forked from KelvinTegelaar/CIPP-API
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request KelvinTegelaar#617 from KelvinTegelaar/dev
Dev
- Loading branch information
Showing
5 changed files
with
129 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
54 changes: 54 additions & 0 deletions
54
Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableOutlookAddins.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
function Invoke-CIPPStandardDisableOutlookAddins { | ||
<# | ||
.FUNCTIONALITY | ||
Internal | ||
#> | ||
param($Tenant, $Settings) | ||
|
||
$CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-RoleAssignmentPolicy' | Where-Object { $_.IsDefault -eq $true } | ||
$Roles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps') | ||
$RolesToRemove = foreach ($Role in $Roles) { | ||
if ($CurrentInfo.AssignedRoles -contains $Role) { | ||
$Role | ||
} | ||
} | ||
|
||
if ($Settings.remediate) { | ||
if ($RolesToRemove) { | ||
$Errors = [System.Collections.Generic.List[string]]::new() | ||
|
||
foreach ($Role in $RolesToRemove) { | ||
try { | ||
New-ExoRequest -tenantid $Tenant -cmdlet 'Get-ManagementRoleAssignment' -cmdparams @{ RoleAssignee = $CurrentInfo.Identity; Role = $Role } | ForEach-Object { | ||
New-ExoRequest -tenantid $Tenant -cmdlet 'Remove-ManagementRoleAssignment' -cmdparams @{ Identity = $_.Guid; Confirm = $false } -UseSystemMailbox $true | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled Outlook add-in role: $Role" -sev Debug | ||
} | ||
} catch { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Outlook add-in role: $Role Error: $($_.exception.message)" -sev Error | ||
$Errors.Add($Role) | ||
} | ||
} | ||
|
||
if ($Errors.Count -gt 0) { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from installing Outlook add-ins. Roles: $($Errors -join ', ')" -sev Error | ||
} else { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled users from installing Outlook add-ins. Roles removed: $($RolesToRemove -join ', ')" -sev Info | ||
$RolesToRemove = $null | ||
} | ||
} else { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users installing Outlook add-ins already disabled' -sev Info | ||
} | ||
} | ||
|
||
if ($Settings.alert) { | ||
if ($RolesToRemove) { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are not disabled from installing Outlook add-ins.' -sev Alert | ||
} else { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are disabled from installing Outlook add-ins.' -sev Info | ||
} | ||
} | ||
if ($Settings.report) { | ||
if ($RolesToRemove) { $State = $false } else { $State = $true } | ||
Add-CIPPBPAField -FieldName 'DisabledOutlookAddins' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant | ||
} | ||
} |
37 changes: 37 additions & 0 deletions
37
Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharePointLegacyAuth.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
function Invoke-CIPPStandardDisableSharePointLegacyAuth { | ||
<# | ||
.FUNCTIONALITY | ||
Internal | ||
#> | ||
param($Tenant, $Settings) | ||
|
||
$CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings?$select=isLegacyAuthProtocolsEnabled' -tenantid $Tenant -AsApp $true | ||
|
||
If ($Settings.remediate) { | ||
|
||
if ($CurrentInfo.isLegacyAuthProtocolsEnabled) { | ||
try { | ||
$body = '{"isLegacyAuthProtocolsEnabled": "false"}' | ||
$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled SharePoint basic authentication' -sev Info | ||
$CurrentInfo.isLegacyAuthProtocolsEnabled = $false | ||
} catch { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SharePoint basic authentication. Error: $($_.exception.message)" -sev Error | ||
} | ||
} else { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message 'SharePoint basic authentication is already disabled' -sev Info | ||
} | ||
} | ||
if ($Settings.alert) { | ||
|
||
if ($CurrentInfo.isLegacyAuthProtocolsEnabled) { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message 'SharePoint basic authentication is enabled' -sev Alert | ||
} else { | ||
Write-LogMessage -API 'Standards' -tenant $tenant -message 'SharePoint basic authentication is disabled' -sev Info | ||
} | ||
} | ||
if ($Settings.report) { | ||
|
||
Add-CIPPBPAField -FieldName 'SharePointLegacyAuthEnabled' -FieldValue [bool]$CurrentInfo.isLegacyAuthProtocolsEnabled -StoreAs bool -Tenant $tenant | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
5.1.0 | ||
5.1.1 |