
try {
$MyRoles = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/myRoles?`$filter=tenantId in ('$($TenantIds -join "','")')"
}
catch {
} catch {
$MyRoles = @()
$AddedText = 'but could not retrieve GDAP roles from Lighthouse API'
}
Expand All @@ -37,7 +36,7 @@ function Test-CIPPAccessTenant {
try {
$TenantId = ($TenantList | Where-Object { $_.defaultDomainName -eq $tenant }).customerId
$Assignments = ($MyRoles | Where-Object { $_.tenantId -eq $TenantId }).assignments
$SAMUserRoles = ($Assignments | Where-Object { $_.assignmentType -eq 'granularDelegatedAdminPrivileges' }).roles
$SAMUserRoles = $Assignments.roles

$BulkRequests = $ExpectedRoles | ForEach-Object { @(
@{
Expand All @@ -62,8 +61,7 @@ function Test-CIPPAccessTenant {
}
)
$AddedText = 'but missing GDAP roles'
}
else {
} else {
$GDAPRoles.Add([PSCustomObject]$RoleId)
}
if (!$SAMRole) {
Expand All @@ -88,8 +86,7 @@ function Test-CIPPAccessTenant {
}
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message 'Tenant access check executed successfully' -Sev 'Info'

}
catch {
} catch {
@{
TenantName = "$($tenant)"
Status = "Failed to connect: $(Get-NormalizedError -message $_.Exception.Message)"
Expand All @@ -106,8 +103,7 @@ function Test-CIPPAccessTenant {
Status = 'Successfully connected to Exchange'
}

}
catch {
} catch {
$ReportedError = ($_.ErrorDetails | ConvertFrom-Json -ErrorAction SilentlyContinue)
$Message = if ($ReportedError.error.details.message) { $ReportedError.error.details.message } else { $ReportedError.error.innererror.internalException.message }
if ($null -eq $Message) { $Message = $($_.Exception.Message) }
Expand Down
2 changes: 1 addition & 1 deletion version_latest.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
5.1.1
5.1.2

0 comments on commit d64af99

Please sign in to comment.